The trend of CIOs becoming part of top management means they have a duty to help mould an organisation's values, said Stephen M. Paskoff, founder and president of Employment Learning Innovations, an Atlanta firm that trains companies on workplace ethics and fair employment practice issues. That means CIOs should create systems that enable employees to give information to the top bosses and then make sure that information is dealt with. For example, Paskoff said that could involve creating a way for employees to anonymously email concerns to top management along with a system to follow up on the complaints. "CIOs should be thinking about internal complaints and issues with the same degree of rigor that they are thinking about customer management. Is there a way to report a problem? Is there a way to make sure complaints get into the right person's hands? Is there a way under our system to make sure there is the proper follow-up?" said Paskoff, who was a trial attorney with the Equal Employment Opportunity Commission and represented management when he was in private practice with a law firm in Atlanta. Report accurate information, even if it's bad news
Brian Oldham, CTO at Appriss in Louisville, KY, said he's worked hard to create an environment in which his employees feel comfortable reporting accurate and complete information to the bosses -- even when they're pretty sure the bosses aren't going to like what they hear. Oldham said it's often too easy to take a report and colour it a certain way when you're dealing with internal information. At Appriss, which makes IT products for criminal justice systems, "We've adopted a culture that says share good news quick and bad news quicker," said Oldham, who as part of the senior management team is responsible for more than 90 employees. "We want our employees to know they can be safe presenting accurate information." Data must be protected over its lifecycle
Every record has a lifetime, and CIOs are responsible for creating clear rules about what to do with electronic information from its birth to its death. That's particularly true at MAPICS, which has a large virtual workforce, Hofmann said. "Their file cabinets are in their homes, briefcases, or laptops, so you really have to have a policy in place that's clear and doesn't require hands-on monitoring," Hofmann said. Hofmann said she's also tried to make it as easy as possible for employees to retain files. She's given them instructions on how to archive documents electronically and provided CD burners so they can download their material and send it back for off-site storage. Employee info deserves the same protection as customer info
Because identity fraud is a threat to everyone, many employees have become more sensitive about the confidentiality of their personnel information. MAPICS learned that customers are sensitive about their information last summer when it asked its 800 employees to update their emergency contact information. Some employees asked why they had to add their home addresses to a database to which all managers had access. MAPICS officials decided to limit access to the information to human resources and each employee's immediate manager, Hofmann said. Give the right access to the right roles
CIOs often have to mediate battles between software engineers and IT professionals over access. The software engineers say they need more access to operate efficiently. The IT folks say limits help keep data more secure. Oldham said his company errs on the safe side, even when that caution annoys the software engineers. "It does cause some frustration among software engineers who say if they have full access, they can get their jobs done quicker. But when access and security are in conflict, we err on the side of security," he said. Reward responsibility with trust
At MAPICS, which was spun off of IBM in 1993, Hofmann took a different tack. Hofmann said her company's lineage meant that many MAPICS managers were well trained in the ethics of data management. The data management team was unanimous when Hofmann asked it to set a goal for the coming year. "It was easy; we said we need to liberate information because we spend so much time playing traffic cop." The result was named information liberation. Essentially, MAPICS gave managers more decision-making responsibilities about who should have access to their data. They also used portal technology to provide secure access to managers. In many cases, employees were given access to view information but were not able to modify it. Hofmann is convinced that the initiative resulted in greater access to information but only for the people who really needed it. The idea wouldn't have worked if she hadn't trusted managers to make the right decisions. In other words, she had to give up some control over the information she's responsible for. She said that's a difficult bridge for a lot of CIOs to cross. "I'm sort of like the Department of Transportation, in that I've got to provide the best quality roads and I've got to provide signage," she said. "But I can't drive every car up and down the roads to make sure they're all working effectively."






