The Strategic Analysis Cycle

Collection is the most sensitive activity in strategic data analysis when it comes to legal compliance. Collectors may be tempted to collect ‘just a little bit more’, even when that technically means exposing their employer to huge litigation and reputation risks. Proactive collectors do exist who (believe it or not) sometimes even bribed the sales staff at a competitor to come up with the other company’s marketing plan.

To prevent such things from happening, as a strategic analysis department, it is critical to ensure that everyone in your firm knows that compliance and ethics rank above creativity or creatively navigating the grey zone in collection. Therefore, it’s important that your collectors are trustworthy – they make the difference, either in a good way or, heaven forbid, in a bad way. If only all cases were so black and white and simple. Some may be less straightforward. When is elicitation – the collection of data from unsuspecting people during seemingly innocent conversations – still ethically acceptable? When is it certainly not? What to do with competitor data that is unsolicited, perhaps received through a wrongly addressed email which you couldn’t help but receive? Plainly asking for data may be illegal; asking while exercising coercion – better known as interrogating – is clearly illegal. Especially but not exclusively in HUMINT, there are a large number of collection methods that are clearly off-limits. As always in HUMINT, care is to be taken to steer clear from ethically treacherous waters. But what to do if a (former) employee of a competitor simply comes along and without being probed blurts out some data? Moreover, what actually is the law when it comes to trade secrets?

This chapter tries to answer some of the above questions. We first look at ethics and compliance as such, and briefly discuss relevant US legislation in this field. In the following section I will urge the reader to control the collectors and control them again – if only to ensure thorough compliance both with the law and with any company-specific ethical standards that may apply. We will also look into some collection methods that unfortunately are known to be use in strategic analysis but that I, writing as an experienced strategic analyst, consider unethical, if they are not necessarily illegal, I realize my ethical norms are my own – they are not universal. I cannot and do not want to make a call for anyone else on ethics. To prevent ethics from becoming too much of a subjective personal matter, some companies fortunately have solid codes of ethics in place that may even cover strategic analysis. Because such codes have been phrased so broadly, strategic analysis by default is covered. For those companies where that’s not the case, I conclude with some ideas on how to rely on a company’s code of ethics for guidance.

Any decent company will at all times strive for full compliance with applicable law. This holds true for any business discipline, including strategic analysis. Ethics, however, is less straightforward than sheer compliance. Ethics relates to identity. Who do you as an individual strategic analysis practitioner want to be? Similarly, what is the identity that you as a company that has a strategic analysis practice want to have?

Let me share a personal note. Strategic analysis, sometimes also referred to as competitive or market inteligence, has become my professional passion. Yet, the public image of intelligence work has long prevented me from writing about market intelligence or strategic analysis. Let me share two quotes to illustrate my point. This is what US naval intelligence officers say about their work (Sontag, 1998):

“The second oldest profession in the world, one with even fewer morals than the first.”

“… the new director of Naval Intelligence, Frederick J. ‘Fritz’ Harlfinger II […] who had been the Defense Intelligence Agency’s assistant director of collection (called intelligence), a polite word for theft.”

The moral in military intelligence apparently is or at least has been: the other party’s secrets are fair game. Stealing them is a means more than justified by the end of serving the national interest. The more advanced the intelligence collection methods, the worse the public perception. This does not only concern the headlines about the NSA in 2013. In the late 1950s US public opinion on intelligence was already negative when an illegally operating KGB colonel who had been betrayed and caught red-handed had to be defended in court (Donovan, 1964):

As intelligence is mainly known for collection, I realize that as a strategic analysis practitioner I may be held guilty by association in the public’s eyes. Writing about strategic analysis may thus inadvertently taint my reputation.

I have never been involved in illegal or unethical market intelligence activities. In a sense I am a soldier, but not a war criminal, just as a soccer supporter is not by definition a hooligan. Still, my clean sheet is immaterial. Changing the public perception of intelligence and by association market intelligence is a quixotic task. As I saw it, I had two options. I could accept the perception, refrain from writing and proceed with ethically and legally correct strategic analysis work as usual. Or, I could start writing and emphasize that as a strategic analyst soldier I am not by definition a war criminal, even when some soldiers intentionally or in extraordinarily trying circumstances have crossed the line and some in the future will.

I chose the option to start writing about what I believe good strategic analysis soldier-ship to be. In this section I will therefore emphasize that a good strategic analysis soldier has a chivalrous code of ethics that guides his collection behaviour. Living up to the standards of the code protects the strategic analyst’s personal reputation, that of the company and also that of their professional community, even when the latter may sound idealistic.

