Move fast in a global crisis, without breaking trust
COVID-19 may have muted the tech-lash but tread carefully as you adopt new technology: move with considered agility, not rushed panic
Big Tech’s Maturity
The era of ‘move fast and break things’ was supposed to be over. Big tech had had its moments of reckoning: Cambridge Analytica, Zuckerberg in the senate, and more. Shareholders, regulators, governments, users, the press, their own employees had pressured the tech giants into to greater governance, transparency and responsibility.
We were promised a safer, more responsible, more ethical internet; we were told data ethics were priorities, not just PR for big tech.
We were told the invasive, data hungry business models of the likes of Google would be tamed; they would protect what they collected and be good information custodians, driving ethics into the heart of the algorithmic decisioning.
“Surveillance capitalism unilaterally claims human experience as free raw material for translation into behavioral data.”
― Shoshana Zuboff, The Age of Surveillance Capitalism.
A Pandemic changes Everything
Well that was then, that was until February passed in to March this year. On 11 March the World Health Organisation (WHO) declared that the COVID-19 outbreak was a pandemic.
Markets plummeted, whole industries collapsed, business models disappeared overnight. The impact for many businesses was immediate and dramatic. The personal toll on health, loss of life and loved ones, continues to be utterly tragic.
And we don’t yet know how this story ends, we don’t know what the world will look like once the storm passes.
Agility in a Crisis
In times of emergency things speed up, there’s a rush of emotion, a hunger, a need for innovation for speed; our instincts kick in.
And this can be brilliant, a forcing function for decisions, driving clarity and accelerating change. This urgency has great power for positive results, whether it’s bringing global scientific communities together, driving collaboration, unearthing brilliant innovations. We have seen many examples of this recently, such as Mercedes F1’s breathing aid made within a week.
I’m sure each one of us experienced such emotions in the early days of the crisis (and perhaps still now): the panic, the galvanised survival instinct; along with the despair, the hope, the fear, the gratitude for what we have. Perhaps all of those emotions and more — both on a personal level and as leaders and professionals.
What Changes will stick?
There’s been a rush to innovate, to adapt, to figure out the new normal across every aspect of our lives. This is vital when it comes to saving lives, but what is the knock on effect? What else will go under the radar, under the pretext of priority and relating to COVID-19? What rushed practices or habits will stick, for good or bad, across every aspects of our lives?
Which elements of emergency draconian state powers will persist post crisis (for example the Coronavirus Act 2020, UK)? What will this mean for mass state and corporate surveillance, or for our behaviours? As individuals, can we trust global governments and tech companies to always use that technology and our data responsibly?
"“Many short-term emergency measures will become a fixture of life. That is the nature of emergencies. They fast-forward historical processes. Decisions that in normal times could take years of deliberation are passed in a matter of hours. Immature and even dangerous technologies are pressed into service, because the risks of doing nothing are bigger.”
- Yuval Noah, FT
Digital Transformation: Expedited by the Pandemic
The digital imperative is not a new board item in organisations, it’s been around for years now. I was ‘Global Head of Digital’ for a Fortune 500 financial organisations a decade back, spending my time convincing the C-Suite of the need to evolve and the benefits of new tech, processes and talent.
The business of changing to digital technology, to embracing cloud, to optimising the online customer experience has been slow, expensive and cumbersome for non-digital native organisations. Upgrading outdated technology, adopting new processes and changing mindsets is tough.
There’s nothing like a powerful lever and stick to set the wheels in motion. A crisis can be a gift for leaders.
It’s amazing how quickly therefore, that Video Conferencing tools, cloud applications which enable collaboration, and communication channels can suddenly unlock and be approved where once risk or InfoSec said no, or the business reflected.
Software is eating the world
(Marc Andreesen said this way back in 2011, but yet it still feels relevant today)
So which trends has the Coronavirus Pandemic Accelerated?
Let’s look at some examples:
- Telecommuting (we’re now all Video Conferencing our colleagues, our kids’ teachers, our parents, our friends on a Friday night)
- Food & services going on demand to your door (think Uber eats)
- Events & entertainment: events going virtual, demand for streamed entertainment doubles down
- Cloud and SaaS — share, access co-edit documents, e-sign, collaborative tools
- E-commerce — yes, we still want to shop
- Online learning — see our article on this trend.
