Confidentiality and Transparency in an Organization
Confidentiality and Transparency in an Organization
The terms ‘confidentiality’ and ‘transparency’ are frequently heard by the employees of an organization in their work environment. These terms sound simple, but they have a deep meaning which plays a very important role in the success or failure of the organization. Issues relating to the confidentiality of information (such as sensitive business information, personal information, and various forms of privileged information) and the need to honour statutory duties relating to transparency requirements and public access laws are complex and can frequently intersect with and impact the management of the organization.
While the term confidentiality means containing of the information, the unauthorized disclosure of which poses a threat to the organization in its relationships with various stakeholders, the term transparency means the disclosure of information to the stakeholders and implies openness, communication, and accountability. Transparency is an information centric concept which relies on openness and access to information, viewed as a more accountable, more democratic, and more legitimate system of organizational management.
The stakeholders of the organization are the employees, directors, customers, suppliers, investors, surrounding public, local and statutory authorities, and all those who get affected by the functioning of the organization. In the present day environment, all the stakeholders have desire to be connected to the organization and likes to be aware of what is happening in the organization.
Organizational informations which are sensitive in nature, are required to be kept confidential since if these are disclosed or leaked can cause irreversible damage to the organization and its stakeholders. On the other hand organizational functioning is to be transparent so that undesirable actions can be prevented in time before they can cause severe damage to the organization and its stake holders. Hence a close balance between confidentiality and transparency is needed in the functioning of the organization. The organizational management is required to take a principled approach which acknowledges and understands conceptually that confidentiality and transparency are supposed to be different but compatible organizational objectives.
An organization normally holds large amounts of information, knowledge, and perspective which is required to be openly visible and available to all, and if not to the entire world, at least internally within and across the entire organization. Strategic goals and priorities cannot work if the people who are to achieve them do not clearly know what they are. For this type of information and insight, transparency makes the business function and barriers to them simply create avoidable disconnects, frustrations and problems. Hence, opacity and barriers to knowledge sharing in the name of confidentiality can only reduce the organization’s capacity to compete and its overall effectiveness.
The promotion of institutional and corporate accountability and the advancement of the rights of the stakeholders, combined with ongoing corporate and institutional scandals, compel organizations at least to consider potential transparency strategies for a wide range of issues connected with ethics, and organizational management.
The organization is required to be transparent and keep all the stakeholders informed of what is real and true. This helps create trust among the stakeholders, encourages more informed decision making, and supports greater participation. But when providing the information the management is required to know which information is to be transparent (openly communicated) and which information is to be kept confidential.
It is necessary that management of the organization conducts itself to be effective so as to meet the expectations of operational transparency as well as to maintain confidentiality of information in order to foster a culture for good decision making. Management sometimes combines and confuses confidentiality and transparency as two important, but seemingly opposite values. Organizations are expected to function in a transparent manner, but conducting business requires maintaining confidential information for legal and effectiveness reasons. Confidentiality needs to be balanced against the principle of transparency. All the organizations have to draw a line between transparency and confidentiality. It is important to understand the difference between the two terms and how they relate to each other.
A strict adherence to transparency and disclosure ensures that the management is firmly grounded in compliance with the law, while a culture of confidentiality ensures that management has the freedom to tackle the tough issues so it can rise to new heights. There are situations which need transparency and others which need confidentiality and the organization is to make the right choice at the right time.
The related term of confidentiality is privacy and that of transparency is accountability. Transparency is a prerequisite for accountability. There is need for the transparent information to be available if the stakeholders are to hold authorities accountable. On the other hand, everyone has the right to some privacy. Some information is required to remain confidential for there to be privacy, and, hence, confidentiality is a prerequisite for privacy. As a result, there is a potential conflict between transparency and confidentiality and between accountability and privacy. Over the years, social sensitivity to transparency and accountability has developed, but there has not been a corresponding level of public concern about confidentiality and privacy. This can be due to a reaction to the previous lack of transparency and enchantment with the availability of new technologies. However, this imbalance can lower the quality of organizational management. Hence, for good organizational management the balance between transparency and confidentiality is necessary.
Transparency is a condition for realizing accountability. Accountability is a value which is frequently associated with such concepts as responsibility, liability, and other terms linked with a belief in account-giving. It can even be used synonymously with the concept of responsibility. Confidentiality, however, is not to be confused with secrecy, as it constitutes a condition for privacy. Privacy is the right of individuals to hold information about themselves in secret, free from the knowledge of others. Privacy is, hence, the ability of an individual or group to shield themselves or information about themselves and, thereby, to reveal themselves selectively. The borders and content of what it is legitimate to regard as private differ from culture to culture and from individual to individual, but the various definitions share a number of basic common themes.
Finally, the concepts of good management, transparency, accountability, confidentiality and, privacy are all related to trust. Trust is a social phenomenon. Trust is attributable to relationships between social actors, both individuals and groups. Fig 1 shows relationships between transparency, accountability, confidentiality, and privacy.
