Regarding Competitive Intelligence Practices
Regarding Competitive Intelligence Practices
Upon my hire as Director of Security, a request was made for the review of the practices of the Competitive Intelligence Unit of the corporation. The present report provides the results of this review and recommendations for action related to its findings. A central component of this report is Table 1, which summarizes the competitive intelligence practices currently ongoing at the corporation. These practices are grouped into three categories: white, grey, and black. Any practice which is blatantly illegal has been automatically categorized as black. Action recommendations for each of the practices, ranging from continued practice, continued practice with alterations, recommended cease of practice due to ethical considerations, and recommended cease of practice due to illegality, are included. Action recommendations involving ethical considerations were made based on the current company position of heightened sensitivity in this area to avoid publicity problems. The report concludes with a series of recommendations concerning our company’s efforts to combat competitive intelligence-gathering efforts by our competitors.
Efforts were made to identify and categorize all practices currently being used by the company’s Competitive Intelligence Unit. The first category of practices is described as “white” practices within Table 1. These practices include information gathering at conferences, reverse engineering on purchased open market products, public document review, and review of documents obtained through the Freedom of Information Act (FOIA). All of these practices are legal and
are traditional components of a competitive intelligence effort (Fleisher and Bensoussan, 2007). We can be certain that all of our competitors are availing themselves of these routes to information about our practices. Accordingly, I anticipate no legal or ethical issues in continuing these practices and recommend that the company continue to utilize these approaches to gather information about our competitors, their products, and their future plans.
I have several recommendations in regard to the manner in which data is gathered at public disclosures of information at conferences that could be improved based on the review. This is a completely legal and ethical method of getting information that can be much more effective if attention is paid to how it is being done. If possible, have the conference attendee obtain a hard copy of the information that is being presented by the competitor. For booth type conferences, such hard copies are often available if the visit by our employee is during the early hours of the conference. Thus, it is recommended that when sending an employee to a conference, plans should be made to visit the competitors’ booths of highest interest at the earliest time possible. Additionally, if hard copies are not available, photographs of posters or other posted information are completely legal and should be a route part of a visit to a competitor’s booth. This provides a permanent record of the public information and can be used for reference in the future (Barron, 2007). With attention, conference and trade shows can be excellent sources of legal, ethical competitor information.
The next set of practices has been categorized “grey” in recognition that there may be valid differing opinions about whether this practice should be continued or not due to ethical considerations. Neither hiring private investigators to obtain private information about our competitors’ key employees and publishing that information nor deliberately producing false data and allowing it to be obtained by our competitors are illegal acts. However, these activities both have serious ethical issues involved, primarily because of the deliberateness of the actions. It should not be company policy to knowingly seek out information outside business considerations and make that information public. The company should strive to compete within the marketplace, based on its products, and not within the media or based on the private lives of our competitor’s employees. Obviously, having employees who make poor private life choices can seriously impact a business but it is unethical for us, as a competitor, to pay to have those choices dug out and published.
The data manufacturing practice has both ethical and serious practical implications. Ethically, it is improper to manufacture false data, no matter what the use. The fact that the data is to be used to fool the competition does not alleviate the ethical issues involved. But even more importantly, this practice carries with it a high risk for the company. This data could easily be unintentionally mistaken by our own employees for actual data and used illegally. False data use in technical business is a growing issue and its prevention is an extremely serious consideration. A final factor related to these practices is the company’s new sensitivity to actions that will portray the company in poor light in the media. If either the private investigations into our competitors’ employees or the false data manufacturing practice were ever reported in the media, these would be classic business ethical scandals. Accordingly, my recommendation is that both of these practices cease, due to ethical considerations.
