Digital domination – don’t leave it to the powers that be

77 twitterA couple of years ago I came across a very scarey phrase in a United Nation’s document about digital governance. It spoke about ‘controlling the internet’.

Now, on one level, the powers that be are only interested in controlling something if it is powerful, so hat’s off to the internet and in particular, the self-publishing and social communicating it has enabled. But ‘boo’ to any big cheese or brass hat that wants to control it.

Where the internet gets its power

The internet is as powerful as it is because of the egalitarian nature of its access. Countries who attempt to restrict access to the internet are inevitably repressive regimes. Okay, so some of us (individuals and organisations) are still learning how to conduct ourselves in this massively liberating space, but I’m sure it was the same for cavemen when they first saw flames lick around dry tinder. Something that game changing; well, you’re bound to get burned in the early days.

Which is why I currently have misgivings about the army’s revelation that it’s setting up a special unit skilled in non-lethal warfare and where recruits will need to be adept with social media and its use. On the face of its, no bad thing. It’s obvious that if you’re going to win hearts and minds and keep boots off the ground, the major battle grounds will be virtual and psychological.

“shaping behaviour through the use of dynamic narratives”.

But what disturbed me was tucked away in the announcement. It’s the bit where Chief of the Army, General Sir Nick Carter speaks about “shaping behaviour through the use of dynamic narratives”. Now, don’t get me wrong. On one level all of us involved in content strategy have such an ambition. Create the right story. Engage the right audience. Shape a space that delivers the desired action.

You win customers – not wars – in 140 characters

But when the Chief of the Army says it I get a little spooked. The reality is that commercial organisations have spent decades, possible centuries, learning the marketing and communications skills that allow them to engages audiences and working within evolving guidelines and regulatory bodies, in terms of what they can and cannot say.

I’m not sure that the army, no matter how carefully it recruits to the new 77th Bridgade, has those skills. General Carter has an impressive military career. Appointed to post towards the end of last year he is keen to persuade civilians and politicians that the army has a place and deserves a secure budget line.

But miliary experience of content strategy is grounded in war time experience and the Cholmondley Warner school of public service announcements. The only area where it has progressed, in my opinion, is in recruitment, where its use of commercial agencies and the more clear cut customer conversion dynamic have created creditable, well executed marteting messages.

Boots on, on in, the internet?

My worry is that the boots on the internet will still be controlled by a generation of senior military personnel who are not socially mediate and view the interweb as something of a threat; roamed be terrorists, anarchists and young people. Watch their space.

Building a content risk matrix

The risks around publishing in traditional print mode can be mapped very clearly to the fundamentals of accuracy and appropriateness, as well as our legal obligations not to defame. We developed the rules for this over hundreds of years.

This framework underpins our credibility as individuals (authors) and as businesses (publishers). Traditionally publishers may have threatened to print and be damned, but what they actually did was sail very close to the wind, confident in how far they could go and not end up in the courts; or end up there and win.

But traditional content has been joined by young and capricious alternatives to print, TV and radio, that cavort in a virtual word where they can be pointed to and promoted by billions of autonomous micro publishers via Twitter, Facebook, Pinterest, YouTube, to name but a few.

Your roadside billboard can be photographed by smartphone and shared with an entirely new audience. When it works, this is called going viral, when it doesn’t it’s called a PR nightmare.

This new and rapidly evolving landscape offers multiple channels and multiple delivery mechanisms. It makes herding cats look distinctly easy.

Of course, the solution is simple. You just stay rooted in old school and non-digital content (that now seems relatively easy to control, by comparison). You turn your back on the social mediasphere and encourage your clients to do the same. Alternatively, you rule the new channels with a rod of iron. “Nobody’s allowed to Tweet for this company unless they have a Masters in Neural Linguistic Programming!” “Only the Chief Executive gets to Like Comments on our Facebook page!”

Or… you take a few risks

We all have to take risks. Or, to to court a double negative, you can’t not take risks. The secret is to herd the risks – not the cats.

Risk scoring is based on two parameters – likelihood and impact. An event may be likely to happen but the impact could be relatively small: a broken link on a deep page that’s rarely visited. An event may be unlikely but the impact would be catastrophic: a drunk, disgruntled employee loads a bogus interview with the CEO on to the coporate website, in which the CEO calls the Prime Minister some very unpleasant names and threatens to run away with the pension fund.

