While writing this post, I’m also following the oral arguments against the cyber crime law at the Supreme Court, and reviewing my materials for tomorrow’s digital policy and cybercrime prevention session for a Japanese firm.
I was wondering how many entrepreneurs and HR practitioners from a non ICT company are following the developments on “Republic act 10175 or the Cybercrime Act of 2012”? Are they aware of section 9 that stipulates corporate liability for a cybercrime committed by an employee?
The purpose of this post is to create awareness of the need for an online philosophy and social medial policy to bring the online intelligence of both decision makers and employees on the same page, and set-up a mechanism that protects the company from both direct and indirect consequences of a rogue employee behaviour, either online or offline.
The “Carabueno” Illustration
Though his behaviour on the road has nothing to do with his internet behaviour, after his video hitting an MMDA enforcer went viral, the cyber lynch dug his online profile and dragged his employer along the way.
The “Mai” Turning Point
One thing I liked with the present government is their ability to adopt and use social media as productivity tool. But this is not without learning valuable lessons along the way. In one of PNoy’s official trip, Vietnam to be specific, one of his USEC, a former speech writer began tweeting personal observations to the point of insulting their host. Her online behaviour seemed innocent but her action affected her boss and the PH government in general. This incident could have been avoided if social computing guidelines were available.
The “Abusadong Professor” Saga- A Great Equaliser
Companies should take note that the advancement of technology and social media in a democratic space like the Philippines have encouraged citizen journalism. An employee can take a video of an abusive officer or a scenario that is potentially damaging to the company, and share it for the world to judge.
The Singapore Airlines Round-up
On 2010, Singapore Airlines reacted strongly against employee discussions about work conditions over Facebook. Employee rantings, when done in social web, can damage the reputation of a company.
In a nutshell, below is a matrix of the risks and impacts of employee misuse of social media to a company.
Section 9 of Republic Act 10175 or the Cybercrime Prevention Act of 2012
The most important reason IMO, to have a digital policy is section 9 of the Cybercrime Prevention Act.
For example, if an employee
is sending mass email for marketing purposes (or spamming) which is illegal per section 4 (c) (3), or downloaded a music or movie in a file sharing site via your computer network, then the company is co-liable
Section 9. Corporate Liability. –
When any of the punishable acts herein defined are knowingly committed on behalf of or for the benefit of a juridical person, by a natural person acting either individually or as part of an organ of the juridical person, who has a leading position within, based on: (a) a power of representation of the juridical person provided the act committed falls within the scope of such authority; (b) an authority to take decisions on behalf of the juridical person. Provided, That the act committed falls within the scope of such authority; or (c) an authority to exercise control within the juridical person, the juridical person shall be held liable for a fine equivalent to at least double the fines imposable in Section 7 up to a maximum of Ten million pesos (P10,000,000).
If the commission of any of the punishable acts herein defined was made possible due to the lack of supervision or control by a natural person referred to and described in the preceding paragraph, for the benefit of that juridical person by a natural person acting under its authority, the juridical person shall be held liable for a fine equivalent to at least double the finds imposable in Section 7 up to a maximum of Five million pesos (P5,000,000).
The liability imposed on the juridical person shall be without prejudice to the criminal liability of the natural person who has committed the offense.
To close this post, I would like to share the SMS conversation I have with fellow consultant. He lamented that he cannot read the thread we had on Facebook because internet access is not allowed by his client. His situation is reflective of more or less 60% of organisations.
While internet access can be blocked in a company, Management should also realize it cannot block the 21st Century. A digital policy and cyber wellness program is needed to safeguard the organisation.