Predictably, organised criminals took the lion’s share of the blame being responsible for 98% of data breaches. Casting a mirror on tensions in contemporary society and protest movements, 58% of all data theft was attributed to activists groups (this contributing heavily towards the previous stat). Breaches involving internal employees at 4% were down 13% over 2010. Incidents involving hacking and malware were both up considerably last year – 81% of incidents involved hacking, while malware was involved in 69% of incidents. Physical attacks such as ATM card “skimming” were down 19% at 10%, no doubt due to increased public awareness and of banks stepping up their security and surveillance procedures.

Perhaps most disquieting were the commonality stats; 96% of the aforementioned attacks were not considered significantly difficult or skilled, and 85% of breaches took weeks or more to discover and were almost always (92%) discovered by a third party. The new EU data privacy directive (which is due after two years of implementation) proposes that organisations will have just 24 hours to report a data breach to authorities and affected parties after it has been committed. This proposal has been met with some ridicule from the IT industry, citing the impossibility of implementation, and they have a good point. But this disparity in reality and expectations should be sending alarm bells off in the heads of IT managers; not merely inciting scepticism at ‘yet another misguided EU directive’. That only a tenth of UK firms feel ready for the new EU directive, should be a carrion call to end denial that such breaches will only happen to others, never us. It is vital that companies of all sizes work harder to mitigate data breaches or, quite simply, they will just keep on happening.

How to avoid data breaches

Data breaches aren’t the exclusive preserve of customer data (credit card details, address etc). Medical records, intellectual property, trade secrets and corporate data are also very much on hackers’ menus.

The DBIR report states that 97% of data breaches are avoidable using simple to intermediate controls. Modern businesses must manage ever-burgeoning data stores and the proposed directive should prove handy to aggregate privacy standards, assign internal responsibilities and the like.

The hacker’s preferred means of entry are default password violations, system vulnerabilities (bugs, weak passwords, default configurations) and SQL injections (malicious code attacks). Compliance controls, web and messaging security systems and core systems protection measures should be used interdependently to effectively prevent attacks. ‘Though be aware, if an attack comes from an internal source, security infrastructures such as Microsoft’s UAC (User Account Control) will be significantly weakened. It is all about protecting your data at source and strengthening access controls and authentication systems.

Below are some guidelines for helping to prevent data breaches *

• Fully and comprehensively identify your company’s ‘critical data’ (personal details, credit card data) and scope all locations that need protecting both in a physical and networked sense – you can’t protect what you don’t know about. Evaluate the threats you consider to be present to your organisation both human and technical; who could be targeting you and why? Where does your business fit into the supply chain?
• Build a unified information security policy which covers all compliance requirements for your organisation, including disaster recovery and breach response strategies. Don’t focus on separate compliance projects when the recommended security measures could benefit all critical data in your company.
• Compliance can lead to complacency. Just because your company has been recertified as compliant, doesn’t mean that you can put your feet up – the threats are still out there.
• The new EU data directive states that companies with more than 250 employees should have a dedicated staff member to deal with data issues. Train all relevant staff on company security policy, data protection and breaches, and protocol for phishing attacks.
• Get rid of any unnecessary data clogging up your systems.
• Enforce unified data protection policies across servers, networks and endpoints throughout your organisation and monitor and mine event logs.

• Set up event management processes and security alerts. Aim to utilise behaviour-based detection systems, rather than solely signature-based.
• Set up automated, regular checks on technical controls such as password settings, server and firewall configurations and system updates.
• Consider blocking high risk sites, such as certain social media sites.
• Ensure all third party vendors are also adhering to these guidelines.

The Information Commissioners Office (ICO) offers free advice to businesses on how to deal with data breaches, though some areas of both the public and private sector are being slow on the uptake. Sadly, this inertia is at the expense of many. Between 22 March 2011 and 17 February 2012, 467 data breaches were reported by government and other public sector bodies, the majority of which were documents emailed to incorrect recipients. Such mistakes are costly, and I don’t need to tell you who foots that bill. Midlothian Council was fined £140,000 after repeatedly disclosing the personal data of children and their carers to the wrong parties. The ICO fears that due to lax breach prevention measures in place, there could be many breaches as yet undiscovered.

Under the proposed EU data directive, companies that commit transgressions can be stung for 10% of their turnover and the ICO, while recognising that the public sector handles more sensitive data than the private and thus is more prone to societally problematic data breaches, states they will impose fines on whoever commits the breach. Judging by recent cases such as Lush Cosmetics, such robust deterrents could prove a worthy motivator. The horse has already bolted in regards to the exposure of high-profile data breaches, gaping systemic holes and the unfortunate effect on the public; but we seem to be resting in some state of torpor where we are reluctant to even get that stable door fixed for the future.

Read more from Expolink about the politics of data ownership.

*This list is by no means exhaustive. When re-evaluating your procedures it is vital that you consider PPI DSS and similar advice. Every IT system has its own set of challenges!