Every person has their own ethics. Business, however, increasingly seems to hew to a global definition of integrity. Consumers hold businesses accountable to what they promise and to a minimum standard of ethical behaviour. These implicit global ethical standards by implication apply to any market intelligence professional, regardless of the professional’s personal ethics. This makes ethics less of a legalistic topic.

It does not matter whether one is compliant. It matters whether one is seen to be ‘doing the right thing’. Gilad once phrased a key question to be asked prior to starting out any strategic analysis (or market intelligence) collection effort:

“What if this market intelligence methodology would make tomorrow’s headline in a business newspaper?”

This should be the minimum guiding question for any matters beyond compliance. In a globally connected internet world, unethical behaviour on one occasion and in one country may be known and frowned upon across the world in a matter of minutes.

Let me share an example. Nestlé hired a market intelligence service firm. On behalf of Nestlé, the firm ‘infiltrated’ an NGO with anti-capitalist leanings by planting an informant (Just-food, 2013). This informant reported confidential information from the NGO to Nestlé in the period between 2003-2008. Using intelligence parlance: at some stage the operation was blown. In court, Nestlé and its service firm were ordered to pay financial compensation totaling CHF 27,000. The amount is of course peanuts to Nestlé, but the reputation damage is not. A Nestlé spokesperson stating that “incitement to infiltration is against Nestlé’s corporate business principles” didn’t matter much. What matters is not what you state as principles, but, indeed, what you do (and not only what you are seen doing!).

In the past, corporate values like ‘quality’ and ‘safety’ have become mainstream. Today, ‘integrity’ is developing into a corporate must-have. Not surprisingly, again following ‘safety’ and ‘quality’, the first studies have appeared showing that high-integrity corporate cultures actually generate superior returns compared to their less integrity-focused peers (Doty, 2014).

The US government takes the view that business should be competing fairly and on a level playing field. Fair competition is ensured in many countries by anti-trust laws: companies are for example forbidden to execute pricing agreements with competitors to extract unfair value from their customers. This is where the governments limit companies’ freedom of action. On the other side, in the government’s view, companies own trade secrets that enable them to compete. Governments do not protect trade secrets as such. Trade secrets do not equate to intellectual property. Governments, however, indirectly offer protection by punishing those that steal trade secrets. Below I will discuss the link between strategic analysis – particularly data collection – and both anti-trust law and trade secret protection law. Later I will also briefly touch upon copyright law.

Anti-trust law will only be covered briefly as data collection tends to be a back-office discipline that does neither directly interact with customers nor with competitors when it comes to pricing, etc. Strategic analysis staff are strongly encouraged never to connect directly with competitors on prices, market developments, market trends or any other topic that may in some way or another be construed as limiting (the fairness of) competition. Regulatory bodies that monitor anti-trust compliance often break price cartels or similar anti-competitive connections between what should be competing companies by encouraging one cartel participant to ‘talk’. Keep that in mind when, as strategic analysts, you may be tempted to ‘talk’ with your competitors. You see it as just some chit-chat. Questions may include things like: What do you think will happen at customer XYZ now that they have a new boss? What do you think the oil price will do and how will that affect your company’s pricing?

At first sight these questions seem to be innocent enough. But, they are not. When you competitor-friends’ bosses or legal counsel find out, they may report these talks to the authorities. In doing so they leave you with the task of providing evidence that your discussions were harmless. The anti-trust bodies have the authority to take your computer, and check all your files and email. They may also check all your telephone records (metadata), to verify when you talked with whom. When they connect the dots between a call between your friend at the competitor and yourself, and a similar commercial step by both companies, it is up to you to explain that there was no link between the two events. In the anti-trust law of most Western nations, you are now guilty unless you can seed reasonable doubt that you are not, instead of the other way around. Do not underestimate the cost of non-compliance. Sentences include personal imprisonment and draconian fines. Often in anti-trust compliance training former inmates who believed making price agreements with competitors wasn’t a big deal tell their stories. The inmates know better now and deliver a personal warning.

Another approach that may work to build awareness and strengthen compliance is to do what could be seen as an anti-trust mystery shopper test. Hire a law firm in the coming month to to do an unexpected raid on your office, similar to what a real anti-trust authority would do. Give them all the authority an anti-trust authority has: confiscating files and computers, checking emails, etc. The law firm’s raid will subsequently reveal whether all your office staff, from the receptionist to the managing director, acted as per the training script. In addition, the law firm’s raid will nicely reveal any non-compliant files and behaviours. The only cost will be the law firm’s hourly rate – a small amount in comparison to the penalties an anti-trust authority may impose if they’d done the raid and discovered the non-compliance.

