SoylentNews is people
SoylentNews
from the I-shouldn't-tell-you-this,-but dept.
Researchers from Simon Fraser University's Beedie School of Business have found that organizations implementing rules that govern confidential information (CI) can make it difficult for employees to fulfill their roles – resulting in rule breaking or bending.
Their paper, "Why and How Do Employees Break and Bend Confidential Information Protection Rules?" was co-authored by Dave Hannah, an associate professor in the Beedie School and Kirsten Robertson, an assistant professor at the University of the Fraser Valley, and published in the spring in the Journal of Management Studies.
The study examined two high-tech organizations that enforce CI protection rules. It found that these rules sometimes proved to be restrictive for employees, forcing them to choose between rule compliance and working efficiently.
Employees were often required to break the rules in order to carry out their jobs effectively, or bend them in ways that enabled them to meet some rule requirements.
"Many organizations rely on CI – the formula for Coca Cola, for example – which they must entrust to employees to allow them to do their jobs," says Hannah.
"Yet as soon as employees know this CI they become a potential vulnerability, forcing organizations to put in place rules to protect their CI that employees must follow."
The researchers found that by implementing CI rules they can create three types of tension among employees: obstruction tension, making it difficult for people to work; knowledge network tension, disrupting information flow in personal networks; and identity tension, where employees cannot fulfill the role with which they identify.
The study revealed that employees react to these types of tension by breaking or bending the rules in specific ways: shortcutting, circumventing rules that slowed work; conspiring, where they work together to get around rules; and selectively disclosing, where they allow external networks access to certain aspects of the CI.
(Score: 3, Insightful) by Rich on Wednesday August 12 2015, @02:39PM
Related to this topic, but concerning higher-ups, I once, semi-humorously, postulated the "5P-rule" that explains why large organizations cannot be run in an informationally secure fashion. It's the "Peter prinicple - PowerPoint - Pocketdrive" progression.
First, technically inept people with presumably superb management and soft-skills rise to the top. These people almost invariably communicate through PowerPoint bullet lists. (Think of mainstream radio where spoken information may never be longer than about 90 seconds, or angry mainstream listeners will run past their attention span, and switch channels.) Finally, these higher ups also lack the attention span to diligently follow document distribution process, and demand that their PowerPoint files are made portable through USB Pocketdrives. This would reliably break through many of the layers of security the corporate IT planners came up with. But, having risen high enough, the IT grunts have no choice but to fulfill these wishes.