Balancing compliance, ethics and value in digital
Since 1999 we’ve experienced a tech revolution in business, government and wider society. In this article I delve into and look at these questions,
- In 2019 Australia, the web is an integral part of daily life — but how reliable is it all?
- Could endemic issues in the worlds of business and politics affect the outcomes of digital transformation?
- Businesses have to make money — how can we keep that in mind when looking at these issues?
The format of websites is defined by the specification for HTML from W3C however that is not really covered by law. The Privacy Act 1988 stipulates how personal information must be handled by business and business systems. The Disability Discrimination Act 1992 aims to ensure digital and brick and mortar shop fronts are accessible by all members of the public. Some businesses obtain ISO certification in order to signal adherence to best practices.
So we have laws protecting the user of a website, but what about infrastructure and back of house? Sadly, that’s where I see a gap in legislation. A non-technical person has no way to discern whether something they’ve paid for is secure and well protected. In the real world — we gain confidence in the security of a building or facility thanks to the presence of security measures — cameras, guards, fences, controlled access, etc. Putting those measures in place has repercussions for insurance and instills investors with a sense of confidence.
Well known standards build trust which is why many companies opt for the ISO 9001 certification. ISO 9001 stipulates that a business implements a central information store and standardized forms for improving quality — this mainly has repercussions for HR and management, best practices in software development are not included in this standard. Payment Card Industry compliance requires all companies using credit cards to regularly scan their servers for rogue credit card information — the results are presented on faith that the company being tested did not change the outcome of the test.
Imagine the digital industry was actually a government. Government needs 3 branches to function — the executive, judicial and legislative. We have an executive in the form businesses who produce things and we have the legislative function in the form of laws and industry best practices. The issue is that we are yet to establish a proper judiciary, which has also meant the executive branch is not able to properly test its own product. The forums of the web are filled with frustrated tech professionals unable to build things at a standard they feel is needed, an issue so pervasive there’s a web culture dedicated to it in memes and comics such as CommitStrip and MonkeyUser.
I had an issue with my mobile carrier Vodafone earlier this year. It turned out that I had finished my 24 month contract and Vodafone had billed me for the handset repayment two more times. I didn’t change the plan in their billing system and apparently it was on the customer to change plans in order to stop the handset repayment (which seems like a bug to me?). After pursuing this matter through the TIO the fraudulent fees were dropped, however they were unable to investigate whether other customers were affected by this issue. I was immediately troubled at the prospect of widespread fraud — imagining an older person still paying off an iPhone 4S for almost a decade. The TIO officer I dealt with was kind to point out they were restrained from investigating further as they were an ombudsman for the individual, but that due to our finding of an issue with the TCP code I could pursue this matter further with the relevant authorities. So I did.
The above letter was sent to ACMA, ACCC, the Minister of Communications and Shadow Minister of Communications. I have received a reply from the ACMA and ACCC advising that they are now investigating these matters. The below is the response I received from the office of the Minister of Communications.
One of my past employers, Precedent, was a successful international digital agency with higher education clients and countless awards. A single security breach put them out of business. The banks in Australia launched PayID with an obvious security issue that many technical people could see from a mile away — and yet there was no action or legislation barring its release. The breach of PayID is an ongoing story in today’s news.
Businesses are entitled and obligated to make money for their stakeholders — but I would argue that too many are myopic in respect to technical expertise and consumer expectations. It is only when subject matter experts are listened to that a company will function most efficiently. It is only when consumers are instilled with faith in your company that they become loyal customers. I don’t have any easy answers for what we could do to make things better, and most problems are highly contextualized to a situation. Listening to staff and customer feedback is a good start though, it may even get you ahead of the competition and potential regulatory compliance.
My complaint about Vodafone’s practices has invigorated me with a sense of purpose to improve consumer confidence and business outcomes within my industry through advocacy. Businesses who break the rules and cut corners hurt their staff, hurt their consumers and hurt their industry. We are all better off with a well understood and consistent set of rules.
Digital is a relatively young space compared to established fields like medicine and engineering. Perhaps one day we will have our own “Programming Schools” much like doctors have medical schools. I envy the generation that grows up in that world, but am grateful for the opportunity to be part of building that future.
Thank you for reading! Want more content? Follow me on
- Medium: https://medium.com/@paulbrzeski
- LinkedIn: https://www.linkedin.com/in/paul-b-23620b209/
- Website: https://www.paulbrzeski.com
- YouTube: https://www.youtube.com/@paulbrzeski4237/