Scoring key content risks and applying internal controls to mitigate them is a useful part of digital governance. The key is to start with the basics and build. Multiple tabbed spreadsheets infused with macros covering every last content element you generate are worse than useless if nobody’s going to monitor the output.

Start with the biggies

In previous posts I’ve dealt some some of the key legislation and regulation we have to deal with these days. Mitigating the risk of falling foul of the law is a good place to start.

  • For example, what is the likelihood of your next campaign on Spotify running foul of the Advertising Standards Authority*?
  • What would be the impact if you had to pull the ad – lack of exposure, cost of ditching / modifying the ad, already paid for ad slots that you can not longer fill?

*I’m thinking of a real life case where the ads had to be pulled from a number of social media sites. The adjudication was triggered by just 15 complaints.

Don’t restrict yourself to legislative and regulatory issues. Think about customer risks. The one broken link on the deep web page mentioned earlier may not mean the end of your organisation, but if your organisational culture means there is a real likelihood of sloppy url input and poor page maintenance  – you’ve got a significant impact and a significant risk to customer engagement and satisfaction. (Not to mention a culture where the website has deep pages which are rarely visited.)

1. You need to start by identifying top level content risks. I think this a good reason for a facilitated workshop and not just involving content creators but also IT and other corporate perspectives.

(Key technical risks, such as capastrophic failure of IT systems may already be part of a corporate risk register within your organisation.)

2. If it’s a while since you’ve done a content audit, do one in the run up to the workshop. Ideally, audit all your content, not just digital. Apart from anything else, you may want to form a view about how content is originated in your organisation (eg do you still follow a digital-content-is-extracted-from print model?).

3. Having identified and agreed your top level content risks you need to give them a score (accept you will want to come back and adjust these has you get better at the process).

Risk scoring

Based on my experience of how other risks are scored in the corporate environments, consider an Impact range from insignificant (1) to very serious (5) and a Likelihood range from very low (1) to very high (5). The combined ranges on a 5 x 5 matrix produce scores ranging from 1 to 25.

If you go for a bigger scoring ranges it becomes much harder to judge the scores and monitor the changes as you work on the risk. Trust me and the trusty bell curve on this one.

Just putting a score to stuff can be very insightful. Divide your risk scores into sections something like this:

  • 6 or less (low risk)
    Keep an eye on it. Review it occasionally.
  • 8 to 12 (medium risk)
    Do some deeper work to establish why it’s happening and what can be done to reduce it. Additional skills or training perhaps? Set realistic timescales for the actions and review directly afterwards and then regularly until it falls back into 6 or less (residual risk) and stays there.
  • 14 to 20 (high risk)
    This may need investigating at a department or team level. It may require training, ongoing monitoring and maybe some hard controls, for example, reducing the number of people with publisher rights in the CMS, tightening up on approval processes (and engagement with them). Don’t turn you back on these risks as they can go up as well as down. With some risks you may not get them down below 8 -12 but if that’s the case you need to think about effective ongoing monitoring.
  • 20 or above (highest risk)
    Put together a team probably across content and technical disciplines to drill down, find the problems and deal – as a matter of urgency. This may require a combination of hard controls and ongoing monitoring, as well as training. You may need some anonymous ‘no blame’ feedback.

As you decide on a remedial / mitigating actions, assign a named individuals to oversea them and attach a timescales and reporting frameworks.

Okay, I think that’s going to keep you going for now.

Governance – where to draw the line?

Back in the days of the wild, wild, west, gun fighters and bank robbers ran amok. Gentle folk were afraid for the lives and street brawls were commonplace. Okay, it was exciting, but reputable companies – I mean folks – stayed in the big cities and left the frontier towns to the lawless.

Aw shucks, it’s another metaphor.

The good thing about all those gunslingers and rot gut whiskey drinkers was they opened up opportunities. It was their all round recklessness that pushed the boundaries. But before these new opportunities could be truly capitalised on, somebody had to impose order.

Enter the sheriff…

The sheriff slung the drunks in jail and ran the gunslingers out of town. Sheriffs were also pretty handy with guns themselves. Not a few gunslingers were hired by towns to police their streets and gun down the ‘bad guys’. In fact, apart from the presence of the sheriff’s 5-pointed star, very little differentiated the law man from the lawless.

