对于首席信息官来说,法律的工作知识不再是可有可无的,在这个时代,每个人似乎都对诉讼感到高兴。
首席信息官部署支持业务的技术,并努力将最优秀的 IT 员工“落地”。项目、预算、技术投资、战略和协作都是重中之重,但法律和法律问题的工作知识是否也应该放在首位和中心?
我们生活在一个诉讼的社会中。而且,虽然首席信息官们普遍认为他们受到公司责任政策的保护,免受法律诉讼,但情况并非总是如此。 数字化转型网(www.szhzxw.cn)
以下是 2024 年 CIO 最关心的五个法律问题:
一、企业责任保险有其局限性
如果高管个人被起诉,公司通常会为其高管提供责任保险,包括 CIO。许多首席信息官认为,这种覆盖范围完全可以保护他们免受法律诉讼,但也有例外。
所有公司高管,包括首席信息官,都有责任忠诚、诚信、尽职调查和谨慎。如果首席信息官提前通知新产品或模范销售业绩将导致公司股票上涨,并在事先了解季度业绩的情况下投资该股票,他或她可能会被股东起诉自我交易和违反信托义务。
如果首席信息官知道网络安全漏洞并选择对此保持沉默,或者如果他们未能在董事会提出要求时向董事会提供信息,则首席信息官可能要承担责任,因为该首席信息官可以被视为系统和数据的管家。因此,他们有责任保护和管理这些资产。 数字化转型网(www.szhzxw.cn)
挪用公款、窃取公司资源或对公司实施不法行为等行为也是公司责任政策不涵盖的个人责任理由。
为什么这很重要:首席信息官可能会尽最大努力点缀所有的 I 并划掉所有的 T,但事实仍然是,在信息和技术管理方面,他们是最重要的官员。如果他们未能告知或披露问题,或者如果他们滥用了 IT 资源和应有的责任,公司责任政策可能无法保护他们
二、信息技术与知识产权损失密切相关
IT 员工对敏感的公司信息具有唯一且有时无限制的访问权限。人们很容易获取和出售这些信息,或者将重要的商业机密和 IT“秘密武器”带给员工雇用的竞争公司。
当知识产权损失发生时,首席信息官将处于“热门位置”。
为什么这很重要:在大多数组织中,失去 IT 部门应保护的知识产权是一种不可饶恕的罪过。知识产权的丧失对公司来说是一个巨大的风险,很可能导致首席信息官失去工作。
三、您自己的员工开发的应用程序的所有权可能会受到质疑
您决定采用低代码和无代码应用程序开发,或使用主要软件包(如CRM或ERP软件包)上可用的报告生成器。您的员工想出了革命性和有见地的方法来使用这些报告,为您的公司带来明显的竞争优势,但这些报告的供应商也看到了将报告提供给包括您的竞争对手在内的整个客户群的价值。
你能阻止它吗?只有当您与他们签订的合同中包含您是您开发的产品的唯一所有者时,即使您正在使用他们的工具进行开发。一些供应商会同意,但其他供应商不会。
为什么这很重要:创建突破性的报告和见解有助于公司的知识产权财富,并且可以提供独特的竞争优势。这就是为什么 CIO 必须确定您的组织对您的团队创建的产品的所有权。
这样做的时间是您第一次与供应商坐下来谈判合同的时候。应该清楚地了解谁拥有什么,并定义一种方式,如果您决定离开供应商,您可以将这些报告迁移到另一个平台。
四、员工问题可能导致诉讼
毋庸置疑,以任何形式骚扰员工都是个人责任问题,但在员工即将被解雇时,未能确保妥善处理员工问题也是如此。 数字化转型网(www.szhzxw.cn)
在美国,有一些“随意”就业的州,如果你解雇某人,你没有法律责任证明员工没有能力。即使是那些处于“随意”就业状态的首席信息官,也需要用不符合标准的作业和项目的具体示例来记录员工绩效。
如果员工解雇在法律上受到质疑,那么拥有事实文件至关重要,让房间里的其他人(例如人力资源代表)作为与员工会面时所说的话的见证人也很重要。
五、公司灾难和安全漏洞是首席信息官应承担的重大风险
在有史以来最广为人知的数据泄露事件之一中,Target 的首席信息官最终辞职,因为多达 7000 万客户的个人信息被盗 ,其中包括 4000 万个借记卡和信用卡账户。对那场灾难的记忆在大多数首席信息官的脑海中仍然记忆犹新。
这也是为什么今天,首席信息官的最佳实践是直接与首席信息安全官以及网络和系统管理员接触,讨论组织的安全状态,此外还为外部公司的季度安全IT和网络审计提供资金,以便在不良行为者发现漏洞之前发现和修补漏洞。 数字化转型网(www.szhzxw.cn)
为什么这很重要:如果您将安全委托给您的 CISO 或网络管理员,并且从未亲自跟进或倡导审计,您可能会被发现在履行尽职调查和谨慎方面存在疏忽,而这正是您作为公司高管所期望的。您的公司责任保险可能不承保您,您的就业可能受到威胁。
结语
首席信息官的盘子里有很多事情,要把所有事情都放在首位是一个挑战。尽管如此,预计到 2024 年,仅网络犯罪的损失就将达到 905 亿美元。在这种环境下,每个首席信息官都必须对法律问题有一个基本的了解。 数字化转型网(www.szhzxw.cn)
正如希腊哲学家赫拉克利特曾经说过的那样,“如果你不期待意外,当它到来时,你就不会意识到它。
英文原文:
5 Key Legal Issues for CIOs in 2024
A working knowledge of the law is no longer optional for chief information officers in an age when everyone seems lawsuit happy. 数字化转型网(www.szhzxw.cn)
Chief information officers deploy technology that enables the business, and they strive to put the best IT staff “on the ground.” Projects, budgets, technology investments, strategy, and collaboration are all top of mind, but should a working knowledge of the law and legal issues also be front and center?
