Did Anyone Educate The Development Teams On Those Privacy Policies?
Sure, the teams implemented the workflows and the widgets. But the policy isn’t usable or enforceable because no one educated the development teams on it. All the existing systems didn’t suddenly become compliant just from the creation of the policy nor do the development teams know enough of the policy to know what to do in the future to be compliant. It’s all a bunch of words the business is demanding your customers see. No doubt, well intentioned, sincere words but in reality nothing changed at a fundamental level.
I hear it now. The protestations of, “Our product teams were deeply involved. We spent months in various meetings with product teams and they ultimately implemented the text and the workflows and the new flags in the systems”. To which I say, ‘Yeah, so what’.
I have seen it first hand. The organization spent weeks, if not months, preparing the text and having the workflow implemented. Outside of the workflow the developers weren’t educated on the policy in order to make changes in future designs, much less change past designs on data structures and logic. Testers were not educated to be able to test for anything but that the basic checkboxes and emails existed. Operations and Release Management were not educated to act as additional quality gates to ensure policies were being met. In essence, this organization rolled out a policy that promised a lot but they had no way to actually deliver. Don’t be that organization.
Photo by Jason Dent on Unsplash