Episode 14: Kristina Podnar on Digital Policy for Designers
In this episode, hosts Lisa Welchman and Andy Vitale, speak to digital policy consultant, Kristina Podnar.
Kristina explains the difference between policies, standards, and guidelines, and illustrates how a mature approach to policy can help teams design and deliver digital products and services with speed, safety, and quality.
Transcript
Announcer:
Welcome to Surfacing. In this episode, hosts Lisa Welchman and Andy Vitale, speak to digital policy consultant, Kristina Podnar. Kristina explains the difference between policies, standards, and guidelines, and illustrates how a mature approach to policy can help teams design and deliver digital products and services with speed, safety, and quality.
Andy Vitale:
Kristina, welcome. I'm super excited for you to join us today, particularly because we've talked to so many designers already. For me, that's what I do every day. But for this, I really have the opportunity to sit under the learning tree and learn a little bit more about something that's important to me, but I don't know a lot about. Just to start, I'd love to hear a little bit about who you are and what you've got going on.
Kristina Podnar:
Oh gosh, who am I? I'm a digital policy consultant. What I really do is help organizations navigate this crazy digital world in terms of risks and opportunities. That can involve anything from the legal regulatory framework, all the way down to industry best practices. What I do is help organizations create what I call guidance. It's really a clear understanding of what the guardrails are in the digital space that we all are leveraging regardless of channel. It could be mobile, it could be a website, it could be AI, it could be chat bots, it could be anything. But really how are we using that digital channel, that digital opportunity to achieve business value and business outcomes while ensuring that we've minimized risk? So the idea really is that the business is getting an opportunity to balance those two things out and do what it wants to do. But do it in a very mindful way so that it's not inadvertently either causing risk for the brand or getting yourself into trouble from, like I said, that legal regulatory perspective.
Kristina Podnar:
It sounds really boring and very dry, but what it really does ultimately is, it creates a freedom, a framework, as we like to say. I think of it as a garden where you can plant anything you want to because you have lots of space. What I've done is put up the fence for you so that you don't go outside of the garden area. Within that, plant the flowers you want, plant the veggies you want, do whatever you want, you can also dance there. So that's the policy framework, if you will. It's what keeps you safe doing the right thing, but also creates this incredible framework where you can be innovative and creative, and not always have to go back and ask permission or recreate the wheel around what we're doing in the digital space.
Andy Vitale:
Awesome. I'd love to hear a little bit more about how you would define digital policies. Who's responsible for them?
Kristina Podnar:
Yeah, that's a great question. I define this thing called digital guidance. Within digital guidance, I see a hierarchy between digital policies and standards and best practices or what people like to call guidelines. You can also have standard operating procedures, which you've probably have used in your organization. Really what policies do is they set the foundation of the things that you should always do or never do. They're the commandments that we live by in the digital space. Some people like to think of them as guardrails that keep you from driving off a cliff. But I think that they're so much stronger than that because not only do they prevent you from going off a cliff, they are the things that allow you to go 140 kilometers an hour on Autobahn or more. So they are the things that can actually make you go really super fast, as well as slow you down when you need to in the digital space.
Kristina Podnar:
Who's in charge of them varies on the organization, both in terms of the vertical that you're in, as well as the organization side. The organization side is itself. Oftentimes I see policies being shepherded by the legal team, or perhaps the compliance group. That usually happens where there are what we call the purple unicorns. It's where legal or compliance folks are versed in digital. They actually understand both their domain area in terms of legal or compliance, but they also understand the business of digital. Because that's not often the case, we end up seeing IT, or marketing also own the digital policy aspect. Ideally, it doesn't really matter where in the organization you place it at this moment in time. That's changing, I think we'll see it more in the legal space in the future.
Kristina Podnar:
But for now, it can be in any other part of the organization as long as it's stewarded by somebody who really understand it's not just the digital breadth of what we're doing, it's conceptually understands how digital works, but also has a respect for those legal and regulatory and compliance factors. So, we're you're really looking for somebody who is a hybrid. It's more common, I think, to have that in the legal department right now or going forward, but it hasn't been there historically. So, it's changing.
Lisa Welchman:
I'm going to jump in here for a second. It's fun having Kristina on Surfacing because I think Kristina is probably the person that I've worked with professionally the most. So, it's fun to hear her talk about her stuff. What you just talked about, was packed and chocked full of so many things that, I think digital makers, designers in particular would be really interested in. You talked some about agility. So I think it's really interesting that most people who work in a digital space, if you say policy to them, they're thinking the opposite of agility. Just like in my case, if you say governance to them, they think you're trying to shackle them and tie them down, and keep them from doing things, or make them go through some kind of complicated approval process.
Lisa Welchman:
I think people have the same perspective when they think about policy. They think of those people in the legal department or compliance and regulatory who are no fun, and then don't want to let anybody else have any fun. The designers are the fun people trying to do all of these creative things that are going to make the company a lot of money, and make the brand shine, and do all these other things. Can you break that down a little bit, and maybe give some examples of how and why policy actually creates agility, and how it creates safety for the brand, and actually helps support the business as opposed to slowing it down? Because I think that's a common misconception.
Kristina Podnar:
Absolutely. That's a great question, Lisa. One of the things that I'm really excited about is I'm working on this project right now, and I know this will resonate with you from a governance perspective as well, but it's a really great illustration of how you can actually have policy and you can even have governance, and yet you can be very agile and go fast and be creative. I'm supporting an organization right now as part of a legal team. What we're really doing there is defining these policies and concepts, if you will, for both the designers in the organization, as well as the developers. What we're actually doing is trying to enable them to go super fast so they don't have to constantly come back and ask us what I say are the mother may I questions.
