Let's just keep this between us, okay?

My latest consulting engagement has me again bringing IT and business together by leading the communications, training, and user acceptance testing for a strategically important data ingestion, encryption, and synchronization initiative at a company focused on security and delivery of applications and services. It’s a great extension of the work I’ve done in the governance, risk management, and compliance (GRC) space, and I’m fortunate to be working with a dedicated team that is determined to improve how we work with customers to give them a better support experience.

Riding the bus for over an hour to and from to Seattle each day for the past several weeks has put an analogy in my head that relates to the engagement. A bus full of people varying in age, gender, culture, ethnicity, and so on, is a microcosm of our society and of our workplaces.  We're all in it together, even if we're all going in different directions and to different places when we get off the bus. We go to work as individuals to support ourselves and our families at the start of the day, and there we are again, together on a bus at the end of it. Even though the quarters are close, it would be nice if we could stay out of each other's way.

Some of us on the bus look like we might be having a rough time with life. A few of us seem to wear a smile constantly, making others happier around us, although not outwardly acknowledging it. One of us is watching something funny on our smartphone, wearing headphones and laughing out loud with a complete lack of awareness that it’s audible to other passengers. A couple of us are old friends that randomly and unexpectedly have run in to each other after years apart, and we’re now catching up on each other’s life. One of us just flatulated and is hoping to high Heaven that nobody else smells it, because, man, it was a doozie. But fortunately, nothing really bad is happening on this bus ride.

But whole lot can happen – good or bad – on a bus full of people. You just have to be willing to look around and pay attention to see it all going on. For the safety and security of other passengers, you also need to make every effort to ensure you don’t do anything toward them that they might not welcome. You can only hope that they give you the same respect. Just because we all got on the same bus doesn’t mean we want to interact.

This leads to the topic of data security. Metaphorically speaking, people on a bus are like data in a database. “Data” can be defined as any type of information about a company or an individual. All of us individuals on the metaphoric bus have loads of data about ourselves, but chances are, we want that data to stay private, or “secure”. Any institution that we allow to be in possession of it in their database needs keep it that way. A breach could lead to a heap of trouble, for both sides. It’s why a sound and well-managed GRC program is critical to organizations that handle customer data.

Some risks in life are worth taking. With customer data, they aren’t. In an era where laws and regulations seem to be adding up instead of going away, it's best to be proactive and prepared for what's next. Don’t wait for something like the GDPR to take effect next May to put your plans in motion.