Let’s look for a moment at the US Economic Espionage Act, signed 11 October, 1996, by President Clinton. The law is an example of legislation that countries use to protect trade secrets. Strategic analysis practitioners should at all times involve legal counsel to check what relevant legislation is applicable to their (collection) efforts¹ .

The act, the EEA for short, is a six title act of Congress, of which only the first title matters to data collection.² The first title is called Protection of Trade Secrets; it has appeared in scientific literature in full (EEA, 1997). This law was updated in January 2013. The update included amongst other measures an increase in the fines that can be assessed against individuals or companies found violating this law. In the 1996 edition, an individual could be fined a maximum of $500,000. This amount has been increased to $5,000,000. The EEA law has two sections:

Segment 1831 enables the US government to punish foreign intelligence services or their agents caught in the act of economic spying. This is not a dead letter. An individual acting on behalf of the People’s Republic of China was sentenced to a sixteen-year prison sentence for stealing US company-owned technology secrets. This segment obviously does not relate to data collection in strategic analysis.

Segment 1832 has led to convictions of individuals stealing trade secrets such as technology blueprints. Similarly, this part of the law is no dead letter.

FOR TRADE SECRETS IN THE EEA, INFORMATION PROTECTION MEASURES ARE TO BE TAKEN

Trade secrets are all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if:

(a) the owner thereof has taken reasonable measures to keep such information secret; and

(b) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by the public

“… a (US) federal criminal offense to receive, buy, or possess the trade secret information of another person knowing the same to have been stolen, appropriated, obtained or converted without the trade secret owner’s authorization.”

A company using anything that could meet the above definition of a trade secret from another company is not by definition at fault (Horowitz, 1997). It doesn’t matter what the trade secret consists of. What matters is that for a trade secret to be a trade secret it should not be available by legal means. Horowitz cites a paragraph from the Restatement of Torts (1939) to illustrate the government’s thinking behind this:

“The privilege to compete with others includes a privilege to adopt their business methods, ideas, or processes of manufacture. Were it otherwise, the first person in the field with a new process or idea would have a monopoly which would tend to prevent competition.”

In plain language: anything, no matter how sophisticated, that is not secret and has not been protected as a secret is not a trade secret. A simple example may illustrate this point. Buying a competitor’s product from the shelf in a shop is legal. Anything that careful analysis of that product reveals through MASINT to a strategic analyst about, for example, the competitor’s production processes or technologies is not a trade secret. By offering the product for sale, the competitor did not take reasonable measures to keep the information secret. This does not mean that the processes or technologies to make the product may not be protected by patents, but that is a separate matter. This means that when a competitor is negligent with data protection and inadvertently and accidentally loses a secret customer list in a public parking lot, that list ceases to be covered by the EEA. The same holds true for a wrongly addressed email with sensitive information. Or an email invitation to the opening of a new office by a competitor where a competitor’s negligent employee puts all addressees in the CC rather than the BCC. In this real-life case, the office worker revealed the entire commercial and professional service companies’ network to the competitor. What a company does with a competitor’s information that inadvertently has ended being secret is a question of ethics. This will be discussed later.

For systematically defining the scope where compliance and ethics in strategic analysis normally matters most, the questions when, where and who are answered below.

Within the realm of strategic analysis at large, the legal and ethical sensitivities tend to be in collection efforts executed by humans or HUMINT. In the next section, I will therefore discuss various ethically gray or downright illegal collection methods to stay away from, many of them involving HUMINT efforts.

In filing data, potential legal issues relate to copyrights. Strategic analysis departments often work with third party data providers that provide data for a price. The price tag for the data almost by definition is proportional to the number of users who post-transaction can get access to the data. For a strategic analysis department, it is tempting to buy a single-user copy and distribute it to more than one user. Nobody will notice, right? But it is illegal. Some data suppliers are truly tough on their customers’ compliance with their contract provisions (and rightly so). Their detection of non-compliance happens more frequently than one would think. Every report this supplier sends out encourages the customer to call the supplier in the event that the customer has any questions. What if a user doesn’t realize they are not supposed to have the copy of a certain document and therefore shouldn’t be asking about it? So they call. The recommendation here is to comply. My recommendation is to buy a corporate subscription and exercise your right to share it as widely as you like.

