Platt Perspective on Business and Technology

Building a business for resilience 12 – open systems, closed systems and selectively porous ones 4

Posted in strategy and planning by Timothy Platt on May 8, 2016

This is my twelfth installment to a series on building flexibility and resiliency into a business in its routine day-to-day decisions and follow-through, so it can more adaptively anticipate and respond to an ongoing low-level but with time, significant flow of change and its cumulative consequences, that every business faces in its normal course of operation (see Business Strategy and Operations – 3 and its Page 4 continuation, postings 578 and loosely following for Parts 1-11.)

I initially offered a briefly-sketched outline of how a business might be set up and run so as to minimize business systems and economic friction, and throughout its operational processes and practices in Part 8 (and see Open Markets, Captive Markets and the Assumptions of Supply and Demand Dynamics 6 for an orienting discussion of economic and business systems friction per se.) And I then began discussing how selectively, strategically developed and maintained porous barriers to open communications: intentionally planned and supported sources of friction there, can be both beneficial to the organization as risk management initiatives, and even be legally required.

I turned to and at least briefly discussed a third working example of that type of decision and follow-through in Part 11 with the need to manage and control access to personally identifiable information as obtained from or about customers or employees. And at the end of that posting I added that I would discuss an increasingly closely related fourth working example of that in this next installment: managing confidential information flow between partner businesses, in supply chain and other collaborative business-to-business systems.

The example that I raised in Part 11 has become increasingly, and even essentially universally important as more and more businesses do business online, as this means collecting and using wider and wider ranges of personally identifiable information and about both current and prospective customers, and as more and more national and international legal jurisdictions are enacting and enforcing laws to protect personal privacy – and with the goal of limiting risk of consumer identity theft and associated fraud only serving as one driver behind that trend.

The example that I raise here in this installment becomes more and more important and pressing as those businesses work together to collaborative create competitive value for all participating member businesses in supply chain and related systems, and where the sharing of customer information in doing business collaboratively is only one part of what can come to be called for in making these business-to-business relationships work.

And going beyond that single, if to many people singularly important aspect of this area of discussion, I added at the end of Part 11 that I would also address:

• More general issues of confidential and proprietary information that might be obtained from supply chain and other business-to-business collaboration partners, under circumstances where maintaining confidentiality is required too.

Let’s at least start that larger, overall discussion with customer data, where that includes already legally protected types of personal information, and types of personal data that might become protected too (and see Part 11 for at least a brief discussion of how that type of change can happen, impacting on both business processes already in place and on the stores of customer information that might already have been shared.)

• To take this at least somewhat out of the abstract, let’s start with a manufacturer: A that produces products that would be directly purchased by and used by consumers. And they enter into a business relationship with a shipping company: B that handles the logistics and transport of bringing items that are sold online by A to their customers.
• A phenomenon that can be identified as customer ownership spread enters in here, where A sees itself as owning a business-to-consumer relationship with the people who buy its products, but as soon as B accepts responsibility for actually bringing those goods to those customers, they see them as their customers too.
• And if A and B are just two member businesses in a still larger collaborative system, and if other businesses enter into it by in some way directly working with those same customers, they take ownership of them for having a business-to-consumer relationship with them too. Let’s say, for example, that A or B – either one of those businesses, brings in the services of yet another supply chain partner business: C with its expertise and resources in managing customer relations. C is a customer-facing service fulfillment center that addresses customer questions and concerns, and that manages customer problems and complaints. If an item has to be returned for replacement or for refund they handle those conversations too. If a customer of now A and B reaches out, by phone or through online chat for example to a company C representative, they and their business now see this as their customer too.
• And as A and B and C and I add any other such businesses that might become involved here, all see these same consumers as their own customers, they all see legitimate and I add significantly compelling need to secure and maintain their own data files on them too: personally identifiable information and all, address and phone number, email address, credit card information and all – and more than just those particular data points.

And if any one of these businesses with the shared customer data that it holds, is found to be using or further sharing this data improperly, according to relevant privacy protection laws in place, that event has potential to adversely impact upon both the company immediately at fault, and any supply chain or other partner business that they might have obtained any of this information through.  This holds if a business in a system of this type finds itself the victim of a data breech as a hacking attack, and certainly if it was carried out at least in part from the inside.  This also holds if the business itself was simply following practices and processes that an involved legal jurisdiction would deem problematical and illegal under terms of their law and its court case interpretations in place.

In Part 11, I set up a perhaps largely straw horse “simple best practices for limiting risk here” model at the single business level, where a minimum amount and range of data would be collected, used and then securely deleted – among other proposed details. And then I indicated point by point how in practice, it would be unrealistic and how it would ultimately be unworkable, if that business wished to remain competitively effective in cultivating repeat business and ongoing customer relations. Every point that I raised there, towards the end of my Part 11 discussion has a direct counterpart here. It is just that this becomes a lot more difficult when a business shares customer data with a partner business because it cannot see into their operations and practices the way, or to the degree in which it can see into their own. And it cannot dictate and manage them the same way either, and even if it can contractually seek to limit at least the predictable there in setting up and maintaining its supply chain relationships.

I am going to continue this discussion in a next series installment where as promised above, I will address

• More general issues of business intelligence confidentiality and of the sharing and managing of proprietary information that might be obtained from supply chain and other business-to-business collaboration partners.

And as I added to the end of both Part 10 and Part 11, after that:

• I will switch my orientation here from a consideration of problems and potential problems, to one of solutions to them. In anticipation of that, I add that this means I will discuss intentionally controlling information access and the overall conversation in a business, and how that has to be seen as a dynamic process, to express that in terms of this posting’s discussion. And I will at least briefly look into information technology options and how they can be used to facilitate all of this. In anticipation of that, I will be discussing rules-based automated access control systems and how they can be developed as artificial intelligence systems.

Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: