Revisiting Our Views on Non-Compliance with IM Policy
Are we biased when we try to interpret the reasons for non-compliance with information management (IM) policies?
Over the past two years, I’ve presented a session titled “Improving Buy-In to IM Policies” to more than a dozen ARMA chapters.
We start each session by polling the room to learn who would like to see more buy-in to IM policies at their organizations. Predictably, at least 95% of the participants do. That a large number of us still experience a significant degree of non-compliance with IM policy should come as no surprise; it’s a commonly heard complaint.
I then ask participants what the signs of improved buy-in would look like, and, just as predictably, the answer is invariably “more compliance.”
What’s most interesting, though, is what participants attribute that non-compliance to; the typical explanations are that others in the organization don’t care about IM, or don’t care if it’s important, or simply relegate it to the bottom of the priority list. In other words, participants interpret that non-compliance as the result of poor attitudes, specifically apathy, reckless indifference, or even disrespect.
That interpretation leads to suggestions around increased enforcement, stricter penalties, and more training on the importance of the policies, all of which are intended to address people’s willingness to comply.
But maybe this interpretation jumps to unfair conclusions.
Professionals from many domains are prone to logical fallacies in their reasoning, and IM professionals are no exception. I believe that we’re succumbing to a fundamental attribution error.1
In psychology, an attribution error refers to a systematic error made when looking for reasons for our own and others’ behaviors. The error sways a thinker’s assumptions in a specific direction, at least until the thinker is presented with evidence to the contrary. The nefarious aspect of an attribution error, though, is that we are susceptible without ever being aware of it.
A good example is the self-serving bias error. This bias predicts that we tend to view our successes as a product of our skills, but view our failures as caused by external factors beyond our control. When we succeed it’s because “we’re good at that” and when we fail it’s because something else interfered.
There are many types of attribution errors, but the operative one in the IM situation is the actor–observer bias. This bias predicts that when looking at a given set of actions, we will attribute other people’s motivations to personal traits while attributing our own motivations to situational factors.
When we don’t hold a door open for someone else, it’s because we’re in a hurry. When someone else doesn’t hold a door open for us, it’s because they have no manners.
Actor–observer bias is at work in an organizational setting as well.
Take a situation where we (IM professionals) are not fully complying with a security policy. We are likely to justify our actions on the grounds that the policy is confusing, overly strict, unnecessary, or inconvenient. In some cases we’re in a hurry and don’t have time to go through all the hoops that the security team wants us to go through.
In contrast, when a security professional doesn’t comply with an IM policy, it’s because they don’t care, or they don’t care if it’s important, or they put it at the bottom of the priority list.
Both of those explanations need a second look. We may be attributing the organization’s level of compliance with IM policies to the wrong causes, based on a fundamental attribution error.
Were we to ask our non-compliant colleagues what the roadblocks are for them, they might tell us that IM policy is confusing, overly strict, unnecessary, or inconvenient. In some cases they’re in a hurry and don’t have time to go through all the hoops that we want them to go through.
In other words, it may not be apathy, indifference, or disrespect that is driving their behavior. It may simply be due to situational factors – and that possibility raises a key question:
How would our approach to our clients differ if we knew that non-compliance was a result of situational factors rather than attitude?
At the very least, it might make us more compassionate about the struggles those colleagues are going through. It might induce us to look more at practical issues rather than simply demanding more enforcement or greater penalties. It might even open some doors to better collaboration between groups.
To repeat, fundamental attribution errors are only presumptions, and they can be easily overcome when presented with evidence to the contrary. We simply need to be open to hearing that evidence.
 A great book on this subject is David McRaney’s You Are Not So Smart, 2012 Penguin Publishing Group
Lewis S. Eisen, J.D., C.I.P., C.V.P, is the author of the international bestseller ’How to Write Rules that People Want to Follow, 3rd Edition,’ and winner of ARMA International’s Britt Literary Award 2020.
About the Author
- Lewis S. Eisen, B.A., J.D., C.I.P., offers an approach to drafting policy that has been adopted by groups at organizations such as the Royal Canadian Mounted Police, the U.S. Government Services Administration, and others across Canada, the United States, and the United Kingdom. He is the author of the international bestseller 'How to Write Rules that People Want to Follow: A Guide to Writing Respectful Policies and Directives.' Contact him to run a day-long workshop for your chapter or region.
- Compliance2021.06.01Revisiting Our Views on Non-Compliance with IM Policy
- Communications2020.04.26Antiquated Policy Wording: Part 4 — The Problem with “Should”
- Communications2020.04.15Antiquated Policy Wording — Part 3: The Problem with “May”
- Communications2020.04.08Antiquated Policy Wording — Part 2: The Problem with “Must”