To minimize such risks, Ahmed says more IT professionals need to step up and participate in efforts to establish whistleblowing policies. "Oftentimes the whistleblower program is considered a legal general counsel area," he says. But that's a mistake. "A technology group can play a very important role in helping design a whistleblower program and in analyzing the type of reports that are coming in, particularly as they relate to topics of information security."
For instance, Ahmed says that when deploying an in-house whistleblower hotline, a technology professional can act "as either an adviser or a partner in setting up these types of programs and influencing the kinds of reports that would be of use to IT as they try to protect the organization."
Education can also go a long way toward helping IT professionals better handle the sensitive issues that can arise from having unfettered access to confidential data and sophisticated computer systems. What access to confidential information does IT have? Do IT staffers understand their roles and responsibilities? Can they differentiate between data that is and is not sensitive? What are their responsibilities for reporting misconduct? What whistleblowing mechanisms are in place? How will they be protected if they choose to speak up? What proof is required to substantiate a breach or misconduct?
Only by making IT professionals distinctly aware of their roles -- and of the way whistleblowing will impact them both personally and professionally -- can companies successfully enlist IT in efforts to achieve greater accountability.
Proceed at your own risk
The enormous burden of whistleblowing, however, should never fall squarely on the shoulders of a single IT professional. Rather, Roth says, "it's extremely important that corporations send a signal that they assure whistleblowers that they will protect their identity and protect them from harm."
But there are no guarantees that an IT professional who lifts the veil on corporate misconduct will emerge from the experience personally and professionally unscathed. "If you work at a company and you release damaging information about them, how will that company regard you in the future?" Lewis asks. "Frankly, there will be a diminution of trust. You can add more legal protections [for whistleblowers], but there still will be social penalties that are going to be hard to avoid."
Just ask a whistleblower. "It's not for the faint of heart," says Walton. "I'll put it that way."
Sign up for Computerworld eNewsletters.