Kristina Podnar:
What does that mean from a design perspective? Well, we're building out this new platform, a new tool, and it has all kinds of advertising on it, aspects of social media, a lot of user-generated content, interactivity. You can see where that could be a huge concern from a legal perspective. Like what kind of information are you posting from a UGC perspective? What kind of data are you collecting for advertising? Instead, what we've done is gotten ahead of that and said, look, from a design perspective, whenever we surface advertising in the editorial context, here are the three things we need you to do. We need to identify this thing as an ad, so users aren't confused between advertising and editorial content. We need for you to think about things like, what if this ad is inappropriate? We need to think about brand safety. So there has to be a way for end-users to flag inappropriate advertising. There has to be a way for people to understand why they're seeing this advertising.
Kristina Podnar:
Short of that, knock yourself out from a UX perspective, do whatever you want, put it on the left, put it on the right, put it on the top, put it on the bottom. Make it whatever you want in terms of imagery. We've outlined the types of advertising we're not willing to put onto the platform. So it's very clear when the sales team goes out and sells the advertising what they're selling to the client is, hey, you can do everything, but you can't by advertising about cigarettes, or alcohol, or things that are illegal. So there's some policies there. Everything else you can go ahead and do.
Kristina Podnar:
We have the sales team out there running as fast as they can, selling as much as they can because they know what the boundaries are of what they can sell, and what they have to tell the customer they can't sell. We have the UX folks that are coming up with things I never would have dreamt of because we have this framework we've created. We therefore said, do these things, but otherwise knock yourself out. So people are coming up with really great and innovative ideas. What's really good too is we've empowered the digital development team because we've said, look, when we're doing advertising, it's all about data, it's about data and matching. So think about the data as Lego blocks. Whenever you have green blocks of Legos, you guys on the dev team can do whatever you want, make whatever shape you want, put as many Lego pieces as you want together as long as they're green.
Kristina Podnar:
When you start to run into yellow pieces, stop and ask yourself, are you taking multiple yellows together, or is it just one yellow and many greens? If it looks like you're starting to trend into the yellow space, call us, we'll help you out, otherwise just drive really fast and do your thing. The same thing goes for red blocks, call us as soon as you see those because we're going to be talking from a legal perspective. What it really does is it builds this entire ecosystem where folks can go off and get their job done. They can do it without having to always come back and check in because we know what the outer boundaries are. So, it allows people to be agile. It allows them to be creative and not have that fear of, oh gosh, am I going to get stopped at the 11th hour by the legal team who isn't going to allow us to go live? Which I think is everybody's nightmare.
Lisa Welchman:
Yeah. That's really bringing all of that stuff upstream, so that it's actually pre-build instead of, at the last minute, somebody builds something, put it online, and then the legal team ends up being the bad guy or the bad man or bad woman, bad person. How about that? Completely human, bad person. So being the bad person, it's telling someone to yank something down. So I have one follow on to that. I can see from looking at Andy, he has a question too. When you made those rules and figured out what was red, what was green, what was yellow, and what the three attributes were for ads that were allowable or not allowable, who was involved in that? How did you decide who was involved in making those rules?
Lisa Welchman:
Obviously, there's going to be some just flat out regulatory stuff that things that are against the law. But for some of those other things that might be more related to brand, or just a little bit more gray area, who was in the room when those decisions were made? How did that process happen? How easy was it?
Kristina Podnar:
I'm really proud to say that the majority of policies that we've created in this scenario specifically are not of legal or regulatory nature. A lot of times people think, it's all legal, and it's all regulatory, and we have these chains. In reality, legal and compliance have very little to specify. It's actually more about the business and the types of risks that the business is willing to take on. So the folks in this instance to be in the room were definitely the business units, the folks who are creating a lot of the content, the programming, the offerings, if you will, in terms of services that go online. So really the business was the big driver because at the end of the day, the question was, what do you want to do? What are you trying to achieve? What data are you trying to collect? Why?
Kristina Podnar:
I think what was really great is the business was there, but so was IT. We also had, believe it or not, the procurement team involved because there's quite a few agencies and external parties that contracts, so procurement mostly listened and took notes, had a few questions around things like service level agreements so that they can incorporate those for vendors. But for most part, it really was the focus on the business, and having all of the supporting functions within the business to make sure that their interests was represented. But again, rotating around the business, which is the sun, if you will, and really understanding, what is it that you're trying to do? How do we best support you in achieving that?
Kristina Podnar:
I think that that, at the end of the day, worked really well and actually works well. It also is challenging because it's required a lot of folks, including the legal people to upfront define exactly what their own requirements are, Which avoids that last moment, oops, we hadn't thought about this, or you created something we hadn't given much thought to. But that's what it was.
Lisa Welchman:
Cool.
Andy Vitale:
Nice. You talked a little bit about guardrails, and I want to go back to that, especially digital guardrails. When I hear the term guardrails, I know clearly what it is. But a lot of designers hear guardrails and they think constraints. Sometimes a constraint is a good thing because it forces people to stay within a lane of what they can't do. But I'm curious, for those who immediately hear constraints when they hear guardrails, how would you describe the difference between the two, if there is one? How can we help designers understand that guardrails are actually a good thing?
Kristina Podnar:
Well, first of all, Andy, do you have kids?
Andy Vitale:
I don't. I have little-
Lisa Welchman:
You don't. He has dogs.
