Mission Statements, Strategy, Values and Ethics--How They Relate to Governance, Data and Connectivity.

Corporations and other entities frequently create mission statements, values, or other similar statements regarding the entity’s primary purpose, including what the entity does, in order to help orient themselves, as well as those that interact with them.?As we think more about governance, as well as how to begin to solve some of the issues that have been identified, it is important to understand what these different statements are, and how they help us potentially solve some of these issues, but also how they tie into governance frameworks, particularly at the corporate governance level.?If we were to stack these concepts, it would look something like this:

• Primary purpose
• Mission statement/direction
• Strategy
• Values
• Ethics

An entity’s primary purpose is essentially a statement about why the entity exists.?For most for-profit corporations, that is to return value to shareholders.?That does not mean that an entity’s primary purpose is the only thing it does, but it does mean that in most scenarios, an entity will choose its primary purpose over a different purpose, if there is a choice to be made, though that choice will never be unrestricted.?A good example of this is a statement from Google’s values/philosophy page:

Google is a business. The revenue we generate is derived from offering search technology to companies and from the sale of advertising displayed on our site and on other sites across the web. Hundreds of thousands of advertisers worldwide use AdWords to promote their products; hundreds of thousands of publishers take advantage of our AdSense program to deliver ads relevant to their site content. To ensure that we’re ultimately serving all our users (whether they are advertisers or not), we have a set of guiding principles for our advertising programs and practices:

https://about.google/philosophy/

Does that mean all Google does is focus on generating revenue from search??As you can see above, no, but the statement above helps orient us to how for-profit entities orient and align their primary purpose with other priorities—serving users which ultimately results in a set of principles that guide Google’s advertising program.

With other entities, particularly government agencies, returning value to shareholders isn’t the primary purpose of the entity, and there will be different purposes for different entities.?

Where things begin to diverge for most entities is at the mission statement level.?At this level, the overall direction of the entity is set as part of defining its mission, and this direction informs the strategy, corporate values, ethics, as well as a number of other processes.?At their core, for private companies, these statements begin to define how a company returns value to shareholders.?To use an example from a corporation—Meta:

Meta’s mission is to give people the power to build community and bring the world closer together.?https://investor.fb.com/resources/default.aspx

Google provides another example:

Google’s mission is to organize the world's information and make it universally accessible and useful.?https://about.google/

Turning to strategy, a strategy focuses on, at a high-level, how an entity will achieve its mission statement.?That might be focused on certain revenue or sales objectives, cost reduction, increasing or maintaining profit, other corporate growth activities, or in some cases, other objectives.?These statements can, and probably should, be short and focused on specific achievements, and be specific enough to allow measurement of progress.?For companies like Meta and Google, their strategies inherently would have to be intertwined with data and connectivity. This also may be true for many companies, even those in different industries, because using data and connectivity might be critical to achieving the strategy (creating products that rely upon research data, or implementing cost reductions as an examples), even if not explicitly referenced.

Next, we turn to values, which can be expressed as corporate values, area-specific values, or in other ways.?Again, we can look at Meta as an example:

• Move Fast
• Focus on Long-Term Impact
• Build Awesome Things
• Live in the Future
• Be Direct and Respect Your Colleagues
• Meta, Metamates, Me

Google uses a different format, but expresses its values in a list called, “Ten things we know to be true.”

1.??????Focus on the user and all else will follow.

2.??????It’s best to do one thing really, really well.

3.??????Fast is better than slow.

4.??????Democracy on the web works.

5.??????You don’t need to be at your desk to need an answer.

6.??????You can make money without doing evil.

7.??????There’s always more information out there.

8.??????The need for information crosses all borders.

9.??????You can be serious without a suit.

10.??Great just isn’t good enough.

Corporations and other entities also create codes of conduct and ethics statements that are based upon the entity’s mission, strategy, and values.?Google again provides a good example.?The main headings are below, with the full conclusion, as there is a significant amount of detail in Google’s code of conduct:

I. Serve Our Users

II. Support and Respect Each Other

III. Avoid Conflicts of Interest

IV. Preserve Confidentiality

V. Protect Google’s Assets

VI. Ensure Financial Integrity and Responsibility

VII. Obey the Law

VIII. Conclusion

Google aspires to be a different kind of company. It’s impossible to spell out every possible ethical scenario we might face. Instead, we rely on one another’s good judgment to uphold a high standard of integrity for ourselves and our company. We expect all Googlers to be guided by both the letter and the spirit of this Code. Sometimes, identifying the right thing to do isn’t an easy call. If you aren’t sure, don’t be afraid to ask questions of your manager, Legal or Ethics & Business Integrity.

And remember... don’t be evil, and if you see something that you think isn’t right – speak up!?https://abc.xyz/investor/other/google-code-of-conduct/

For a company like Google, issues regarding data and privacy are intertwined in a number of ways with their code of conduct, but again given the Hybrid World in which we now live, data and connectivity are frequently part of the mission or strategy of a company, and as a result may be covered in codes of conduct.?

So why does this matter for people focused on “privacy”, cybersecurity or governance??The answer is three-fold.?First, entities do a much better job achieving their goals when their goals are understood and are aligned with operations, and privacy and cyber are still seen as compliance issues rather than issues that are core to a company’s mission statement. ?It is hard to imagine the use of data, personal data or not, and connectivity not being critical to a company’s primary purpose, mission statement, and strategy, and that is one of the issues with focusing on issues involving data as being “privacy” issues, such as when we focus on “talking to the Board about privacy.”?

As noted in other posts, privacy is a concept focused on individual rights, usually enforced through legal means.?While that is a critical issue for the individual, enforcing individual privacy rights isn’t an issue that will be part of a company’s strategy or mission, because it does not relate directly to the company’s primary purpose.?However, that in no way means the issue is irrelevant—quite the opposite in many cases--but the issues regarding use of personal data must be put in terms related to what the company does, not vindication of individual rights for the company to truly be able to understand and govern “privacy.”

Second, regarding cybersecurity, as will become clear in future posts, one of the core challenges in the US right now is that we do not have an agency with a primary purpose of disruption of cyberattacks, or other similar critical issues related to cyber.?

Third, regarding governance, direction and strategy are critical components of establishing governance, and whether that is corporate governance, based upon the four corporate governance principles, or programmatic governance, making sure that those overseeing the governance process in question understand the mission, strategy, values and ethics of the company is important, because otherwise the governance process devolves into an empty set of controls with no real direction.?While that can provide some control around particular issues, that will not truly provide governance of issues, and it will not ensure that the governance model is horizontally integrated.

Future posts will examine how data, including “privacy” fits into the mission and strategy of corporations, as well as provide some thoughts on how we begin to solve the cyber challenges we face as a nation.