Here’s how Bank of America Chief Risk Officer Bruce Thompson has spent his past 45 days: hunkered down in crisis-response mode with a team of 15 to 20 senior colleagues and Booz Allen Hamilton consultants. The work consists of pouring over several gigabytes of electronic documents that might be in the possession of WikiLeaks, which might release what the WikiLeaks director describes as evidence of corrupt behavior.

Chances are you know this already. Business and privacy pundits as well as other interested experts have been squawking about this looming threat since Bank of America’s stock dropped more than 3 percent last November in the wake of the WikiLeaks director claiming that his organization could take down a “major American bank” (which, most agree, refers to Bank of America).

Like too many conversations in our country right now, the arguments over WikiLeaks’ impact on business sound highly reactive and hover at the surface of a deeper issue. This deeper issue, the redefining of public and private information, is what risk managers should consider.

You might have noticed that I did not use the WikiLeaks founder’s name in this post so far. That’s intentional: The important risk management issue here does not focus on a single individual or a single organization.

WikiLeaks may be the most visible organization that collects organizational data and information that business leaders would prefer to remain under lock and key, but it is far from the only organization with this capability.

Thanks to global technological connectivity and complexity, the entire notion of privacy is under review. We’re not yet sure what this means, although terms like “hyper-transparency” and “involuntary transparency” present a good idea of what’s coming.

A healthy place for risk managers to start understanding this new business reality is by asking some big questions, including the following:

• What information might hurt the company – and why – if all of our internal information was made public?

• Would any current or former employees, especially those with access to high-risk information, share this information publicly? If so, why, and how might we understand and address why this urge exists?

• What are our guiding principles regarding information use and storage – and how feasible are those principles to put into practice in light of a business (and personal) environment in which data constantly flows through smart phones, laptops, and thumb drives throughout our entire value chain?

Some of the squawking about Bank of America’s response centered on the futility of the bank buying up URLs with negative variations of the company’s name and executive names (e.g., www.erickrellsucks.com, which – surprisingly – remains available).

Sure, this response sounds silly when it is described out of context. Keep in mind that this move no doubt represents one of hundreds of steps the bank is taking in response to a new risk that confronts every company that relies on Internet connectivity and information systems. ###