Crowdsourced Core Values: Beware

Matt_Kelly.png

So there I was reading Twitter, and saw an item about online dating site OKCupid: it had imposed a lifetime ban on white supremacist Chris Cantwell, after other site members alerted OKCupid to Cantwell’s presence. A person advocating hate against other groups, they said, violates OKCupid’s terms of service.

Fine by me, I thought. OKCupid is a private business and can ban members who violate its terms of service.

But I also wondered: How will the company enforce that ban? How is it going to perform due diligence, forever?

“Good question,” a fellow compliance professional replied to me on Twitter. “Is crowdsourcing a valid control?”

Welcome to our brave new world, compliance officers.

Of course, listening to your customers is neither new, nor unwise. In fact, for consumer-facing businesses – OKCupid for one; but also retailers, entertainers, consumer-product manufacturers, and online businesses – listening to the public is critical.

What safeguards should a compliance program put in place, to ensure that crowdsourced monitoring is a valid control, rather than a swift, ferocious, and possibly inaccurate one?

My fellow traveler on Twitter, however, raises a different point. If a company entrusts monitoring to its customers, the public, or some other “user community” – is that wise? Does it bring risk? What safeguards should a compliance program put in place, to ensure that crowdsourced monitoring is a valid control, rather than a swift, ferocious, and possibly inaccurate one?

The Cantwell case is easy, but what if we changed the scenario. What if you run an abortion-rights organization, and your members demand that you expel evangelical Christians from your Facebook page? What if you run a web hosting business, and customers demand that you cease working with a group that opposes the death penalty?

Those scenarios move beyond a speak-up organizational culture that calls out incidents of misconduct, to a speak-up culture that calls out conflicts of core values — and you’re allowing voices outside the company to participate in that conversation.

Is a culture like that wrong? Not necessarily. But it does bring risks that require careful consideration.


Download: The Ultimate Culture Assessment Toolkit


First, Facts Matter

The single biggest risk in “crowdsourced monitoring” is that the crowd doesn’t understand what it’s talking about. Hoaxes, scams, and misinformation are nothing new, but the rise of social media has accelerated the spread of all information — including the inaccurate. Last November, for example, Buzzfeed found that the 20 most popular fake news stories shared on Facebook about the 2016 election collectively outperformed the 20 most popular true news stories.

That threat alone poses real challenges to corporations. An innocent person tarred and feathered in the court of online opinion is wrong unto itself. If your business takes some action based upon that online clamor — firing an employee, cutting ties with a customer, discontinuing a product — and the company’s action are later seen as erroneous, at best you suffer reputation harm. At worst, you face litigation or regulatory action.

So as a practical matter, then, the company does need safeguards such as investigation protocols, discipline policies, and even rapid response procedures for crisis communications.

Restraint vs. Rush to Condemnation

Practical matters aside, ethics and compliance officers have another, larger concern here. Facts do matter, especially when “the crowd” has reached some inaccurate conclusion. But what about when the crowd has reached some conclusion that isn’t inaccurate, but is still draconian — what are the perils there?

What’s at risk, really, is the crowd commandeering a company’s core values; and then demanding swift action against some target.

What’s at risk, really, is the crowd commandeering a company’s core values; and then demanding swift action against some target. It’s not so much short-circuiting your company’s due process, as clamoring relentlessly until you compress your due process to zero.

Corporations will face numerous slippery slopes here. Many will orbit around political or social views: what some might consider disagreeable but fair stances, others could declare intolerable. In our social media-saturated world, that crowdsourced monitoring will be more fickle in one sense (picking up one cause after another) and more determined in another (“we’ll keep turning up the volume until you give us what we want”).

How does a corporation stay true to its core values, uphold due process, and maintain focus on its strategic objectives in that world? I’m not sure.

We can say that no company is likely to succeed in this world unless it (1) does articulate a set of core values; posts them publicly and professes them for all to see; and (2) talks about how it puts those values into practice, and talks about that constantly. Then, at least, this clamoring cacophony of stakeholders should have a better sense of what your company and its culture are about, before they go demanding that you listen to them.

Know your values, know what they mean in practice, and talk about that. Huh. Funny how that lesson keeps turning up.


Download: Definitive Guide to Compliance Program Assessment


What do you have to say? Share your thoughts in the comments below or join a discussion group on Compliance Next.

Why People Engage in White-Collar Crime

The Public Sector Has the Espionage Act, the Private Sector Has Culture

Where the government has provisions in place to protect it from leaks of sensitive information, the private sector faces the opposite situation. Whistleblower protections are being bolstered for those reporting corporate wrongdoing. How do organizations develop cultures that protect their reputations and bottom lines while also using effective whistleblower programs to provide value along with protection to their organizations?

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

With Big Data Comes Big Responsibility

Big data can uncover big opportunities for an organization, but it can also provide a big target for cyber criminals. Today organizations must not only think about data in terms of volume, but also in terms of surface area – the increasing surface area exposed to cyber risk as we store more data and connect to it from more devices.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments

Email Signup