Organisational policy is about making clear what the organisation expects.
It’s about giving ordinary workers clear rules about the value of information.
We do this, because information that people will handle often has “no value to me”.
It does have value to the organisation though.
It has value to the officer who spends six months looking for it after a subpoena.
It has value to the big data project that will rely on its quality.
It has value to the compliance officer who will need to show it to an auditor.
But in the moment, the value to the user might be nil. And they won’t care, unless we help them care like the organisation does – with policy.
Which is why we fail if we don’t get policy enforcement right.