IT departments, plans and strategies are becoming ever more subject to legal policies, practices and laws. In truth it is legal who will be defining what IT does and how they do it. The case is more severe for multifamily businesses that are public companies and are subject to Sarbanes-Oxley, SSAE Compliance (what was SAS-70) and PCI standards for all businesses for personal identity protections. Be on the watch for new regulations by the Consumer Financial Protection Agency surrounding collections.
The point is that IT must increasingly look to legal and
legal needs to learn more about the ramifications of IT practices and the
technologies they deploy or allow to be used.
Too often I encounter situations where multifamily Legal
Departments are defined as an obstacle or inhibitor to progressive IT
strategies. Or at a minimum offered up as an excuse for indecisiveness or the
lack of progress surrounding IT projects. Legal won’t let us do that. Or, what
we want to do will not be sanctioned by legal. The law says this or that. Many
times it can be true but far too many times it is not. I can attest that many
IT requests for legal sanctioning of plans are adjudicated based on anecdotal
hearsay. The simple fact is that technology crushes in on legal policies that
have not kept pace. It is inexorable fact of our life in the digital age.
A
lack of attention, cooperation and collaboration between legal and IT only
sires renegade or rogue activity to emerge and fester deep in the organization.
Experience is teaching a harsh lesson. To succeed in age of ‘digital everything’
multifamily Legal Departments need to become significantly more engaged in the
IT policies and strategies of their companies. To not adopt this view in
practice and as a core operating principle invites ever increasing risks and a
debilitation of potential progress towards a more competitive and high
performing business results utilizing advances in technology.
The world we are and will be increasingly working and living
in is alive with risk and exposure. Sure, there are technology solutions for
most everything we do. But what are the ramifications of misuse or malicious
use? It will take increasing cooperation and collaboration between ‘legal’ and
IT to define what should be adopted in the way of technologies and how those
technologies need to be overseen and managed. This means that legal executives need
to commit to a deeper knowledge and understanding of the technology. And, IT needs
to have patience in ensuring that ‘legal’ is fully up to speed on strategies
for IT use.
Allowing end users to define their own choices of software,
devices and services in a ‘bring your own device’ to works era is a formula for
eventual disaster. Not IF but WHEN.
My most frequently encountered example of unattended policy
is the use of FREMIUM or ROGUE document storage services. End users set up
their own personal ‘file stores’ and in doing so set up their own passwords and
move internal documents to an off-site facility out of the reach of IT.
Documents are now the ‘property’ of these individual users, no one knows what’s
been sent offsite. If the employee quits, they take the documents with them. (What
was Sally’s password?) There is no audit of document access or re-transmission.
Snatching personal identity information is a breeze. Who can know?
Another area that is hugely anecdotal regards the use of
electronic signatures and on what documents they can be used. I am sitting here
with two messages from property management firms in the same state one allowing
its use another disallowing its use all based on ‘legal’ interpretation.
Really? Hmmmm…
The point being made once again, is that legal needs to
embrace and become active in addressing the march of technology and lead in policy
formulation that eventually blends technology and business practice into a risk
profile that is fully considered and well understood. If legal does not get
involved in ‘leading the IT parade’ in a fully collaborative manner with IT,
bad things will happen and progress will be stifled reducing competitiveness
and business performance.
So maybe Legal should head (read ‘lead’) IT is not a question
after all. They must. And, IT executives
need to warm to the new age of enabling legal’s growing necessary dominance
over IT plans and strategies and work progressively and positively to do so.
The days of IT policies built in silos and on anecdotes are
over.
-
Mike Radice
No comments:
Post a Comment