The download report button is carcinogenic

How comfortable are you having a conversation that starts “the spreadsheet you emailed is going to cost us four million dollars”? Probably not very comfortable – but it’s where current data handling practices will lead us. Privacy laws are penalising loss of control of data – not actual harm to subjects of the data. This is why controlled handling needs to be an operational capability for any organisation handling personal data.

The CRM system is a great example of the problem – it generally has the crown jewels of personal data, and easy download capability. The standard response to “joe needs a list of customers for x” is to cut a spreadsheet full of personal information, and email it.

Then what?

Every system the data touches after that makes a couple of uncontrolled copies – backups, replications, shares, edits. It’s like cancerous cells – a few here and there multiply to become a much larger problem. Under GDPR, it’s a 4% of revenue sized problem when the data is emailed to the wrong person.

The key to removing the problem is providing capability to handle data without downloading it. Simply, your employees need to be able to run their business process end-to-end without downloading and emailing a spreadsheet. If they can’t, you’ve got a carcinogenic problem within your organisation.

Author: Karl Melrose

Thinker about how to think about economics, security, risk, technology and incentives. Out to solve every optimising problem, out to make sure my thinking gets better, every day.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s