Samples of Written Policies

Over the past ten years, we have seen a gradual, steady increase in the number of business firms that have adopted policies designed to directly deal with CI. Most of these simply operate to caution employees against violating what are believed to be legal constraints, such as the EEA or UTSA, and against inducing others to violate confidentiality agreements they may have signed with their own employers. In essence they warn employees not to violate criminal or civil laws. Others simply paralleled the SCIP code of ethics (quoted ealier), seeking to put something in writing while struggling with what, if anything else, they wish to say about CI.

Unfortunately, many firms with well-developed CI policies have declined to release copies of their ethical or legal policies for analysis in the open literature. ^[33] In some cases, these documents were prepared by another department, typically a legal staff, so CI managers may lack authority to release them. In other cases, CI managers have said, off the record, that their legal departments are concerned about potential liability issues should these documents be released with their names attached.

In spite of that, we have gathered a few typical examples of real policy statements actually in use. The following show a variety of disparate approaches.

• The first is a general statement by a major corporation, dealing with the overall ethical situation posed by CI.

• The second, reflecting the position of a CI research firm, itemizes a series of behavioral standards.

• The third is actually a draft statement by a major corporation designed to cover employees, CI consultants, and outside contractors.

• The fourth outlines a corporation's official view of CI in a presentation format.

• The fifth is a comprehensive approach to the issue from an employee manual.

• The sixth, consisting only of a brief warning, is from the only non-U.S. firm represented.

• The seventh is one used by a society of information professionals.

Following each of these extracts are comments about the positive and negative points of each. To avoid distractions, we have deleted any references to the names of the firms, but the source of each document can be found in the footnotes.

In the course of business, it is not unusual to acquire information about many other organizations, including competitors. Doing so is a normal business activity and is not unethical in itself. In fact, [the company] quite properly gathers this kind of information for such purposes as ... evaluating suppliers. The company also collects information on competitors from a variety of legitimate sources to evaluate the relative merits of its own products, [etc.] This activity is proper and necessary in a competitive system.

There are, however, limits to the ways that information should be acquired and used, especially information about competitors. No company should use improper means to acquire a competitor?s trade secrets or other confidential information. Illegal practices such as trespassing, [etc.,] are obviously wrong; so is attempting to acquire a competitor's confidential information by hiring the competitor's employees. Improper solicitation of confidential data from a competitor's employees or from [our] customers is wrong. [The company] will not tolerate any form of questionable intelligence gathering. ^[34]

This statement sets a high moral tone, but it fails to provide any guidance except on clear violations of the law. It also treats CI as if it were, not a positive process, but an afterthought. Moreover, its tone separates the company from its employees.

Competitive intelligence involves the legal and ethical collection and development of data on competition, competitors, and the market environment. It then transforms, by analysis, that data into information. In its competitive intelligence research and analysis assignments, [consultant]:

Collects and disseminates data in full compliance with applicable local and national laws. Specifically, its assignments are always carried out in full compliance with both the Uniform Trade Secrets Act and the U.S. Economic Espionage Act of 1996.

Accurately discloses all relevant information, including the caller's identity and organization, prior to all data collection interviews.

Respects all requests for the confidential handling of information provided to [the consultant] during data collection.

Supplies honest and realistic evaluations of what data and analysis can and cannot be developed for a client before beginning an assignment.

Provides professional, honest and realistic analyses, based on the available data, clearly delineating the difference between fact and opinion, and between what can be confirmed and what cannot be confirmed.

Returns all internal materials provided by a client with respect to an assignment at the conclusion of the assignment. [The consultant] retains no copies of such materials.

Never makes copies of any client materials marked as "confidential" or the equivalent.

Does not disclose to any person, firm or corporation, the identity of any client or any confidential information regarding any client, an assignment, or the business of any client received or developed in connection with an assignment without the client's consent....

Avoids all direct conflicts of interest.

Never employs questionable data collection activities....

Does not engage in undisclosed subcontracting. . . . If a client does authorize a subcontract, [the consultant] requires the subcontractor to abide by these guidelines.

Complies with all applicable client policies and guidelines dealing with the collection of data for competitive intelligence.... ^[35]

This statement is clearly based, in part, on the SCIP Code. Some CI practitioners have properly noted that the SCIP Code cannot be applied to cases where firms have been hired to test corporate security, by posing as potential hackers or otherwise misleading others about their identities. This statement resolves that problem by noting that it applies to data collection. It also takes a positive position with respect to CI as a business process. In terms of content, the statement deals with ethical issues related to the handling of client materials and subcontracting, in addition to ethical issues dealing with CI data gathering. While these are clearly useful for a consultant to discuss, covering these topics, somewhere in some document, should be considered by the firms hiring such consultants as well.

Adhere faithfully to and abide by [Company] policies, objectives, and guidelines. Become familiar with the [Company] policies and guidelines.

Comply with all applicable laws, including laws governing antitrust (unlawful activities in concert with competitors).

Respect requests for confidentiality of individuals and information.

Never misrepresent yourself. (No students doing term papers).

If someone speaks too quickly, politely ask them to slow down. Don't record interviews or conversations. It is unnecessary, and can make people very uncomfortable.

