According to a recent ruling by the New Jersey Supreme Court, a former employee’s past company should not have read e-mails that she sent from a private, password-protected, web account.
The employee was using company resources (computer, internet access, and indeed company time), but the Court ruled that she had a reasonable expectation of privacy for the account, being that the company’s policy regarding computer use was that “occasional personal use is permitted.”
Various states have differing views of workplace privacy: Most, if not all, have ruled that company-owned, corporate, e-mail accounts belong to the company – including all data that is contained – business related or otherwise. Many have ruled that any data on a workplace computer belongs to the company, “personal” passwords and allied info notwithstanding. But in gray areas, companies and individuals alike need to thoroughly understand Acceptable Use policies and to grow and amend those policies as necessary based on precedents and local rulings. Some predict that workplace expectations of privacy vis-à-vis differing locales and laws will ultimate settle into a uniform judgment as the issue inevitably makes its way to the Supreme Court.
But there’s another consideration here: Who might be accessing your e-mail and any other personal data in the workplace that you may not know about, and will never know about? Someone could be surveying your workplace computer right now – for entertainment purposes, or for judgment in your suitability for promotion, or even further employment. Can this be done in secret? Of course. Is it? Well… for certain environments and for anyone who understands enough about human nature… the answer comes back again, “…of course.”
For a little background, the following article by Susan K. Vivio at NJ.com is of interest: N.J. Supreme Court upholds privacy of personal e-mails accessed at work.
This much is certain: If you’re in the policy-making arena (whether IT or Business policy), be sure your Acceptable Use and Content Management policies are thoroughly up-to-date and that staff is apprised of your organization’s expectations. If you are a workplace user of resources (again, whether IT or Business staff), be sure you are thoroughly familiar with all policies affecting use of computer and allied resources – and be certain that any people you may manage are also fully educated and current.
In all regards, it is always wise to carefully consider what you may be saying and storing on workplace computers.
Once upon a time, a business director approached to introduce himself. After his name, his very first words were “I’m ‘computer-illiterate’”. He went on to explain that he would be IT’s “best customer” because he required frequent help. He joked of being proud on mornings when he could just remember how to turn his computer on. He had a smile on his face, and he most likely thought that his confessed ignorance would be seen as a friendly sign. But, it was very dismaying – as his ‘illiteracy’ turned out to be true.
He was also positioned critically; his department relied on external technical subscription services and critical agreements with solutions partners in forwarding the organization’s business. Working with this person, although nice enough, presented difficulties. So, how is it that, in this new millennium, a person of otherwise high standing still has a comfort level in divulging ignorance regarding technical matters? This is an extreme limitation for any organization, regarding any job or position.
Thought of another way: Suppose you approach your CFO – you’re new to the organization. You’re a department head, a business leader, someone who is expected to set an example – a manager, director, or even a VP. You smile and make a confession: “I sure hope I don’t have to prepare or balance any budgets around here – I’m ‘financially-illiterate!’ In fact, I can’t even balance my own checkbook! Numbers just aren’t my thing.”
Every organization’s managers are required to maintain budgets and to know how to manage them. Presumably they are hired with some basic skills: knowing how to add and subtract, and having some common understandings of basic budgets and the required accounting principles. Just because a staff member doesn’t work in Finance & Accounting doesn’t mean they’ll never have to perform some nuts and bolts finance and accounting. Likewise, it is not too much to expect that managers and users have some basic computer skills.
That expectation is quickly morphing into the outright need that these people understand and promote their own use of technology in its relation to the business. After all, most people who enter an organization that has a Business-Technology Weave are the sort of people who have computers at home, or have used them in school. No one is allowed to get away with “computer-illiteracy” any more, or even a stagnant appreciation of technology. Your organizational culture must evolve to one whereby users and managers are imaginative thinkers when it comes to using and growing the organization’s use of technology. They should employ the same imagination and judgment when partnering on the use and plan of technology that they use when partnering with Finance on the organization’s budget.