We live in a litigious society. And, while there is a general feeling among CIOs that they are protected from legal actions by their companies’ liability policies, that’s not always the case.
Here are five top-of-mind legal issues for CIOs in 2024:
1. Corporate liability insurance has its limits.
Companies typically provide their top executives with liability insurance, including the CIO, if officers are sued personally. Many CIOs think that this coverage fully shields them from legal actions, but there are exceptions. 数字化转型网(www.szhzxw.cn)
All corporate officers, including the CIO, have duties of loyalty, good faith, due diligence, and care. If a CIO has advance notice of a new product or exemplary sales result that will cause the company stock to rise and invests in the stock with advance knowledge of quarterly results, he or she can be sued by shareholders for self-dealing and breach of a fiduciary duty.
If a CIO knows of a network security breach and chooses to remain silent about it, or if they fail to make information available to the board when they request it, the CIO may be liable because that CIO can be regarded as the steward of systems and data. Thus, they have a duty to protect and administer those assets. 数字化转型网(www.szhzxw.cn)
Acts like embezzlement, stealing company resources or committing wrongdoing against the company are also grounds for personal liability that corporate liability policies won’t cover.
Why this matters: CIOs might do their best to dot all the I’s and cross all the T’s, but the fact remains that they are the single most important officer when it comes to stewardship of information and technology. If they fail to inform or disclose issues, or if they abuse IT resources and responsibilities that are expected of them, a corporate liability policy may not shield them
2. IT is closely linked to intellectual property loss.
Employees in IT have unique and sometimes unlimited access to sensitive corporate information. There are temptations to take and sell this information, or to take vital trade secrets and IT “secret sauces” to competing companies that employees hire into.
When an intellectual property loss occurs, the CIO is going to be on the “hot seat.”
Why this matters: Losing intellectual property that IT is expected to protect is an unpardonable sin in most organizations. Loss of intellectual property is an enormous risk to companies and could well result in a CIO losing his job. 数字化转型网(www.szhzxw.cn)
3. Ownership of applications that your own staff develops can be questioned.
You decide to adopt low- and no-code application development, or to use report generators that are available on major software packages such as those for CRM or ERP. Your staff comes up with revolutionary and insightful ways to use these reports that give your company a distinct competitive advantage, but the vendors of these reports also see a value in making the reports available to their entire client bases, which include your competitors.
Can you stop it? Only if you’ve included as part of your contract with them that you are the sole owner of the products you develop, even if you are using their tools to do the development. Some vendors will agree, but others won’t. 数字化转型网(www.szhzxw.cn)
Why this matters: Creating breakthrough reports and insights contributes to the company’s intellectual property wealth, and it can provide unique competitive advantages. This is why it’s important for the CIO to establish your organization’s right to ownership of the products your team creates.
The time to do this is when you first sit down with the vendor to negotiate your contract. There should be a clear understanding as to who owns what and define a way that you can migrate these reports to another platform if you decide to leave the vendor.
4. Employee issues can result in litigation.
It goes without saying that harassing employees in any form is a personal liability issue, but so is failure to ensure a proper handling of employee issues when an employee is headed for termination.
There are “at will” employment states in the US where you don’t have a legal responsibility to show an employee isn’t competent if you fire someone. Even those CIOs in “at will” employment states need to document employee performance with specific examples of assignments and projects that didn’t meet standards. 数字化转型网(www.szhzxw.cn)
If an employee termination is challenged legally, having documentation of the facts is critical, as is having someone else in the room, such as an HR representative, as a witness to what was said when during the meeting with the employee.
5. Company disasters and security breaches are significant risks that CIOs are accountable for.
In one of the most publicized data breaches ever, the CIO of Target ended up resigning after personal information was stolen from as many as 70 million customers, including 40 million debit and credit card accounts. Memories of that disaster are still fresh in most CIOs’ minds.
That also is why it’s a best practice today for CIOs to directly engage with CISOs and network and system administrators to discuss an organization’s security status, in addition to funding quarterly security IT and cyber audits by outside firms so vulnerabilities can be discovered and patched before bad actors find them. 数字化转型网(www.szhzxw.cn)
Why this matters: If you delegate security to your CISO or network administrator and never follow up personally on it or advocate for audits, you could be found negligent in the performance of due diligence and care that is expected of you as a corporate executive. Your corporate liability policy may not cover you, and your employment could be at stake.
Final Remarks
There are many things on the plates of CIOs, and it’s a challenge to keep everything top of mind. Still, cybercrime alone is projected to reach $90.5 billion in losses in 2024. In this environment, it’s imperative for every CIO to have a fundamental understanding of legal issues.
As the Greek philosopher Heraclitus once stated, “If you do not expect the unexpected, you will not recognize it when it arrives.” 数字化转型网(www.szhzxw.cn)
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于INFORMATIONWEEK.COM;编辑/翻译:数字化转型网宁檬树。
