Enforcing GDPR

I, along with many others, have written about Europe’s General Data Protection Regulation (GDPR) since it was first introduced in April of 2016, and then implemented in May of 2018. Businesses had a two-year period in which they were to establish proper governance and practices to protect Personally Identifiable Information (PII) they stored and managed.

On July 8 of 2019, CNN reported that British Airways is now facing a (US)$230M fine due to a website failure compromising the personal details of Lawapproximately 500,000 of their customers. The fine represents about 1.5% of British Airways’ annual revenue. Additionally, this article reports that Facebook – as a result of the Cambridge Analytica scandal – was fined the maximum allowed at the time of $626,000 which was before GDPR was implemented and enforced. As you can see, the difference between then and now is significant.

GDPR is here, it is real, it is being enforced, and it will result of non-compliance will be one of great consequence. If you think it does not impact you, think again. Businesses need to take this seriously as many States are now implementing GDPR like regulations, and the Federal Government is considering a national version.

From a personal perspective, you should be glad that such a regulation is in force, as it is now pushing businesses more than ever to take responsibility for the information they hold on you, and be held accountable for the inability to do so.

Business People Choose….

…gamblers leave it to chance.  One of the great Philosophers – Aristotle – said “Choice, not chance… determines your destiny.” In business and in our daily lives, we are constantly making choices. We choose to get up and go to work or not. We choose to automate our businesses, or not. We choose to embrace best practices and upgrade our technologies, or not. We choose to prepare for disaster and chaos, or not.

I have talked to many business owners over the years about preparing their businesses for various things like changes in the market, a catastrophic disaster, or changing regulatory rules and often hear “I’ll take my chances.” I then ask if they are so casual Confusedwith their personal lives and possessions. More often than not, I get a perplexed and sometimes angered look with a response of “no, I make sure my home and family are safe.” Yet in their business lives, for whatever reason, there is a willingness to leave things to chance and hope that disaster, regulatory audit, or rapid market shift doesn’t happen to them anytime soon.

In my view, nothing replaces being prepared even if we cannot prepare for 100% of the possibilities. Forward thinking Executives understand that what lies beyond the horizon must be addressed today and reassessed frequently in order to stay in the game competitively, recover from a disaster, or avoid fines and penalties that cost far more than the preparation needed to protect the business. It is a matter of choice. You can choose to be proactive and prepare today, or chance the eventuality you will have to react in the future, with hopes of muddling through to address the situation and save the business.



Hey! I know you

Or at least I think I do according to my facial recognition system. There is some debate going on about the use of facial recognition in public areas, used without specific notification to all who pass by. In other words, when facial recognition is being used in cities like San Fransisco which just banned the use of facial recognition by law enforcement.

Let’s face it – I know “bad pun” – facial recognition is in place by many apps we willingly use every day to unlock iPhones, access iTunes, and more. Yet when we talk about using this technology for law enforcement and consumer recognition in stores, that is an area of concern. Perhaps it is due to the level of discomfort in the accuracy of facial recognition.

If you are a traveler, imagine what it would be like to board a flight to anywhere and Future-of-Face-Recognition-Technologynever again need a boarding pass. Imagine that all you have to do is walk up, and let the facial recognition system take it from there. One quick pic, compare to the files maintained in a database, say the Customs and Border Patrol database used for the Global Entry System now, and you are allowed to pass through. No more fumbling in line with a paper boarding pass or the digital version on your phone.

I for one, as a frequent traveler, would appreciate that greatly given all of this information is already kept for my passport, Global Entry, and Clear enrolments. It is coming and here now with JetBlue where the claim is that since 2017, they have successfully incorporated facial recognition into their boarding process with 125,000 passengers on 1,400 flights.

Is facial recognition infallible? No. There are still some things to work out regarding accuracy or inaccuracy by untrained systems, but it is here and ready for prime time. The question is how far will the human race allow it to go and how much legislation will be enacted to harness its use for what some may consider unscrupulous reasons. I for one am in favor of exploring the possibilities on a more  universal level like healthcare. Imagine if all you had to do was smile for the camera and all of your information is made available to the Doctors and staff. No more fill-out the form marathons. How willing are you to embrace facial recognition?



Is It Really The Technology?

“We bought this new intelligent information management solution and the damn thing is a failure!”  This is something I often hear and the question I have is typically, “Is it really the technology that failed or did you fail the technology?” This of course opens a discussion or prompts quick responses like “What do you mean we failed the technology?” My point being that of knowing what the technology was intended to do. I have always said that technology for technology sake will always fail to meet expectations.

In order for technology to be successful, there must be a purpose – reason – for the technology. Are you trying to solve a business problem and do you really know what the Confusedunderlying problems is or are you simply addressing a symptom? Are you upgrading in order to remain competitive? Are you planning to use the technology as part of your RISK/compliance program and if so, how does it factor into the information ecosystem? Perhaps you are trying to automate some of your business processes, but do you truly understand those processes and their interrelationships with other processes, information, and people?

