It’s a matter of trust

Warning: this blog entry covers sensitive current events and some of the links may use strong language.

When a big news story hits, do you ever notice a pattern or significant fact, that despite 24/7 coverage, everyone appears to be missing? The world has had three events in recent weeks get considerable attention throughout television, newspapers, radio and social media; and each of these events are catastrophes that occurred because of poor policy choice and unplanned reactions. Let’s briefly explore them.

PayPal v. Regretsy

Paypal is known to “freeze” the assets of somewhat questionable groups. However, many are saying they crossed the line by pulling the plug on a fundraising effort to get Christmas gifts for 200 children in need. Yep, you read that right. Paypal followed their policy and basically profited three times off of preventing children from receiving gifts. Is it surprising that this blew up in their face?

April Winchell, of the popular website Regretsy.com, wrote up her story and published it online with a follow-up. Not only did she get a massive movement behind her, but due to the fame of regretsy.com and the nature of what Paypal’s employee said, the story went viral and is being spread throughout Facebook, Twitter and other social networks. The story has been reported so widely,  there are now over 20,000 hits on Google with titles like:

– PayPal ruins Christmas for over 200 kids

– Paypal has no problem ruining Christmas for Children

– Paypal – The Christmas Grinch

There are posts claiming “Paypal is evil” and people should “stop doing business with them immediately.” On top of that, there is a public list of Paypal and Ebay employee phone numbers and email addresses being spread along with this story.

Carrier IQ
As we have covered previously, Carrier IQ is the company that writes activity-monitoring software for cell phone providers. Some call it the rootkit of all evil but others say it’s not so bad. The news started within a rather small technical community, but rapidly expanded throughout the internet and has resulted in a class action law suit and a senate inquiry. Carrier IQ’s customers are also being sued.

Pepper Spraying Cop

Most everyone today knows the story about the cop that sprayed pepper spray in the faces of protesters at the University of California-Davis. While such events happen often, the fact it was captured with cameras and posted all over the internet made it famous. The incident has started a national discussion about militaristic police forces, a personal investigation into Lt. John Pike and endless parodies.

What does this mean?

In each case, someone did something no rational person would do if presented with the given scenario. The various parties all defended themselves by citing law and policy, yet each instance caused a catastrophic public relations nightmare they may never be able to fix.

If you asked John Pike, weeks before the instance, if he would ever walk past a line of passive college students and cover them with pepper spray, I’m sure he would have said no. If you asked the CEOs of ATT or Sprint a month ago if they ever thought about tracking every single action their customers took on the internet, they would have dismissed the idea as ridiculous. If you asked the leadership of Paypal if they planned to steal money from impoverished children for Christmas, they’d have called you insane.

Yet, each of these events happened. Why? It comes down to policy. Policy’s role is to guide behavior. It sets expectations and makes individuals accountable. Sadly, the latter is often phrased in a negative manner so employees do the bare minimum to protect the organization and, in the process, open up the potential for these types of unfortunate events.

A better way?

Think about what would have happened if the Paypal representative had taken the call and responded with “That sounds like a good cause to me. I’m not authorized to allow it, but let me get my boss on the phone.” Maybe their officers wouldn’t have gotten inundated with spam and phone calls. Maybe their name wouldn’t be equated with thievery and evil. Maybe working with the offended party would be a better approach than a half-hearted apology.

Similarly, what if Carrier IQ had entered into discussions with TrevE about his findings and then worked with ATT and Sprint to resolve the issue instead of immediately going to the legal system (and getting trounced)? Maybe the whole issue could have been avoided.

Lastly, what if, Norm Stamper’s reforms of the police system gained traction? Maybe Occupy UC-Davis would have looked a lot more like Occupy Iowa City.

It’s a matter of trust

When I write policy for a client, the goal is to protect the business from mistakes made by employees. The goal is never to restrict employees to the point their only answer is always what the rule book states regardless of gray area. If you need something done exactly the same way every time, use a computer. They’re actually pretty good at repeatable tasks. People, in contrast, are really good facing unique situations and resolving them in creative ways. As soon as a policy prevents an employee from making improvements, there is no longer use for the employee. Just automate that job and be done with it. If that’s not your goal, your policy is broken. You can fix it by looking for scenarios which can be read literally and, as a result, cause catastrophes like the ones mentioned above.

There are many ways to fix these problems, once they’re found. Some businesses give their employees discretionary budgets. What if Paypal had said “Sorry for the mix up, and since it’s a good cause, here’s $100 to buy a kid a present.” Some businesses have an official PR escalation team. What if TrevE’s report hadn’t been met with hostility, but instead they said “Huh, good point. If we give you $1,000 can you give us some consulting on doing this better?” Some organizations create an expectation of personal responsibility, where it is illegal to obey an illegal order. Might that not have helped things at UC-Davis?

If you’re going to have people working for you, you have to let them be people. Let the policy be the guideline and trust them to follow the guidelines. If you do not trust your policy to guide, and not prescribe, action, you need a new policy. If you do not trust your people to be guided by a good policy, you need new people.

This blog entry was originally posted over at the RJS informer.