Platt Perspective on Business and Technology

Don’t invest in ideas, invest in people with ideas 38 – the issues and challenges of communications in a business 5

Posted in HR and personnel, strategy and planning by Timothy Platt on April 25, 2018

This is my 38th installment in a series on cultivating and supporting innovation and its potential in a business, by cultivating and supporting the creative and innovative potential and the innovative drive of your employees and managers, and throughout your organization (see HR and Personnel – 2, postings 215 and loosely following for Parts 1-37.)

I concluded Part 37 of this with a bullet pointed assertion that I had built up to in the course of writing that installment. And I will at least begin to more systematically explore and discuss it here:

• Ultimately investing in people with ideas and not just in specific ideas, depends on how effectively a business can in fact institute an effective back-channel if you will, unstructured, or at least less-structured communications system that can address the novel information flow needs that innovation, and disruptive innovation in particular require, while still maintaining effective risk management oversight of genuinely sensitive and confidential information.

And I begin addressing that by repeating the anticipatory note that I appended to it in Part 37, as a foretaste as to how I would discuss and analyze it here:

• As an orienting point of observation, this means going beyond tacitly assuming that any information not directly needed in one’s more routine work and in carrying it out, should be tightly restricted and even entirely blocked for its accessibility or use. Ultimately, that approach when blindly – and routinely followed rather than being challenged and managed for its consequences, is probably the most significant single operational level reason in a business why they would fail at being more innovative than they are. (Returning briefly to the parenthetical nota bene comment that I offered in Part 37 towards its start, this is where I will reconsider the issues of what “sensitive or confidential” mean in this context, as promised there.)

But to begin at the beginning for this posting’s narrative: carrying through upon an initial spark of insight and of potential innovation and actually developing realized value from it, calls for a progressively wider range of resource commitment that effective communications per se can only partly address. But arriving at the initial innovative insight that would lead to all of that new value creation, is directly driven by and largely dependent upon communications and information availability and sharing. Initial innovative insight grows at least to a significant degree, out of an at least initial-jumble of puzzle pieces of raw data and knowledge and understanding, that can be derived from and that collectively describes a business’ current here-and-now. And such innovative insight is achieved from assembling an understanding of a possible new and next out of all of this and in novel and unexpected ways. That is where an awareness of gaps in what is being done now emerge, and it is where a matching awareness of possible new opportunities in what could be developed that would address those gaps, emerge.

This line of discussion up to here addresses my above repeated to-discuss bullet point from an overall goals and incentives perspective. But the core of that point as stated is more operational in nature, and certainly when viewed in light of my accompanying anticipatory, and explanatory note regarding it. And operationalizing all of this is my primary topic of this posting and of what is to follow, or at least:

• Offering an organizing framework for finding, developing and implementing an overall communications and information sharing policy
• That would enable both information security and innovative opportunity and potential,
• And in what at least ideally would be a dynamically updatable manner as needs and opportunities change.

And I begin addressing that by finally turning to and discussing “the issues of what ‘sensitive or confidential’ mean in this context.”

I am intentionally simplifying a complex set of issues here, but at least to start, let’s assume that an effort has been made and in some way implemented, to remove “apples and oranges” comparison incompatibilities in computing the relative overall risks that would be associated with possible disclosures across the diversity of information types that might in principle be held to be securely confidential, or that might in principle be more openly shared. So the perhaps complex risk factor considerations that would enter into evaluating any given class or category of information type there, or by extension any specific data that would fall into one such categorical grouping, would be assigned an aggregate uniformly and consistently scaled risk score that would fit on a simple numerical scale that ranges from 0 through 10. A score of zero there would indicate a presumed zero risk from disclosure and sharing, and a score of 10 would indicate a presumption of automatic adverse consequences whose negative value impact would be certain to overwhelm any conceivable positive value outcomes from sharing that information outside of its already vetted and approved circle of recipients and information users.

