There's a very interesting article in today's W$J, which recaps the whole HP board spying mess. The author opines:
From Ms. Dunn's testimony, emails and indirect comments, it's possible to piece together an explanation for how a well-regarded chairman could go so catastrophically off course. Adamant in her desire to "fix" the leak problem, she succumbed to tunnel vision.
She had begun to see stopping leaks as one of the most crucial tasks in her chairmanship. In doing so, she neglected issues such as prudence, fairness and the potential impact on H-P's reputation. Even the extent to which the company had analyzed the legal issues or just glossed over them wasn't considered.
What should Dunn have done?
Clearly, I don't think Dunn could ignore the leaks. Boards ought to be high trust organizations, in which members have confidence in one another. Few things can be more desctructive to intra-group trust than leaks, which may be perceived as inherently a breach of confidentiality but also as attempts to litigate disputes in the media instead of in the boardroom. Indeed, if the W$J is to be believed, the leaks had negatively affected intra-board relations at HP.
With the benefit of hindsight, I think I would have advised Dunn to hire the best outside security experts she could find (instead of trying a jerry-rigged combination of in-house and outsourced resources). She then takes the experts before the board. The experts tell the board: Here's what we need to do to investigate the identity of the leaker. Dunn then asks the board to approve the investigation, making clear that the board members will be investigated. Anybody who balks should be asked to resign from the board. Leaker Keyworth thus would have been faced with the unpalatable choice of approving an investigation he now knows will include access to his phone records and so on or essentially admitting that he was the leaker by refusing to go along.