The P&G/Unilever caper
When something bad has happened, it is never appropriate to blame the victim. And yet, there are certain cases in which our genuine horror and sympathy remains the same, but our level of astonishment (how could this have happened?”) may be tempered by our knowledge of the victim’s actions if they are guilty of, as one friend has put it, “acting stupid in the smart zone.” As an example, if a smoker friend gets lung cancer, our horror and sympathy is high, but we don’t really ask ourselves how this could have happened. Equally, if someone we know who refuses to wear a seatbelt is killed in a survivable automobile accident, our horror and sympathy is high, but we don’t wonder how this could have happened, either.
The same thing happens in the world of business. Let’s look at the recent incident of what has been identified as a “rogue” competitive intelligence action on the part of P&G against Unilever, over, of all things, hair care products (which should give you pause if you thought you were safe because of the nature of your product), using techniques against which the e-Journal has been warning for years.
Let us start by saying that what was done violated P&G’s standards, and that, as soon as chairman John Pepper found out about it, he fired those involved (and possibly a number of those not involved), and told Unilever.
Let us note also that had Unilever hired LUBRINCO (or some other competent OPSEC shop) to do an OPSEC audit and develop an OPSEC program, or had Unilever had even a rudimentary OPSEC program in place (which apparently they didn’t), none of the actions taken by the P&G crew would not have produced any useful results. In other words, while we are sorry they were rear-ended by the other car in the parking lot, we sure wish they had bothered to fasten their seat belts.
What did the P&G people do? As best as we can see, they did dumpster diving, and asked Unilever employees questions.
Now here’s the deal: Uniliver – and, based on our experience, probably your company – throws out a lot of very sensitive information which would be of great value to your competitors (in this case P&G). You – and Unilever – have some reasonable expectation of privacy for this data while it is sitting on your property, and that it will be perfectly secure until it is off your property, at which point your competitors can reasonably take it. It’s sort of like when you put book, magazines, and furniture in the street on Trash Day your neighbors feel free to take them, and you feel free to let them.
In this case, however, it would appear that the P&G subcontractors may have trespassed, taking Unilever’s sensitive data from their property, which would be the equivalent of your neighbors coming into your backyard and looking in the cans before you put them on the street. Trespassing is déclassé and probably a misdemeanor, and these guys could possibly face a fifty dollar fine!
The other thing the P&G subcontractors apparently did was misrepresent whom they were when interviewing Unilever people. While not illegal, this sort of lying – sometimes referred to as pretexting (it sounds more socially acceptable, plus it is more-awkward to say “Pretexter, pretexter, pants on fire”) – is both sub dig and unnecessary in competitive intelligence, since most people, when asked, will, sadly, answer.
Have either P&G or Unilever started OPSEC programs? We don’t know.
Does your company have an OPSEC program? If not, perhaps you should drop us a line.