The view from across the pond

Professor David Lewis recently asserted that he would “welcome criminal charges against companies that victimised whistleblowers” and voiced his support for rewarding whistleblowers for exposing wrongdoing, stating that this could help dissipate the feelings of isolation and trepidation felt by those contemplating blowing the whistle. This would put the UK whistleblowing policy further in line with that of the US. The Dodd–Frank Wall Street Reform and Consumer Protection Act was passed into US law in 2010 and features an incentivised whistleblowing procedure. Following its inception, several high profile cases such as Sherry Hunt of Citibank caused a rush of blood to the head and scramble of keys to the vault for businesses keen to protect profits and reputation and a raft of critics too to the internet, and to congress. Whistleblowing in the US is increasingly viewed as an extension of the ambulance-chasing culture that had further tarnished the insurance industry and become part of a litigation-happy culture across the pond. Critics also fear that the SEC’s whistleblowing site that was launched in 2011 and provides a convenient mechanism with handy navigation for “submitting a tip” and “claiming an award”, further diminishes the altruistic possibilities of reporting genuine misconduct for the protection of others. Concerned parties worry the advent of such mechanisms will encourage whistleblowers to bypass internal reporting processes, as outlined in IMA Statement of Ethical Professional Practice. The SEC has, of course, conceded such a possibility and asserts that they will consider accepting a claim that has already been reported internally if the report is submitted within 120 days.

These observations are not meant to trivialise the process that such whistleblowers go through, and even a cursory glance into Ms. Hunt’s case shows that there were significant grounds for investigation, incrimination and compensation. In many cases whistleblowing requires a high degree of tenacity and stamina in what can be an enduring and challenging process. Under Dodd Frank the amount paid to the whistleblower is in direct correlation with the sanctions ultimately imposed by the Commissions (SEC and Commodities Futures Trading Commission), providing they exceed $1,000,000 (between 10 and 30%). Clearly this is not a route that any chancer with a petty grievance would go down for an extra buck. In addition, it should be noted that Dodd Frank affords the whistleblower considerably more protection than the SEC. They are protected from employer counteraction and are able to bypass the traditional administrative process with the Department of Labour and bring action directly with the Federal District Court.

Thoughts on the future of whistleblowing in the UK

The Serious Fraud Office (SFO) does not offer financial rewards to whistleblowers, although this is not to say the UK is fundamentally against incentivising reporting of wrongdoing; the Office of Fair Trading offers rewards of up to £100,000 for companies or individuals who report illegal activity that leads to prosecution or fines. An added bonus is the possibility of immunity from prosecution; something not offered by the SFO’s own whistleblowing procedure. The Ministry of Justice is in the process of developing deferred prosecution agreements which some commentators feel could see a rise in companies self-reporting to negotiate a more favourable settlement, and therefore an opportune time to review incentivised reporting. Aside from corporate misdemeanours there are a number of other situations where a more open, accepted and incentivised culture of whistleblowing would be helpful; consider issues of national security, benefit fraud (if memory serves there used to be a £50 prize for ‘beating a cheat’ back in the 90s…) and considering the recent healthcare scandals a reward process could certainly find a useful home at the NHS.

In a utopic ideal we would not only have a world devoid of incentivised whistleblowing but we would not have the crime that warrants hotlines in the first place. One of the most clear-cut ways of letting someone know that they are being rewarded, or have done the right thing, is to give them money. Assuming that a financial reward will colour the motivations of whistleblowers overseas, or perhaps in the future, on these shores, shows little understanding of the tribulations surrounding the process. The benefits from encouraging personal ethics in the workplace or society and considering rewarding those for taking a stand should be up for discussion. Consider the possible ramifications a whistleblower might be subjected to; loss of earnings, promotion delay, sanctions, harassment and other moral and material damage. Organisations that foster whistleblowing as an integral part of their corporate governance strategy help protect themselves against fraud, bribery, corruption, malpractice and much more. Not to mention the highly embarrassing and costly media and public exposure such disclosures can result in. And let’s not forget protecting those who have blown the whistle and put others security and wellbeing above their own; who have risked career, associations and safety.

What motivates the whistleblower?

Supposed financial motivations aside, what does motivate people to blow the whistle? Wanting to do the right thing, a desire to see accountability and justice, a sense of responsibility, protecting colleagues, protecting revenue of employer (and therefore one’s own job) are all valid, prevalent and positive reasons for whistleblowing. Some individuals may balk at disclosing wrongdoing in larger organisations as they perceive their ability to influence change as limited at best. But history has shown on plentiful occasions that these heroic people can become a David that beats Goliath, whilst the latter was too busy polishing his armour. Clearly bad pennies do turn up; those who are blinded by the possibilities of media attention or focussed solely on retaliation for, perhaps, dismissal or the perception of unfair treatment. But submitting to such scepticism is reductive and unhelpful to whistleblowing as a process and area of study.