So, when you’re policing the streets, where do you draw the line? Okay, we’re ditching the metaphor now.

In terms of rolling out the concept of digital governance to wider audiences, I’ve chosen legislation and regulation as my entry point*. This is because, in lawful societies, the risk of legal penalty is a sufficient deterrent (particularly if you’re a big company with a lot to lose). It’s also something that attracts the attention of the board room, which, sorry, content per se does not

*I started to group together some of the more pertanent rules and regs in my previous post

But when you seriously consider what could impact on the correct governance and risk mitigation of digital content, you begin widening your scope – quite considerably.

For example, culture secretary, Jeremy Hunt, plans to publish a Green Paper setting out the scope of a new communications act by the end of this year. If you think this is just about hacking and tabloids, think again – and read the below…

Hunt gave a few clues as to areas on which he may focus, but appeared to indicate that one may be regulation of programming content on the internet.

Under the current EU Audiovisual Media Services Directive, “TV like” services, such as the BBC iPlayer, are subject to regulation. However, the level of regulation is less than that imposed upon traditional TV channels.

“Whether we are watching a broadcast live or through catchup TV services, via a TV or a computer, it is the content that matters, rather than the delivery mechanism,” said Hunt. “So should it be the case that the method of delivery has a significant impact on the method of regulation? Or should we be looking at a more platform-neutral approach?”


There’s data protection and eprivacy and the implications of the European Data Protection Framework (EDPF) Review (don’t ask me, I’m new here) and the Digital Economies Act; some might say the latter was rushed legislation aimed at pirate downloaders and which now seems to be languishing somewhere in Brussels. PRS for Music, which brings together the two royalty collection societies MCPS and PRS, is also looking at the whole area internet piracy and controlling copyright online.


  • The EUs general concerns and overall remit around data protection and how personal data is used.
  • The ongoing digital implications for copyright and its infringement including ideas floated by the Hargreaves Review.
  • The impact of changes to internet protocols.

Then there’s the whole area of cyber security , the Government’s plans for a cyber security strategy, the implications of the Home Affairs Committee inquiry following last year’s riots, a warning from head of GCHQ’s about a ‘disturbing’ level of cyber attacks, as well as high-profile security breaches involving big names such as PlayStation and Google.

It’s not that organisations and governments are not increasingly on their toes when it comes to critical issues such as hacking and data protection. As early as its 2008-2009 report, the UK’s Intelligence and Security Committee raised concerns about the potential threat posed by cuber crime, not only to the UK government,  but also ‘critical national infrastructure and commercial companies’.

We therefore welcome the fact that this threat has been recognised and that cyber security is now listed as a Tier One national security risk. The new funding that has been made available, as part of the SDSR (Strategic Defence and Security Review), to fund cyber security work is a significant step forward.

Source: 2010–2011 Annual Report, Intelligence and Security Committee

All fine and dandy. But its the next bit of their latest report which attracts my interest…

Whilst the priority and funding are to be welcomed, structural issues continue to cause us concern. We have noted 18 units with particular responsibilities in this field across the three Agencies, two law enforcement bodies and five government departments. Between them they cover policy, management, intelligence operations, protective advice, detection and analysis, with some focused on crime, some on hostile activity from overseas, some on Counter-Terrorism and others covering all three. This risks duplication and confusion and cannot be cost-effective. We therefore recommend that work be done to rationalise the existing structures.

Source: 2010–2011 Annual Report, Intelligence and Security Committee

Some 18 different agencies all getting their head around cyber security. Cooks? Broth? Anybody?

I think there is a real danger that as the digital wild west becomes the tamed west that we could end up in a situation where the streets are populated by too many sherif’s, firing off their six guns for offences no more horrendous than jaywalking. I’ve read the phrase ‘governing the internet’ more than once and frankly it worries me. Didn’t Canute try something similar?

But it’s not all bad news…

After the gun  and the guns for hire, and the early day sheriffs who relied on their quick draw, there came judiciary and laws than formalised the processes for identifying bad from good and exacting appropriate penalties. That’s where I think we now need to go with digital governance.

Those of us involved in content, its creation and implementation are ideally placed to step into and exert our  influence in this area. I used the word ‘influence’ rather than, say, ‘control’, after careful thought. Think traffic police rather than Big Brother. It’s all about enabling the flow of communication while mitigating the risk of pile ups.

We already act as the linchpin for a whole range of disciplines. The image below was created by Richard Ingram and is one of many of his stunning visualisations that go towards explaining our turnkey positioning.

• We already have, and continuing to improve, a range of tools and methodologies that allow us to guide clients in project choice, rationale, implications and implementation.

• This is alongside the deploying of the actual content itself across an increasing array of channels and delivery mechanisms.

• To this array of tools and services we ‘simply’ need to  add governance tools and methodologies, such as a suitable content risk matrix that will allow us to identify the more important issues that clients need to address – and mitigate.

I’m going to show you what that content risk matrix might look like in my next blog.


The dawn of digital governance

When the internet first came along it was a bit like the American gold rush. People were staking their claims on the new ground with nothing more than a flag on a stick and a glint of avarice.

Companies sprang up overnight building websites of enormous cost and complexity. People spooned repurposed brochure content into the accompanying white space. There was money in them thar hills – and not a few error messages.

Over time things calmed down. dot.coms boomed and busted, the cowboys were rode out of town on a rail; the approach to content became more thoughtful.

But not thoughtful enough…

Yes, best practice emerged and organisations maintained (somewhat) as well as built things. Digital professionals also began to measure – everything and anything. The internet was wonderful for measuring – it still is. You can create bar charts that show you loads and tell you nothing. Nonetheless, they look mighty fine in a PowerPoint presentation.

Skill sets began to evolve. Companies slowly began to realise that a new website or email programme wasn’t just a technological progression but a communications one. Most recently the internet has gone out into the field as devices become more plentiful and more highly mobile. The phones, at least, became smart. And media became social.

But what holds all this together and, most importantly, what bonds what’s happening in marketing departments and agencies to what is decided at board or senior manager level? What I see is business critical communications decisions being made as if they were simply tactical subsets.

A toe in the budget door – but not the boardroom door

Digital communication professionals did themselves no favours. Marketing and even IT departments were the traditional organisational gateways to budget decisions. We framed our arguments and project language in a way that the people deploying what we offered would see as relevant. Oh, a big website overhaul might be a senior management or board decision but that was on the basis of costs (or politics) and the fact that some IT Directors, at least, made it through the digital ceiling.

So, what makes a digital project relevant at the very highest level? What raises what we do to the most senior floors and embeds communication and content as business critical, alongside production costs and HR budgets?

Let me introduce you to the concept of digital governance…

I’ve worked as a non-executive director in the National Health Service (NHS) and spent a number of years as a Chair of Governance. Governance is embedded into corporate structures at the highest level and companies such as Enron have simply served to demonstrate the value of probity.

Good corporate governance is a system for structuring, operating and controlling based on: sound business ethics, long-term strategic goals, care of employees (past, present and future), customers and suppliers, the environment and the local community and proper compliance with legal and regulatory requirements. Source: Applied Corporate Governance

Within the health service there is also a specific clinical governance structure. In my opinion this brings together to critical organisational pathways: business function and business output.

Clinical Governance is a framework through which NHS organisations are accountable for continuously improving the quality of their services and safeguarding high standards of care, by creating an environment in which excellence will flourish. Source: A First Class Service – Quality in the new NHS

Clinical governance: bridging the gap between managerial and clinical approaches to quality of care Source: Stephen A Buetow, Martin Roland

Over the last year I’ve taken this learning acquired in the health service and tried to develop a framework for its development in digital content. What I’ve come up with is this:

Digital Governance is the framework through which organisations are accountable for continuously improving the quality of what they offer audiences digitally,  safeguarding high standards  and creating an environment in which excellence will flourish. Source: Me

Digital governance: bridging the gap between managerial and digital approaches to quality of content and communication. Source: Me

Okay, where am I going with this? And why should you care?

Anne Caborn's digital governance visualI believe that if we don’t start drawing content into some big business framework it could slide back into a series of not particularly significant (in board terms) silos; whether that’s usability, content development and management, design and build, search and optimisation… Content strategy has gone some way to providing the glue for harmonising key skills and expertise but it isn’t a term that gets the suits excited.