Andy Vitale:
... puppies, fur kids.
Kristina Podnar:
That's even better, that's even better because if you have either puppies or another type of pet, or if you have a child, what you quickly find out is that guardrails are really interesting because they're very good at figuring out how to get around guardrails. They get really creative. It's the same thing with policies. When you actually put guardrails in place, folks actually really creative because they realize that they can do so many cool things and keep them busy in the space that you provide for folks to create in. I think it's natural tendency to think of it as a constraint. I don't blame folks because historically I think that that's how policies have been positioned, which is why I've become a really big fan of talking about policies and standards as guidance.
Kristina Podnar:
This is actual guidance. It's actually helping you, it's not something that's there to hinder you. It's about guiding you to the right answer. Sometimes that answer is really up to you to make or decide around, and sometimes it's not because when we have a brand, for example, and we express our brand in a certain way, that's just how we express it. If your logo color is red, I'm not going to be able to come around and make it purple with little yellow butterflies. But if my logo brand color is red, I probably have some freedom. I can actually take that red and apply it to different parts of my website so that red really pops, and it really resonates and makes people think about my brand on an emotional level. So that's where I see those policies coming out to pop. Rather than being constraints, they start to encourage that innovation.
Kristina Podnar:
It's really fascinating to watch because folks who relax into policy, I see it as making them just go faster and faster rather than slowing them down and constraining them. It's counterintuitive in some ways, and it's fascinating to watch because it does make people go faster, if they slow down and think out front about, what is it that we're putting as that outer boundary layer because it's not a ... you can only have this space, it's about, where are those boundaries? That's the thing that keeps you safe. So, knowing that you're safe, you're not going to go off the cliff, so you might free wheel it and drive with your hands off your steering wheel. By the way, I don't advise that. But Lisa knows I've been on [crosstalk 00:16:53]-
Lisa Welchman:
I've been in the car with Kristina, so I don't know if I'm going to let her get away with that one. Some people wouldn't do that. I mean, it's interesting to hear you talk about constraints, Andy and Kristina, and I feel like folks tiptoe around that, I'm of the mind of, what's wrong with a constraint? I mean, almost anything that exists in the world physically has boundaries and to shape to it. It's not like it's a giant amoeba with nothing. Do you know what I mean? If it's a book, it has a shape. There are constraints. I mean, when we talk about the arts, everything has a shape and a form. I think policy is just one of those layers that helps to shape the thing that you're making. So, I think a lot of times people get very emotional about it because they, as a creative in particular, don't like that pressure. They don't a particular type of constraint, but the reality is it's got to be there.
Lisa Welchman:
I mean, what would it be if it wasn't there? It would probably be the big mess that everybody's trying to clean up all the time.
Andy Vitale:
Or it's just art, it's just free form art that serves no actual purpose or value other than someone's expression of themselves.
Lisa Welchman:
Which is cool, but that's usually not what a corporate is going for, right, Kristina?
Andy Vitale:
Right, exactly.
Kristina Podnar:
I as going to say, and sometimes that's okay, but probably not in your corporate setting. Yeah. It's funny, I always equate this to when my kid was young, and Lisa knows my son, but we have this big backyard, and we put a fence around it and we said, "You can do whatever you want in the backyard." So this kid used to go out there and throw sand up in the air and pretend it was snow. He would try and race worms. I think several times he ate grass. He rode the rake as if it was a hoe. But what was interesting about it is, he was always safe, he wasn't going to get run over by a car. He wasn't going to do, go down the river and drown or something. So, it's fascinating to watch that interest and that creativity, but also the sense that your kids get in terms of safety being in this environment where they can experiment and do good things.
Kristina Podnar:
I think back to your point, Lisa, that's exactly what it should be in a corporate environment. You can experiment, you can create, you can do fun stuff, but you do it in a way that's appropriate for a corporation. It's not your hobby site, or it's not something that I'm doodling around with for my next mobile app, is actually a service or a product we're providing, and it's a business thing. So there's a level of, I think just grown up behavior that goes along with that.
Lisa Welchman:
Yeah. It's funny, when you say that, it reminded me, I play in improvisational piano and I live in Baltimore. I was taking lessons from a teacher down there a few years ago in Branford Marsalis, famous jazz musician came to do a masterclass, and it just happened to be that day I was there. So I sat on it. He was doing a masterclass with a bunch of young kids. These were all kids who were hot to show this guy how good they were. Some of them were super talented. Some of them were older. But there was some young ones who ere maybe middle school aged who were really going to show them their stuff, and they were playing all the notes, just all over the place improvisation here, there, or whatever. You had to love it because they were into it.
Lisa Welchman:
But he stopped them and he was like, "Yeah, I see what you can do," and he said, "I want you to go through a couple of choruses improvising, but I really want you to only use these four notes. You can do whatever you want rhythmically, you can do whatever you want dynamically, but you only get to four notes." The stuff that came of it was so incredible. Probably by now, all the designers hate me on this podcast anyway, so I'll just go for it. There can be a little bit of laziness about not wanting to just stick with the rigor. I know that from my own experience. Sometimes you just have to snap to a grid, and it takes more effort to snap to the grid than to just be free form. I mean, does that sound fair to either of you, or is it just me being mean to designers again?
Andy Vitale:
I think it sounds fair. I mean, luckily, fortunately in my own environment, in corporations that I've worked in large corporations, there are sets of rules and constraints and guidance and guidelines that we follow because in verticals like healthcare and finance, they're important, and we're able to innovate in those spaces. Kristina, one of the things you talked about earlier that I noticed has been really a differentiator throughout my career in these situations is when there is that legal and compliance team that understand digital, and when there's not. It's such a hurdle to overcome of like, here's design IP that we need. Here's a digital tool that we need to implement. It's difficult. So you said that it's not super common, but it's becoming more common, and I'd love to hear more about that. Maybe you've seen a success story or a horror story that you can share.
Kristina Podnar:
I've seen tons of horror stories. Yeah, how much time do we have on the podcast? But I've also seen-
Lisa Welchman:
I'm seeing-
Kristina Podnar:
... don't open that door.
Lisa Welchman:
Yeah, exactly. There's a murderer behind there.
Kristina Podnar:
It's a digital-
Lisa Welchman:
... an illiterate attorney.
Kristina Podnar:
It's funny because, I think that Lisa likes to say this when we work together sometimes, which is, some problems are going to solve themselves by sheer nature of time. Some of the old cadre are starting to retire, so some of the folks that you had in the legal office 20 years ago are really somewhere in North Carolina enjoying the seaside, which is a good thing because what we're starting to see is far more folks who are younger, they're either digital natives or they just get digital. Those folks are great because they understand the legal side, but it's all about the business. So, one of the things that I've been having a really awesome time with is, I'm getting to work with two female lawyers who are great. They're all about what I call the support and enablement model. So really seeing the legal team in servitude to the business. So it's not about the egos on the legal team. It's not about the power that we wield because we can write policies, is all about, what does the business actually need?
Kristina Podnar:
Some of the calls have actually surprised me as a non-lawyer because I almost go like, wow, that seems rather risky throw caution to the wind. It seems like you're taking a shortcut. But they're like, "Yes, we sure are because the business really needs this and we're not going to be sticks in the mud and say, no, you can't do that unless it's really going to land somebody in jail or cause us crazy fines, like having somebody's healthcare information hacked and exposed on the web." But within reason, they're actually willing to fly by the seat of their pants in some way because that, again, is interesting. They've created their own policies for themselves, if you will. They know how far they can press things before it becomes a true risk to the organization. So, where there's an opportunity to lean in and not be as rigorous from a legal regulatory perspective, they're basically saying, yeah, let's just go for it.
Kristina Podnar:
I equate this a lot to GDPR, which I think scares most everybody these days. Anytime we talk about data privacy is really, really scary. People go, "GDPR and CCPA." I'm like, "Yeah, those are all frameworks out there. They're data privacy regulation frameworks, and we should know about them." But I also again go, "Is it okay that you're not 100% compliant?" Well, if you're Google or if you're Facebook, probably not. That's where you should probably dial it in and have your shirt buttoned up properly. But if you're a lot of the smaller companies that we work in with day in and day out, they are not prime targets for the DPA's, for the authorities that are looking at, are you GDPR compliant? It doesn't mean that you don't come into compliance, but it might mean that you have more time, or it means that you prioritize certain functionality that's part of that regulatory schema.
Kristina Podnar:
It's, again, all about that risk and that opportunity because if you're spending time coming into compliance with all of these regulatory frameworks, you may not have enough time to do a great job with your UX that's going to drive your sales, and your customers, and your brand, and your trust. So, it's all about weighing that and seeing what's really important, and looking at it in the gray scales that we have out there versus the hardcore black and white, which has historically been, I think the legal stance and is less of an issue right now.
Andy Vitale:
Nice. You talked about policies, standards, guidelines, and frameworks. I'm not 100% sure if you're saying the same thing in different ways, or if not. What are the differences between those?
Kristina Podnar:
Yeah. This makes me a little bit sad, but I really like the question, your question makes me happy. It's the fact that we're still answering this question, I don't know how many years on. Lisa and I talked about this, I think in 2014. It's fascinating. It stems, I think from the IT side of the house mostly. Policies, by my definition, are those hard and fast must always do, never do, you can't break them. They are the commandments. This is just how we live. We breathe air so that we can actually survive, that's just a policy. Your standard is really about, how should I go and do something? How am I actually doing this thing? If it's a specific type of design element, what are the attributes of that element? That's what a standard does for us. It actually defines for us how we're going to do something.
Kristina Podnar:
A standard operating procedure, I equate to things like cookbooks, which a lot of developers will go, yeah, I have a cookbook here, it's about, Andy logs into the machine, Kristina enters the password, Lisa turns the knob, and now we're driving the car. So it's very much, who does what, when, how, to get the desired result. Guidelines or best practices are just that. They are optional in my world. When I hear guidelines, so when you say like, "I worked in organizations that have guidelines that we follow," and I'm like, "That's interesting," because a guideline is just that. It's a guideline. Andy, I think it's really smart to turn on the lights when it's dark outside, you might disagree with me, you might go like, "Yeah, I don't really think so, Kristina, I like to use a candle." But it's a guideline, whether you're going to turn on the lights or not. You might actually like to wander in your house in the dark, or you might be blind, or have some other type of disability for which you don't actually have to have the lights on. So, it's a guideline, it's a choice, and you in a moment, get to decide what to do or not to do based on your perception and the context.
Kristina Podnar:
That's, I think what's really important to distinguish. When is something a policy or standard that you have to follow, and when is it a guideline. When are we leaving it up to your discretion? Because you're the expert, you're experienced, and you're competent enough that we trust you to make that decision.
