Leadership, Data-Loss, And More Than Ones and Zeros
Last week we lead a data-loss simulation for a local leadership group. The process though rather free form produced some interesting outcomes. Participants were broken into three groups. The first group was a hospital which had experienced the data-loss with their off-site medical records provider. Group two was the senior management at the data-storage provider which lost the data. The third was the board/owners of the data-storage provider. The premise of the simulation was to come to an agreement on what to do and how to move forward. Several things happened during the discovery and negotiation phase. From the hospital's side there was significant emphasis on the impact to patient care, security of the data due to HIPAA, reputation of the hospital, and financial cost. For the data storage company there was a strong focus on the technical aspects of the loss and the contract with the hospital. With the owners and board members it was their survival and the survival of the company.
After about 20 minutes of discovery from all parties the negotiations started to breakdown between management and the hospital. Seeing that things were going no where, we called for a break allowing for management to discuss with their board. Once negotiations resumed there was a shift in the discussion. The board first had the CEO apologize and then the board stepped into the negotiations directly. With the board in control the discussion now focused on how they can collectively address the hospital's concerns of patient care and reputation. By the end of the session even though no final agreement had been reached several main points had been agreed to:
- Pay for PR
- Pay the costs to re-run tests
- Partially cover lawsuits brought against the hospital
These outcomes only became possible when specific IT issues and challenges where addressed from a high-level personable perspective.
- That the data storage provider would implement true BR/business continuity processes, oversight, and audits.
- They would diversify the storage locations of the data
- Understand they were dealing with people not bits