Two comments from people I respect have illuminated a pattern I’ve seen in many places.
I first heard Dave Snowden say this a few years ago, so I’m paraphrasing:
“We do things unintentionally, but we assume intention on the part of those who do things to us.”
He often refers to it as the wink/blink issue – did they wink at us or was it just a blink? If we can only see one eye, we can only make a choice.
The second was a recent client:
“Too often we legislate for the one bad case in 100, building rules and processes to deal with that one, making life difficult for the other 99. We need to change that.”
The consequence of these two acting in concert is that we build processes and encourage assumptions that everyone is winking – not blinking. And the consequence of that is that those in the processes with direct contact with end-users deal with everyone as though they have to be policed and cajoled into compliance.
It’s unfortunate and utterly self-fulfilling – it starts the relationship adversarially and hence the response is often defensive, sometimes to the point of aggression. Reinforcing the assumption that the end-user’s got something to hide…
There’s no doubt that organisations need to prepare for those cases where they are being exploited, but too often they do so too early in the process. Does the process begin with an assumption of trust or one of guilt?