This is even more strongly the case with ‘barter’. Let’s say the strategic analysis department at company A calls their peer department at company B. “Have you seen these two new reports that data supplier X has just released? Good. I’d imagined you’d be interested as well. What if you buy one and I buy the other? We know each other well enough; this stays between us. Thanks, always good to have a friend.” No point stating that this is illegal. That is obvious. The chances of being found out, however, are not to be ignored. Data suppliers mark their reports. There may be a bar code on the front with a customer number. That is a simple mark that is easily avoided in illegal copying. Upon copying you just take out the first page in the PDF file you share.

Smart data suppliers go a step further. They include a customer specific typo on a random page. Just one letter may be missing. Seems like an innocent typo. It is not. That one-letter typo appears on a coding list in the supplier’s office. It connects the report to the customer who paid for it and to whom the report was originally sent. Whenever a copy of the report with that particular typo appears visibly to the supplier at anyone but the legal owner’s desk, legal proceedings can start. Legal proceedings in companies usually are handled by legal affairs departments. That is typically the type of department that has a very low threshold access to a company’s board. The fact that you as strategic analyst have been held liable for data theft may hurt your reputation more than dozens of great analyses offered to this same board can compensate for. What better way to lose the board’s trust than being sued for stealing?

Apart from respecting copyrights, the real ethical and potentially legal concerns are, as I said, in the area of collection. Which brings us to the question ‘who’. Who is collecting? There are two groups of collectors: your own strategic analysis staff or third parties to whom collection may have been outsourced. In the Nestlé NGO-infiltration case, it was a third-party collector that did the work, but the collector of course got the assignment from someone within Nestlé who apparently had both the authority and the budget to assign this task to an outside party. Nestlé’s spokesperson, whom we quoted earlier, also remarked (Just-food, 2013):

“If it turns out that a Nestlé employee has acted negligently, we will take appropriate action.”

That’s not to say that Nestle should be blamed as a company. Nestlé is a highly professional company that I deeply admire and respect. This is just to illustrate how it works. What the spokesperson implicitly and understandably states is what any spokesperson of a large company would say. The company has procedures in place to prevent these sorts of things from happening. A company, however, cannot at all times and in all places control all its employees’ zealous acts. The company will take appropriate action towards this individual. The action, albeit late, will serve as an example.

There is, however, a cynical side to this. In intelligence parlance, this is called ‘plausible deniability’. It doesn’t matter if the employee was under top management’s orders to take that action. The point is that the employee has to be portrayed as a zealot. They need to be sacrificed by termination of their contract or through other disciplinary measures. The terminated employee will normally get enough severance money, but that payment is provided subject to the condition that the only narrative that survives this issue is that he acted on his own. This is not to blame top management for doing this. I wish to emphasize that I would not in advance condemn any large company’s management for doing this. There may be cases in which I might lay blame, but not by default. It’s imperative for the company to continuously require top management to take tough decisions at all times. Company continuity also has its ethical advantages, after all, like offering continued employment to its staff and returns to its investors. This may just be a case where a tough and at first sight unfair decision has to be taken. Without wanting to go deeper into the ethics of company continuity, I think this narrative for us as strategic analysis carries two lessons:

• A strategic analysis department that for legal or ethical reasons causes a scandal and as a result causes corporate reputation damage will normally not go unpunished (and rightly so).

• Outside data collectors are an above-average risk factor, as the strategic analysis department at the end of the day carries the responsibility for what they do, but can’t see how they do it.

In the next section I will cover some ‘how they do its’ that should contractually at all times be blocked, no matter whether the collection work is internal or has been in-sourced.

The listed methods below, although unethical or downright illegal, should be seen as a warning of the tactics competitors might use against your firm. The list is certainly not complete. It provides examples (in no particular order) of unscrupulous moves that a principled practitioner should steer clear of.

When a company wants to burrow down into its competitors’ industries or plans, what better cover story to choose than to suggest they have wellpaid jobs to offer? When candidates from competing companies proactively apply, interviews are aimed at understanding the competitors rather than at recruitment. In literature, these have been referred to as ‘phantom interviews’ (Ehrlich, 2006). Organizing phantom interviews to extract trade secrets may well be called fraudulent. Fraud is a crime. It may lead to significant punitive damages.

It’s also unethical and fraudulent to send interns or students on a ‘trade secret hunt’ to a competing company.

Similarly, using students to interview competitors on product properties during, for example, trade shows is ethically off-limits, even when anything that the competitor provides in terms of convention center data is no longer a trade secret. The reason for data thus losing its status as a trade secret is simple: the moment a competitor shares data with a student, for instance, the company surrenders the data’s protected status. What is said to a student in the middle of a bustling trade show is anything but a secret?

