Cinema Signage: My Local Cinema Has Some Opinions On The New Alien Movie
Customer Reject of the Day: Tuna Cones

Malicious Compliance: "But Following Federal Law In So Inconvenient!"


3MALFrom GeoffistophelesMaliciousCompliance

So a few years ago, I worked at a healthcare company. One of my responsibilities was being a digital mailman; setting up and maintaining various file transfers to our various clients. Before long, I was being included on client calls to get things set up in advance. Usually, these were uneventful calls that just made my job a little easier.


Now, I specifically mention healthcare because that means we have to deal with HIPAA, the federal regulations of the industry. We're extra careful because we have clients in certain states that hold individuals liable for violations instead of the company. It also details minimum acceptable file encryption, because you would clearly want your healthcare records and information encrypted. Right? Right. Glad we agree.

Enter the client and their team. Client seems fairly laid back, which is a bit of an oddity; these calls tend to attract the Type 1 Let's Get Moving NOW NOW NOW brand instead. These fears appear to be short-lived, and the call largely goes on as planned... until file transmission. I offer SFTP, which is the gold standard that most clients jump on. Easy to use, easy to set up, done before we're off the call!

Client: "Eh... I'm not really sure we want to do that. Can't we use FTP?"

Crap, they want FTPS. Where SFTP is an armored truck, FTPS is a Buick with sheet metal welded to the chassis and just as fun to deal with.

Me: "I... well, we can do FTPS, but it's honestly more trouble than it's worth, plus we'd have to do rigorous testing for compliance purposes, since it may not meet standard."

Client: "No, just standard FTP."

Okay, I get it. We're having a good old laugh at Geoffistopheles! Haha, you got me good.

Me: "No, we can't do that."

Jason doctorThe subject is dropped when another teammate says we can work with SFTP and we go on, having put this whole misunderstanding behi-oh come on, where do you think I'm writing this?

Reaching the end of a boring call, I almost didn't hear him pipe up again.

Client: "Are you sure we can't do FTP?"

Now I'm confused, wasn't this a joke?

Client: "You answered pretty quickly last time, wouldn't you need to talk to compliance? We just don't want any hassle on our end."

A sigh barely stifled on my end.

Me: "No, we can't use FTP. It has no encryption whatsoever and absolutely will not meet HIPAA."

Client: "You're not compliance. How can you be sure? Can't you do this one thing for us?"

And that's when it hit me. He didn't want the armored truck. He didn't want the sheet metal Buick. He wanted to walk down the street with a big ol' moneybags sack! He wanted me to blatantly disregard federal regulations because they were inconvenient.

Resigned to the absurdity, I offered to talk to Compliance on his behalf, placed the phone on mute, and ambled my way 25 steps to Compliance. Without really changing my pace and speaking in a familiar 'I am frustrated but not enough to actually care' monotone, I say to him, "I'm asking a question I already know the answer to. Can I ignore HIPAA because a client finds it inconvenient?"

Compliance: "Ah... no."

Me: "Thank you kindly."

I ambled my way back to my desk and came back to an infuriated Client...

Wait, I forgot to mention a few important things:

  • Compliance was already on the call.
  • Compliance did not bother to mute their phone.
  • I was rather easily heard, much to the delight of nearly everyone on the call.

Pointing out that I did precisely what he asked of me, whether we could use substandard methods because it was inconvenient, naturally did not sit very well. While he ranted and raged to the hoots and hollers of his new audience, I made a quick detour to the VPs office, explained the situation, and that she was likely to get an angry call about an employee disrespecting the Client because they wouldn't break the law for them.

Thus ends this story, and begins another titled "Why Geoffistopheles' Smart Mouth Is No Longer Welcome On Client Calls, Volume I."





A double win. Ha! "In tech support, the customer is not always, or even usually, right." and not having to talk to them anymore...

The comments to this entry are closed.