I recently watched Frontline’s Wikileaks video. (The recent hacking of PBS is a good example of making sure your information governance house is in order before raising your profile, particularly before raising it with hackers.)
One thing I was struck by was all the warning signs that Specialist Manning (the person alleged to have leaked the US military and State Department information) might act in a manner inconsistent with the the army’s policies.
Setting aside the moral and ethical issues raised by Wikileaks and the alleged actions of Specialist Manning, if you look at this from the perspective of HR at a large international organization, one has to assess the risk of disgruntled employees. Internal threats remain the greatest threat to an organization (although there is research to suggest that external threats are increasing). Combined with an apparent ideology, Specialist Manning should have been an easy red flag to spot.
The risk posed by disgruntled employees, particularly to the information that an organization holds, should be assessed on an ongoing basis. Working with your HR and Legal departments to develop appropriate intervention plans that are legal within that jurisdiction that are ready to go in these situations is a good idea. A tiered response plan as well is likely warranted. Not all employees pose an information risk, so your plan should take that into account.
Increased monitoring of employees that pose an increased risk might be something your organization should look at. In some industries this is even a regulatory obligation. I recall my financial services work, increased investigation and monitoring of FSA Approved Persons was required. Privacy worked together with the our Financial Crime, Compliance, and Legal departments, as well with our FSA supervisors, to develop a protocol that was compliant with both the UK DPA and the FSA Handbook.