As a rule, do not ask anyone to pretend she’s applying for a job with a competitor for the purpose of collecting information.

The Nestlé example demonstrates a common government intelligence collection technique when it comes to monitoring terrorist or other activist groups. Place a mole and tap that group’s conversations. The Nestlé example also shows that this should not be done.

COERCION OF FORMER COMPETITORS’ FORMER EMPLOYEES WHO ARE NOW ON YOUR FIRM’S PAYROLL

Once a a competitor’s former employee has joined your firm’s ranks, it may be tempting to debrief that person. Normally such an employee has a legal obligation not to disclose their former employer’s trade secrets, or at least an ethical obligation not to do so. Either way, as we already discussed in chapter 4 , extracting data that is not in the public domain from a former competitor’s employee is off-limits.

There are times when some people simply want to talk. P. Sichel, former CIA station chief in Berlin, illustrates that some sources are looking for a sympathetic ear, regardless of the risk involved (Delattre, 2006):

“Good intelligence sources are usually those who, for ideological reasons, do not agree with the policies of their government. […]
Only rarely are ‘agents’ recruited through subterfuge of the offer of money or blackmail. Ideology is still the great motivator […].”

The same human psychology applies to sources who proactively and intentionally share business data. An employee who feels bad about what their previous employer (who happens to be your competitor) has done to them is eager to talk, even when the only thing they are getting in return is ‘a shoulder to cry on’. In some countries, however, intentionally encouraging such an outpouring of anger (and insider business information) would be unethical and illegal.

Post-acquisition turbulence is a typical occasion when the acquirer’s top management may put new rules, policies and strategies in place new strategies (and place new players in key positions) in the acquired entity. At that point the acquired company’s management may no longer recognize their beloved company, or know where they fit into the picture. They may feel that their loyalty to their company is no longer being reciprocated. And so, understandably, they won’t feel so keen on remaining loyal to the old, virtually unrecognizable organization. From a strategic analyst’s data collection perspective this situation might seem rife with opportunities.

Still, she should be careful about offers of documents or other sorts of competitive intelligence. As long as active solicitation and probing are not being used, the data obtained may be perfectly legal (listening is not a crime). Still, it is essential to at all times avoid touching stuff, even when it only reaches us in an audible form, that simply shouldn’t be in your hands/ears.

Companies that are offered for sale need to disclose a lot of information to allow potential bidders preparing a first non-binding offer. Investment banks that assist in such sales processes compile an ‘Information Memorandum,’ or IM. Such IMs are only distributed to candidate buyers under the condition that the information is only available for the purpose of evaluating the possible transaction. When a buyer company decides not to make an offer, or loses the deal in the bidding process, the buyer is usually legally obliged to delete all IMs (except for one copy to be filed in the corporate legal department). Non-compliance is clearly illegal and usually – when exposed – and carries heavy fines that normally will have been stipulated in a non-disclosure agreement.

ACQUISITION ‘FEELER’ MEETINGS THAT ONLY SERVE FOR INFORMATION COLLECTION

When a company is interested in new markets or new products, it may approach an established player to suggest that it’s interested in looking at what value that player could offer. Sometimes a non-disclosure agreement between parties has been agreed upon in advance. But that still doesn’t reveal whether the visiting company really wants to buy the player, or if it only wants to ‘look’. This practice may not be illegal but it is unethical.

People make mistakes. As we noticed above, some office workers are smarter email users than others. Emails may be sent to the wrong people.

The question is not whether these things happen; it’s what we do with data obtained in this way. Strictly following the definition of a trade secret, these data have not been properly protected and therefore aren’t a trade secret. Ethically, however, the only proper reaction when tempted by data obtained in this way may be to immediately send it back. Most companies’ emails even carry a disclaimer to the effect that when an email inadvertently arrives in the wrong inbox, the sender should, as a standing precaution, have pre-emptively tagged the contents as a trade secret not to be revealed. Legal ramifications notwithstanding, it is always advisable to stay away from these ‘finds’. An organization that is known to troll for such gems may encourage staff to proactively start ‘finding’ stuff – and end up in serious legal trouble.

In 2000, a well-known case involved consumer goods company Procter & Gamble sending out third party collectors to go ‘find stuff’ (Mark, 2002). P&G had their service firm collect waste at a Unilever site.³ Technically, waste that is placed on a sidewalk can no longer be considered a trade secret, as the material is in the public domain. Anyone can pick it up; it is not protected as a secret. But ethically, the purposeful, stealthy collection of a competitor’s discarded paperwork is a different thing. In the P&G case, Unilever demonstrated that the collectors had most probably trespassed on Unilever’s property, which turned waste collection into theft. P&G settled with Unilever – and sustained a big ethical hit.

