"So the big question is this one". "We need to work out editorial policy and an accompanying technology strategy that enables us to store a specific type of customer sensitive data securely. "It is important that there is concensus on this, so you will need to ensure all parties are fully bought into the loop". "So we leave it to you to ensure that this is done as quickly and effectively as possible".
It's not everyday that you wind up leading a team of some 30 executives for one of the biggest online businesses in the world, with a noble remit that ensures the protection of millions and millions of subscribers.
So where do you start? Should you begin by doing a little background research, followed by drawing up an agenda for an initial meeting of the executive team. This seems to be the way my predecessors have approached it - although, they never seemed to have solved the problem themselves? Or should i arrange a meeting with the board of Directors before i meet the executive team, to engender the fullest support of the ultimate decision makers?
Is there another way of doing this, i thought? Well lets look at the question!
The question is "how do we store a specific type of sensitive data securely?".
So, taking in mind that there has already been a great many abortive attempts at reaching a satisfactory conclusion on this question, I conclude that there must be deeper issues regarding reaching a concensus over the storage of this type of sensitive data. This was confirmed after calls to a handful of executives.
I concluded that the supposed starting question of "how do we store sensitive data?", should be altered to "should we store this specific type of sensitive data?". I concluded that the question of "should we store?" should have been asked before "how we store?".
Furthermore i concluded that the reason for the numerous failed attempts of arriving at a satisfactory conclusion was not a breakdown in the application of communications to determine an outcome. Rather it was a failure in determining the most effective starting point - "the initial question".
I further concluded that given the fact that this data was being collected, that subscribers had already been placed at risk for some 5 years and that urgent measures should now be rushed through to mitigate the risk. Executive procrastination should now take a back seat to customer data protection and to the security of the company's good name.