Next: An IT Deficit
In the case of Expositions’ codes, IT delivered a business module requiring new finance codes. It was up to Expositions to then take action – the act of “filing” in this case was the act of creating the codes, coordinating their approval with finance, and then inputting and administering the codes – these were all Business requirements.
How many IT departments are producing reports from end-user software that should be produced by someone in the business element? How many IT departments are orienting incoming hires for entrenched business software – the specific use of which is better explained by someone that is in the business department making the hire? How many IT departments are breaking out, coding and tracking mobile connectivity charges for business? Lots. Aren’t those an administrative duty better performed by someone in Finance or the actual departments?
In other words, look for situations where “filing cabinets” have been delivered, but where the duty of “filing” is not being effectively picked up out in the business arena. Making effective use of technology is a profit-enhancing lever, and the user community needs to “file” effectively. Do what is necessary: deliver training, place the expectation, and let Business set up and run their “filing cabinets.” This frees IT to fulfill its obligations in other rapidly expanding arenas – Security, to name one. Content Management to name another. Planning and fulfillment on future, accelerating, business and technical requirements to name more.
Next, let’s look at one additional example on the Business side of the equation before we look at some IT challenges.
Let’s examine an organization that is implementing a new Association Management System. The senior director of the Expositions department needs to identify finance codes used for her department; these codes help track revenue and expense in relation to conference booths, hotel rooms, and services, etc. Subsequently, the Chief Financial Officer needs to approve the codes. The IT department can then test them – but ultimately Expo will even have the authority to edit and configure their own codes.
The project manager with overall responsibility for managing the AMS project has asked the Expositions director to create the codes, submit them, and to then meet with the CFO and PM by a certain date in order to have an approved set of codes ready for IT’s input. However, the Expo director has failed in this task, missing several adjusted dates for completion. It is now incumbent on the PM to make this happen by setting a meeting for these two and ensuring that they do actually meet and hammer out the codes. It matters not whether the Expositions director has valid reasons for missing the assignment or not. It matters not whether the CFO has made himself available for consultation as requested.
It is the PM’s responsibility to move the process along in ensuring that the codes get created for input. Regardless who owns each incremental task – the PM is the ultimate owner and will answer to each success. In other words, the creation of the codes is an issue in the project management context. The PM’s job is to bump along the Expositions Director’s (or delegate’s) creation of the codes – an important task supporting a project – the implementation of a new association management system. The Expositions department is the task’s owner: The action of creating the codes is that department’s responsibility, with a shared component. That was creating them in compliance with the Finance department’s oversight of all finance codes. Let’s look at the “why” of the task’s ownership by the Expositions department.
Part of the lag in the code creation turned out to be the Expositions Director’s insistence that this was IT’s responsibility. However, IT is not the generator of the codes. Nor does IT maintain them – or use them. The syntax and format of the codes is defined largely by Finance. Further, the Expo Department is intimately familiar with their (Exposition’s) financial tracking needs. They know how many codes and definitions are needed in the conduct of their business. They also know the character and number of codes that exist in the old AMS – for various conference booths, hotel rooms, services, etc. Having IT survey a business situation that Expositions is responsible for is not a correct placement of effort or responsibility; nor is it efficient.
IT effort in this regard would mean: IT must perform the administrative drill of creating the codes for approval by Expositions. This would engender a review, any necessary adjustments, and resubmittals with another Expo review. This would be followed by IT’s arrangement for review with Finance. This is inefficient: Expo can drive and complete this process, in its entirety, in less time. Otherwise, it takes IT people away from doing the things that only IT can do. It engages them on a largely administrative task that should be assigned within the Expo department. Expo should not require IT to maintain their finance codes any more than IT can expect Expo to maintain IT’s finance codes.
Once Expositions creates their codes as tasked, they must let the project manager know they’re ready. The PM can schedule a sit down with Finance for review of the codes. Once Finances approves them, the PM (or a delegate) can train Expo on how to enter the codes into the AMS. The Expo department should have the authority to maintain their codes in the AMS so as to match their authority in maintaining the codes in the business sense.