Strategic analysis staff (or even worse, their data collection contractors) sometimes simply call competitors and ask them for data. The data may, for example, be product specifications. These queries are perfectly legal when the caller states clearly and honestly which company they are calling from. The competitor may assist by providing public domain data. The tricky part is asking questions that may be construed as limiting competition between different players in a market. This is a very serious criminal offense in most countries. Questions related to things like pricing, price strategies (discount programs, timing of upcoming changes, etc.), future product launches and future investment plans for industrial plants all are strictly off-limits.

Competition law is so strictly enforced and defined that cold calling is to be actively discouraged. A third party data collector may present itself as a market research firm doing a study for a customer. This may still be legal, even when the third party is a cover for a company that never intends to buy from its competitor but is only after its data.

As a strategic analyst, it is important to control all-too-eager contractors in their quest for data. Make clear that cold calling by contractors isn’t acceptable by stipulating this in the contract. When allowing a third party to call a competitor, agree to the contractor’s questions – or better yet, draft the questions yourself – prior to approving the work order.

This seems so obvious. Bribery is a criminal offense – so serious that you wouldn’t think anyone in their right mind would resort to it for purposes of corporate data gathering. There is outright cash-in-an-envelope bribery, as well as more subtle varieties.

For example, when a company asks a supplier for some sensitive information about a competitor, the management of the supplier faces a dilemma – reveal sensitive information about his former customer to win new business, or clam up and watch the new order evaporate. This is a form of coercion. Like bribery, coercion also is forbidden by law in most countries, but its outlines are much hazier, especially when nothing is committed to writing.

Suppliers should never give in to coercion, but if the order book is looking particularly empty, they may be tempted. Your strategic analysis department should always do its part to steer data collection suppliers away from coercive situations. Remember, providers who do it once are apt to do it again… and their next victim could be you.

A true wilderness of mirrors⁴ – where it’s unclear who’s playing with whom – is present with the often smaller professional service firms that work for several competitors at the same time. Large, highly reputable firms like McKinsey & Co. keep their various clients segregated behind impervious Chinese walls. Even when concurrently working for competing companies they ensure that trade secrets do not pass between their teams. Small service firms simply do not have the luxury of maintaining sufficiently large, highly qualified teams to do this. In the best of all possible worlds, such firms will ethically choose to only work for one customer in a sector at a time. After having made their choice, they conclude an exclusivity agreement with their customer. In legal parlance, when another company in the same sector calls the service firm, the service provider is conflicted. The less ethical among these providers will start to play games like: ‘Do you want to understand the market for product XYZ in South America? We happened to come across some valuable insight into this recently… We can make you a good offer.’

In essence, they attempt to sell the same insights at least twice – and may throw in details on the original customer’s plans for good measure. Working with such ‘traders’ means that anything they learn about any firm will likely be passed on to any other firm. The moment one signs up to work with a company with such questionable ethics, you’re teetering on the edge of a very slippery slope. There are no good reasons to be there.

Internet sourcing of information is almost always legal, as the internet is by definition public domain. Hacking or any other form of cybercrime, however, is obviously illegal. The grey zone in between is populated by sites like SlideShare. Files that are available through this popular slide hosting site can contain remarkably interesting data. The question, however, is how those files got there. Were they simply cut and pasted from a company’s public website? Were they lifted from a firm’s restricted internal system and posted by a disgruntled employee? Or is an entity, for whatever strategic reason, disseminating information on itself in a way that intentionally looks like the disclosure of company secrets?

Strategic analysis departments will not use classic eavesdropping techniques like telephone tapping (or SIGINT – signal intelligence – in intelligence parlance). There are, however, technically legal examples of eavesdropping on competitor conversations that are still to be avoided. A widely rumoured, but probably fictional, example is of a market intelligence service firm that made a legal visit to the boardroom of a client’s competitor. In doing so, it checked the brand and type of wireless PA system that the board used during their meetings. From there, it was easy to find the frequency of the signal. The signal was strong enough to be picked up and recorded in a car parked in a public spot across the street. The boardroom PA system clearly did not use encryption, so collecting the signal was de facto copying of the board meeting transcript. This method is not covered in the Economic Espionage Act, as a signal captured in the public domain that has not been encrypted cannot be characterized as a protected secret. But let’s face it: this collection method, however imaginative, remains deeply unethical. Just imagine the headline, ‘Company Y tapped company X’s boardroom conversations’. What would that do to company Y’s reputation or share price? Let me reiterate: even ‘grey area’ practices that are technically legal should remain strictly off-limits.

