Let’s face it, we’re idiots

November 18, 2007 at 11:03 am Leave a comment

When someone accidentally does something which results in an extremely negative consequence, it’s not a surprise to feel some sympathy. After all, it could happen to anyone. When they do it again, and get the same predictable result, we scratch our heads in some puzzlement, but we might, if we’re in a good mood, still retain a shred of compassion for their woes.

When they persist in this behaviour several dozen times, then all empathy flees and we can only conclude they’re lacking the necessary mental capacity to put two and two together and get a single digit answer. In other words, we’re idiots. (I’ll explain why I’m using ‘we’ instead of ‘they’ in a moment.)

I know “idiot” isn’t a politically correct term, I know it will grate on some readers. Tough. That’s the intent. Sometimes it is necessary to speak plainly to get the attention of the listener.

I’m referring to the seemingly never ending reports of confidential personal data being lost, mislaid, let loose into the wild, accidentally sold, deliberately stolen, abandoned and sometimes just put in the trash for anyone to browse at their leisure. For a depressingly long and detailed chronology of these lapses in data security(?) (The word ‘security’ barely applies to what is going on) visit http://www.privacyrights.org/ar/ChronDataBreaches.htm.

What exactly is the difficulty here? What part of solving this problem is posing us an insurmountable challenge? What part of ‘protect confidential data’ and our resulting obligations and responsibilities, don’t we seem to understand?

The solution doesn’t require a high IQ, a research study, a lot of money or even much thought. Frankly it doesn’t even require that you finish reading this rant of frustration.

1) Identify your confidential data.
2) Don’t let it out of the building!

(This is why I used the all inclusive “we” rather than “they” in the second paragraph. If our organizations haven’t already done this, then I’m afraid verily, that our enemy is us.)

Yes I know, even though I can state the solution in less than (looks up and counts) a dozen words, this is going to take some work. Looking at all the data in any organization isn’t something we can do in a few minutes.

Working with all stakeholders to decide what is and isn’t “confidential” is going to take some effort, but it’s not inherently difficult work, there’s no heavy lifting involved. A good start is to tag all employee and customer data as confidential. (That didn’t take long, and didn’t hurt a bit… did it?)

The next step is a two step, consider it a dance of insurance and due diligence

a) Communicate and
b) Enforce the “don’t let it out of the building!” directive.

I’ll assume that the existing channels of communication in your organization haven’t atrophied due to lack of use, so I won’t bother explaining how to communicate something of great and vital importance to all your staff. Or have I just invoked the old and pointed definition of the word “assumption”? I’ll assume I haven’t.

The “fun” part of all this, perhaps it’s the difficult part for some of us, is enforcing the simple concept of “Don’t take confidential data out of the building!” Here’s how it works… if you violate this directive, regardless of your status in the organization, then you’re fired, terminated, let go, liquidated, banished, tarred and feathered and ridden out of town facing backwards on a blind donkey, summarily dismissed… you get the general idea. To put it simpler, it’s a badness.

Note, these consequences don’t happen to you when data is ‘lost’, the consequences happens the INSTANT you step outside of the building with confidential information in your USB key, laptop, pocket, purse, left nostril, briefcase, portmanteau etc. etc. It isn’t a difficult rule: Don’t take confidential data out of the building! And that included allowing ACCESS to it from outside the building from anything other than a secure site.

Too harsh? Too bad, get used to it. Identity theft is a growing, serious problem. Privacy issues are real. Fixing an identity theft problem is an onerous, expensive task. When a company loses tens of thousands of personal records, it creates huge risk for each individual involved. (this needs to be stated?) Frankly, I’m hoping that the next idiot company which loses confidential data gets sued into oblivion. Perhaps they’ll serve as an object lesson for the rest of us.

Please don’t let that idiot company be the one you work for… I hate being an expert witness. It’s boring, tedious – even though profitable – work.


Entry filed under: Leaders, Leadership, Management, Managing, Problem Solving, Security, Technology. Tags: , .

Confessions of a Change Inflictor An open letter to Management

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

November 2007
« Oct   Dec »



%d bloggers like this: