Change

       
        Yesterday on LinkedIn there was reference to a Scott Adams December 13, 2015 Dilbert comic about embracing change.  I noted that change for the better is a good thing, but change merely for the sake of change is not.  "Hasten slowly.”
        The hasten slowly I remember first seeing on a sundial at a monastery roughly 30 years ago. It was new to me then, but as it turns out the notion dates back as far as Augustus, the founder of the Roman Empire.  Along with the millennial support for Bernie Sanders’s socialism, it’s yet another reminder that that everything old can be new again.
        I found a short piece that I wrote 14 years ago titled, “Change Management Overview”, reproduced below.

--------------------------------------------------

        The roots of change management as a field of specialty can be traced at least to Edgar Schein’s 1969 work on process consultation and possibly as far back as the late forties or early fifties depending upon one’s viewpoint.  Since the early days the field has been steadily developed by people who recognize the business and social needs to integrate human interaction and processes with business processes.

        Change management experienced a dramatic bent toward technology during the 1990s.  Even today, many people equate “change” with technological improvements.  While it is true that technology is involved in many change processes, the need for ongoing technological advancement is now accepted as one business necessity of many; it is no longer the driving force of change management.

        There are three basic classifications of change, each demanding a unique blend of competencies for effective management:

• Transformation is a process that occurs when an organization must radically alter its way of doing business.  The source of the need might be primarily internal, such as a switch in company leadership and strategy as when Lee Iacocca took on the responsibility at Chrysler.  An external source might be illustrated by the current economy’s impact on the transportation industry.  The semi-trailer manufacturer Wabash National Corporation is one local example.  Transformation has a clear onset, may have a loosely defined end, and requires tremendous insight, a high tolerance for risk, and a well-reasoned yet highly adaptable strategy.
• Transition occurs when there is a particular need identified that will improve performance, such as when a new technology, policy, or product is introduced.  A merger may be a transition rather than a transformation if company histories, cultures, operating procedures, and people are highly attuned.  A transition has a beginning and an end, and several transitions may be present during a transformation.  A transition requires clearly defined goals and a more rigid strategy.  Transitions typically require planning and management capability plus specific competencies in areas such as training or technology. 
• Development is an ongoing process in organizations with a culture of continuous improvement.  Development might include succession planning, specialized training, and individual and team problem solving.

        Development tends to be more proactive than reactive, and it ideally permeates the entire organization.  Development is typically an important component during both transition and transformation and requires strategic planning capability, trusted leadership, and the ability to effectively organize and troubleshoot virtually any process.

        The most effective development leadership has the ability to anticipate internal and external changes, to be on the leading edge of trends, and to establish trends when appropriate.  As developmental effectiveness increases, the instance and negative impacts of transition and transformation decrease.

        It is apparent that a particular change within an organization may fall into more than one classification.  It is also true that a single external event may call for a different level of change from one organization to another. 

       We should avoid change merely for the sake of change; case studies demonstrate that there is often costly confusion and unconscious and conscious resistance.  We must create and maintain a culture of continuous improvement and openness to change; those organizations with a learning culture suffer the least.

ID Theft and FTC Consumer Complaints

        On March 1st the Federal Trade Commission (FTC) released its 2015 Consumer Sentinel Network Data Book that reports complaints received by the FTC during the year.  For the first time in 16 years, identity theft DID NOT top the list.
        This year identity theft was edged out of first place by debt collection, which the FTC attributes to its ramped up enforcement against companies violating the Fair Debt Collection Practices Act.
        The complaint categories making up the 2015 top 10 are:

	Number	Percent
Debt Collection	897,655	29%
Identity Theft	490,220	16%
Imposter Scams	353,770	11%
Telephone and Mobile Services	275,754	9%
Prizes, Sweepstakes and Lotteries	140,136	5%
Banks and Lenders	131,875	4%
Shop-At-Home and Catalog Sales	96,363	3%
Auto-Related Complaints	93,917	3%
Television and Electronic Media	47,728	2%
Credit Bureaus, Information Furnishers and Report Users	43,939	1%

        The founder and president of Javelin Strategy & Research, a company mentioned in a 2012 identity theft video, has since warned that social media users are a growing target for identity theft.

        A 2012 BankRate.com article  says that paying with a credit card or debit card makes you vulnerable, and mobile phone users are also a target.
        In March 2014, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray warns, "your information is always at risk, every day."
        My own interest in the topic likely dates back to 2002 when Walter Kevin Scott – a convicted felon - was working as benefits manager for the Indiana Public Employees’ Retirement Fund (PERF).  Mr. Scott had used a false Social Security number in the hiring process, and the State of Indiana had hired him unaware that he had served time in a federal penitentiary -  for identity theft!
        During his trial it was disclosed that from November 2001 to August 2002, Scott had unlimited access to the Social Security numbers of 1.2 million current and former public employees and their families  -  the equivalent of nearly one in every six Hoosiers.  Investigators found personal information and pension fund balances of 750 people during a search of Scott's home after he quit working at the fund.
        A few years later we began to hear more about breaches, most notably in universities.  In May of 2005, the Lafayette Journal and Courier listed ten universities that had already reported breaches in that year, including Purdue and IU.  Also in 2005 it was reported that identity thieves set up fake businesses and gained access to up to 160,000 consumer records from data broker ChoicePoint.
        Heartland Payment Systems Inc. - one of the largest processors of credit and debit card transactions in the U.S – was hacked in 2009.  With vague explanation, one local bank sent new debit cards to replace ones that were not even near expiration.  When the Target and Home Depot names appear in the news we all noticed, but how many of us would even recognize the name Heartland Payment Systems or ChoicePoint?
        The Identity Theft Resource Center (ITRC) tracked 781 U.S data breaches in 2015, the second highest number since it began tracking breaches in 2005.


Top breaches in 2015:

• Business sector 40%, up 8.1%
• Health/Medical sector 35.5%, down from 44.1%
• Banking/Credit/Financial 9.1%, nearly double the number reported in 2014
• Government/Military 8.1%
• Education sector 7.4%

        The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure.  As of March 16, 2016, the ITRC reports 155 breaches with 4,314,045 records exposed.
        In 2014 Krebs on Security reported that a nationwide beauty products chain discovered a breach in its payment systems and a fresh batch of 282,000 stolen credit and debit cards reportedly went on sale in a popular underground crime store.  That same month, Indiana University reported that information including names, addresses and Social Security numbers of those who attended any of the university’s campuses from 2011 to 2014 was unsecured for more than 11 months because security protections weren’t working correctly.
        Purdue associate professor of communication Josh Boyd states, “The recent security breaches . . .  are a good reminder that the online environment involves no guarantees.  If you put information online and somebody really wants it, it’s vulnerable.”
        The use of a credit monitoring service cannot prevent ID theft, but it may help you to discover fraud.  About the well-publicized Target security breach during the 2013 Christmas shopping season, Purdue professor of cyber forensics Marcus Rogers warns, "People have to be vigilant for the next six months, year, even up to two years.”
        The ProtectMyID credit montoring service offered by Target is a product of Experian, a credit reporting agency, and monitors changes only to a consumer's Experian credit report.  According to Consumer Reports, “The service can give consumers a false sense of security, and Consumer Reports can recommend this deal in its present form only as being better than nothing, and only for consumers who understand its significant shortcomings.”
        Credit Karma has been advertised much during recent years.  Credit Karma is a service that provides no-cost (so-called “free”) credit scores, credit reports, and credit monitoring from TransUnion.  In 2014, Credit Karma settled with the Federal Trade commission on charges that the company “failed to take reasonable steps to secure” its mobile apps, ‘leaving consumers’ sensitive personal information at risk.”
        To monitor your own reports from Experian, TransUnion, and Equifax, you may order copies through www.AnnualCreditReport.com.  For information about how to order by phone or mail, see the FTC's "Disputing Errors on Credit Reports".  If you’d like an estimated credit score, use a credit score estimator for which you do not disclose identity information.
        A high score can be useful at times, but do not make it your primary focus.  The Fair Isaac Corporation (the "FICO" people) tells us that 65% of a credit score is related to payment history and amounts owed.  So as it turns out, some of the actions that can increase your score also make financial sense!  Pay bills on time, every time, and don’t take on too much debt.  Then make sure that the information on your reports is accurate.
        It has become clear that no institution, public or private, is immune to data insecurity.  My guess is that by now just about every one of us has been a victim of ID theft whether we know it or not, and there’s nothing that we can do to change that.  Since there is so much that is outside of our control, it does make sense to at least control what we can.  Remain vigilant, and from today forward the less information that you provide - and the fewer places where you provide it -  the better.
        Especially if you have a rural mailbox, consider a post office box instead, and remember that outgoing mail is just as important as incoming.  For several reasons, seniors are a very vulnerable population, and if you have a loved one who is aging watch for signs of fraud.  Whether credit card statement, checking account statement, or utility bill, look through every line and understand what is behind every charge.
        Not all misinformation on a bill or in a consumer report is necessarily fraud – mistakes do happen.  But certainly make sure that all information is accurate.  If you know someone who has been denied a checking account, you might mention the ChexSystems consumer report and Bank On Tippecanoe; those outside of the Lafayette area may see Bank On Indiana.
        The CFPB explains how to check a minor child’s reports from the three major credit reporting companies.  The Indiana Attorney General informs consumers how to place a security freeze with Equifax, Experian, and TransUnion.  The Attorney General has also produced an ID Theft Victim Kit that outlines the steps to follow if a consumer becomes aware that personal information has been stolen or used by someone else.
        Considering the outrageous number of major breaches reported during the past three years I’ve just been unable to keep up with tracking.  Nevertheless, quite some time ago I reached the same conclusion as Lafayette editorial cartoonist Dave Sattler following Jimmy John’s September 2014 breach, “The recent security breach by Jimmy John’s as well as Target, eBay, and Home Depot has many wondering How do we protect our identity . . .  One way is to bring back an old friend . . ."
        Take care.

Kurt Burnett