Case Study: Global Management Consulting Firm

Executive Summary: Following a troubling incident of sensitive data that was inadvertently exposed by an employee to a client of the company, a Global Management Consulting Firm took steps to reduce the risk of visual hacking by employing the use of privacy filters for certain members of the workforce and including visual privacy as a topic in privacy training.

Organization Overview: One of the largest consulting firms with offices in more than 100 countries and 60,000+ employees. The firm provides a range of services for its corporate clients including litigation support, valuation advisory services and benefits, and compensation consulting.

Business Case: Many of the consultants travel or work from clients’ offices regularly, enhancing awareness of the need for visual privacy and the protection against visual hacking. Since consultants need to have access to sensitive and confidential information in a number of diverse client focuses, proprietary data accessed includes:

• Client account information

• Spreadsheets

• Advisory memos

• Attorney-client privileged documents

• Photos

• Tax records and IDs

• Confidential consulting reports and presentations

When asked how visual privacy became an issue for the company, the corporate counsel described a recent troubling incident that had the potential to do great harm to the image and integrity of the firm. According to the corporate counsel, a partner was on a plane traveling to a client. He was preparing depositions for a major litigation. On the computer screen in clear text were attorney-client privileged documents. One of the firm’s clients just happened to be seated next to the partner. They started to talk and he could not believe that he was able to see and read these documents. Although the information on the screen had nothing to do with his company, he was concerned that this might be a common and bad practice. The client contacted the firm’s legal department and filed a complaint.

The Solution: After much discussion and advice from corporate counsel, the firm’s privacy and data protection practices were updated to include situations involving travel with laptops and tablets. As part of the new policies and procedures that were instituted, consultants were encouraged to use privacy filters. To encourage adoption, the privacy policy was changed to add the importance of visual privacy when traveling and working offsite, and the firm’s privacy training now includes visual privacy as a discussion point as a means to reduce the threat of visual hacking. The firm also makes use of 3M™ Privacy Filters and other privacy products.

The Benefits: According to the company’s general counsel:

"I do believe the [privacy] filters can minimize the risk of data theft. It is important for the image and integrity of the firm. There is growing awareness among the consultants about the social engineering risk that occurs during travel. Many were not aware that potentially a cyber criminal whose sole purpose is to obtain credentials and personal information could be in the next seat.”

3M is a trademark of 3M Company. ©2015, 3M. All rights reserved.