These are but a few of the questions that should be asked before a technology purchase decision is made. If you don’t understand the true reason you want the technology, how can you expect it to succeed and you should ask yourself, if you really need it? Once you understand the true reasons and business problems you are trying to solve, you can match what you already have in place to see if it provides what you need. If not, then go buy it, but why spend more money if you have something in-house already? If you are unsure about any of this, seek external advice. Many times an independent third-party can help you step back and look at the bigger picture.

Next time you feel a technology solution is failing you, ask yourself – “Is it the really the technology or is it us?” You may be surprised at the answer.




Set Your Personal Goal

In 1984 I began working in R&D for Wang Laboratories and became involved with their document imaging technology – the foundation technology of what we all take for granted today. In 1986, I attended my first Association for Information and Image Management (AIIM) conference, became a member, and took note of a special group of individuals known as the Company of Fellows. These individuals held special recognition for their accomplishments in the field of Information Management (IM) and involvement with AIIM to help mentor, educate, and move IM to new levels. This I decided, was where I someday had hoped to be. That day came on March 28, 2019 when I became Fellow 221 in the 57th year of the AIIM Company of Fellows.

FellowsThis for me was my Professional goal, to make a difference, to help drive education, innovation, and interest for what we do, forward. It is a goal I set way back in 1986 and kept in front of me throughout my career. Receiving the award was very gratifying but I have to say, it is the journey that is most rewarding. Making new acquaintances, taking on new challenges, and witnessing first-hand how what you do makes an impact in business and even some people’s personal lives.

My point here is that you need to set some personal goals. Whether these be in business or your personal life, it is essential to help you keep focus and achieve your desired outcome. When working on projects, set the goal and work toward that goal with the intention of never waning or abandoning your journey. In my mind, everything is possible – it just may take longer and more effort than you thought to get there. Set your sights high and enjoy the journey. Don’t be afraid of change, to ask the tough questions, and welcome the answers even if they are not what you want to hear. It will make you stronger, help you become more well-rounded in your thinking, and take you farther than you can imagine.

Don’t Sell Anything!

The hardest thing for a salesperson to do, is to not sell their product or services. I know this firsthand from my past during my career. It is also one of the toughest things to teach a salesperson, do not sell the product or services. Let them sell themselves. When someone asks you do, do you answer “I am a Sales Representative?” When they ask what you sell, do you answer, “I sell the best products and services on the market today?”

The reason I ask is because over time, I have found that selling can be difficult, and if the customer has preconceived notions about what they need/want, it can be somewhat easy. Salesman-306x270The question I have is why is it so hard, and if it was an easy sale because the customer asked for something specific, did they really know wha they needed? The best salesperson I ever met was in the life insurance industry.

He referred to himself as a Regional Advisor and told me he helped clients by providing peace of mind and comfort in knowing family members would be taken care of in the event something fatal were to happen. When I commented that he sold insurance, his response was that he listens to his clients concerns, goals, and desired outcomes, then presents options that align to meet these needs. The client then makes the choice based on the options presented. This is an example of solution selling.

Don’t sell anything. Listen to what the client has to say, and ask a lot of questions to understand concerns, goals, and desired outcomes. Even if they told you what they want, ask the questions and let them know it is only to ensure you can provide the best solution and services for them. Once you have a clear understanding of the real needs and requirements, present options they can choose from. This could range from doing nothing, the basics, a full-blown/all feature suite, or something in between.

The message here is not to sell product or services, but to provide your clients with a level of comfort and peace of mind that the decision they made, is the best they could possibly make. Why? Because it was their choice – with you as a trusted advisor.





Weed the Information Garden

When you want your garden to shine and have the flowers stand out, you remove the weeds. The reason being the weeds can over grow the flowers to the point of killing them, you want the flowers to stand out so you can find and admire them, and you want to share their beauty for all to see.

pulling weedsWhen you think of your information ecosystem, the same holds true, though admiring the information may not be part of the discussion, but certainly having the ability to find it and share it without overwhelming those who seek it is desirable. Who knows, the consumers of your informaiton may admire you for your informaiton gardening skills.

What I am saying here is that information of no value, that is outdated, and redundant informaiton are like weeds in your garden. If you are trying to find the right information accurately and in a timely manner, you must eliminate the weeds or pay the price of trampling through them to find your information flowers.

How well do you keep your information garden and do you weed is often? Are you able to quickly find and differentiate the information flowers from the weeds? Maybe it is time to look at your information ecosystem as a garden and start weeding.


Understanding the Customer Experience

I had the good fortune to be part of a BPM Forum discussion about the customer experience and what is more important, data or process. The perspectives presented by my colleagues are all valid in that in the end, it is what the customer perceives as a good or bad experience. One customer may feel their experience was good awhile the next customer expresses frustration. The question to answer is what causes one to feel good about their experience, and the other frustration.

