All of that puts technology professionals between a rock and a hard place. On one hand, they're saddled with the awesome responsibility of ensuring data openness and seeing to it that data management practices meet the highest ethical standards. On the other hand, IT professionals who detect -- and then report -- shoddy security measures or misuse of data are sitting on "a potential powder keg," warns Larry Ponemon, founder of Ponemon Institute, a privacy and data protection think tank in Traverse City, Mich. It's no surprise that many IT leaders "take the attitude that [reporting malfeasance is] someone else's problem," he says, "or convince themselves that even though it's a data breach, it won't really be harmful to people."
Fortunately, a number of new developments are helping IT leaders more readily embrace their emerging role as corporate watchdogs. Greater legal protections, innovative whistleblowing platforms, new reporting processes, cultural shifts -- they all promise to help technology professionals prepare for a new era of high-tech whistleblowing, even under the threat of employer retaliation, lengthy legal battles and foreign exile.
For four years now, the Dodd-Frank Wall Street Reform and Consumer Protection Act has received mixed reviews on its ability to fulfill its mandate to reward and protect people who report governmental or corporate misconduct. The legislation works by granting whistleblowers monetary awards ranging from 10% to 30% of the money collected in an enforcement action. In fact, in the first seven weeks after the Dodd-Frank Act took effect in August 2011, the Securities and Exchange Commission received 334 tips from informers seeking rewards. Since then, the SEC has fielded more than 6,000 whistleblower reports.
In addition to offering financial rewards, the Dodd-Frank Act aims to protect whistleblowers from employer retaliation by allowing them to maintain anonymity.
However, as financial experts continue to debate the impact of Dodd-Frank, many organizations are taking matters into their own hands. "The Dodd-Frank rules around whistleblowing were a good wake-up call, but I'm seeing a lot of organizations stepping back and asking, 'How can we take this to the next level? What's the Version 2.0?'" says Mohammed Ahmed, a senior manager at Deloitte Financial Advisory Services and co-author of the Deloitte report "Whistleblowing and the New Race to Report."
How not to air dirty laundry
For many organizations, the answer is to establish an internal whistleblowing program, complete with a 24/7 hotline and financial rewards for employees who expose bad behavior and faulty systems. Whistleblower hotlines, for example, allow IT workers to anonymously report any misconduct they witness within their organization either by phone or via a Web portal. Although IT professionals are most likely to notice something like the mishandling of data, other causes for concern include fraud, corruption and illegal activity of any kind, of course, as well as safety violations and health hazards.
Sign up for CIO Asia eNewsletters.