Conflict: Confidentiality and the Collaborative Work Environment

🅸 have been an Information Technology Professional for more than 30 years and I’ve noticed a significant change in the last 5 years that seems to be conflicting with the status quo that has developed during my entire career. That significant change is the change in office design, which has removed cubicles in place of workstations and lowered the walls separating these work stations from the cubicle height of at least 5 feet from the floor to 6 inches from the top of the desk. This, of course, comes at a time, when confidentiality needs are at its peak. With federal regulation regarding custodians of consumer information requiring that these custodians (major corporations being an example of such a custodian) have mandatory employee training on how to protect a customer’s private information, it amazes me that the collaborative work space has not become a violation of these mandates. Allow me to be more specific. There are a number of corporations in both the financial services industries and health care industries who process large amounts of personal data which belong to their customers. This data contains identifying information such as the customer’s name, home address, phone numbers, account numbers and account balances. These corporations offer mandatory computer based training webinars for their staff (both employee and contract) that educates the staff on “clean desk policy” and how to discern if a fellow staff member has a justified “business need to know” personal information of a customer of yours. (This “offering” is mandated by federal law.) For instance, if you are in the Loan Processing department and are working on John Doe’s loan application, you are not allowed to share John Doe’s personal information with your fellow staff member from the Sales Department, so that your fellow staff member can upsell or cross sell some of their products to John Doe. That’s easy enough to protect, but now with no cubicles and no walls, your fellow staff member can easily over hear your conversation on the phone with John Doe (“Let me repeat that back to you Mr. Doe, your account number is…”). High walls in a cubicle setting would act as a sound barrier, muffling your voice so that your fellow staff member could not get that information. In addition, regarding the “clean desk policy”, the Collaborative Work Environment is set up in such a way to maximize the seating capacity of the floor, thereby creating an arrangement of rows of work stations, where the staff member cannot see people walking behind them and… staring at their screen, where all of John Doe’s confidential information is displayed. In the health care industry, we’ve got the 1996 law known as H.I.P.A.A. which “Requires the protection and confidential handling of protected health information” (http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx), and in the financial services industry there are a variety of laws and industry regulations that also protect privacy, These laws and regulations stem, in part, from 2001’s P.A.T.R.I.O.T. Act. While the P.A.T.R.I.O.T. Act doesn’t really protect a customer’s confidential information, if the customer John Doe, is up to “no good”, and you are collecting and verifying critical information that may lead authorities to his money laundering activities, that fellow staff member lurking behind you may have a personal relationship with John Doe and tip him off, just by reading that information off of your computer screen. Confidentiality in the work environment is not limited to the unauthorized attainment of an individual customer’s information. It also includes unauthorized attainment of processing steps and/or algorithms. This is how hacking into major financial networks occur. Think back a few years when there was hacking into a major retailer’s credit and debit card system, which compromised the financial accounts of several of its card paying customers. There were a number of financial institutions who were negatively impacted by this as well. In conclusion, I would like to offer up the discussion for your thoughts and opinions. I still can’t come up with a reasonable answer to this question: “In this day and age of heightened awareness of the need to protect the confidential information of customers, is the collaborative work environment a good thing?” Can you? This article was originally published on my LinkedIn profile on April 13, 2017. © Nicholas Tufaro, April 13, 2017