Never swap price information with anybody, and avoid situations that could be misinterpreted as involving price information.

Be positive, don't mislead anyone deliberately; be clear and specific enough so that you don't confuse someone, and don't swap misinformation.

Be straight forward with your contacts, the information must be given freely. No sending or swapping products or promotional items to a source, and do not accept such items from any contacts. Avoid all chances of leaving the impression of a bribe.

Don't try to pull trade secrets from competitors (or attempt to gain them by hiring competitor's employees away).

Never pump anyone for information that may jeopardize that person's immediate livelihood, or their reputation. ^[36]

These statements appear to have been derived, at least initially, from the SCIP Code. It is, however, presented in a much more approachable language and deals with additional areas, such as swapping information, not dealt with at all in the SCIP Code. In some cases, but not all, it provides very clear boundaries for what is and is not permitted. However, it does not provide employees with an internal contact point for ethical and legal questions.

• Do not break the law

• Do not misrepresent yourself

• Do not lie

• Never steal a secret

• Understand the Economic Espionage Act

• Develop a solid working relationship with your legal staff

• If it feels wrong, it probably is ^[37]

While this statement of what is expected as ethical behavior seems clear at first, in fact it avoids dealing with any real issues. For example, what does it mean to "misrepresent" yourself? Does that mean you must give an interviewee the name of your firm, your client's firm, the purpose of the call, and a warning that the information will go to a competitor? In addition, it blurs the distinction between ethical and legal obligations. If this is used in training, each of these bullet points should be the subject of detailed discussion and guidance, preferably written.

Competitive Intelligence

Competitive information is a valuable tool that allows us to understand and manage our markets, products and services so we can better meet our customers' needs. However, we must gather and use that information properly.

It is important that we comply with the law in acquiring information, which prohibits theft, blackmail, wiretapping, electronic eavesdropping, bribery, improper inducement, receiving stolen property, threats, and other improper methods.

It is important that we acquire information ethically. We must not misrepresent who we are or who we work for.

We will also respect the confidentiality of our competitors' and suppliers' information. We will not use information another company has marked "proprietary" or "confidential", regardless of how it was obtained, unless the owner gives us the material for a specific purpose or the material has become public information. We should try to make sure that a nondisclosure agreement has been signed by both parties before disclosing or receiving any proprietary information.

Any information we suspect has been obtained improperly or any non-public information contained in a competitor's bid to any government agency should not be used. (See the section on Trading on Inside Information for additional details.)

Any material we have reason to think may violate these standards or that may give the appearance of impropriety should be discussed with and turned over to the Legal Department or the Office of Ethics and Compliance.

A competitor's employees can't be used as improper sources of non-public information, either. New [company] employees should not divulge proprietary information about their former employers, and we shouldn't ask them to.

Proprietary information about customers, suppliers, or partners shouldn't be used for inappropriate purposes by the ... company that received the information. Nor should the information be inappropriately provided to other companies. Make sure consultants and outside contractors are aware of and follow these guidelines. If you have questions about whether the information is proprietary, talk to your supervisor, the Legal Department, or the Intellectual Properties Department. ^[38]

While long, this policy happily starts with a positive stand with respect to CI. Again, as with so many such statements, it clearly started with the SCIP Code, but in its development, the company has produced a much more satisfactory set of guidelines. It identifies a contact point for questions, which is a very useful aspect. It also seems to have been drafted with an eye to issues facing this firm in its market, such as how to deal with employees recently hired from competitors. Finally, its overall tone is positive and inclusive. It talks about "us" and "we" in most of the text, rather than taking a more remote tone, as with some of the previous statements.

Competitive Intelligence

The business world is highly competitive and success in it demands an understanding of other ... industry participants. While collecting data on our potential competitors, we should utilise all legitimate resources, but avoid those actions which are illegal, unethical or which could cause embarrassment to [the firm]. ^[39]

This statement is largely positive with respect to the role of CI, in that it assumes that everyone knows that CI is useful and is being practiced. However, it falls short in terms of assisting its employees because it merely tells them, in essence, to do good and avoid evil. It is of no real value to individuals conducting CI research.

Code of Ethical Business Practice

Uphold the profession's reputation for honesty, competence, and confidentiality.

Give clients the most current and accurate information possible within the budget and time frames provided by the clients.

Help clients understand the sources of information used and the degree of reliability which can be expected from those sources.

Accept only those projects which are legal and are not detrimental to our profession.

Respect client confidentiality.

Recognize intellectual property rights. Respect licensing agreements and other contracts. Explain to clients what their obligations might be with regard to intellectual property rights and licensing agreements.

Maintain a professional relationship with libraries and comply with all their rules of access.

Assume responsibility for employees' compliance with this code. ^[40]

An analysis of this shows that the primary focus of members of this group is on obtaining information from secondary sources. For that reason, it includes specific requirements that the information professional deal properly with any legal or other restrictions on the retrieval, copying, and transmission of materials that may be subject to copyright or other legal restrictions.

The admonition to help their clients "understand the sources of information used and the degree of reliability which can be expected from those sources" is a standard that can (and should) well be applied to the practice of CI as well.