Andy Vitale:
That's super interesting. I definitely think there are people out there listening that weren't aware of that, even for me understanding what guidelines are and how they're communicated from the people that we interact with in an organization. Sometimes they feel like they're so rigid. But from what you're describing, there are times when something like a policy is something that's rigid. But a guideline probably isn't as much. It's just super interesting to hear.
Kristina Podnar:
Yeah. I think it's always fascinating when you go into an organization and people say things like, "This is our editorial style guide," or, "This is our design set of guidelines." I always say like, "Those are design guidelines, that's great. People here get to decide all kinds of things. Nobody has to comply to anything." And then I hear just like, "Well, no, everybody has to do this specific thing." It's like, "Well then why is it a guideline? Why is it buried in maybe 70 or 80 pages of texts that's in a PDF on an intranet site or better yet, on a SharePoint site that nobody can get to like-
Lisa Welchman:
A SharePoint instance.
Kristina Podnar:
Instance. Well, it could be a site, it could be a site. It could be team site because Teams now is far more efficient than SharePoint.
Lisa Welchman:
I mean, Kristina, you and I have talked about this for, what, almost 15 years or something? We've been having these conversations about policy, standards, guidelines. It's beyond me why people are so against them. Do you have any insights about why? It feels like it's almost like this visceral human reaction if you try to impose a constraint on a person, even if it's a positive constraint that they'll ... The example that I use a lot when I talk about history of automobile manufacturing and car safety. If you go back and look at seat belts, people were outraged. They thought it was negatively impacting their personal freedom to ask someone to wear a seatbelt. They were morally outraged at the idea of it. Most people now get in a car, you put your seatbelt on, it's not a big deal. So I think there's this reaction that people have immediately when you try to put rules in place.
Lisa Welchman:
Do you think that's just human nature? Do you think there's something about the way organizations run? What's your intuition about that? Because I don't know that I know the answer to that, and so I'm probably going to ask a lot of people on the podcast. Why do you think it's why people are so against it, particularly now? I guess maybe this is changing a little bit, particularly now when it's really clear that not having rules can get us into a lot of digital trouble. What do you think is going on still?
Kristina Podnar:
We should do a poll on this, for sure. There should be a poll that people take and tell us what they think. My sense is twofold. I think, first of all, it's about how these things are delivered. So nobody wants to be told crudely, here's what you have to do because we all like to think that we've been hired into an organization because of our expertise, our competence, because we're smart, not because we need to be told how to do our jobs. So I think that's a little bit of it. It's how do you actually deliver it? I think that if it's in an inviting way that respects people's expertise and their background, and their seniority, I think that people are willing to have a conversation about that, and they're more than happy to buy into it. So I think that's that, how do you approach it, and how do you roll that out, that comes into play.
Kristina Podnar:
The other part of it is, I don't know why, actually I do know why, but for years, policies and standards is just general guidance. It has been delivered, like I said, through these really arcane ways. You and I know this. It's like in that 75-page document that nobody wants to open and because-
Lisa Welchman:
[crosstalk 00:32:05] in context or something, yeah.
Kristina Podnar:
Yeah, in context, or ... I think I've told you this before, but I built this really cool chat bot for one organization where people log in, we know who they are, we know what part of the organization they're with because they're on the network obviously. They can interact with a chat bot and basically say, hey, here's what I'm looking to do. I'm looking to do a social media campaign around this health care product, offer this part of the world with this kind of outcome, I'm collecting PII or I'm not, and is targeted to children, or it isn't. And then based on that input just answer six or seven questions. I can tell you exactly what policies and standards you need to be looking at. What's really cool is, on the front end, you're delivering a good UX experience because now somebody doesn't have to leaf through some kind of a book or a binder, they can just immediately get their checklist.
Kristina Podnar:
It becomes really fun because if you're a marketer, you don't really care about this color scheme necessarily. You're going to take it to a smart person like Andy and say, "Hey, Andy, can you make this for me?" And then Andy's smart enough that he goes, "Yeah, I've got the color stuff. Forget everything, I've got that. I know the colors, the images, et cetera." But it allows the marketers to understand, or the business owners to understand, here's what I have to do. It allows a really quick cheat sheet for a statement of work, if you're going to hire a vendor to do something for you. It allows the procurement folks to understand what they have to do to get a vendor in, or do they already have one? It flags the project as being under the radar from a governance perspective, or is this something that's fully funded? Are we going to be able to support it in out years? So, it's really fascinating because at first I thought, people are going to use this chat bot because it's cool. But what happened is in time, we realized that we could use this chat bot to enable people and allow self-service in a really easy way because a lot of marketers and a lot of business owners do the same thing over and over again.
Kristina Podnar:
Like if I have a campaign, it's a slightly different campaign, but we know.
Lisa Welchman:
But it's 85% same or 95% the same, yeah.
Kristina Podnar:
Yeah. Imagine if year after year, or month after month, or quarter after quarter, somebody, your chat bot is actually remembering that stuff for you, and is asking, what has changed, Lisa, since the last time you did this? You're not having to repeat yourself over and over again, you get efficiencies, you get respect, you get ease of use. Those types of things, I think do several things. Like I said, they make ease of delivery there. I think they actually start to respect you for the skills that you've been hired into the organization.
Lisa Welchman:
Yeah. That's really interesting because as we've worked together, we're always talking about, or trying to help people to apply UX principles to the tools that the digital team uses to get their work done. They're like the poor stepchild, or ... I don't know if that's a good thing to say anymore or whatever, in the fairytales, not in the real world. The castaway, the forgotten relative who just ... So the last thought is this poor team that's working every day, grinding out all of this work, all of this imagery, all of these things and their tool set is so poorly architected and so poorly designed. It's really, really, really scrambling to get work done. And then we wonder why, what happens on the outside for the customer isn't optimal. So it sounds like you're talking about really enabling them by embedding policy into the process in way that makes it easy for them to comply, right?
Kristina Podnar:
Yes, absolutely. I think you are one of the biggest advocates, I think for digital makers out there. You're always saying like, "Hey, what kind of experience are folks inside of the organization having?" It's not just about the end customer. I think that that applies very much to the policy arena, into the standards, et cetera. I think we have to make it easy. I think we have to make it, I don't want to say fun, but I think if it's easy ... It can also be funner, exactly. But I think we have to make it easy, and I think we have to make it palatable. And then people go like, "Okay. You know what? You want me to do this? Fine. I'll do this, it makes sense to me," especially if they know, how did you actually create the policies and the standards?
Kristina Podnar:
They had visibility, it's a transparent process. It's not something that somebody in a legal or compliance or in an IT shop made up, and now it's going around with a stick saying "thou must thou must. Nobody wants that to happen. So I think that if you take the right approach to it, most people will comply, they're happy to comply. It just has to make sense, and it has to be easy.
Andy Vitale:
I think that's important. I think you really nailed the answer to that question of why these are so met with resistance. I think a lot of it is because they're not co-created. A lot of times you walk into an organization and they're like, "This is the policy, you have to follow it." You ask, "Well, when was it created? What does it actually do?" You find out it was many years ago. Can we evolve this? No, that's just what it is. In other organizations where it's like, let's all get together and figure this out together, it feels like there's this shared ownership, this shared sense of accountability.
Andy Vitale:
With design, it feels like everyone has a say. It's subjective. It's the legal team, the compliance team, the stakeholders. Everyone are like, "Hey, wait a minute, I have a lot of questions about this. Why did we do it this way?" But it feels like when we talk about policies, it's always a little bit of like, no, this is just how it is, as opposed to, well, let's sit down and talk about that because things have changed over time.
Kristina Podnar:
Absolutely. I think that that's where it becomes really, really important as, Lisa and I duke it out almost every week around this topic, who makes decisions and who can provide input, and being very clear about that. When it comes to things like UX, I'm not sure why you would need legal in the room, except for perhaps if you were trying to use some kind of copyrighted imagery or something that's trademarked, or something that you were doing out of the norm. I mean, such a user centric conversation, such a business centric conversation. So I think being very clear around what policies, or what standards you're actually going to create, and who do you want to listen to. Just because you're listening to a lot of voices, doesn't mean that those are the people that get to make the decisions. So I think being very, very explicit around, whose opinion do we need and who ultimately is the decision maker is critical documenting that, but also just making transparent decisions.
Kristina Podnar:
I think that people oftentimes, even if they don't like a decision, if they understand why it's made and how it's made, just like you said, Andy, they're going to go along with it. They probably won't do it happily, but they'll go along with it and they'll get it done. But it's key to understand who needs to update things. In fact, you're making me think of this organization I got to work with about two months ago, I asked if they had any brand standards and they said, yeah, we do, but they're back at the office. Yeah, exactly, exactly. I was like, that's interesting, most people have them in a cloud, someplace we can get to them. Well, it turns out they actually mailed them out to me. They had two binders. They were really, really thick. It was awesome.
Kristina Podnar:
Apparently 10 years ago, 15 years ago, somebody went through a lot of trouble. They figured out how you actually put the brand and express it on Socks. How do you express it on key chains? They could actually even express it on their floppy disks. But what they hadn't done is actually updated any of those policies and standards. They did a good job, and they also were very clear, what's the guideline, by the way? So they got the categories, but didn't update any of this. So the question came down to, well, who should be in the room? So that's where it was like, okay, does it need to be everybody in the room that knows something about UX? Is it some people that have more UX experience than others? Is it the department heads? How's this going to work? I think that that's really where governance comes into play and helps us really understand the responsibilities and the roles that go along with policy and standards creation.
Kristina Podnar:
Who actually is in charge of saying that we need a policy or standard? Who gets to provide the input around those things, including those artifacts? And then who makes the decision so that we don't actually have either consensus by committee, which Lisa will probably cringe out what I say, or that we just can't get to a decision? Because we're very unclear and we're spinning in circles, which oftentimes happens.
Andy Vitale:
Again, I just love to go back to digital policies. One of the things that keeps screaming at me is, what are the common gaps that you see in digital policies?
Kristina Podnar:
It varies by organization. There's tons of gaps that I constantly see. What's interesting to me is, we always do this things on projects called policy audits, and I look for policy gaps. They're indicators of things that are missing, but they're not necessarily gaps. It's okay to not have everything documented as a policy. I always say, just because you can document it, doesn't mean that you should. It's all about, what are you trying to do? Is there a risk or an opportunity that deserves to be codified through a policy? If the answer is no, then you may not need it. I mean, if we all do things a certain way, like I think about, okay, in the United States, we all drive on the right hand of the road.
Lisa Welchman:
You don't.
Kristina Podnar:
What? It sounds like you've been in a car with me. Let's just pretend that everybody, including Kristina drives on the right side of the road.
Andy Vitale:
With their hands on the wheel.
Kristina Podnar:
With their hands on the wheel, not touching their mobile device at any point until they arrive at their destination.
Lisa Welchman:
Policy woman by day, danger drive by night.
