Protecting Proprietary Information

You’re designing a new, cutting-edge technology for the company. You’ve tried everything, but one element of the design is just not working right. None of your teammates can help, so you post the problem on your social media sites and ask your online friends to help solve the problem.

What are the ethical dilemmas and consequences of this action?

-e-Factor!® scenario

This scenario is built from a real-life experience working for a high-tech company, but it can apply to any organization or situation you might be facing.  Apart from tangible physical assets, if we own intellectual property or proprietary information, this issue is relevant.   The problem is to define exactly what is proprietary and who owns the rights to the property or information.  And the ethical dilemma deals with confidentiality, trust, integrity and accountability. When we post private information to the Internet, we have no idea about where our information goes and how it might be used (or misused).  I use the terms “confidential,” “private” and “proprietary” interchangeably in this discussion.

In the accounting world, “confidential information” basically means anything not publicly known. This can be a customer database, product cost, salary information, etc.  If we’re not sure whether something is confidential, we can ask “would this harm us if it was made public?” If the answer is yes, there’s your “sign.”  What many people don’t know or don’t think about is that private information posted to social media becomes public knowledge.  This is a huge challenge for organizations, and frequently news headlines include leaks of sensitive information that create a huge mess.

But who owns the information?  This is the bigger question, and leads to the question of whether or not we have the right to post it.  If we create a report, is it ours or is it the property of the company we work for? If we design a new product, is it ours or the company’s? In this dilemma, the product designer might feel the information is his or hers since he or she created it, even with a clearly stated company policy on ownership rights. The fact is that most people don’t think about posting to social media as a “reveal” of something confidential or proprietary.  Most people do think that if they created something it’s “theirs.”  Unless the company has a clear policy on ownership of intellectual property and a clear policy on protecting confidential information, we have different people with different interpretations and expectations. And, like it or not, our interpretations are influenced by the position we hold in the organization and the work that we do, as well as our background and culture.

So who are the stakeholders here?  Who is affected by this dilemma and its outcome? The product designer, the supervisor, the company and even the online “friends” could all be stakeholders.  The designer, supervisor and company are obvious. They are creating something to sell and drive profits.  But the online friends?  Well, who are these folks?  Could they be competitors?  Could they be working on their own products and this question sparks the missing link to their own work?  Or could they truly be just friends helping friends?   Hmmm.  Food for thought, huh?

In reality, we don’t know who else is viewing our online question besides our friends. But “someone” is tracking our keystrokes, either internally or externally.  Internally, many workers seem to feel information on their company computers is their private information and nobody has the right to see it. Not true. Most companies do monitor online activity and the computers are owned by the organization.  External monitoring is another story. I recently learned about data brokers and “big data.” If we type a keyword that someone is searching online, our information could be tracked and sold. This disturbed me so much I wrote a blog about it and what protections exist. In this light, we have to include “online friends” as stakeholders, especially if they’re selling our data.

What are our options in this situation?  The cat is out of the bag now, and what is posted online stays online.  Remember, the internet is a great source of information and for younger generations it’s the “only way” to get information (sorry, librarians!).  So it is likely the product designer thought the question was a harmless way to figure out the design challenge. Potentially serious consequences for posting online were probably not evaluated, even if the policy handbook and confidentiality agreements were signed!  There’s no way to hide the action of posting, but could we trust this person in the future?

There is one more perspective to explore: we don’t know the nature of the information revealed, only that some element is not working.  Is it critical to full functionality?  Or is it some minor mechanical malfunction?  Does this perspective change our viewpoint or actions?  Possibly.  It depends on whether confidentiality was defined previous to the posting and whether or not the designer understood the policies related to this action, as well as the steps the organization took to train its people.

There are two people who need to evaluate the options and make decisions on what to do next – the designer and the supervisor. If you were either of these two, what options do you have and what would you do?