The burgeoning scandal at Hewlett-Packard is undoubtedly tied more directly to privacy concerns and the Constitution than corporate governance and the Sarbanes-Oxley Act, but that doesn't mean some lessons don't spillover from one legal area into the other.
Silicon Valley icon HP has admitted to spying on the personal phone records of its board of directors and members of the media in an effort to root out a leaker. The company engaged in "pretexting" -- a term it's safe to say few had heard of two weeks ago -- which means investigators for the company called up phone companies and impersonated directors requesting their own records, a process that required little more than the last four of a director's Social Security number and a fake email address.
The company's high-profile chief executive, Patricia Dunn, who replaced high-profile predecessor Carly Fiorina, is accused of orchestrating that investigation, though the latest reports suggest that HP might have engaged in the practice of pretexting well before Dunn's arrival. Dunn has said that she learned her company was obtaining phone records back in June 2005 -- a practice HP counsel approved -- though the attempt to ferret out a boardroom leaker wasn't launched until a year later.
California Atty. Gen. Bill Lockyer is continuing his own probe into what he has called "colossally stupid" behavior, but hasn't said whether the business, or individuals, might face charges. In its filing with the Securities and Exchange Commission last week, HP said that outside counsel had said that while outside counsel hadn't declared pretexting "generally unlawful," the techniques used by HP might not have been generally lawful.
But without getting too farther into the semantics of the case, some of the real irony in the story lies a bit deeper. The disgruntled board member who quit HP in May and later played a huge role in bringing the behind-the-scenes story to the press, venture capitalist Tom Perkins, had clashed repeatedly with Dunn over her stickler tendencies when it came to corporate governance.
In a story relayed in last week's issue of Newsweek, Perkins told a tale about attempting to discuss ways to better compete with Dell and IBM with Dunn, who had little interest in the conversational thread. "She was fixated instead on her discovery that there were inconsistencies between HP's bylaws and the Corporate Directors Handbook," the magazine said. "Those inconsistencies then occupied hours of discussion at subsequent board meetings."
Of course, a few sentences later, the article does note that in the post-Enron area, such attention to detail isn't just a good idea, but a legal requirement.
The point in all this is all the laws and requirements in the world can only go so far in regulating human behavior. Questions of moral judgment in business ultimately need to be answered on an individual level and then, whether you like to hear it or not, sold to the organization by making a case as much by the numbers as by an ethics code. The legal requirements put in place under Sarbanes-Oxley aren't going to mean that those ethical shades of gray are going to turn to black and white anytime soon.
Whether addressing privacy concerns for directors and employees, or protecting investors through internal controls and ethical accounting, companies all have a responsibility to balance the good of the individual with the good of the organization. The HP case reveals that no matter how many laws are on the books, even when all a company's I's are dotted and the T's are crossed, the line between right and wrong can still look plenty murky to the most high-powered of executives when they're staring it in the face and think their company's well-being could be on the line.