Information Governance already exists. Organisations get that the governance and accountability relating to business usage and storage of information is business critical. But information goes only partway to describing and proscribing content. Digital governance  of content creation, production and maintenance, supporting processes / methodologies and technologies needs its own guidelines, benchmarks for excellence and monitoring systems (piped upward to board level in dashboard form).

I’ve come across the term digital governance (and web governance) here and there but its current definition is neither broad enough nor sufficiently demonstrated within an organisation. It deals with probity – but not excellence. The only person who comes close to covering this ground sufficiently, in my opinion, is Lisa Welchman in the United States.

In the health service the weft and weave of clinical governance is raised to board level using a range of data and compliance measures. Mortality figures are obviously a key metric but what about recovery times for people operated on in a specific operating theatre, sent to recover in a specific ward? Do ‘bed days’ go up or down dependent on where a patient was admitted from, whether it was during the day or during the night? Metrics are marvellous but only if you bring them together from multiple sources, keep them current  and interpret them with confidence and robustness.

There is also another critical thing that makes governance business critical – the risk of legal and punitive  censure. Since 2001-2, NHS Chief Executives have been required to sign a Statement of Internal Control that forms part of the statutory accounts and annual report. In order to make this statement, Boards must be able to demonstrate that they have been properly informed about the totality of principle risks that an organisation faces (not just financial). Conclusions to such risks need to be documented using an evidence-based approach.

I firmly believe that in order for digital content to be discussed and taken seriously at board level, the possibility of breaking the law – which exists – needs to be better evidenced and monitored.

What laws do you want to break today?

I’m currently working on some new training and workshops that attempt to bring together the necessary governance disciplines required to properly monitor compliance with all the legislation and regulations that should keep organisations awake at night (but to which they are currently not paying it sufficient attention – if any at all). I’ll be covering this off in much more detail next year but the things we should be all-over-like-a-rash include:

1. Since March 2011 the Advertising Standards Authority in the UK has also been responsible for regulating online marketing. It recently banned a series of online ads for Lynx spray (it’s a bloke thing), which ran on Yahoo, Hotmail, Rotten Tomatoes, Anorak and Spotify, for being ‘likely to cause widespread harm and offence.”

2. Privacy and Electronic Communications (EC Directive) Regulations 2003 prohibit unsolicited electronic marketing material unless covered by the “soft opt-in” rule. This covers not only email but also text messaging. Breach of the regulations can result in regulatory investigations, fines, civil damages actions and criminal liability. Criminal sanctions may be imposed on company directors, as well as the company.

3. The above regulations also introduced controls on the use of cookies on web sites. Users have to be given guidance on why information is being collected using cookies and the opportunity to refuse that information. Organisations using cookies should have a clear compliance statement.

4. Since 2007 companies in the UK have needed to include regulatory information on their websites and in their email footers, such as company number and registered address (not always the main contact address) or risk being fined under the Companies Act.

Do keep up!

5. The Disability Discrimination Act (DDA) 1995 Part 3 makes organisations responsible for making their websites accessible.  The section came into force in October 1999 and the Code of Practice for this section was published in May 2002. The legislation was policed by Royal National Institute of the Blind (RNIB) which forced a number of companies to make changes to avoid prosecution.

6. But did you know that since  October 2010 the Equality Act  replaced ‘most of’ the DDA? The RNIB points out that the new Act is ‘anticipatory’, which means you cannot wait until a disabled person wants to use your services, but you must think in advance and on an ongoing basis, about the potential illegality of:

  • links that are not accessible to a screen reader
  • application forms in a PDF format that cannot be read by a screen reader
  • core service information (for instance, timetables on a public transport website) not in a format accessible to screen readers
  • using text, colour contrasting and formatting that make the website inaccessible to partially sighted users
  • changing security procedures (for instance, on an e-commerce website) without considering the impact of blind and partially sighted customers that use screen readers.

And this, my friends, is just the tip of the iceberg.

Now, I know what you’re thinking…

You may think that as the newspapers are NOT wall to wall with reports about major prosecutions under any of the above (there have been significantly more in Australia, as far as I can see), you can just keep calm and carry on as before. I have only one question: Do you want to be the first prosecution? Even without a prosecution, do you really want to be named and shamed by a regulatory body?

Welcome to Digital Governance 101.