Having said that, the time may come when a competitor’s employees are overheard talking shop. The classic example is when two employees from a competing company sit next to you. Maybe after hours, in a friendly local drinking establishment… after multiple drinks.They can’t contain themselves, and – as yet another round is ordered – the information begins to flow. Anything you and your colleagues innocently overhear is fair game. When the newspaper headline reads: ‘Company X loses secrets through loud conversation at McGinty’s Pub’, company Y cannot be blamed – Company Y took no intentional steps to collect information. It simply happened.

What is true for barroom conversations is just as true for someone in the seat next to you on an airplane enthusiastically working away on her laptop. All too often, eager beaver employees believe they cannot afford to waste a minute, even when crammed into a torturously narrow economy class seat. So, after take-off, there they are, at your elbow, proofreading confidential documents. Although sideview-protection screens for laptops are cheap and easy to get, most companies don’t provide them as a standard accessory. Truth be told, I don’t have one either. Not having one allows me, however, to indulge in reading books while flying… using the great excuse that airplanes are too data-insecure a place to work.

Some regularly-scheduled flights are so frequently used by particular companies that not finding one of their executives on-board would be the exception. Buying a ticket as strategic data collector to gain exposure to competitive intelligence may sound more far-fetched than it is. Public companies announce for example board meetings and their locations in advance. Some unethical collectors may try to predict what flight a competitor’s top executive will take, hang out in the business class lounge, and nonchalantly look and listen. He may even approach the executive and try to chat him up, pretending to be someone he isn’t. This brings us to another serious offence in data collection: misrepresentation.

Misrepresentation comes in many shapes and forms. Common places you might encounter this would be at a trade show or a factory opening day. Someone trying to get a competitor’s staff to open up might cover his ID badge or, worse yet, actually registering under a false name and be given false credentials. A really deceitful cover is to pretend to be a journalist, encouraging a competitor to share some powerful insights for press coverage (Kalitka, 1997). And we touched earlier on using fresh-faced students to ferret out information.

Sometimes factory visits or an executive briefing are part of an industry sector conference. Here misrepresentation is considerably tougher and some delegates for competitive reasons are simply not allowed to participate. When allowed in, ethics still require the visitor to be a good guest. This includes only taking pictures when allowed, not wandering through employee office space, and certainly not trying to poke around a mail room or copy center.

Cold calling while pretending to be a customer prospect also is a common form of misrepresentation.

Horowitz logically points out that under certain conditions misrepresentation can open one up to prosecution under US EEA trade secret law (Horowitz, 1997):

– “Trade secret law protects the holder of a trade secret from someone who misappropriates that trade secret, i.e. obtains that trade secret through improper means. […]

– Trade secret law considers misrepresentation an improper mean

– Case law has interpreted misrepresentation to apply to situations where:

i one has induced another to violate his duty of confidentiality to his employer

ii one has violated a confidential relationship with another

iii one has acquired a trade secret from another knowing that the other had misappropriated the trade secret or that he had violated his duty to keep the information secret.”

Horowitz points out that fraudulent misrepresentation only applies when one party has the legal duty to tell the truth. The law as such does not ask for the intentions of misrepresentation. However, intentional misrepresentation is without question a serious ethical issue. Imagine the news headline when you get caught doing that; it won’t be pretty. Bottom line: don’t do it.

There is power in repetition. Therefore, to summarize, there are two questions that must be asked prior to approving any strategic data collection effort. The first is simply ‘Is this legal?’ The second is ‘How would this look as a headline on the web or in a newspaper?’

No decent company should want to employ methods like those discussed above. This may be well understood within a company’s strategic analysis department but that’s not good enough. The strategic analysts should ensure everyone involved in data collection lives up to the minimum of ethical standards at all times. To accomplish this, two aims are to be set: standards need to be defined; the second aim is to ensure awareness of the standards. Everyone involved needs to know them. I will now discuss how to work towards achieving these necessary safeguards.

Ethics are a company-specific topic (McGonagle, 2008). Rather than adopting a standard code of ethics, such as the one compiled by the Society of Competitive Intelligence Professionals,⁵ it makes sense to tailor a program that’s perfectly suited to a company’s unique strategic analysis needs. Doing so serves two purposes:

• Upon writing, the in-company strategic analysis team and their legal advisers make choices what legally acceptable collection methods are also ethically tolerated and which are not.

