Gartner Blog Network


When Policy and Practice Diverge?

by Craig Roth  |  February 14, 2011  |  2 Comments

Does it matter if organizations have a policy about use of consumer technology at work?  When I talk to staff and mid-level IT employees (particularly those in the communication and collaboration departments) it’s clear that even if those policies exist they are often bunk. 

Our U.S. Symposium survey showed about three quarters of the 189 people that took the survey work in organizations that have a policy (90% of the time that policy is to disallow their use).  My question today, is what are the cultural impacts when there is an obvious disconnect between policy and practice in an organization?  There are many other impacts, such as opening up security holes and e-discovery vulnerability.  But I’ve seen a lot written on security and e-discovery risks of employees using consumer devices and websites for work.  I haven’t seen much on the cultural impacts:

  • It creates a new group of “haves” and “have nots”.  The “haves” are usually in two categories: techies and execs.  Techies possess the technical savvy to use devices or get to websites of their choice despite lack of assistance or blocks from IT.  Or sometimes they can declare them a “research” or a “pilot”.  Execs possess the authority to ignore the policy without fear of reprisal.
  • It creates a status marker.  By flashing around a forbidden iPad with full access to enterprise e-mail, the out-of-compliance employee is demonstrating that they are more technically savvy, have more authority (or immunity from rules), or are more fearless than the cowering masses around them.
  • It hampers the authority of other policies.  Other policies, from dress code to travel guidelines, may seem unrelated to use of iPhones or LinkedIn at work.  But open flaunting of technology use policies calls into question the need to comply with other policies as well.

My point is not that there should be iron-fisted enforcement.  First, I’m just thinking aloud about the cultural impact of consumer use policies and would like to know if others have observed the same.  If I’m right, then I’d argue organizations shouldn’t publish these policies if they don’t plan to enforce them because not having a policy may be less damaging than having one that is frequently and publicly flaunted.

Category: organization  social-software  

Craig Roth
Managing Vice President: Communication, Collaboration, and Content
4 years at Gartner
25 years IT industry

Craig Roth is a vice president and service director for Gartner Research, in Burton Group's Collaboration and Content Strategies service. Mr. Roth covers a wide range of knowledge and Web-related topics at the intersection of collaboration, content… Read Full Bio


Thoughts on When Policy and Practice Diverge?


  1. Aaron says:

    A rule of thumb I try to follow: Do not write a policy that you cannot enforce. The understanding is that there are policies that a company must formulate, and behavior that must be followed. But it must be consistent, relevant, pertinent and enforceable. The policy must clearly state the intent, as well as the penalties for non-compliance.

  2. Craig Roth says:

    I agree Aaron. For those times where you know a policy can’t or won’t be enforced, maybe it’s better to reword them as “guidelines” or “tips”. You still get to point out correct behavior, but this was when you don’t enforce, it will not diminish the authority of future policies.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.