The vast majority of us hope to live in a society of fairness and accountability, and ultimately perceive ourselves as moral agents promoting these values. This idea of the individual as the driving ethical force is referred to as ‘virtue ethics’. Academics such as Thomas Alured Faunce see virtue ethics as a more appropriate and progressive framework for whistleblowing; that disclosure is more a reflection of one’s own moral character and actions, rather than those of society at large or that we are just passive beings, blindly adhering to prescriptive rules. When it comes to negotiating ethical quandaries, looking to ourselves to honestly gauge how we would handle situations affords a more productive perspective than judging others on our assumptions of their motivations.

In 2010 The National Whistleblowers Centre (NWC) submitted a report to the SEC entitled “Impact of Qui Tam Laws on Internal Compliance.” The report was in response to concerns voiced by SEC commissioners and corporations regarding Dodd Frank’s potential impact on existing corporate compliance programs. The study analysed cases filed under the False Claims Act from January 1, 2007 to present and found that whistleblower rewards have “no impact whatsoever on the viability of internal corporate compliance programs or the willingness of employees to report suspected violations to their employers.” 87% of these filed cases initially reported their concerns internally, either to supervisors or compliance departments. Just 0.9% of employees who would eventually file a qui tam case worked in compliance and did not initially contact their supervision prior to contacting the government.

David Harris has been the Head of Business Conduct at BAE systems since 2009 and is a Chartered Member of the CIPD. Prior to BAE he worked at Lockheed Martin for 12 years in a variety of roles including, most recently, Director of Corporate Responsibility & Ethics, Ethics Officer and HR Operations Manager. David’s specialities include business ethics, ethics and business conduct, HR management, people management, coaching and mentoring and programme management.

How has the culture of ethical business changed in the last 25 years?

I’m not sure it’s been a culture change per say, more a need to clean up some ways of “accepted” business and make them “acceptable”. Stakeholder expectations have increased dramatically. The speed and detail that business-related information is now available would have been unthinkable a lot less than even 25 years ago. This increased information and knowledge has enabled us to challenge the way that people act and business is done. It’s no longer about what we do; it’s how we do it. Another change has been the clear demonstration of how irresponsible business can so negatively affect the lives of individuals, with no direct connection between the two.

What are the greatest challenges ethical businesses face?

For me it’s creating and sustaining the right culture and knowing that you have it. For all the effort and creativity we put into codes of conduct, policies, compliance training et al, everything hinges on our employees acting as we want and expect them to act, including how they deal with dilemmas. Another challenge is satisfying the need for and variance of relevant and engaging information that stakeholder groups seek. Providing the right types of evidence to support your statements and for that evidence to enable others to trust the same statements is wholly necessary, if a bit tricky!

If you could set one piece of global legislation to make businesses work more ethically what would it be?

I’m not sure that more legislation is what we need because we are talking about behaviours of people and organisations (collections of people). Legislation, like policies and processes, has its place, but what determines how a business works and how its people respond to situations is culture – ethical culture built in an ethical environment on ethical values and principles. Rather than more legislation, how about effective enforcement of that which we already have? Perhaps then we would see any gaps.

In terms of ethics, what are your greatest fears for the UK business community?

I’m not sure I have too many fears other than perhaps a creeping complacency from watching the financial and media sectors taking a beating. Complacency based on a [mistaken] belief that it “could never happen” to them. I think the UK Bribery Act forced the debate around, and understanding of business ethics and how it differs to compliance. In recent years I have seen a dramatic increase in the breadth of industry sectors and businesses I come into contact with at conferences and network-events, and the discussions are very different now. The openness amongst those working in this area is both refreshing and encouraging; it’s almost camaraderie and one I rarely felt outside of my own organisation when in HR or engineering. What also allays my fears is that, across the UK business community, this area of work is attracting very talented individuals with broad expertise, skills and knowledge, me not included of course! People who have the courage and conviction to drive the changes where they are needed in their organisations.

Geographically, what are the most predominant areas for risk at present? And what is the nature of those risks?

I don’t feel too qualified to comment in detail or to single out any region or country. But what I do think is that it doesn’t really matter where you are or intend going – robust and effective risk management through your planning as well as execution phases is critical. Having a long-range risk radar that prevents you making assumptions against limited pieces of information or intelligence is a great help. Being able to collate often disparate pieces of data to build a picture that then informs and promotes the discussions amongst and challenges from senior leaders. If you can do this then it doesn’t matter if it’s a new joint venture in the EU or a new plant in Asia, the risks will be identified, qualified, quantified and managed.

The response to the Bribery Act from the business world has been well documented; but from your own point of view, what have been the most significant contentions and concerns with adhering to the legislation?

We welcomed the Act all along because we saw the need for something that helped create a level playing field for certain business activities and transactions around the world. I think what gave most people concern was the idea of needing “adequate procedures” without being told what they should look like. For us we continue to devise better ways of measuring and monitoring various processes and procedures to increase our confidence of “adequacy”. I’m not a lawyer, but personally I get a sense that the idea of self-disclosure is something that many are at best unsure of, at worst completely distrusting.

What are the aspects you most enjoy/like about working in business ethics?