Data and more processed knowledge that is derived from it, that would readily and unequivocally receive one of those two extreme scores is easier to both quantify and agree to for that, and easier to risk manage too and certainly when determining its range of accessibility for possible use. Consider two extreme point examples there, to take that assertion out of the abstract, and one middle ground example as well.

For my essentially automatically presumable zero risk example, consider new marketing campaign material that has been finalized and approved for release, and that this business is all prepared to see go live to the outside world. I assume here, to flesh out this example a bit, that early release of this to the public, or even just to competitors for that matter would no longer compromise the new product launch, or whatever other event that this business has been preparing for, as everything going into that campaign is all prepared for and in place. And focusing on product releases in that for the moment as a more specific source of examples for this, I am assuming a zero probability of this business having to make a sudden and unexpected pull back from this marketing campaign and from carrying it out now, as for example might arise due to a sudden last minute discovery of a significant flaw in the offering to be released and marketed, and in either its basic design or in its first market-facing production run; this new product is not going to prove to be burdened with design or usability challenges or with flawed parts in a supposedly final product or any other such last minute problems.

My qualifying conditions there would indicate, if accepted as valid, that a risk score of zero might be generally agreed to as an overall aggregate conclusion given due diligence reviews and considerations. And that would make sense, to pick up on my low probability complication example of above, if a reasonable sample of the first run product there were quality control tested as part of the basic pre-campaign preparation to effectively eliminate concern from that type of possible risk complication – as would be carried out there as part of this business’ basic production line due diligence. But those qualifiers and other possible ones like them, each perhaps individually small but collectively summable in creating an overall aggregated risk number might in principle collectively reset the final score arrived at from a presumed zero too.

What is my basic point here? I actually have several, but will focus on one of them for now. This risk score that I write of here is scaled in integers that range from 0 to 10. And I intentionally picked an at least seemingly simple and straightforward example to illustrate the low risk end of that scale, with in this case a possible early release of new marketing material and a new marketing campaign. But there can still be functional area-specific, and data type-specific factors that would have to be rolled into even that more standardized and simplified risk assessment score, and even for what would reasonably seem to be overall aggregate score of zero examples. Risk management is, after all, based on assessments of possible low probability but high impact events too, and not just what is more nominally and routinely expected.

Now let’s consider my score of 10 example. And for that I turn to consider personally identifiable, individual customer-based data and consumer protective regulatory laws that dictate specific types and levels of access-firewalling for it. I added a low level risk complication into my score of zero example that I went on to set aside for a specific instance under direct consideration here. And I add in a possible complication for this example too that might not be as easy to set aside, with the possibility of change in the regulatory law governing safe and allowable access and use that would force a change in due diligence evaluations as to who could access this information and how and when and under what circumstances. More specifically here, I am referring in this example to case law change and how a law in place might be “reinterpreted” and functionally changed as such, and in ways that might have severe retroactive consequences and even in jurisdictions that constitutionally protect against the imposition of ex post facto laws per se, as holds in countries such as the United States.

Even a seemingly clear-cut extreme zero or 10 example with a seemingly clear-cut determination in place as to permissible guidelines for information access and usage, might have novel and unexpected risk considerations buried within it, or low probability but high risk ones that might easily be overlooked. All of this type of added risk-factor consideration becomes much more complicated with more mid-range information management risk scores. And that is where the type of unstructured, or at least less-structured communications and information sharing issues that I write of here in an innovation context, become both more important for innovation and more nuanced and challenging for their risk management considerations. Genuinely zero risk information sharing does not enter into any access decision making considerations here, and risk of 10 information is in most cases going to be off the table for that and out of consideration too. It is middle ground risk evaluation level data where this becomes important, and at least potentially challenging.

I will discuss that set of issues in my next series installment, starting with the middle-level risk score example that I promised above. And after delving into that and with that scoring system analysis in place, I will further discuss the more general to-address topics point that I repeated at the start of this posting. Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory. Also see HR and Personnel and HR and Personnel – 2.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: