Be careful when moving a process to the computer (or even the cloud)! The possibilities for efficient processes are increasing, but so are the risks.
In the data breach at Clinical Diagnostics, important private data was stolen from almost 1 million people. This data could easily be used for fraud, with ten thousand euros (or much more) in damages for each person whose data was stolen. The total damage caused therefore exceeds TEN BILLION euros!
I immediately wonder how this could have happened. Every responsible architect, security expert, business analyst, etc., knows that you only share necessary data. This is not only required by law; it’s also important for your company’s risk management. As it turns out in this case, sharing all this private data was required by law and regulations!
I’ve seen it happen before: a process that used to be paper-based has been transferred wholesale. The paper proces has been digitized, but the process was not translated to the digital world. The old process, where multiple carbon copies of the form were made, has been translated. Apparently, the carbon copy that went to the lab; had all the information was on it, so that was to be done in the new situation as well…
This is why you need smart people for these kinds of transformations. Smart people with an overview of why you’re doing this transformation. People who understand what changes when you go from paper in a folder on a shelf in the basement to a database that everyone will have easy access to. That constant accessibility suddenly becomes important, even if it’s just to show how not to waste money, how much of what kind of business you do, etc. Too many people only see the risk after things have gone wrong. People who flag the risks are dismissed because their input is unwelcome. Ideas for revising the process so that the same result can be achieved much more easily sound too complicated for people who only know the old process.
God forbid the project would have run over its allotted time, and it might have incurred some extra costs. The new risks are swept under the rug by people who are nowhere to be seen when things go wrong. Even if the project costs a million more if the system needs to be overhauled at the last minute, this is eclipsed by the mountain of damage when it goes wrong.
And in this case, the damage is currently being borne by citizens who did nothing wrong; they simply wanted a check that their health was still good. Damage that I don’t hear anyone talking about how to mitigate; that will be the topic of the next post.
The lesson of this post is: take a good look at your processes that are put into a computer. Is the minimum amount of data being circulated, is it more efficient with the computer, or has only the pink form been implemented?
Want to hold up a mirror to your audience? LET’S TALK
Be careful when moving a process to the computer (or even the cloud)! The possibilities for efficient processes are increasing, but so are the risks.
In the data breach at Clinical Diagnostics, important private data was stolen from almost 1 million people. This data could easily be used for fraud, with ten thousand euros (or much more) in damages for each person whose data was stolen. The total damage caused therefore exceeds TEN BILLION euros!
I immediately wonder how this could have happened. Every responsible architect, security expert, business analyst, etc., knows that you only share necessary data. This is not only required by law; it’s also important for your company’s risk management. As it turns out in this case, sharing all this private data was required by law and regulations!
I’ve seen it happen before: a process that used to be paper-based has been transferred wholesale. The paper proces has been digitized, but the process was not translated to the digital world. The old process, where multiple carbon copies of the form were made, has been translated. Apparently, the carbon copy that went to the lab; had all the information was on it, so that was to be done in the new situation as well…
This is why you need smart people for these kinds of transformations. Smart people with an overview of why you’re doing this transformation. People who understand what changes when you go from paper in a folder on a shelf in the basement to a database that everyone will have easy access to.
That constant accessibility suddenly becomes important, even if it’s just to show how not to waste money, how much of what kind of business you do, etc.
Too many people only see the risk after things have gone wrong. People who flag the risks are dismissed because their input is unwelcome. Ideas for revising the process so that the same result can be achieved much more easily sound too complicated for people who only know the old process.
God forbid the project would have run over its allotted time, and it might have incurred some extra costs. The new risks are swept under the rug by people who are nowhere to be seen when things go wrong. Even if the project costs a million more if the system needs to be overhauled at the last minute, this is eclipsed by the mountain of damage when it goes wrong.
And in this case, the damage is currently being borne by citizens who did nothing wrong; they simply wanted a check that their health was still good. Damage that I don’t hear anyone talking about how to mitigate; that will be the topic of the next post.
The lesson of this post is: take a good look at your processes that are put into a computer. Is the minimum amount of data being circulated, is it more efficient with the computer, or has only the pink form been implemented?
Want to hold up a mirror to your audience? LET’S TALK