I absolutely love the fact that everything we do has to be the result of data and information gathering; some process of analysis and synthesis to understand what is actually going on; the design, development and deployment of improvement interventions and then monitoring those to see if they had the impact you set out for.  Through networking and benchmarking I see lots of companies and talented individuals doing great things and many new ideas emerging all of the time. But no-one can tell us what we need to do for BAE Systems, or how to do it – though some do try! It’s for us to decide and explain and although we find ways to test things out there is little if any room for failure.

And least enjoy?

Ironic – but not having a book that now again I could turn to that says “here’s the solution to your problem”! Not that I would want this often, but I do get a bit put off by the amount of academic research, opinion and direction out there that is almost impossible to translate into the workplace.

What has been the toughest challenge of your career? Moving from a career in engineering into HR management was a massive eye-opener for me. Until then I thought I knew people as well as a bit about the business. I wasn’t even close! So much change for me personally, at a time that the company I worked for was changing significantly too, meant that the first year remains the most sustained period of intense pressure I have faced. Having said that it is probably the most enjoyable because I learnt so much about myself, and it wasn’t all good either!

What do you consider to be your greatest achievement?

I don’t do questions like this very well as there is very little I have achieved without the help and support of others. From the workplace the thing I am most proud of is helping some of those I have been lucky to manage realise their own potential. To see people grow in capability and confidence to move on to and be successful in roles way beyond their early ambition gives me real satisfaction. Maybe one or two of my early managers feel that about me? Or maybe not!

As Europe and the world becomes more integrated, working practices change fast and often affect more than one country at a time how to you keep abreast of what affects you and your company?

Sometimes the amount of information and the volume of opinion can be overwhelming to the point where it would be easy to switch it all off. But it is essential to keep abreast and so I rely on one or two good sources of “summarised” reporting (I can go to the detail if I wish) and networking. I find that regular contact with well-chosen groups and trusted, like-minded individuals help in sharing ideas and practice and keeping me sane (being in an ethics role can become lonely!). We may be dealing with things differently, but most of us are struggling with exactly the same source-problems and I find that sense check really valuable. One of the things I would recommend anyone does is develop some effective filters for things you pick up. If it sounds like waffle or narrow opinion, drop it and leave it dropped. If it sounds like a real nugget you may want to refer back to, put it somewhere you will easily find it. But don’t become a squirrel, like cupboards even IT systems have their capacity limits!

How do you encourage best ethical business practice internationally?

The “must do” and “must not do” items of policy are simple, but they cover just a small percentage of what our employees are likely to face. One of my favourite quotes is “If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck”. Almost everyone has intuition for when something isn’t right – that is the time to seek advice. If it does not fit with our values and expectations then it isn’t right, for us at least. And of course, having access to a confidential helpline that they can trust will encourage them to seek advice in difficult circumstances.

See David’s LinkedIn profile.

View BAE’s Corporate Social Responsibility Pages.

Read our interview with Philippa Foster Back Back, Director of the Institute of Business Ethics.

David Lewis is Professor of Employment Law at Middlesex University and convenor of the International Whistleblowing Research Network. He has published articles on whistleblowing in both law and management journals in several countries and has contributed to and edited three books on this subject.

In this fascinating Q and A he discusses whistleblowing policy, the future of whistleblowing, domestic and international legislation and more. 

What’s your opinion of the state of play of whistleblowing in the UK?

Whistleblowing procedures are now very common in the public sector but less so in the private sector. However, this may change rapidly as a result of the Bribery Act 2010 which provides a complete defence to the charge of failing to prevent bribery if an organisation can prove that it had “adequate procedures”.

Research conducted by Public Concern at Work shows that many people are unaware that there is some employment  protection for whistleblowers so greater efforts are needed to publicise and explain the legislation. Despite the fact that the relevant statute has been in force since 1999, I suspect that many potential whistleblowers are still choosing to remain silent about serious wrongdoing. This cannot be in the public interest.

And overseas?

Other countries are increasingly introducing legislation. Some of this is modelled on the UK but quite a few statutes are more sophisticated. For example, the UK only aims to protect whistleblowers whereas elsewhere there are attempts to encourage disclosures and to ensure that concerns are properly investigated. A statutory obligation on employers to maintain whistleblowing procedures is becoming more common. Research in the US demonstrates that in practice rewards promote whistleblowing so some Governments have started to make provision for them.

Do you think whistleblowing works?

Although the process of whistleblowing is often seen as problematic, we should bear in mind that there is evidence from a large scale research project in Australia that whistleblowing can be successful. The main reasons people give for being unwilling to report wrongdoing are fear of retaliation and a belief that raising a concern will make no difference. If employers can create a positive culture by committing to a confidential reporting procedure which complies with good practice and can demonstrate that they value disclosures and will protect disclosers, there is no reason why internal whistleblowing should not work. Inevitably, things will go wrong occasionally so employers need to contemplate external disclosures. Again, if this is managed properly, for example by suggesting appropriate recipients of information, it should be possible to avoid destructive media or internet disclosures.