Ask yourself here: who is responsible for knowing Exposition’s codes in order to exercise Exposition’s business? It is within that party, or group, where action must transpire. Today’s employment of “systems” or technology is not an excuse to defer ability, responsibility, or activity. In any circumstance, an oversight authority from Business or Technology can simply ask: who is the relevant party that knows, or should know, the “business” of what is under consideration? That party must be empowered in every possible sense so as to match activity to the root of knowledge.
In short: IT delivers the system – Business must utilize the system.
Next: Empower Business; Free IT…
It’s been said that understanding what things are like… is a large step toward understanding what things are.
Let’s take a break from the topic of False Solutions… I’d like to return to it and wrap up a few more concepts and tips, but we’ll do that a little later.
Today, let’s talk about responsibilities and where they lie. In many business-technology endeavors there blooms a confusion as to who should do what. This is especially true when going down a new and unfamiliar path. Business frequently thinks that anything involving a technical support structure means that most of the responsibility and activity belongs in the IT department. IT frequently thinks that Business should be responsible for some things that in fact are better reserved for IT’s exercise and judgment. We know there is a mutual dependency, but when are lines appropriate and where do we draw them? What answers does the Weave yield?
Let’s look at a couple examples that will highlight some areas, then discuss a simple way to illuminate any area for solution. You will then be able to employ this model to answer your own questions in cases where you’re proceeding onto unfamiliar ground, and unsure as to where to place specific activity and responsibility. You can also look at your existing placements of effort, and in many cases make better assignments in cases where certain efforts have been poorly positioned.
The Filing Cabinet Analogy
Your office is cluttered – you have documents all over the place. The paperless office of the future has not yet arrived, will never arrive, and your hardcopy papers are necessary, important, and accumulating. You must get them filed for safekeeping, and you require ready reference of the content. You call up your supply department and order a filing cabinet. A few days later, a supply clerk rolls your cabinet in, asking where you would like it.
As the clerk wheels his empty dolly toward your door, you say, “Wait! You’re not finished.” Bewildered, the clerk asks you what you mean. You politely gesture to all the stacks of paper on your desk, your table, your office floor. You tell him that he needs to label the drawers. He needs to create tabs for various subjects, projects and tasks. He needs to alphabetize and categorize your paper documentation and file it in the appropriate place in the new cabinet.
What is wrong here? This: You, the recipient of the filing cabinet, expect the supply clerk to do your filing – which is not the supply clerk’s job. The supply clerk has delivered a system for filing – the recipient must file, or delegate that to relevant department staff. But realize too: the cabinet’s recipient must not only use the “system,” the recipient must do some configuring and setup of that system. After all, it is the recipient who best understands the business requirement of that system (the labeling, categorization, content for the drawers, etc. that is necessary).
Now, we know that no one would ask the supply clerk above to do filing – or configuring – yet IT finds itself in that very position as it delivers its “filing cabinets”.
Next: Determining the “Why” for Who Does What…
All organizations must know where they are. This sounds simple and obvious, but many organizations don’t know their own staffs’ capabilities, capacity for learning, willingness to learn, and the various measures of tools and enablements that the company owns – as just some ideas for “Where We Are.”
Tell me how to get to Chicago. Um, you’d better ask a question before you have me embarking on a trip: “From where are you starting?” Any organization embarking on an IT-business solution (destination) had better know exactly where it is before plotting that destination. Ahhhhh.
In the case of XYZ, several ‘where we are’ factors were missed. No destination can be reached if you don’t understand the point from which you’re trying to progress. Here, the point of origin was thought to be one of missing automation, a lack of tools, a lack of enablement. There actually were inadequacies, as there generally are when seeking solutions. However, they were misidentified. This led to false statements of need, a misidentification of requirements, and misdirected actions. XYZ arrived at a destination that did not serve them.
There wasn’t a simple lack of automation or tools for their appraisal process. In actuality, there was a quite robust set of general automation and tools – with a wonderfully low “overhead” of maintenance being that these tools served a broad array of effort and work product. The organization just had to use these resources, and within the discipline that is required of any effort (business or otherwise, technically assisted or otherwise). The point of origin here – the organization’s “Where We Are” – included the lack of priority, discipline and accountability.