Fig 1 Relationships between transparency, accountability, confidentiality, and privacy
Confidentiality is regarded as a significant feature in the functioning of the organization. Information confidentiality and security is essential for the smooth functioning of the organization. The confidentiality is defined as ‘an action in equity to restrain a person who has received valuable or sensitive information in confidence from disclosing or making use of that information’. It means that the employee is to be asked to treat the information as confidential or it is to be obvious that information is given in confidence.
Confidential information can be defined as ‘any and all information of the organization which is not normally available to the public, including any information received by the organization from any person with any understanding, express or implied, that it is not going to be disclosed. Confidential Information does not include information which enters the public domain, other than through a breach of confidentiality obligations.
Confidentiality has been defined by the International Organization for Standardization (ISO) as ‘ensuring that information is accessible only to those authorized to have access’, and it is one of the cornerstones of information security.
Confidential information refers to that information which if disclosed without authorization, can be prejudicial to the interests of the organization and / or individual(s) in or associated with the organization. Confidentiality is the obligation and right not to disclose information to the unauthorized individuals, entities, or processes if it is going to harm the organization, its business relationships, or an individual. It is part of a duty of loyalty for the management.
Confidential information includes any information which is not publicly known. It can concern technology, business, operation, finance, transaction, or other affairs of the organization. Confidential information is that information which is commercially valuable and includes such information such as trade secrets, business information, or personal information. The organization is required to make a list of the informations which comes under the category of confidential informations. This list is to be known to all the employees so that they can comply with the confidentiality requirement of the organization.
Examples of confidential information include but are not limited to any document, discovery, invention, improvement, patent specification, formulations, plans, ideas, books, accounts, data, reports, drafts of documents of all kinds, correspondence, supplier or customer information, lists and files, decisions, information about employees, strategies, drawings, recommendations, designs, office precedents, policies and procedures, budget and financial information in any form, i.e. physical, electronic, electromagnetic or otherwise.
Confidential information regarding unpublished inventions can be particularly sensitive. Disclosure of an invention before a patent application is filed can cause irreversible loss of intellectual property rights to the owner of the invention. Even after a patent application is filed, care is required to be taken not to disclose improvements to the invention. Trade secret protection is also lost through open disclosure of the secret.
Organization accumulates confidential and proprietary information over time both about its own services, products and functions, and about its customers and others with whom it deals with. The internal confidential information and processed knowledge includes planning and other future oriented resources as well as information of immediate, current utility, and concern, and these types of information are dispersed throughout the organization, and normally on a need to know basis of some sort.
The purpose of confidentiality is essentially two fold. Firstly it protects sensitive or confidential information of the organization and of its suppliers and customers. Secondly, in order for the organization to be effective, organizational employees and personnel are in a position to be able to share information and knowledge, and hence confidentiality is necessary as a condition of trust. The best protection against breaches in confidentiality is to keep the number of employees and personnel who have access to sensitive information to a necessary minimum. Intentional, repeated, accidental, or unauthorized disclosure of any confidential information by any employee the of the organization is normally leads to disciplinary action against the employee.
Confidential information in the organization is required to be disclosed only on a ‘need to know’ basis. The confidential information is to be disclosed only when the information is necessary to the employees for the effective performing of their employment duties.
Transparency concept is predominately understood to be based on information sharing and it is solely dependent on high disclosure level of the information. It is the disclosure of information to the employees, public and other stakeholders for operational reasons as well as to indicate that the organization is managed well, functions in an ethical manner and handles its finances with efficiency and responsibility. It means ‘helping people to see into systems and understand why decisions are taken’. In other words, transparency refers to a quality of openness and truthfulness and it is the mark of a well-managed and mature organization committed to adopting and maintaining best practices. It brings confidence in stakeholders that no wrongdoings are taking place in the organization.
Transparency is one of those concepts in which everyone seems to be in favour of. However, in real life situation, it is not that simple. Employees are to know that there are limits to what can be disclosed to the team. Total openness can lead to total chaos. This is the major dilemma for the organizational management whether to be transparent or maintain confidentiality. It is agreeable that there are some situations in which information is not to be immediately disclosed to others. However, it is difficult to decide which of the information falls into this category.
Transparency is normally considered as a value. As such it becomes translated into a set of norms, policies, practices, and procedures which allow the stakeholders to have access to information held by the centre of authority (organization) and enable them to have confidence that such information can be audited by the appropriate agencies which operate on their behalf.
A definition of transparency provided by ESCAP (United Nations Economic and Social Commission for Asia and the Pacific) states that ‘Transparency means that decisions taken and their enforcement are done in a manner that follows rules and regulations. It also means that information is freely available and directly accessible to those who will be affected by such decisions and their enforcement. It also means that enough information is provided and that it is provided in easily understandable forms and media’.