Do you think the legislation in place (Public Interest Disclosure Act) is robust enough to encourage and protect whistleblowers?

As previously mentioned, the legislation in this country only seeks to protect workers who choose to blow the whistle. It does not require employers to have a whistleblowing procedure and does not  normally oblige workers to raise concerns. If we want to encourage disclosures about wrongdoing there needs to be more emphasis on the message rather than the messenger. At present the “good faith” requirement may deter some important disclosures because potential whistleblowers may be uncertain about whether or not they will be protected. The legislation also contains other expressions that are undefined and problematic, for example, “substantial truth” and “exceptionally serious failures”.

What advice do you have for organisations that have adopted a whistleblowing policy?

In my opinion top management needs to demonstrate a commitment to a culture of openness and should ensure that their organisation has a procedure that complies with good practice as set out in the 2008 BSI Code. For example, it should indicate what concerns should be raised,  how and with whom; it should guarantee confidentiality as far as possible and give undertakings about retaliation; it should provide for investigations where appropriate and for a discloser to receive feedback about the outcome. Procedures should be introduced after consultation with union or other worker representatives, be well publicised and regularly reviewed.

What problems are caused by the portrayal of whistleblowers in the media?

We need to bear in mind that successful whistleblowing is rarely newsworthy, except perhaps when an individual receives a large reward.  A particular problem so far as I am concerned is that the media have failed to convey the fact that some external whistleblowing is protected by UK legislation whereas it is highly unlikely that internet disclosures will be covered.

What changes do you see happening in the next 12-18 months?

As a result of the changes in the unfair dismissal provisions, many commentators are  expecting that more whistleblowing claims will be brought. Apart from discrimination complaints, workers who lack two years’ service will have no other mechanism of having their dismissal case heard. Because it is an issue of enlightened self interest, I anticipate that more employers will introduce whistleblowing procedures and ‘hotlines’ and will publicise their arrangements on websites.

If you would like to find out more about how confidential whistleblowing hotlines can help your business please contact scott.bridgen@expolink.co.uk

The Corporate Manslaughter and Corporate Homicide Act 2007 came into effect in April 2008, ‘though companies have been open to manslaughter proceedings since 1965. The first conviction (link to http://www.expolink.co.uk/2011/03/corporate-manslaughter-act-first-conviction-arises/)  in February 2011 of Cotswold Geotechnical Holdings Ltd resulted in a fine of £385,000, £115,000 under the minimum fine suggested in the 2010 guidelines, due to its precarious financial position. Cotswold Geotechnical Holdings is a relatively small company, the litmus test of the reach of the law would be when a substantial organisation with an elaborate management structure is prosecuted. For a successful conviction the following needs to be proven; that the defendant is an organisation that causes the person’s death, that the duty of care owed by the organisation was breached due to mismanagement of activities on a senior level and that the defendant must not fall within one of the exemptions to the Act (military operations, policing, emergency response, child protection work and probation to name a few).

Given that the first conviction resulted in nothing more than a fine, it would seem that holding iniquitous companies to account would be as easy as juggling salt. If a company has diffuse layers of management, assigning accountability takes you right back to grappling with the salt seller. What corporate liability benchmark should be imposed when deciding if it is the company or the individual at fault? Fundamentally, the Act needs to show that its purpose, to streamline the accountability process for corporate manslaughter cases, is workable both with cases of clear liability and for those where multiple parties or contexts are involved.

The public, while sceptical of the fluidity of legal proceedings in the UK, is generally in support of the onus of responsibility being held by business owners, and suspicious of junior employees being scapegoated to avoid penalty; of situations where corporations wriggle free after neglecting their health and safety obligations. Media proliferation and public demand for accountability in the face of disasters such as the Potters Bar train crash and the Costa Concordia have added to the carrion call for change.

In December 2005, Olivia Bazlinton and Charlotte Thompson, aged 14 and 13 respectively, were killed instantly after being hit by a train at a level crossing at Elsenham station. Network Rail pleaded guilty to two charges under The Management of Health and Safety at Work Regulations and to one charge under the Health and Safety at Work Act. A risk assessment conducted in May 2001 noted the wicket-gate pedestrian crossing was “undesirably risky”, and a report three years prior to the incident had recommended automatic locking gates at the crossing, but this had never been actioned. Despite the judge damning Network Rail with allegations of “corporate blindness” and acknowledging that the company “failed to ensure that the risks were properly assessed, controlled or managed”, no charges were made under the Corporate Manslaughter Act and the company was fined £1m within the aforementioned statutes. So, to surmise, a public crossing with considerable footfall was allowed to remain for a number of years with inadequate safety measures in place, resulting in tragedy, the company admitted fault and still charges of corporate manslaughter were deemed inappropriate! Motivation indeed for large organisations to commit to governing their health and safety with an iron fist…

In July 2008 three year old Meg Burgess was killed when a wall designed by George Collier and constructed by his company, Parcol Developments, collapsed on to a footpath in Prestatyn, north Wales. Rosemary Ainslie, lawyer for the Crown Prosecution Service (CPS), deemed that as Mr Collier represented ‘only’ half the company directors it was not in the public interest to extend the charge to Corporate Manslaughter. This strikes me as a problematic and unproductive decision, not to mention one with suspiciously avaricious undertones. The law, supposedly aimed at protecting and compensating citizens like Meg’s family, was swayed in this instance not to prosecute Parcol, who as an organisation with depleted coffers had little to offer the CPS.