The inadequacies were in the organization’s failure to state clear expectations for fulfillment of the appraisal process, and the application of discipline and accountability in order to secure the managers’ serious attention and fulfillment of their appraisal delivery. Understanding this point of origin would have yielded a completely different path; a route to a real solution of the appraisal problem. For example, any manager’s late submission of an appraisal could yield a mention on their appraisal, with corresponding rating impact.
Another part of the path would be the emphasis on the organization’s reliance on the appraisals: What can be more important than placing, developing, and promoting the right people in creating the best organization possible?
Timely appraisal documentation is key: That is the destination, and the True Solution.
So, what ultimately happened with XYZ’s appraisal system? XYZ Corporation eventually threw out the new system, and went back to the old. A fresh set of eyes looked at the appraisal process and saw an opportunity for cost cutting. The vendor and their associated product were simply removed from the environment – saving training costs, upgrade costs, support costs, and eliminating wasted time. Managers were held accountable by their supervisors for timely and correct submission of appraisals, and those supervisors were held accountable, and so on up the line. In other words, this corporation put the push where it belonged – in the general areas of discipline and accountability.
Here too is an important understanding: IT people often don’t want to appear as a “block” to initiatives, and can remain mum on ideas that they see as unwise. Business must recognize this and foster an open dialog on needs and solutions in sponsoring a civil debate on what is best for the organization all around. A well-defined business-implementation team (BIT) is a great forum. Leaders’ responsibility – Business and IT – will be to weigh what they hear during feedback in making decisions. At the same time, IT must maintain solid credibility so that their counsel on the business end of “solutions” is weighed and considered with proper weight and focus by Business.
One important concept that IT can expose is what the false solution does to economy of scale. Any time you remove specific business from common resources and supports, such as wide serving networks, common end-user apps such as e-mail and wordprocessing, you chip away at an economy of scale because almost always there is a parallel deployment of a “specialized” resource, asset, application, platform, etc. You now build a new area of overhead and recurring cost. Be very wary in these circumstances. Before you bring in the “new,” examine the “old” and its supposed deficiencies very carefully.
Keep in mind that the phenomenon of the False Solution is very real. You may have experienced it in full, or perhaps to some lesser degree. Consider that often times you may achieve a strange parity: a “solution” that works, but is no more efficient or enabling than what preceded it. In those circumstances you live with the squander of resources in simply delivering something different. The organization may yet suffer a poor return going forward, as stakeholders in a new system make erroneous or wasted effort in trying to squeeze out advantages that are simply not there. In all cases, remember the adage to “measure twice, cut once.” Take very careful measure of needs, “solutions,” and vendors so as to create proper definitions and deliveries.
Let’s next examine the XYZ case to see where people frequently go wrong, and the red flags to look for. There are always red flags to indicate that you may be embarking on a False Solution.
To drive the point completely home, let’s look at the beauty and simplicity of what XYZ Corporation had in place prior to this “improvement” – this “solution”:
They had a very effective word processing template for the employee appraisals. It contained all of the major areas for evaluation of employees. There was a very effective instruction set that had been constructed and improved upon over time. Also, most managers had a ready history for position objectives and employee performance. It was already “online” as a reference – readily available in past year’s appraisals.
Reusing and repurposing this information should be a routine part of XYZ Corporation’s effective leverage of business content. Consider: Even for new employees (without a performance history), there still exists the position description and objectives from the former incumbent’s appraisals, as an assist to new employees appraisals. For brand new positions, neither system offered much assist – new positions require, and deserve, a fresh document set all around.
During XYZ’s “appraisal season,” expectations for completion of drafts, and submission dates for completed appraisals, were well articulated and communicated via existing tools – namely, the e-mail system, all-staff meetings, and bulletin boards – things which were still employed, by the way, with the implementation of the “automated” system.