Kristina Podnar:
Look, you know what? I always tell people, "You have to know what the policies are, if you're going to safely break them." That too can be the case. But there's just certain truths. We actually know that there is a policy. We learn that everybody drives in the right hand of the road. I think it says, it's somewhere in that manual that you have to learn when you're 16 years of age, but we don't ever see signs when you're driving on the beltway around DC or another highway. It doesn't say, drive on the right hand of the road. We just know that that's what we do, and we all just do that. So we don't have to continually documented everywhere. However, sometimes we do have document other things, like how fast we're going to go.
Kristina Podnar:
There's a reason that you don't just put up a speed sign at the beginning of a highway. It's every so many miles or every so many ordained areas. That's because people like me will start to speed and go really fast unless you remind them that you're supposed to be going a specific speed limit. So that is a good policy. We actually understand what the speed limit is because people will otherwise break it frequently. So it's the same thing, I think within the organization. You actually have to take a look at, what are the things you're trying to get somebody to always do or never do? And then decide what are the things you're going to document? So the things that I'm seeing less and less being documented are things like logos, for example, some of the expressions of brand because it's so commonly understood that you can't take a logo and just color it whatever color you want to. So things that have become more ingrained into the digital culture, I think are the things that we're skipping over.
Kristina Podnar:
In a lot of organizations, not always, in a lot of organizations that's okay. Or for example, I recently had a client that didn't ever want to have their logo turned sideways. It was like, it always had to be positioned a certain way. That's a great example of where you have to have a policy. But we've worked in organizations where the brand is so strong, and nobody would ever dream of doing something that would degrade the brand, and so they're not going to mess with the logo. You don't have to document that, for example. Bottom line, think about when it has to be documented versus not. But the things that are missing heavily in organizations today are a lot of the data policies. Things like, what are we collecting? Where is it being stored? Are we identifying it? How are we collecting data to different systems? How are we expressing that data in the context of US by-
Lisa Welchman:
Why do you think that is? I mean, I know that you see that a lot, and I've heard you talk a lot about that. To me, some of it is just like, is it because they're just all these kinds of wild new practices that are evolving? Is it a lack of understanding? What do you think is going on in that space? Because some of the violations seems so obvious when they happen. There are these data breaches and everyone's like, well, that happened that way, why was it that open? Or why was it that vulnerable? Why do you think a lot of that stuff's being unaddressed both at the policy and operational level?
Kristina Podnar:
Well, Lisa, it's almost like you've been listening to the pipeline news today.
Lisa Welchman:
I wasn't even thinking about that. That's right, reporting gas right now.
Kristina Podnar:
Right, right, vivo. Yeah, exactly.
Lisa Welchman:
During the pandemic, I think I've put gas in my car three times in a year. That's how little I drive. But anyhow, no, I'm curious.
Kristina Podnar:
If anybody's listening, they should go to your house and siphon your gas, that's what I'm hearing. [crosstalk 00:45:54] do something bad, but-
Lisa Welchman:
No, I'm serious. Why is that, do you think?
Kristina Podnar:
I think that we've been doing things for so long that people are used to bad behavior in this space. I mean, it's like in terms of data, when I see businesses that don't have good data policies, it's because somebody on the marketing communications business side has been hoarding data forever. In fact, it's funny, I went to a website the other day for a client, and I actually registered my dog for a conference with them because I was testing things. It was fascinating, because I thought, oh, I'm going to put dummy data in there. That's always my go-to. I'm going to put dummy data and see how fast they catch it. Well, they haven't yet. That's been like four weeks and nobody's cleaning the data, I know that. The other thing I did by the way, which I thought was so funny is I emailed their DPO, their data protection officer, because they actually listed an email on their website that said, "Hey, if you want to learn about our data practices or have yourself removed from our database, contact the DPO."
Kristina Podnar:
So I did, I emailed them and I said, "Hey, this is Kristina working with the legal team, who gets this email?" Cricket chirps on the other end. Nobody answered for weeks and weeks. So then, I continue to going back through the registration process for my dog at this conference, and it was fascinating. I was asked, what is my disability? If I have a disability, what is the disability? I was asked what my spouse sole name was, I was asked what kind of preference I had for food preference. I was asked whether or not I was going to stay at a hotel nearby and-
Lisa Welchman:
This is serious personal stuff.
Kristina Podnar:
Right. I'm sitting there going like, what are you going to do with this data? Why do you even need this? First of all, you're making a huge assumption that I have a spouse to start with. Second of all, in what context would you possibly need to know this as a professional conference, by the way? It's a professional healthcare conference. What would make you think that this is okay? It's interesting because then you go back to the business and you're like, what are you doing with this? Are you doing some crazy targeting AI algorithm? You're doing some Salesforce marketing, cloud magic so you can find Andy and the cloud of people out there and go, "Andy?"
Lisa Welchman:
[crosstalk 00:48:06] the sales funnel.
Kristina Podnar:
Exactly. No, they're like, "Oh, yeah, we don't do anything with that, we just collect it." And you're like, wow, that's cool. So, the next time we have that data breach, everybody's going to know what Lisa's marital status is, they're going to know what foods Andy prefers. They're going to know all of these things, and it's like, but why? Why?
Lisa Welchman:
So, they're doing it because they can?
Kristina Podnar:
They're doing it because they can, because Cindy and marketing started at 15 years ago and somebody inherited the process because Karen never thought about redesigning the conference signup page. Nobody knew any better, nobody asks the question. Everybody on the IT side is going like, "It's not us, this is all business data. All we do is stand up Salesforce cloud so they can put it in there, we don't know what they're doing it."