The remaining practices have serious issues concerning possible or actual illegality and therefore have been categorized as “black.” However, several of these practices could continue if alterations in the practices were made. An example of this is the collection of heat signature data from our competitor’s factories. The illegality or legality of this practice is dependent on the placement of the camera. If the camera is on our competitor’s property or other private property that is not owned by the company, this data-gathering exercise is a trespass and is therefore illegal. However, if there is a way to meaningfully gather this data from public property this practice appears neither illegal nor unethical. The amount of heat being released into the surrounding air by a factory is public information, as long as it is gathered without trespass. Thus, avoiding trespass is a primary consideration and the key issue that must be address to be able to continue this practice without putting the company at risk.
The gathering of information from garbage that has been put out on the curb for collection is entirely legal and generally considered ethical. That is because once a person or corporation has placed garbage out for collection, they have knowingly exposed this information to the public and relinquished their reasonable expectation of privacy in its contents (California v. Greenwood, 1988). However, if trespassing on our competitor’s property is necessary to get to that garbage, this makes this practice entirely illegal. Any means used to “breach the perimeter security” is likely illegal or at the very least unethical. As a result, the practice of obtaining information from our competitor’s garbage must stop unless it is limited to that garbage which has been placed on the curb for collection. Even then, consideration must be made for how that story would look if it was ever published in the media, therefore my recommendation that this practice should be continued only very cautiously.
A further practice that must be altered to allow continuance of its practice is the hiring of competitor’s employees when it has been coupled with asking for a breach of the non-disclosure agreement with their former employer. Competitors will always be a prime source for new hires as that is where persons with relevant experience are found. However, it is neither legal nor ethical to ask the new hire to breach a non-disclosure agreement. The result of this action can be disastrous including civil law suits against the company and the new employee personally. Needless to say, such suits could also be very bad financially as well as for the company’s reputation as reported in the media. As such, I do not recommend that we need to stop hiring employees from our competitors, but we do have to be clear that we understand and support their non-disclosure requirements if such an agreement exists. If at all possible, a copy of the agreement should be within the employee’s file and proper training should be provided to both the new employee and those that will be working with him or her as to the boundaries of the agreement and the company’s expectations.
The last three practices have also been identified as “black” but there is no obvious approach to altering these practices in order to make them legal. Therefore, for all three, it is recommended that this practice stops immediately and no attempt be made to try to continue using these methods as sources of competitive information. Importantly, all three of these practices could result in both civil liabilities to the corporation and possible criminal liabilities to the corporate officers, including the COO, so these recommendations are extremely serious. In particularly, I also recommend that any intelligence gathered from these means in the past be destroyed and not used by the company, given the high risk that any use of this data could result in the method of it being obtained becoming public.
Furthermore, those employees involved in these situations should be given remedial training as soon as it can be scheduled so that it becomes clear that these activities are no longer considered valid approaches from either a legal or ethical standpoint by the company. The training will include clear ramifications, dismissal is recommended, if any employee is discovered to be continuing to practice these methods after the announcement. The three practices that fall within this category are using computer hackers to collect data from the competitor’s computers systems, paying a competitor’s janitor for entry into the building to collect information after hours, and wiretapping competitor phones and bugging buildings to collect information. These activities are both illegal and unethical. Finally, consideration should be made as to bringing these events to the Chief Executive Officer’s (CEO’s) attention to determine if any anticipatory announcement needs to be made. It may be better to announce these activities publically and try to control the backlash on the company, rather than have the fact of these activities become public at some unknown time in the future.
As the review of the known activities of the Competitive Intelligence Unit is complete, this report will now turn to recommendations for protecting our company’s information from theft. The company’s interest in security is welcomed as studies have shown that companies that make security a priority are better able to detect and recover from security incidents compared to those that ignore the issue (Voss, Whipple, and Closs, 2009). The ultimate aim is to avoid security incidents entirely, but this goal may be unrealistic, so executive attention to the issue is extremely helpful. First and foremost, the initial line of defense for information protection is a honest, well-trained security staff who understand their responsibilities and what they can do to protect the company’s interests (Brooksbank, 2007, pp. 25-28). Two extremely important duties in this regard is maintaining access control and having accurate occurrence logs (Brooksbank, 2007, pp. 32-38). My initial impressions are that the company’s staff are well-trained in these important areas and are performing well.
The next area of concern is general protection of the premises (Brooksbank, 2007, pp. 71-79). The company’s headquarters is well protected from the point of view of walls, fencing, window protection and gates and we have appropriate staff at the gates and doors. Additionally, the closed-circuit television system utilized by the headquarters is appropriate and is particularly useful for recording evidence of information theft that may otherwise go unnoticed. Furthermore, the building is appropriately alarmed such that when unoccupied appropriate police response will be triggered upon attempted unauthorized entry. The system has a very low false alarm rate, due to our use of a TVX camera screening system, and the few past incidences of entry attempts have been detected and stopped (Brooksbank, 2007, pp. 82-85).
One change in the current procedures that could be recommended is a stepwise action plan that would correspond to various perceived threat levels from a competitive standpoint. Although these plans have been specifically developed in regards to terrorist activity, in an information-heavy industry such as ours as similar pattern of stepwise, increasing security measures could be adapted to perceived or known intelligence activity by our competitors (Patterson, 2004). Such a plan could include various operating levels such as low or normal business mode, elevated risk mode, high risk mode, and severe risk mode. The factors for deciding the mode of security for any time could include activities within the company such as upcoming new product launches or threatened or known competitor activity against the company. Such a plan could provide added security at a time when the threat of information loss is at its highest and would have the greatest impact on the company (Patterson, 2004).
Beyond these types of security measures, the next most important source of information loss is through the actions of the company’s own employees, both present and former. I highly recommend training in the recognition of confidential information and the importance of not disclosing such information publically unless that decision has been made actively, particularly for employees that will be acting as a public face for the company. Just as we attempt to glean information about our competitors from conferences and trade shows, so will our competition. Thus, it is important that those that represent the company at such events are very clear as to the boundaries of what is permissible and what is impermissible to be publically disclosed. This also points to the need for non-disclosure agreements and monitoring of publications by employees that leave the company to determine if action needs to be taken to protect the company’s informational assets.
Additionally, I also trust that it is clear that the company’s shredding policies and garbage procedures need to be reviewed periodically, to ensure that competitors are not able to gain access to sensitive information through sloppy document management. The need for strong computer security measures and intruder detection software is also a key part of protecting the company’s knowledge assets. Finally, it may make sense to do some background investigations of employees that are on the premises on their own, such as the janitorial staff, in order to understand if prior behavior or activities may make them susceptible to approach by our competitors. That is not to say that such employees should not be hired, however, suspicious histories may warrant closer watch to make sure that our company does not fall victim to a janitor with a drug abuse problem.
This report presented a review of the activities of the Competitive Intelligence Unit of the company and a rating of each of these activities into “white,” “grey,” and “black” categories. Specific recommendations concerning each activity were also presented. If such recommendations are followed, there is every confidence that the business will avoid legal liability as well as remain on the right side of ethical considerations, particularly from the point of view of the media. Finally, using our own activities as a starting point, this report concluded with recommendations for protecting the company’s informational assets from theft by our competitors. Again, if such recommendations are followed, it is expected that the threat of a theft of the company’s business confidential and sensitivity information will be greatly reduced.
References
Barron, A. (2003). Three easy steps for gathering intelligence at trade shows. TAPPI, Retrieved from
http://www.tappi.org/Bookstore/Technical-Papers/Journal-Articles/Archive/Solutions/Archives/2003/July/Three-easy-steps-for-gathering-intelligence-at-trade-shows-Solutions-Online-Exclusives-July-2003.aspx
California v. Greenwood, 486 U.S. 35 (1988).
Fleisher, C. S., & Bensoussan, B. E. (2007). Business and Competitive Analysis: Effective Application of New and Classic Methods. Upper Saddle River, NJ: Financial Times Press.
Patterson, D. G. (2004). Journal of Facilities Management. 3 (1): 53-64.
Voss, M. D., Whipple, J. M., & Closs, D. J. (2009). The role of strategic security: Internal and external security measure with security performance implications. Transportation Journal. 48 (2): 5-23.