And how do you go about crafting a suitable company-specific code of ethics? One way is to study those that have been developed by other companies. There are many published, readily available examples of ethics codes developed for corporations that have an in-house strategic analysis practice (Fehringer, 2006). The same source provides twelve codes of ethics developed within market intelligence service firms. Having evaluated these codes, it appears that a code of ethics for most organizations will consist of at least the following three sections:

What are trade secrets? To whom does this code matter? How does this code relate to other legal/ethical initiatives – for instance, competition law or a general code of conduct? Who should be contacted in case of questions? Who should be alerted to cases of unethical or illegal practices?

What practices are illegal? What practices may be legal but do not pass the ‘newspaper headline test’? The section above provides a clear but not exhaustive list of in-score topics. For reasons of clarity, it may be useful to segment appropriate conduct for market intelligence collection by type of sources and potential settings where these sources may be encountered:

• Proactive collection initiatives focused at competitors (trade shows, applying to a job offer without having the intention to join the company, cold calling, etc.).

High-ranking company staff (like the chief legal counsel or a board member) should endorse the code. This makes it clear that complying with this code is a mandatory condition of employment.

In any company, management will need to adopt and implement a paragraph on data collection in its code of ethics. It will be necessarily to clearly define the legal, ethical and compliance requirements, issues and implications (Herring, 2006); (Pooley, 1997). I would recommend the following approach:

What laws are in scope, applying to which countries? This requires the analysis team to work closely with the corporate legal department, amongst others, to align guidelines specific to data collection with existing corporate compliance and ethics codes or similar initiatives.

This can all serve as a guiding framework, but formulation of corporate ethics standards is not a desk research exercise. To craft the bests possible covenant, and secure company-wide buy-in, have relevant players meet early on to collaborate on its drafting. Legal affairs should participate to ensure alignment with other corporate governance and help create a legally sound protocol.

Outside facilitation of such a workshop is recommended. This is a round-table topic. The definition phase is not to be perceived as something ‘corporate’ imposes on a decentralized team of in-company strategic analysis practitioners around the globe.

Once the strategic analysis community and the legal affairs team agree on the final wording of the guidelines, ensure adoption by the company’s executive board, through legal affairs. Board certification makes the guidelines’ seriousness clear to employees and broadcasts a strong, no-nonsense ethical image to the outside world. Then – if an ethics-related lawsuit or government regulatory action arises – the company will be seen as having made every reasonable effort to ensure exemplary behaviour. An unethical employee will be seen as having flaunted company rules, and that will shape the regulatory and legal outcome of such a case (Fine, 1997).

Implementation has two sides. There is the soft side that involves training relevant staff to secure their personal commitment and compliance. On the hard side, in-scope employees will be required to sign a compliance agreement that spells out the consequences of non-compliance (Kindler, 2006). Make no mistake, considerable time and effort will be required, but with a firm commitment from the top of the organization you’ll come away with a solid – and altogether necessary – code of ethics.

What is, much more difficult is to subsequently keep this code alive and ensure compliance. Staff will come and go, leadership will chance, and company’s priorities, strategies and budgets will change from year to year. Through it all, the code of ethics should remain etched in stone. Kindler recommends keeping the code alive by planning a review with the key stakeholders at least once a year (Kindler, 2006).

It will be helpful to piggyback as much as possible on corporate compliance programs that are already in place, most likely overseen by the corporate legal department, such as competition law training and compliance. A complication may be that target groups do not overlap, but procedures do. Don’t fret, synergy may be just around the corner.

It makes sense to include the code of ethics in a corporate manual, if the company has one (Tyson, 2006). A corporate manual spells out tasks, responsibilities and span of authority by functional discipline, as a practical reference guide for everyone operating in a complex hierarchical organization. When a strategic analysis department is part of a bigger corporate strategy or corporate marketing department, the code will contain a distinct sub-set of considerations, rules and responsibilities for analysts. The corporate department responsible for keeping the corporate manual up-to-date (probably internal audit, legal affairs or risk management) may also be in charge of monitoring compliance. Strategic analysis could ally itself with that group to keep the guidelines alive and relevant. Still, any way you look at it, creating, implementing, monitoring and complying with this covenant will be hard work for all involved.

As we’ve made clear, professional compliance and ethics are not a luxury for the analyst community. They’re an absolute necessity, and must be taken very seriously. With even a minor indiscretion, hard-earned reputation and trust can be gone in the wink of an eye.

• 1831	Economic espionage (Agent of Foreign Power).
• 1832	Theft of trade secrets (Commercial Espionage).