David Cameron’s recent plans to privatise roads could result in increased litigation for private companies if accidents arise from poor maintenance. At present this is under the remit of the Highways Agency, Transport for London (TfL) and similar public bodies. Following the death of cyclist Deep Lee at a notoriously dangerous stretch of road in the capital, Detective Chief Inspector John Oldham, head of Scotland Yard’s Road Death Investigation Unit, said that although corporate manslaughter was one of a raft of offences that could be applied to the incident, the Act was  “badly drafted” and had “loopholes everywhere.” Transport consultants had advised that the area was extremely hazardous and had failed design standards for safe cycling (it is due an upgrade in time for the Olympics). The case presents another problem with accountability. When asked about the design standards of the road, Mayor Boris Johnson stated that the structure had been implemented before the guidance was published. It is hard to see why the above cases would not be considered as valid grounds for corporate manslaughter charges and, unless I am mistaken, none qualify for exemption. The beacon of accountability is an ever-diminishing light. At time of writing, no charges have been brought in the case.

Justice is a shaky entity in systems that favour Goliaths over Davids. Decentralised safety services are problematic in delivering such justice but it cannot be that due to devolution of responsibility, accountability can be swept under the carpet by smart talking corporate lawyers. To encourage business owners to meet their health and safety and governance responsibilities robust deterrents need to be upheld and negligent companies held to task. There are, of course, arguments for culpability to lie with both the organisation and the individual. Often it is the actions of a number of responsible individuals, from policy makers to policy undertakers that cause an incident, and apportioning blame can prove contentious. If an individual is ultimately held responsible they may not have the means to effectively repair the damage done. Conversely, it is unacceptable for individuals to feel that they are not culpable for their own actions

Between 1992 to 2005 (prior to the Act) there were 34 prosecutions for work related corporate manslaughter in England and Wales but only six small organizations convicted. Clearly that system was not working. What is important now is to ensure processes of the Corporate Manslaughter and Corporate Homicide Act are tight enough to tie loopholes in the system and not allow it to become the next on the list of laws that oleaginous corporations laugh in the face of.

As part of our commitment to promoting good corporate governance and ethics across the global business world, we are delighted to be sponsoring the Institute of Business Ethics Masterclass on Building a Speak up Culture, facilitated by Lori Tansey-Martens of the International Business Ethics Institute, Washington DC.  Our Hotline Manager, Scott Bridgen, will be attending to contribute to the discussion on how whistleblowing hotlines can play a vital role in every business’s corporate governance strategy.

The course takes place on Friday 18th May  2012 in London. For more information on the IBE website click here or contact either events@ibe.org.uk or scott.bridgen@expolink.co.uk.

Once hailed as the answer to spiralling contact centre costs, automated telephone systems are now widely blamed for a large proportion of revenue loss. So, if it’s the telephone you use to sell your product or service, make sure it’s manned by a real person – one who will answer your customers’ questions and not drive them to the brink of taking a hammer to the telephone handset. The backlash against automated phone systems has begun!

Arm your Customer Service Agents with all the goodies they need to do a great job
Whilst it true that you may occasionally receive a call from someone who‘s just phoned for a chat, on the whole your customers want their query answered quickly and accurately with the minimum amount of fuss and time spent on the phone.

In order to provide such a service, it is essential that customer service agents have better tools to do their jobs.  Systems should put all the relevant information about a customer right in front of their eyes. Irrelevant and unnecessary information should be kept to a minimum to cut back on the amount of reading (and erring) involved, and all this information should be displayed in an intuitive, efficient and organised way for at- a-glance reference.

Check your priorities – your customers’ needs must come before your own
Companies are slowly learning that, while customers appreciate self-serve options that provide a genuine benefit to them (e.g. ATMs, on-line shopping, etc.), they’re not so impressed when a company is just trying to dump the work back on the customer (e.g. Self-serve checkouts).  Mums with kids in tow for example, probably aren’t going to have their hands free to operate the self-service checkout whilst trying to restrain a couple of wilful toddlers… So why on earth would a large well known chemist (and notorious haunt of the busy mum) do away with the majority of their manned service tills in favour of the somewhat less dextrous self-service checkouts? Lunacy! Thankfully though, a number of large grocery store chains have seen the light and are in the process of removing their self-service checkouts.