“This is a wake-up call for organisations that have placed too much focus on daily operational needs at the expense of investing in digital business and long-term resilience. Businesses that can shift technology capacity and investments to digital platforms will mitigate the impact of the outbreak and keep their companies running smoothly now, and over the long term.”
(Sandy Shen, Gartner)
How do you do your Due Diligence under pressure?
Whether it’s digital transforming a whole organisation, or simply bringing in a single new cloud service at speed in a crisis, data protection, risk and security continues to be vital and needs to be considered from the outset. This is the concept at the heart of Privacy by Design: consider protecting data upfront.
‘Zoom Bombing’ where hackers snuck into people’s private meetings was a recent but important reminder that any data breach or hack can erode customer trust and damage your reputation. The increased popularity of its service has meant its compliance and security practices gain greater attention, so lessons from the likes of Facebook indeed.
“Zoom is providing a service of real value in these desperate times, but it needs to grow up. It’s playing in the big league now.”
(John Naughton, The Guardian)
There’s a clear and compelling case for the rapid adoption of good technology which enables your organisation (whether you’re a law firm, school, retailer etc.) to be productive right now, but you need to make sure your tools are trusted and your brand protected with the right governance, even if it’s lean.
I appreciate governance and compliance has been slow and bureaucratic, and it’s our business’ mission (Trace) to make that more streamlined, agile and meaningful; but ignore compliance completely at your peril.
So how do you Move Fast, without Breaking Trust? And what’s Next?
As we saw post 9/11 in times of threat, state powers become more draconian and with surveillance technology advancing there are some powerful tools in the toolbox. In ‘The Age of Surveillance Capitalism’, Shoshana Zuboff claims the Federal Trade Commission (FTC) was poised to regulate big tech, but in the post attack, war on terror political climate support for privacy weakened. The graphic above demonstrates that correlation between political climate and data protection regulation.
It’s clear there’s a balance to be had here. For governments, for organisations, for families, the biggest drive right now is survival, as group and as a human in the face of a unprecedented global public health crisis. And survival does need to be the priority, but if we rush blindly in to any risk or decision, there will always be a price to pay, a foreseen or unforeseen consequence.
I believe the best thing we can do is to hold the following principles to hand, as our compass in challenging times:
- Use a risk-based model, but make it agile and intelligent: it’s a time of rapid adaption so risks will be taken but it’s essential to know the unknowns, read the terms, look at the worst case scenario and make an informed decision and use a model to frame decisions. As an organisation, using tools like Data Protection Impact Assessments (DPIAs) are still vital, but make them iterative, discursive and collaborative to adapt to remote working.
- Be accountable — Accountability is at the heart of regulations like the GDPR — so for example you’re accountable for using trusted partners and data processors as an organisation (and controller), so as an organisation follow best practice like NCSC cloud security guidance and find a pragmatic, agile and principled approach (and get it in writing with a Data Processing Agreement). It’s important that the tech companies prove Accountability right now too — with greater transparency on their motivations, their tech capability and the impact on our personal or sensitive data.
“The tradeoffs could be our privacy, letting big tech further monetise medicine, and locking hospitals and clinics into expensive tech systems that will cost us more in the long run.”
- Wired
- Ask good questions : Google have recently revealed anonymized public location data with health officials. Anonymization if done properly can protect privacy. However, ‘Technical and organisational measures’ is a broad term — check, test and validate what’s really in place to protect data on your project or with your partners. Trust, but verify (Russian proverb).
We’re all navigating through a complex political, legal, social and economic landscape right now, and in many cases — across government and businesses — we’re making expedited pivots and implementing change. My hope is that we can collectively and individually, find a way through this maze with balance and with consideration and respect for human rights. To innnovate and share data responsibly, whilst looking after people and without breaching trust.
And when the storm passes, I hope we take time to reflect (and where appropriate unpick) post-crisis changes, measures, data sharing and tracking tech. That’s my hope, but as we know habits, once made, are hard to change.
“Chains of habit are too light to be felt until they are too heavy to be broken” (Warren Buffet)
I am the Founder of Trace —we help organisations comply with regulations like the GDPR and build resilience with software, services and training solutions.
