Blog post by Mark Athitakis, sourced from here.
In the wake of a massive data breach, Target is moving its corporate and technology leadership closer together. It’s a model more associations should consider following.
Target is trying to get everybody on the same page. It starts with getting everybody on the same floor.
Late last year a massive data breach at the retailer compromised millions of customer credit cards. Target CEO Gregg Steinhafel delivered profuse apologies, not to mention free credit checks to concerned customers, but last month he delivered what was an inevitable resignation. (Though it received less publicity, its CIO resigned as well.)
Since then, Target has been retooling: Last week the Wall Street Journal reported that the company has been working to remove layers of bureaucracy from its operations, as well as creating an environment of improved communication among its executives. The company’s chief information officer and chief marketing officer, the Journal reported, will move to the same space where its interim CEO and executive vice president have offices. “The floor will be getting a more open plan than its current layout of office and hallways, aimed at fostering greater collaboration,” the report says.
Whether you think the move legitimately chips away at the walls that block innovation and good management or is largely just for show, the reshuffling makes an important statement: The connections between CEOs and an organization’s technology leadership need to be stronger than ever.
That’s a point that became clear to me as I was writing a feature for the latest Associations Now on data security at associations. Data security is a primarily technology issue, of course, but what I was told repeatedly during my reporting is that it’s also a leadership issue. A well-managed staff is essential when it comes to protecting your information, because the source of the problem is often within your office walls.
That means knowing who has access to what information, and how well-protected it is, is a task that’s increasingly on the CEO’s task list. Devin Jopp, CEO of the Workgroup for Electronic Data Interchange, told me that “one of my number-one concerns is the integrity of my data, whether that’s conference attendees, whether that’s member dataundefinedensuring that all the safeguards are in place.” I like Jopp’s comment partly for its implication that a CEO has a lot of competing top concerns. But the quote also stresses that technology needs to be one of them.
This is a relatively new notion for associations, which often shunted technology duties into a separate department and, until fairly recently, didn’t think strategically about technology’s role in its marketing and communications. Fewer than half of IT chiefs at associations report directly to the CEO, according to ASAE research in 2011; more often, they report to the CFO or COO.
Last fall, John Mancini, CEO of the Association for Information and Image Management, stressed that structure needed to change. “CEOs personally need to be more invested in the technology decisions that their organizations are making,” he told me. Knowing what’s possible in terms of creating value for members is one reason for that. Knowing where the potential for breaches are is another.
Jopp emphasizes the need for a posture of constant vigilance when it comes to data, continuously monitoring who has access to what kind of information, even at a small organization like his with six staffers. “It gets back to roles and controlling who has the ability to control data,” he says. “You have to be very restrictive.”
Target has been forced to get more serious about the role technology plays in its operations; beyond the office shuffling, it’s also hired its first chief information security officer. Whether the moves themselves will improve the company’s fortunes is an open question. But more fully integrating technology into the leadership of an organization is clearly a smart step.
How much day-to-day responsibility do you think a CEO should have when it comes to technology and data issues?