To answer this, we have to understand the customers’ view and look at interactions as they would. (In days of old we would use “focus groups” to understand expectations, computer-stress1evaluate their experience, and refine the products and services accordingly.) In the case of data vs. process, the mindset should be they are mutually important and interdependent upon each other. Process without data serves no purpose while data without process remains static and goes nowhere.

An additional element to this is the solution-to-human interface and how all of this relates to the user. Is the interface simple and the process easy to navigate, or are there many steps to take before the end result is reached? Consider the changes made in banking and making a check deposit. Where once you had to physically go enter a bank and interact with the bank teller, today it is as simple as taking a picture of the check with your mobile phone, and uploading it through the bank’s mobile application. There isn’t even a requirement to use an ATM, which everyone thought was a major milestone.

In my view, we cannot create an effective customer experience by segregating data from process from human interaction. The approach should be a holistic view that includes these elements through the eyes of the target customer. Internal customers will view things differently than an external customer. While the goal may be to get the right data to the right person at the right time, securely and accurately, it should not be cumbersome and frustrating. If it is, they will avoid it or leave you. If it is simple, concise, and pleasant, they will stay with you and encourage others to join.

This is a big topic that can seem complex, and I know this causes one to ask more questions, but it is from these questions that we learn and become better in serving our customers.

Where’s Your Data?

I had the privilege of delivering the opening keynote yesterday at a seminar focused on regulatory compliance and information governance, hosted by Graphic Imaging Services of Las Vegas, NV. We talked about the European Union General Data Protection Regulation (GDPR), The California Consumer Privacy Act of 2018, The Nevada Open Meeting Law, and more regulations that impact businesses and government agencies.

As the session progressed, discussions ensued focusing on where information resides, how governance should address management and disposition of that information, and copierhow to ensure governance policies are followed. For example, it is safe to say that all modern Multi-function peripherals (MFP) have a hard drive that not only stores the copier operating system, is stores everything you have copied, faxed, or printed through that device. As such, these devices present an information management challenge and potential security risk. The question then turns to governance and how the information stored in these silos, is managed and disposed of.

In my view the first step is to identify all MFP devices that have storage capabilities, what type of storage device it contains, and how to delete any information that may reside on these devices. Once this inventory has been taken, add a section to your governance policies that address these devices, policies on retention and disposition of the stored information, assigned responsible personnel to ensure these policies are maintained in accordance with documented procedural directions on proper deletion methods.

Of course we discussed much more than this but for many, the realization that this even existed and should be a consideration was a true eye-opener. For those of you reading this post, I present you with the same question as the attendees. Do you know if your MFP devices have storage devices within them, are they storing information, and do you have a policy in place to properly address it?


Welcome to the Robo-truck Era

So here we are in February 2019. In a new story this morning, I learned that FL highways are now a test ground for the use of robo–trucks – autonomous tractor trailers. While this is not new – there have been robo-trucks used by TuSimple in Arizona during 2018 hauling commercial loads  with plans to increase its fleet to 40 in 2019 according to a Forbes magazine article. This news story made me stop and think a little more about what is happening here.

“Driverless” trucks can run around-the-clock without having to stop for sleep, eating or any other reason other than fuel, between destinations. There would be robot_car-1no salaries – though for now there is a driver just in case to avoid a mishap – the idea being that eventually there would be no human in the cab. (Of course the Unions are against this approach citing potential safety issues, not to mention how many drivers would be displaced.) Additionally, there is focus on robo-delivery vans – smaller scale vehicles – used to transport commercial goods as well.

While we are nearing the Era of driverless vehicles of all types, planes, trains (?), and automobiles, there is still the Chaos Theory to consider. For those unfamiliar with Chaos Theory, (Jeff Goldblum explained it well in the first Jurassic Park movie), it deals with things that are pretty much impossible to predict or control. For example, wind turbulence, severe weather, volatility in the stock market, and for discussion in this post, humans.

The concept and now adoption of driverless vehicles, whether truck, car, plane, or any other type of vehicle, must be able to sense, predict, and act in accordance to the situation at hand. The unpredictability of human actions – quick lane changes, pedestrians stepping out into traffic, etc. are all factors that must be considered and vehicle programs designed to predict and address. In a pervious post I talked about a driverless vehicle that struck and killed a robot. (Neither knew the other was there.)

This leads to a discussion of ethics and decision-making by the vehicle. Let’s say a plane carrying 150 passengers has catastrophic engine failure. Options include turning back, land at another airport, or land in a river. (Sound familiar?) If you saw the movie Sully, the computer simulations could not account for the existing conditions and the simulator pilots were trained to react to the program. When alll of this was changed to a closer simulation of the reality the crew had faced – Chaos Theory – Sully made the right decision.

Are robovehicles coming? Yes. Are we really ready for them, no. Will they make a difference? Yes, once the infrastructure is in place, and the human factor is no longer a consideration. The question now is, at what pioint in time do all of these elements align?