Following on from my blog entry about technology and private information I wanted to post another example which contrasts the attitude toward sensivite/private data and something tangible like cash.
Some time ago there was much debate about having a screen time-out facility for PCs used by clinicians in open areas. Here an NHS Trust was trying different technology configurations to overcome issues when people sometimes walked away from a PC leaving it unlocked and potentially exposed to unauthorised viewing of private information.
Much debate was had on getting the balance right in the time-out setup so that it did not lock-out to early and thus annoy/interfere with it’s use OR have it unlocked too long thus creating a window of opportunity for misuse. No matter what configurations and valid choices were suggested, it felt to me that a timeout would never solve the problem.
Now consider this… I went to a large department store recently to get a shirt, I asked a cashier if she could tell me where my size (extra-long fitting) might be. INSTINCTIVELY she locked the cash till (sort of logged off the device) then took me to where the 2″ longer shirts were. Why is it so instinctive in the cashier and not so instinctive for someone using a PC with sensitive data on it? Probably because she is working with CASH that has a hard tangible value AND she has personally logged onto the till AND I guess she is personally responsible for making up any “loss” at the end of the day.
Not sure there’s an easy answer…