As the media continue their investigation into the revelations of the SwissLeaks affair and the companies concerned are working to find solutions, certain questions arise concerning whistleblowers. Depending on whether you are on one side or the other of the debate, the leaks of whistleblowers can be perceived differently. These can for example be seen as benefactors for society or as nuisances for companies whose sensitive information is revealed. So while legislators would like to encourage and protect whistleblowers, many companies are wondering how to protect themselves against leaks of sensitive information.
The problem often comes down to trying to reconcile transparency in corporate communication and control of the flow of information.
Full transparency, even for companies that have nothing to blame themselves for, is not an option, nor is it technically possible to guarantee that people who have legitimate access to information can never reveal it.
To address this form of internal threat, it is therefore recommended to take into account the following points:
- Identify sensitive information. Examples of projects: mapping and classification of information.
- Ensure that only the right users have access to sensitive information. Examples of projects: identity and access management.
- Implement data protection means. Examples of projects: file encryption.
- Implement means to detect data leaks. Examples of projects: DLP, information watch, etc.
It is also more than necessary to deal with the human and behavioral dimension of data breaches by addressing the conditions which encourage the alerting process. Indeed, it is therefore a question of establishing a climate of trust and responsibility within the company. It is often when users identify a discrepancy between their personal values ??and those they perceive from their business that they feel encouraged to denounce or reveal information.
It must be remembered at all times that the confidentiality of information once it is lost cannot be reconstructed. And even if it can be shown that the reasons which led to compromise the confidentiality of the information were not founded, that there was no reason to launch an alert, the damage is done.
In any event, the multiplication of cases revealed by whistleblowers may finally encourage the strengthening of the protection of sensitive data and highlight the importance of ethics.