Lisa Welchman:
[crosstalk 00:48:55] that way.
Kristina Podnar:
Yeah. It's nobody's problem. It's nobody's problem, and everybody has really bad practices still.
Andy Vitale:
Until it becomes everybody's problem. Right.
Kristina Podnar:
Well, right. And it is, and it makes people cringe. Like hey, who's the DPO in this organization email? Somebody finally found the inbox, it turns out nobody was checking that inbox and nobody had accountability for it. So, there's just crazy things that we do, and we're all human, so we do it in some context. I know I do crazy things, but I try to do them at home, not at work. Because going back to your point, Lisa and Andy, it's a business, it's an organization, there are certain things that are expected of us, and there are certain behaviors that we just need to adopt. It's not that hard, but we just need to do it. I think it requires awareness, and again, it requires something that's easier to do and adopt, and I think then, we're going to get to the other side, but we definitely have a lot of education and change management to do in this space.
Andy Vitale:
Do you think, or do you see that the attitude of being at work has changed now that the majority of companies have adopted a lot more of a remote workforce? Is there this relaxation or loosening of what we would have talked about before is guidelines? Because people are not in the office, so it's more of a, do I have to be that serious, or as accountable as I was, because I'm not restricted by these ... I don't know. Let's forget I even asked that, because I don't even know where I was going with that.
Kristina Podnar:
No, it's a great question, Andy. I know where you were going with this, I think. I'm smiling going like, yes, ask that question, because every organization that I know of, and I know a lot, not all, but a lot has failed in this arena. Go out there and pull your friends and say, how many of you have been told by your employers what you should do to secure your Wi-Fi at home when you're working from home? The reality is we're all working from home in the pandemic, or most of us are anyway, not everybody.
Kristina Podnar:
But I'm looking at it and going, what a great opportunity for any enterprise to turn around to their employees and go, "Hey guys, we know that you're working remotely, but here's some basic things you have to do. You actually have to secure your Wi-Fi correctly. Let me actually invite you in and train you on what to do with your IOT devices at home, because that's actually a huge security issue and where most of the breaches come within the home. Let me explain to you why it's not okay that you're talking to Lisa and Andy about super sensitive information, and that your husband is actually on a recorded business call sitting next to you, and so he's going to hear all of that super secrets stuff."
Lisa Welchman:
So you have one of those home devices that listens to every word you say?
Kristina Podnar:
Exactly. Yeah. I mean, there's just tons of this stuff. It's interesting because yeah, absolutely, people aren't aware of it, but I also feel like there should be responsibility by the organization to educate folks because ... and this is maybe a little bit crazy, but at the end of the day, whoever you work for, that organization is coming into your home into your personal space. And so yes, they're on your personal network, but it's in their interest to actually educate you about security and about privacy and all of these things. And it's really interesting because it's such an opportunity that's been forgotten by most organizations, I think that, I'm hoping that folks will learn from that, but I'm not quite so sure.
Lisa Welchman:
That's really good. I think we're just about out of time, and I really like that you're ending on this note of the broader sense of digital policy, because a lot of this conversation that we've focused on has been really focused on makers and things that people, architect apps, social media websites, CRM interactions, all of those sorts of things. But there's also other aspects of digital that have to do with securing the network that also touch into the digital policy space. And so, I know a lot of folks can read about that in your book; The Power of Digital Policy, which is a great book. It's behind me on my bookcase.
Kristina Podnar:
Oh, thank you.
Lisa Welchman:
I've read it twice, but can you tell folks more about how they can get in touch with you, read more of what you've done, interact with you some more? Where can they find you online?
Kristina Podnar:
Online, the easiest thing to do is to go to thepowerofdigitalpolicy.com, which is the name of the book. So, it's thepowerofdigitalpolicy.com. I do challenge everybody to do their own little personal audit of policies, free stuff. I don't want anything. I don't want your name, I don't want your email, it's just free, available out there. So, folks who want to assess themselves, take a look at the policies that other organizations have at different verticals in their vertical, in different levels of organizational maturity, go out there and have at it. I hope that people really take advantage of the fact that there's just a lot of information, and a lot of good opportunities to start doing some of the basic hygiene that we have to do to get this right.
Lisa Welchman:
Groovy. Well, thank you.
Andy Vitale:
Awesome. Thanks so much for coming on. I learned a lot today, which is pretty-
Kristina Podnar:
Well, it's my pleasure. I always enjoy these conversations, but more so ... first of all, with Lisa, who I get to interact with, but somehow, it doesn't seem like a lot. Maybe it's just today, not a lot today. Andy, I heard so many wonderful things about you that it's wonderful to meet you in person, kind of in person.
Andy Vitale:
Awesome.
Lisa Welchman:
Yay.
Andy Vitale:
Same here.
Kristina Podnar:
Yay, everybody. Thanks for-
Lisa Welchman:
Drive safely, and follow the driving policies, everyone. Don't be like Kristina.
Kristina Podnar:
Who's going to come and get gas for Lisa's car.
Lisa Welchman:
Yeah, exactly. Thanks a lot.
Kristina Podnar:
Take care. Bye.
Announcer:
Thanks for listening. If you enjoy Surfacing, please rate, review and follow us wherever you listen to your podcasts. Also, consider supporting the podcast on Patreon at patreon.com/surfacingpodcast. If you have suggestions for guests or a topic you'd like to hear about on Surfacing, please reach out via the contact form found at surfacingpodcast.com