.svg){kind=logo}
How business processes support internal policies and prevent data breaches
A recent breach of conduct by an employee has put Comcast in the hot seat for abusive and inappropriate behavior directed at a customer. Although a disgruntled member of the Comcast team changed the name of the customer (to a derogatory term) this is not the first time the company has faced these types of issues. Beyond being abhorrent behavior, this kind of action also damages the image and credibility of a brand.
It's reasonable to ask how Comcast could have avoided this situation. Like any organization of 150,000+ employees, there are some bad apples. Internal policies exist, however - and training teaches employees what is —and is not— acceptable behavior. Policies alone, however, will not prevent this kind of action from happening….
In every organization, policies are merely guidelines; they are not always widely known (we agree that they ‘should’ be) and are often difficult to enforce. Policy is, however, a legal shield— one that provides neither oversight nor accountability. And there will never be a policy that will cover every possible situation. Does your organization have a specific policy against changing a customer's name to an obscenity? Most likely, the answer is “ No.”
Even if no one in your organization (or Comcast’s) contemplated the ramifications of a customer name change during policy formulation, someone certainly analyzed it as part of process creation. That is why it is there, in the process where the solution resides.
Imagine that you were implementing a customer information change workflow application in Process Director. First of all, Process Director would record each change (just as it does for all actions) to ensure accountability. (As a result, if someone considered doing something ‘naughty’, he/she could expect to get caught.)
Second, you would want to build additional controls into the process. First-name changes are not a common occurrence in the scheme of things. You might add a level of approval to such actions before they are accepted. Or you might create a report that displays recent name changes (so the inappropriate names like the one in the article would appear at the top).
Perhaps you want to do something more sophisticated. In this case, the customer appears to have interacted with unusual frequency with customer service and technical support. You might build logic into your workflow that identifies such customers and makes note of (or requires additional approvals for) unusual changes to their accounts.
In today's social media- dominated world, it is simply too risky for a large organization to assume that none of its employees will do anything that reflects poorly on the company — and that results in nasty headlines. Policy alone can neither prevent nor repair such a mishap. It is at the level of the workflow itself that these situations should be considered and can be prevented!
The good news is that Process Director can provide you with all you need to create a strong defense against unwelcome behavior. Sure, Process Director provides you with greater control and insight into your business. In the end, however, what you'll appreciate most will be all the sleepless nights you never have to endure.
