Legal Standards in a Technologically Bifurcated World

Posted by K Krasnow Waterman on Thu, Jan 29, 2009 @ 10:01 AM

Tags: access control, identity management, technology implementing law, privacy technology, technology for business managers, law about technology, public policy, technology b2b customer service, information security

It's not news that our society is divided into technological haves and have-nots.  Much has been written about the advantages lost or gained - education, professional, and social - based upon the primacy and recency of one's technology.  Recently, I've become increasingly attuned to another place where technological caste matters -- legal standards. 

It's been clear to me for quite some time that the lawyer who resonates with technology can do more successful and faster legal research; propound vastly superior discovery requests; and produce substantially more incisive disclosures.  It's now becoming increasingly clear to me that the law itself is being skewed by those of us who live to keep up with the next big thing in technology.  Debates among lawyers rage in my email inbox about the differences in things like encryption technologies and metadata standards, with lots of cool techie references to things like ISO, NIST, Diffie, OASIS, and XACML.  

In the meantime, I was on the the Social Security Administration website the other day and they wanted me to use an eight digit alphanumeric password (case insensitive, no special characters) to upload W2 and other sensitive tax information.  My bank's brokerage affiliate is using the same outdated and readily hackable password technology  I still see commercial and bar association websites seeking personal and financial information without indicating that they're using SSL or some other baseline method of securing the information.  I still get requests from security professionals to email my Social Security Number.  If you're not particularly technical, trust me, none of these are good things.

The distance between these two realities has got me thinking about all the places that these two technological castes will be competing to set legal standards.  For example, does a "time is of the essence clause" apply the perception of time of a blackberry owner or a person without a laptop?   

As the new administration provides the first coordinated national focus on technology, I'd like to add this to the list.  Perhaps the new national CTO (yet to be appointed) could work with the American Bar Association and other leaders to identify a rational strategy for standards setting in such a technologically bifurcated society.




Article has 0 Comments. Click here to read/write comments

"Know Your Customer" - Host a data workshop

Posted by K Krasnow Waterman on Sat, Apr 26, 2008 @ 16:04 PM

Tags: technology for business managers, technology b2b customer service

Recently, I was invited to facilitate a workshop to learn about customer data uses, flows, and needs. It was an interesting idea, so I agreed.

"Know your customer" has become a hackneyed phrase in fairly short order. One of the post-9/11 bundle of laws, intended to gain anti-terrorism assistance from the public, was a "know your customer" mandate requiring financial institutions to better understand who their customers are and where their money comes from. Like many things we do in this automated life, it seems to have quickly lost its meaning in favor of a single massive data collection when my bank of many years -- which has seen my entire transition from debt to net worth through both my business acounts and the deposit of every paycheck -- asks me for id.

The workshop was intended to provide an opportunity for a fairly large group of data architects to hear a group of customers talk about their business day and tasks; how they interact with each other; and what they want. It was my job to draw them out over the course of two days, to find slices of life to talk about and elicit tremendous detail. It was expected that we would have an accelerated opportunity to gather needed data elements and identify system access requirements.

With facilitation, the customers opened up about their work lives. They described a tremendous amount of human interaction to obtain information. They described phoning folks in other parts of the organization to find out information they wanted. We, the folks with strong information technology orientation, thought we were making a break-through, identifying systems to which these customers could or should get access.

What happened next was unexpected. Wen we sought to validate these system access requirements, the customers repeatedly and politely told us we misunderstood. They repeatedly explained that they liked to get information in this unautomated fashion. They liked the opportunity conversation gave them to get context -- group meaning of terms, background for the way information is gathered, information that's inappropriate for permanent records, and other related information.

Since then, I've been thinking about what it really means to know your customer. As the provider of services, it's not enough to learn your customer's business. And, it's not enough to spend time in their space and observe them at work. You need to do those things but, in the end, if you really want to give them what they want, sometimes you just need to ask.


Article has 0 Comments. Click here to read/write comments