Net neutrality

It’s an old story.

A group of individuals fight long and hard to rise to the top. Once there, they cut the rope.

We see this in Ivy League schools. We see this in C-suites. We see this in politics.

And now the top internet service providers want to do the same thing with the internet in the US. The two entrepreneurs currently coding the next killer app or that video site that is better than YouTube may fail in bringing their idea to the world because the FCC is about to give in to powerful private interests.

You can do your part to prevent this by breaking the internet today.

Those who care about business ethics ask the question “Should we?”

What hurtful words reveal

Perhaps today someone at work will say something that will hurt you, undeservedly. If not today, that day will come.

The ethical leader will remember that the words themselves have no power other than that which we ascribe to them.

Such hurtful words reveal the speaker’s pain, not the target’s true character. Understanding this will allow us to quickly let go of the anger that might naturally arise.

And let go we must, so that no more victims are made.

Data and fear

There is a difference between data security and data privacy.

When I purchase something online, I want my debit card number to be secure.

However, I don’t have great expectations of privacy. The store knows what I bought. My bank knows it too. (Same as 20 years ago.) The information is on numerous servers and on my web browser’s history. So when an ad pops up for the same product during my next Google search, I don’t freak out.

But many people do. They do because they imagine the worse, however unlikely. And the media picks up on the fear because it sells. And because it generates visits to their website where they collect our information to sell it to advertisers. {Suckers}

When it comes to data, the ethics & compliance officer will team up with an IT security expert to create secure vaults. She will also team up with a privacy officer to comply with the myriads of laws and regulations. But like all things, the work should be motivated by positivity, not by fear. Dangling the risk of heavy penalties and reputational damage never did much to fight anti-competitive behaviors, corruption or safety risks. If all you do to drive your GDPR/privacy agenda is freak out about the penalties that the European Union might impose next year, you’ll want to reconsider that strategy.

True compliance progress is made when organizations decide who they want to be.

Go talk to the ECO

A few years ago, employees would occasionally come to my office because their boss sent them to me. The employee had an ethical dilemma, went to their boss for advice, and the boss simply said “Go talk to the ECO.”

As tempting as it might have been to dive right in and help the employee, I would pause and tell them that I would like to bring their manager back in the conversation. When the three of us were together, I would tell the manager and employee that knowing where they stood on the issue would help me provide better advice. I would create a safe environment for both of them to reflect and share. Very often, they would get to the right place on their own.

I did this because I didn’t want management to send the signal that ethics is not their responsibility. I did this because I wanted them to exercise their ethical muscles. I wanted them to practice having these discussions.

Managers now understand how I roll and they don’t just send their employees to me anymore. They come in pairs, and prepared.

You cannot break just one rule

The latest scandal to hit Uber is a good example of the power of corporate culture.

At first glance, one could be tempted to label Joe Sullivan, Uber’s chief security officer, as a bad apple. After hackers asked a ransom for the personal data of 57 million drivers and riders, a breach that should have been reported to the authorities, Sullivan paid them hush money, had them sign a non-disclosure agreement, booked the payment as “bug bounty”, and didn’t disclose the breach to the CEO, the Board, or the authorities. It seems that only a lawyer working for him knew of these activities.

Of course, Sullivan’s behavior must be taken in context. When all of this happened in October 2016, Uber was sitting on numerous scandals yet to be disclosed: sexual harassment, theft of trade secrets, and blocking certain regulators from booking rides, among other shady practices. When hackers came to Sullivan for ransom, he knew exactly how Uber expected him to respond.

This should give us pause. A culture of sexual harassment does not simply foster more sexual harassment. It signals to employees that rules can be broken. Any rule. And the more rules are broken, the more disregard employees have for doing what’s right.

If our organization is tolerating a practice that should not be tolerated, we have more to fear than the proliferation of this one practice. Our entire organizational culture – in fact, our entire organization – is at stake.

Above the law

The idea that anyone can be above the law naturally offends our sense of justice.

This is why we can’t readily find a law that reads “This law applies to everyone in the country except for [insert name].”

Likewise, we are unlikely to find a corporate policy where the applicability section specifically excludes directors and officers.

If anything, laws and policies tend to impose a higher standard on leadership.

So why are they the ones most often tempted to claim a lesser burden?

Preventing harassment: involve the supervisors

Ten years ago, I led a team of about 100 ethics & compliance officers for a large multinational. Whenever one of them reported that “things were quiet” (i.e. they weren’t receiving allegations of wrongdoing to investigate), I would tell them to get invited to various staff meetings and to provide a short training on conflict of interests. This simple exercise was guaranteed to generate work.

In today’s climate, I would advise them to provide a short training on respect in the workplace. To cover issues related to bullying, discrimination, harassment and retaliation. That ought to generate work as well. And I would recommend one additional feature: make sure the group leader is involved in the training. Having her speak up on the importance of treating each other with respect will get employees to think about the culture of the organization as well. They’ll have a better sense for what’s acceptable and what’s not.

Of course, the goal is to create a culture where harassment doesn’t take place. But, at a minimum, we should want a culture where employees feel comfortable reporting harassment when it happens. The first place they’ll look to for comfort is at their immediate chain of command.