Hewlett-Packard would apparently find plenty of support in the boardrooms at other US companies for its attempts to identify the source who was leaking confidential information to the media.
In a telephone survey this month of 226 board members at publicly traded companies in the US, 73% say a company's chairman should be empowered to use any legally available means to identify a board-level leaker, according to Ponemon Institute.
Ponemon, a think tank in Michigan, released the survey results last week. The institute said that about 71% of the respondents said it would be OK for a board chairman to review the emails of other members, in addition to other types of confidential data stored on a company's computers. Fifty percent said that obtaining and reviewing telephone records of individuals via "pretexting" — pretending to be the targeted individual — is proper as long as that approach hasn't been outlawed. And 53% deemed it permissible to "tail" individuals inside or outside of a company.
"It's somewhat surprising and distressing that such a high percentage of board members would be OK with this," says Alan Chapell, a research fellow on Ponemon's Responsible Information Management Council. "It sounds like in this instance, corporate integrity trumps privacy — at least as it pertains to board members."
In the long term, such attitudes could affect the willingness of some people to serve on corporate boards, Chapell cautions.
From a legal standpoint, US companies are on fairly safe ground when it comes to monitoring email and other information on company-owned computers, says Chris Pierson, a partner at Phoenix-based law firm Lewis and Roca.
But the law is less well defined regarding whether companies have the right to snoop on email sent from personally owned computers or to obtain records of personal phone calls, Pierson says.
For instance, there are few clear-cut laws surrounding the use of pretexting, which was the method used by HP's outside investigators to obtain information, according to Pierson. One of the exceptions, he says, is the US Gramm-Leach-Bliley Act, which makes it illegal to collect financial information about a person through pretexting.
The Ponemon survey found that about 85% of the respondents feel that protecting confidential corporate information is more important than preserving a board member's privacy rights. Just under 25% say they thought that "aggressive surveillance methods" are employed frequently or very frequently by their companies.