Transparency is considered to have normally three dimensions namely (i) conceptualizations, (ii) conditions, and (iii) consequences, Conceptualizations mean whether transparency is understood as a mode of information disclosure or as a social process. Conditions means if the requirements of transparency are seen to include only the quality, quantity, and relevance of the transmitted information, or it also include more extensive communication, interpretation, and negotiation processes. Consequences mean whether the outcomes of transparency are assessed in terms of effectiveness or as surprising complications.
Transparency is not a destination. It is more than a milestone. It is a commitment to sharing information as the organization. It does not mean sharing of all the information all of the time. It is to be an intentional approach to keep the stakeholders well informed about the organizational matters. In several organizations, transparency has been an understood business practice from the start and it has always been a natural part of the organization. However, a proper level of transparency is required to be kept by the organization.
Transparency is part of a duty of compliance for the management. It gives rise to goodwill amongst the stakeholders such as customers, suppliers, the directors, statutory authorities, the service sector, and the employees. Transparency is also the mark of a well managed and mature organization committed to adopting and maintaining best practices.
Transparency is important since stakeholders are required to know the mechanisms of decision making and the decisions which have impact both on the organizational functioning and on the stakeholders. It is also necessary for the building of trust. It also facilitates the accountability of the activities of the organization. Furthermore, transparency is necessary in order to address other ethical considerations, such as fairness and accountability. Also, transparency has a wide range of motivations and applications.
Transparency is considered to be consisting of a matter of linear transmission of information in which a sender crafts a message or a collection of data and transmits it through a given channel to a receiver, possibly with some feedback or response. Hence, transparency is a two-way mechanical process and is considered as a flow of information available to the intended stakeholders.
Communication plays an important role in organizational transparency. The number of paths for communication increases with the increase in the number of the stakeholders, and it becomes a complex issue when the number becomes large. Hence, the key for the organizational management is to understand how to scale transparency. When the organization has 6 stakeholders, managing of the information and messages is simple. But, when there are say 100 stakeholders, then the complexities multiply and then it becomes more and more challenging to convey information and messages in a way which improves the clarity instead of causing confusion. Fig 2 shows the increase in the paths of communication with the increase of the stakeholders.
Fig 2 Increase in the paths of communication with the increase of the stakeholders
The rise of social media in these days and the demise of traditional organizational structure have created challenges in balancing transparency and confidentiality for the management of the organization. The increased use of social media has created a world where even the personal information is shared and people have an insight into businesses and the lives of people for which they never had access to, previously. Workplaces are evolving with new generation, in particular, value transparency from management. Social media has contributed to the demise of the traditional culture of a workplace of ‘closed doors’ and a ‘need to know basis’ which breeds low employee engagement. Employees now expect to know about the organization working and be included in decision-making processes. Greater levels of transparency from management result in greater buy in from employees and lead to improved performance.
However top management, as holder of sensitive information, need to tread carefully. Management has access to a range of information available with it. While transparency has many benefits, it is a fine line between what management can share and what needs to remain confidential for business and legal reasons. Further just like with all other communication, if the organization is using social media to promote the business and build relationships with customers, then the communication is to be genuine and credible. Customers can tell if the information is not genuine, and then the reaction can be immediate and damaging to the organization.
It is highly desirable that organizations carry out diligent efforts to improve transparency not only in their financial reporting but also in every area of their operations as a means for stakeholders to have the confidence in them. It is believed that information sharing is a powerful positive action and an ethical duty of any organization. Transparency is desirable at all level of management and in each functional area. When transparency becomes part of the corporate vision, it can produce long term benefits. Management is concerned that some attempts to pursue transparency are in fact attempts to gather sensitive information that, if released, can damage the organization reputation. Communication is the key factor between transparency and confidentiality. Transparency and Confidentiality is required to be balanced during communication. Various options for this are shown in Fig 3.
Fig 3 Options for confidentiality versus transparency
Transparency and business intelligence
Business intelligence transforms data into information which can be used to monitor the performance of the organization and the smaller departments within. There is a balance needed in the amount of transparency offered, versus the privacy and confidentiality of information. Sharing the information between departments triggers a sharing of knowledge between the departments. This means that individual departments can improve and the organization as a whole can have a better result.
When looking at transparency with this in mind, it sounds logical to have as much transparency as possible. However, for privacy reasons, it is necessary to have some restrictions on the data as well. Also along the lines of information areas, it is normal to have restrictions. This is mainly for operational business intelligence, where the information is supporting the role of the user in the organization. For management reporting though it makes sense to share information over the information areas in order to look at the information from all available angles.
A good approach for transparency and confidentiality in a business intelligence environment for management reporting is described below.
Transparency – All users get access to general, reliable and insightful information. General means for all the available information areas, to the level of a certain organizational department.
Confidentiality – Detail and transactional data only for users with the corresponding jurisdiction (according to organization mandate and function relevancy).
A prerequisite for this approach is that it is to be made possible to map the hierarchy which relates to organization for the relevant information areas.