Yet another sign that the privacy issues are starting to come in from the cold: The California Attorney General’s office is setting up a special unit for the purpose of enforcing state and federal privacy laws.
This has the potential to have a major impact on not just Silicon Valley, but also (if Massachusetts and Nevada are any indicator) any company doing business in the state of California.
As a result of moves such as this, it is increasingly important that companies make sure that their policies, procedures, and practices on customer privacy are fully up to date. More and more, this is a truly business-critical issue.
“When former Morgan Stanley employee Garth Peterson pled guilty to violating the Federal Corrupt Practices Act by conspiring with a Chinese official to circumvent his company’s internal controls, the company avoided being penalized because it could provide substantial documentation of a robust compliance system. Had Morgan Stanley not been so committed to the implementation of transparent and thorough internal controls, things might have turned out very differently.”
Developing, implementing, and enforcing appropriate codes of conduct for businesses can be a time-consuming, expensive, and sometimes painful process for businesses. Publicly traded companies are, however, required to implement such codes of conduct under the Sarbanes-Oxley Act. Even for non-publicly traded businesses, such policies, despite the birthing panes associated with their creation, can pay significant dividends on a number of fronts. They provide clear guidelines for both management and employees as to acceptable and ethical behavior in their industry, which reduces potential liability by reducing the likelihood of systemic illegal or unethical conduct.
The article linked to above from law.com talks about some of the benefits and challenges associated with putting codes of conduct in place. Ultimately, putting this kind of policy into place should be strongly considered by any growing company. Even if “now” is not yet the time for it, it should be question of “when” not “if”.