From time-to-time we’ll get back to “XYZ Corporation” and look at their “simplified” employee evaulation process… be sure to read the first and second False “Solutions” posts:
In continuuing – XYZ’s first red flag should have been the assertion, or assumption, that the managers could not write. The corporation couldn’t possibly have hired managers without some kind of writing skills. The matter of poor writing was more a human failing on some part to hold managers accountable for their quality of writing. The posit that “managers can’t write” should have been rejected outright. The focus then should have been to set an expectation, a bar, for managers to clear for the quality of their writing. HR, and anyone supervising a poor writer, should think about this condition as exposing a vulnerability, so as to expose a potential strength. If you want your organization to write well, make that a goal. What could HR’s next steps be? Perhaps to sponsor a managers’ plan to get necessary people to training. Perhaps to issue, or direct attention to, an organizational “style guide.” The really important thing: hold people accountable for their writing – rate them on it in their own appraisals. Judge their performance. Trust me: They’ll improve.
Therefore, for XYZ Corporation, there was no technical component, no technical solution, required for this element of the appraisal problem. It is a problem of discipline and accountability, solved by senior managers, in holding people accountable for the quality of their work. No computer or technical system is going to fix your business culture, or overcome lax attitudes.
There was also the flawed analysis in the matter of automated reminders. No technical assist here helped an adherence to schedule. The only leverage that counts is how the reminders influence the receivers – the managers. Could the appraisal software’s e-mail reminders do anything that HR’s former e-mail reminders could not? In fact, there was no leverage to be had on the problem. The managers’ response to the “new” reminders was the same – to largely ignore or overlook them. HR viewed the automatic send-out of reminders from their own perspective: the efficiency standpoint of the sender (HR), not from a consideration of what the managers would do. Again, getting users to respond to reminders is a matter of discipline and accountability outside of any computer or technical solution.
We’ll weave in and out of various topics, but we’ll be returning on a recurring basis to False “Solutions” – they are an ongoing problem for many, many organizations.
These days a company’s personnel have two or more identities: There is the usual professional “company” profile (along with associated expectations and behavior), and the personal “off-duty” persona. An employee’s personal behavior is generally understood to be private – so long as the employee isn’t doing something to put their organization in a bad light.
But now many, if not the overwhelming majority of, employees have online identities. A Facebook account may be the most obvious online identity, but there are also LinkedIn, Twitter, and even Google searches on names, revealing blogs and even accumulated comments that may point to particular information, opinions and peril.
Thus, sometimes online “personal time” identities can pose peril to an organization – and have. Suppose a client stumbles on a client manager’s personal page and finds pictures of drinking, lewd photos, and perhaps even rambling ruminations on the manager’s workplace? Would the trusted relationship between client, manager, and organization survive? How would you feel if a service provider was suddenly thrown into a suspicious light, via something you discovered on the web? It happens… and relationships break and revoke.
More and more companies are running online checks on people as they apply. Applicants and employees, on the other hand, are “hiding” their identities by using nicknames and filters.
There is good reason for doing this, from their perspective: A survey commissioned by Microsoft shows that 70 percent of hiring managers and recruiters in the U.S. have passed on an applicant based on online information. Further, roughly 79 percent of U.S. hiring managers use the ‘net to gauge job applicants. Damaging information has ranged from criticism of past employers, co-workers and clients. Other reasons are inappropriate comments and photos – the inappropriateness of course is in the judgment of the potential employer.
But… what of an organization’s present employees? Surely many, if not most, have an online presence. Do any of them make comment on the organization, its practices, and its personnel? And if they do, what is the modern organization’s prudent activity in protecting its number one asset – its reputation? For that matter, as an employee yourself, what are you doing online? And if nothing inappropriate – would it bother you that HR may check your online presence from time-to-time?
Consider that many an employee has blasted something straight from the corporate e-mail account, tying a domain “tail” on correspondence that may be wholly inappropriate. But even from personal accounts or on personal space pages, any reference to your workplace is a matter of something that is being done in the name of your domain – here, the domain is dominion over your brand, your products, your services… your reputation. And what of an employee’s generalized poor behavior or judgment: if an employee shows poor personal judgment, as documented on the web, might business partners, customers, clients, etc. start to wonder about their own professional associations?
What is being done in the name of your domain?