Keeping mums happy isn’t the only very strong argument for doing away with self-serve checkouts though. In reality, how much money do they actually save the retailer? Surely the money saved needs to be weighed against the amount of shrinkage caused by certain celebrity chefs taking advantage of the lack of personnel by pinching “low value goods”. Ready Steady RUN Anthony Worrall-Thompson! In all seriousness though, it’s well documented that the very solution designed to save the retailer oodles in salaries is now costing them an arm and a leg in retail fraud and theft.

Quality control
This should arguably be at the top of this list- surely, the first defence against customers complaints is to minimise what they have to complain about in the first place i.e. make sure that the quality of your product or service meets (or preferably exceeds) the expectations of your customers.

Customer service training is back
More and more companies are re-investing in employee training when it comes to the treatment of their customers – mainly due to the fact that customer service has become the most utilised form of brand differentiation (see added value below).  Expolink Europe Ltd, providers of contact centre services to over 130 household names, currently offers NVQ qualifications to its entire contact centre staff and David Crook, CEO believes it has “paid dividends in terms of client retention.”

Added Value
Marketing professionals have long advised clients to provide their customers with a “value added proposition”. It’s nothing new but in an environment where price no longer differentiates competitors (because everyone is charging the same minimum rate just to get a sale) it really is giving that little bit extra that gets you noticed.

So what is it? Well, in a marketing nutshell “added value” is simply something you can give to your customers that is of high value to them, but of low cost to you.

It can be as simple as offering advice on how to make the most of the product or service they have bought from you, complimentary accessories they cannot do without, or discounts for return custom or referral to another customer. It can even take the form of quality assurance or a guarantee.

The idea is that the customer perceives the increased worth of what you are offering them, in the guise of excellent customer service or quality of your product’s features, all of which goes towards gaining customer loyalty and repeated business. Of course this all depends greatly on undertaking relevant and effective marketing research to find out what your customers really want – which is a time consuming process, but the rewards could be well worth the effort.

The Gripevine
it’s amazing how much bolder people feel about complaining when they do it online. More and more people are using social media to shout out when they have customer service beef. The advent of social media has been likened to a tidal wave – and you can see why, it’s a force of nature and if you don’t master it, it has the potential to destroy you.

Australian clothing giant Gasp fell right off the crest when one of their sales people was quoted on Facebook and Twitter as saying “I knew you girls were a joke the minute you walked in”  after bride-to-be Keira O’Neill declined to buy the (considerably more expensive) pink wedding dress the sales person “recommended” she buy.  As if this tale weren’t damning enough, Gasp then proceeded to complete their social suicide mission by publicly defending their salesperson, saying he was “good at what he does… and doesn’t like his time being wasted”;   you can imagine the ensuing social uproar.

As a result of stories like this, and the tools that people now have at their disposal to make a public complaint, we are starting to see a re-awakening of consumers. People are far less inclined to accept second best in the way they once were, taking direct, and sometimes devastating, action.

On the up side
It’s not all doom and gloom, owing to its power, there’s an awful lot social media can do for your business if you play it right. Companies that are prepared to put their customers first now have the opportunity to reap the rewards. So make sure your customers have plenty of good things to tweet about.

But even if you do get a bit of bad press… lap it up! It’s the way you deal with this (ideally well and publicly) that can completely turn around the public perception of your company.

Social media sites are also an infinite source of management information. Actively encourage your customers’ natural urge to vent their spleen and use it to make them feel listened to! Where practical, you could even make the suggested changes and advertise the fact that, thanks to Mrs Jones from Dorchester, everyone can now benefit from better customer service. Power to the people!

£2.1bn - Predicted tourist spend for London Olympics and Paralympics

What has 11m legs and a never ending list of demands? The expected daily visitors at this year’s London Olympics, of course!

Lloyds TSB estimate that the Olympic Games will generate £10bn in revenue for the British economy and visibility of our small island will skyrocket with an anticipated £4bn people watching the opening ceremony alone. The government hopes the Games will bolster the tourism and service industry, not only in terms of revenue but also in reputation, and seeks to galvanise business leaders and service industry workers into action and put paid to the perception that the British welcome is colder than its winters…

So, is the UK up to the challenge? The nation’s favourite blusterer, Mayor Boris Johnson, launched a Visitor Charter to encourage businesses to pledge fair pricing and practice during the Games, an enterprise that might induce the scoffing from some sceptics especially since, at time of writing, only 62 businesses, from Madame Tussauds to curry houses, have subscribed. Only a fool would expect to holiday in London at this time on a shoestring (even though a 2011 Mercer report ranked the capital as a mere 18^th in its list of the world’s most expensive cities), but opportunistic greed is still evident in the findings from a report commissioned by Tessa Jowell, the Shadow Olympics Secretary, stating that hotel prices are anticipated to rise by an average of 315%. In addition, greedy landlords are routinely evicting tenants in order to gouge tourists to the tune of 15 times normal rental rates, with additional “penalty clauses” for extended stays.

