Contrary to what Mark Zuckerberg, the founder of Facebook recently stated at the 2010 World Economic Forum in Davos, data privacy is far from obsolete.
“HOW TO BLOW THE WHISTLE AND PROTECT EMPLOYEES’ DIGNITY”
Imagine that you are the CEO, or the HR director, of a renowned and well run company. Despite the company’s compliance policy, something goes wrong. Wouldn’t you want to know right away, rather than waiting for the situation to become irremediably compromised? The international arena has witnessed numerous interventions in recent times from legislators, in the attempt to ensure that business is lawcompliant. Legal obligations addressed to corporate offificers, however, have proven of little help in effecting true compliance. Having learned the lesson from the global fifinancial Crash and various abuses, national legal systems have started to require corporations to adopt anti-crime schemes. In this regard, the UN Convention against Corruption – which came into force in 2005 – has also played an important role. Legislation such as the Sarbanes-Oxley in the USA, the Public Interest Disclosure Act in the UK, as well as Law 231 in Italy go in this direction. They all compel corporations to implement an internal management system tailored to prevent criminal conduct. The goal is the same: to achieve legal compliance, thus reducing corporate crimes to the minimum. Parallel to fifinding adequate rules and regulatory controls, comes the acknowledgment that, not infrequently, the staff of the corporations involved in those disasters had been aware of the grave risks being taken. This recognition has fostered a ‘cultural shift’: challenging malpractice or misconduct in one’s own workplace is right, safe, and acceptable. By launching the slogan ‘Silence is not always golden’, so-called ‘whistle-blowing’ corporate schemes have taken off. The implication of this new culture are far-reaching. These whistle-blowing schemes are underpinned by a culture of transparency and accountability that breaks with complacency and cover-ups. Having said that, it becomes immediately evident that this new trend needs to resolve two key issues: how to protect the guy who makes the disclosure from possible reprisals, and how to cope with data protection implications. In fact, the legal safeguard against reprisals is a prerequisite in the fight against the ‘mind your own business’ attitude. A solution for whistleblowers is to push them under the umbrella of legal secrecy. Secrecy, however, raises issues in other perspectives. Under the data protection discipline, for instance, which is based on the principle of transparency on how personal data are used, data subjects should be previously informed, thus allowing them to access their own data and to exercise specific privacy rights. The group of representatives from the independent national privacy authorities, the so called ‘art. 29 working party’, already issued an opinion in late-2006. The opinion, rather than finding clear-cut answers to the issues, basically recommends adopting balanced behaviors. Much has still to be done on this front and the privacy Commissioners have already asked the EU Commission and their national parliaments to provide a correct balance between the two legitimate goals: corporate anti-crime schemes and data protection.[W facebook.com un.org weforum.org]
Published in the hard-copy of Work Style Magazine, Spring 2010