A good friend who occupies a major position in a prominent global financial services firm is very concerned about the state of leadership in matters involving the management of personal information. To make this point come alive, my friend recently challenged a group of alpha executives attending a Value Studio at the IT Leadership Academy to explain what they would do in the following hypothetical situation:
A person signs up for a subscription to a newspaper's online service. The newspaper company, in the normal course of setting up the account, collects and stores information about the customer, including name, address and credit card number.
Then, in the normal course of providing its service, the newspaper company tracks which articles the customer reads and which advertising links she clicks on. After some time, the customer decides to cancel the service. This is no big deal; it happens all the time. However, not only does she want to stop using the service, she also wants her data back. In fact, she wants the data expunged -- not merely deleted, but really gone.
Such requests to leave no digital trace aren't common -- yet. They will be the norm in the future.
Having set up this scenario, my friend asked the Value Studio participants to assume roles representing four constituencies: IT, marketing, legal and corporate affairs. Faculty members of the IT Leadership Academy played the customer, the CEO of the newspaper company and the newspaper's board of directors.
The groups were given 10 minutes to discuss their strategies, after which they reported their suggested course of action to the CEO.
The legal team, predictably, stuck to the letter of the law. It was their belief that the newspaper need not take any action, since the contract gives the customer no rights to her data, and no such rights are implied. Their position was that the operative legal contract protects the newspaper company from such requests. Three cheers for the legal team for such a textbook display of thinking inside the box.
Neither the corporate affairs team nor the marketing team was happy with the legal team's analysis. The marketing team thickened the plot of this scenario by revealing that this customer is a U.S. senator from the state with the newspaper company's most profitable customer base and that her husband is the founder of a megachurch near the state capital that has more than 1 million members. Both of these teams favored going beyond what was legally required to try to satisfy the ex-customer's request.
As for IT's perspective, the technical team reporting to the CIO wasn't convinced that it could guarantee eradication of any and all traces of the customer, given the disjointed state of the company's customer data systems.
If you were the CIO, what would you suggest? If you were the CEO, what would you want your CIO to tell you? As a citizen in an increasingly information-rich world, what do you think is the right thing to do?
Please send me your response and I will e-mail you the aggregate consensus of the readership.
Thornton May is a longtime industry observer, management consultant and commentator. Contact him at email@example.com.