IT and Corporate Social Responsibility

By Courtney Macavinta

In the past, the term corporate social responsibility (CSR) was often associated with environmental protection, workers' rights, or charitable giving. Today, CSR covers a much broader swath of corporate activities -- from ensuring accurate financial reporting, to securing sensitive information, to helping improve an employee's quality of life.

In the wake of corporate scandals like Enron and Worldcom, high-profile data privacy breaches, and increasing concerns over environmental issues, consumers are often setting the standards for meaningful CSR practices. According to the 2006 report, Rethinking Corporate Social Responsibility, by Fleishman-Hillard and the National Consumers League, 63% of the U.S. adults surveyed said they "believe that a company's record of being socially responsible would be 'extremely' or 'very' influential to their decision regarding whether to invest in a company." In addition, the majority of those surveyed rated "being socially responsible" as the factor most likely to make them loyal to a particular brand or company.

"There are several findings in the survey that suggest that consumers, not experts, are now setting the CSR agenda," the report states. "For example, consumers may say they care about employees because they themselves may feel stress or strain while on the job. They may care about the environment because they worry about what the world will be like for their children and grandchildren. They may worry about the privacy of customer information, the price of products, or how a company affects public health issues because they are concerned for the safety, comfort, or health of themselves, their family, or their friends."

Experts say many consumer drivers for CSR point directly to the IT department.

"What's interesting is there is a part of many companies' CSR reports that focuses on information ethics and how information needs to be protected," says Larry Ponemon, founder of the ethical information practices think tank the Ponemon Institute. "Companies are going to be looking for ways to signal to the world that they are pretty good at this."

But a CIO's CSR agenda is not limited just to data protection. Here are several best practices CIOs can adopt in key areas to ensure that their practices go hand-in-hand with CSR:

Best Practice 1: Treat people well
As Fleishman-Hillard and the National Consumers League found, consumers care about how employees are treated by organizations. According to the non-profit Business for Social Responsibility (BSR), an organization dedicated to helping companies demonstrate respect for people, ethics, and the environment, the proliferation of technology has also created new CSR challenges for employers.

"The demand for technical skills is growing at the same time that educational skill levels are falling in some countries," the BSR states in one of its many issue briefs. "This has placed new pressure on companies to commit the necessary resources to train and maintain a technologically literate workforce. The explosion of technology in the workforce also has led to a myriad of other challenges for companies, from privacy issues to employee health-and-safety problems related to ergonomics."

In addition, CIOs need to be involved in their organization's CSR efforts when it comes to setting standards for, and monitoring how outsource vendors treat employees. Additionally, making sure subcontractors are in compliance with global workplace safety and human rights standards, is also a priority.

Best Practice 2: Secure and safeguard data
Companies that want to stand out as good stewards of consumers' data tend to go beyond government mandates. Ponemon says that besides creating a process for responsible information management -- including setting standards for how data is gathered, protected, used, backed up, and recovered -- organizations would also be wise to outline their information governance practices in their CSR reports.

"Information ethics is a major corporate responsibility especially when a company is entrusted with data about people and their families," Ponemon says. "Because of the data breach notification laws there is a public aspect to bad security now. And it's a red flag that a company might not be trustworthy."

Best Practice 3: Protect the planet
CSR practices also apply when it comes to how enterprises create, utilize, and dispose of IT equipment. For instance, CIOs can help spearhead "green data centers" by using tools for monitoring and managing power in server rooms or by selecting technologies that have been "designed and manufactured in an environmentally friendly manner along the entire supply chain," according to a 2006 Gartner report, Important Power, Cooling and Green IT Concerns.

Gartner also recommends that, where appropriate, CIOs consider the use of alternative energy sources, such as solar panels and recycling. And CIOs of high-tech manufacturing companies should be involved in setting standards for their enterprise's environmental practices -- for example, by limiting pollution.

Best Practice 4: Use the Internet
Almost half of those surveyed in the Rethinking Corporate Social Responsibility report said they used the Internet to do their own research about a company's CSR track record. In particular, consumers like to be able to receive "uncensored information from their peers."

Nancy Flynn, executive director of The ePolicy Institute, says that companies can use blogs to communicate about their CSR efforts or responses as well. "We see companies using blogs to communicate their social missions," she says. "Of the companies that feel this sense of a responsibility to be good corporate citizens, we'll see more of them using blogs to get that message out."

Although approaches to CSR differ based on an organization's sector, size and culture, there is a good place for CIOs to start: Take inventory to align IT practices with the company's CSR mission statement. They can also partner with other business unit leaders to ensure governance where necessary.

"The goal of a CSR management system is to integrate corporate responsibility concerns into a company's values, culture, operations and business decisions at all levels of the organization," states Business for Social Responsibility.

Courtney Macavinta is a Silicon Valley-based business and technology writer. Her articles have appeared in CNET News, Business 2.0, Red Herring, Wired News, and The Washington Post. She also is managing editor of  the online program The Online Family.