Whether these bums on seats and heads on pillows belong to oligarchs or Joe Public, what can this barrage of visitors expect from the UK and its service provision? A survey by the People 1st Training Company found that 73% of business leaders have their doubts about the quality of UK customer service and only 14% think our approach to hospitality is a selling point. Grim assertions indeed especially as 86% of those interviewed admitted to making no business preparations for the Games yet a similar figure acknowledged the positive potential of doing so! (Do the maths…)

A Government Report revealed that the UK ranked sixth out of fifty countries in international tourist arrivals in 2009, ‘though one of the lowest scores in reasons for visitors to come to the UK was the anticipated welcome. With accessibility to global tourism sites such as Angkor Wat and Machu Picchu increasing, it’s time to up our game. If we are able to convince the world of the UK’s charms it can help us become a desirable location to tourists from growth markets such as China, Brazil, Russia and India. And let’s not forget the Cultural Olympiad featuring a plethora of post-modernistic entertainment from Damien Hirst to performances of 38 plays by Shakespeare. at the Globe from 38 different nations, in the same number of languages.

Sue Gill, head of skills and training at Tourism South East, told Personnel Today that all staff working in the service industry need to be coached in cultural diversity and preferably in an additional language, and employers should encourage staff to enrol in customer service courses and take part in best practice forums. A European Commission survey in 2001 found 65.9% of UK respondents only spoke their native tongue – by far the highest proportion among the EU countries polled. And though English is known as a second language by one third of the EU population, this does not take into account visitors from outside the EU, of which there will be many in 2012. In our global community, negotiating cultural boundaries and obstacles in a sensitive manner is of upmost importance – particularly when protecting brands and ensuring great customer experience. Linguistically we might not be chasing the tails of pentaglot Nick Clegg (look it up..) but we have some advantage due to the sheer number and variety of regional accents we are used to deciphering. Putting guidelines in place such as identifying colleagues with language skills, training staff on basic phrases such as “please hold/wait for a moment while I…etc” in a few of the most widely spoken languages and ultimately encouraging staff to exercise patience and courtesy can help dissipate cultural or language barriers considerably. Why not make use of some of the many online translation tools available, or consider offering chat, email or other print-based customer support alternatives.

The UK’s cultural diversity is one of the Government’s key selling points for optimising the economic benefits from the Games. In order to achieve this, improve global perceptions of the UK, and for visitors to be engaged and gain an appreciation of UK culture, those providing services must be culturally aware and able to meet the disparate needs of their clientele. Why not initiate a two-way cultural awareness education program across the industry enabling all parties involved to enjoy and benefit from the 2010 experience? Exhibiting empathy, suspending judgment and learning as much as possible about the cultural norms and values helps avoid misunderstandings and creates a fluid customer service transaction. But this should not be at the expense of exhibiting our own cultural identity. Surely the whole purpose of overseas travel is to see and experience different ways of life, so it is vital to strike the right balance between local and global culture. And as with many such vexations customer research and ethnographic insight strategies could be the answer.

There has been much discussion about the physical legacy of the Games; what will happen to all those arenas, O2 can’t take them ALL over, surely!? But this is a great opportunity for our businesses and services to truly shine and to improve the perception of London, and the UK, as a tourist destination. The UK can’t rely on its traditional draws of heritage and culture to sustain tourism and must look to up its game in the areas that lack in quality such as welcome and value for money. Tourism chiefs are hoping for an extra four million visitors to the UK in the next four years as a result of the Games, so our re-energised welcome needs to be sustained and integrated.

Visitors to the Games are hoping for a holistically seamless and satisfying experience, from transportation to accommodation, gastronomic to aesthetic. In Sydney, urban legend goes that premier John Howard sought to arrange the city’s traffic lights to go green as the 2000 Olympic Committee traversed the city. The veracity of this is, of course, doubtful and the possibility of such tactics working in our choked, miasmic capital, non-existent. But it is entirely within the realm of possibility for the UK to prove the naysayers wrong and show that the UK’s customer service is second to none and our welcome is warm and inviting – even if the weather is not.

A Contact Centre Manager with over 20 years’ experience, Carol has a proven record of success in building, managing and delivering outstanding call centre services.

Carol originally worked as a Scientific Officer in South Wales before commencing her contact centre career with a direct insurance company in Bristol. From there she moved to a life insurance company to set up the outbound function, gaining a certificate in financial planning along the way. Carol has spent the last 11 years as Contact Centre Manager for a leading Bristol-based outsource company, growing the call centre from ten to 100 seats and expanding her experience working within highly regulated industries such as financial, government and utilities.

Carol brings to Expolink Europe a wealth of knowledge of managing a range of inbound, outbound and back office functions. Along with a an interest in how technology can aid and enhance the customer offering, she is passionate about developing the call centre team and strives to achieve and maintain a learning and empowering work place.

Outside of work Carol’s has recently completed a round-the-world trip, taking in USA and Australia before returning via Hong Kong. She has also grown to like a range of sports including cricket, succumbing to the consensus of a very male household! To relax she likes nothing better than settling down with a good chick lit novel.

Email: carol.workman@expolink.co.uk

LinkedIn: Carol’s Profile