I’ve worked in a few different industries and for a number of companies throughout my life. In almost every position, employees were given goals to improve the performance of the company. Often these were revenue-related goals that were supposed to drive additional sales. The one thing I learned when these goals directly related to sales was that there would always be unintended consequences that might skew business in a way that management didn’t expect. This is especially true when the rewards for meeting goals lead to direct compensation for employees. In fact, additional compensation has always led some percentage of the staff to work towards improving their own pay, even with fraudulent or unethical activity. Hopefully this has usually been a small percentage of people, but perhaps that’s not always the case.
What does this have to do with data and databases? I recently read about fraudulent activity at Wells Fargo, where a sales policy caused a number of problems. Employees used real customer data to open fake accounts in order to meet sales quotas, generate fees, and earn bonuses. While certainly criminal and immoral, this also shows what I’ve believed for a long time. While computers allow work to take place very quickly, computers also allow mistakes to be made at incredible rates. While these weren’t mistakes, the computing systems allowed this fraudulent data activity to take place at a large scale. One that resulted in not only fraudulent charges to customers, but fraudulent reporting to investors, unearned bonuses paid out, likely unearned promotions, and who knows what else.
To be fair, this type of criminal behavior could have happened before the age of computers, and likely could have lasted just as long with employees forging paper documents to split accounts, open credit lines, or any other activity. However, I’d hope that computer systems would have detected this sooner. Too detect the bad data, customers really need to be tied into some sort of reporting system that can audit their accounts, that can examine credit bureaus, and warn them if anyone is making unauthorized changes.
We have seen similar unintended consequences when companies have offered bug bounties to developers. More bugs appear, and not surprisingly, more bugs are fixed, with more payouts ensuing. I’d like to think that most people would be driven to be professional, but time and time again we find enough of a percentage of employees aren’t, and the programs are doomed to failure. We need to do better, though I’m not sure what would help.
Protecting data from insiders and outsiders is our responsibility as data professionals. However, insiders can cause more problems, which is why I would hope that the auditing and transparency of data platforms would be a priority for vendors across the next decade. In my mind, not enough attention has been paid to these areas, and our systems are woefully immature in these areas.
The Voice of the DBA Podcast