Tuesday, 16 December 2014

Risk and Reward and why I drive in the slow lane...

Speed cameras are a bore.

In my life I reckon I have driven about 750,000 miles and until the invention of the speed camera I pootled around at whatever speed I felt comfortable with. In my youth this was probably too fast some of the time. I remember one good ticking off when I was stopped by a speed trap deep in West Sussex. It was the eighties equivalent to a clip round the ear from a beat bobby. He let me off though.

However, speed cameras have got me. I was once on 9 points for a very uncomfortable six months and these days it is impossible to pootle. You have to be aware of the speed limit and look out for cameras or there is a very real risk of penalty.

Some would say that this means the speed cameras have done their job. However, I am not a bad driver. I have over ten years no claim bonus, if that proves anything at all. My submission is more about the pain of being fined and potentially losing my licence, not safety. Thus, on the basis of providing a meaningful deterrent, I would agree that those evil little yellow boxes have squeezed another bit of fun out of my life.

Every business takes the odd risk, because businesses are run by people, and for whatever reason, a thrill, a calculated gamble, negligence or laziness, we all take a chance. For instance, crossing a busy road is a risk. We should all walk 50 yards further and use the pelican crossing but few of us do. And we are usually ok.

Risk is there to be managed the same as anything else. For every risk there is a reward. And the reward has to be worth it to justify the risk. Which is why I don’t get the corporate attitude to data security?

The fines are not £80 or whatever they do you for speeding these days (five years and counting...). It is £500k or 5% of GLOBAL turnover. Even Bill Gates would squeak at that. And it comes wrapped in a nice spiky envelope of bad publicity.

As I have said many times in this very blog the little guys think they will float beneath the radar. I do believe that is true, unless they do something so bad that it cannot be ignored. It’s probably ok doing 32mph in a 30mph limit, because they give you some tolerance...but mow down a few toddlers and don’t expect any lenience.

However, there really is no excuse for the big boys and they are generally as bad. So one has to ask what it is that is preventing businesses making sensible decisions? And obviously as I am already on my soapbox I am going to give you my answers to that perfectly reasonable question...

Firstly, the cost is a barrier. People resent paying separately to dispose of something they still see as having some value. It is human nature.

Secondly there is simple plain ignorance. People either ignore the dangers of a hard drive and give the kit away to a charity or a member of staff, or they just believe the guy that says he will dispose of it for them for free. Each route is fraught with danger.

Thirdly, there is indecision, the result of which is either a drawer full of hard drives or a pile of discarded kit somewhere.

But I don’t blame the customer.

I am not overly naive. I have spent a long time working in the construction industry and I have seen and heard of some scams that still make my eyes water. So coming into this industry, which is regulated but not really policed (by which I mean very few people get caught...in fact, part of the DP regulations is the requirement to report a data breach. In other words, they expect the turkey’s to remind us that Christmas is here), I can see huge scope for what my dear old grandmother used to call shenanigans.

In my not so humble opinion we need national standards for ITAD, meaningful ones, and then all businesses have to be forced to use a recognised and properly certified supplier. It works with gas boilers. It should work with ITAD.

The regulations are clearly designed to influence the big boys. Businesses large enough to have policies for everything from health and safety right through to how a request for a local charitable donation is responded too. But look at the reality of what we do and think how that process works in the real world.

Hypothetically we are a major business moving our systems from Windows 7 to Windows 8. This involves significant hardware investment, from servers right through to PC’s to laptops, mobiles and everything else. We are spending £10m. There is a board level champion and the IT guys are flat out preparing the procurement plan, the roll out and the training requirements. Meanwhile, Clive is the guy tasked with disposing of the old stuff. He has a deadline based on the roll out. He does not have a budget.

Do you see where I am going with this? Clive is not the boss. He is a functional guy, a doer, but he does not have much clout. His objective is to get the space clear for the new stuff. Maybe his boss thinks he should be able to get some money back, but the objective is to wash its face or thereabouts because we are talking peanuts here. With a spend of £10m on new kit, even if Clive spends £5k getting the stuff hauled out of central London on a Sunday morning no one is really going to care.

And Clive is generally my customer, and 99 times out of a hundred he does a great job. But every once in a while a Clive gets caught out by a chancer. Someone convinces him that what his regular supplier says will cost him £5k can be done for nothing. Clive thinks about it, looks at the website and after a meeting with his boss where he was told that there had to be a lot of value in those four year old PC’s in the call centre he takes the plunge.

You know what I am going to say.

My story ends with a company PC ending up on EBay full of customer records, and the £10m procurement cost is augmented by a £500k fine from Genghis and some rather embarrassing publicity in the Daily Mail. The IT director is in a cartoon on page four with the head of a donkey and Clive is looking for new opportunities on LinkedIn.

The only way to really help Clive is to properly regulate the ITAD industry. Encourage meaningful accreditations and licence service providers. Make the likes of the FCA demand the use of approved and accredited service providers rather than loosely recommend.

There is no clarity anywhere. We have big sticks and no crib sheets. It is time to change.