Compliance Corner – Issue 3.3
Why we love “dumb” questions (and how they help us innovate)
“There are no dumb questions.”
How many times have we heard that sentence? It’s usually spoken after someone says, “This might be a dumb question, but…” The would-be questioner wants to ask the question. Perhaps they need clarification, or they didn’t hear what was said, or maybe they had a momentary lapse in focus. (That last one tends to happen during meetings on Friday afternoons.)
But it’s when the would-be questioner doesn’t ask their question – here, out of concern that they might look “stupid” – that we need to be concerned. As we’ve written about in previous blogs, if your workplace lacks psychological safety, employees might feel that speaking up – even to ask a question – is too risky.
Risk 1: Losing the respect of colleagues: If I ask the question in front of my teammates, they might think that I don’t understand the work that we do.
Risk 2: Losing the trust of my supervisor: If I ask my supervisor a question about this project, she might think that I’m not qualified to serve in my role.
In these instances, impression management takes over and employees opt for silence over risk: Better to maintain the positive image my colleagues and supervisor have of me than to make them suspect that I might not know everything, all of the time.
At this point, you might have a question about questioning: What’s the worst that could happen if people don’t ask questions? While many of us could point to case studies of disasters that could have been averted had someone asked the (possibly dumb-seeming) question, we’d like to look at something else that can happen when people keep those queries under cover: innovation comes to a halt.
That’s right. It turns out that numerous advances in medicine, science, philosophy and technology took place because someone asked a question. Imagine for a moment what life would be like if young Isaac Newton had never asked these questions: Why do apples fall straight down from a tree? Is there something in the earth that attracts them?
Clearly that fruit fixation led to a greater understanding of gravity, and, eventually, to the way the moon and the planets maintain their orbits. But what if young Isaac had lived in an environment where he felt unable to ask what some might consider a “dumb” question?
Recently, a company called Autodesk (developer of software for the design, engineering and entertainment industries) launched their Innovation Genome Project. Led by Autodesk’s Bill O’Connor, a team of MBA students from Hult International Business School studied what they identified as the first 100 innovations. They divided these into six categories by “innovation question type.” According to their findings, all questions that led to those innovations – including the “dumb” ones – were one of these questions:
What could I look at in a new way? (Steve Jobs looked at the computer in a new way, leading to the Mac and the personal computer revolution.)
What could I use in a new way? (Paleolithic humans turned fire from a scourge into a means of cooking, heat, light, and protection.)
What could I recontextualize in space or time? (The Sumerians moved language from spoken to written form, expanding its power and reach.)
What could I connect in a new way? (Thomas Edison connected the light bulb to the electrical grid, leading to electrified cities.)
What could I change, in terms of design or performance? (Nearly 3 million years ago, the world’s first “innovator” transformed a simple rock into a stone hand-axe.)
What could I create that is truly new? (In 1776, American colonists created the first “intentional” nation, based on specific abstract principles.)
Guess what? None of the innovations in those examples would have taken place if no one had asked any questions. And we have only to look at the boy who asked, “What if I rode a beam of light across the universe?” for another take on the importance of asking questions. It was a grown-up Albert Einstein, years after morphing his mania for light beams into his Theory of Relativity, who said, “The important thing is not to stop questioning.”
The point is that we need for people to ask questions like these because we need to keep innovating. In his 2024 State of the University address, President Rao used some form of that word five times. And in last year’s address, entitled “Creativity driving innovation,” he used it eleven times. Clearly, innovation is part of VCU’s DNA.
So, if we can all agree that by asking more questions we’ll achieve greater innovation, then we need to do whatever it takes to foster a speak-up culture, making it safe for employees to ask their questions. Especially the “dumb” ones.
Berger, W. (2024, February 24). Einstein and questioning. A More Beautiful Question. https://amorebeautifulquestion.com/einstein-questioning/
Krasley, S. (2012, February 3). The 6 questions that lead to New Innovations. fastcompany.com. https://www.fastcompany.com/1679231/the-6-questions-that-lead-to-new-innovations
We invite you to check back in the coming months, as we revisit the basics of building a speak-up culture.
Sent Too Soon
A Compliance Case Study
The People:
Laurel – An administrative assistant in the School of Medicine
Amir – An office manager in the School of Medicine, and Laurel’s supervisor
The Setting:
The administrative offices for a department in the School of Medicine
The Event:
Amir was reviewing monthly status reports when someone knocked on his office door. It was Laurel, their administrative assistant, and she seemed upset about something.
“Amir? Do you have a minute?” She looked like she was about to cry.
“Of course,” he told her, instinctively standing up, as if he knew they were going to need to leap into action. “How can I help?”
At that, Laurel did start crying. “I’ve made a huge mistake, and I don’t know if we can fix it.”
“What’s happened?” Amir tried to remain calm as he ran through scenario after scenario in his mind. What did they say in the workshop he’d just attended? “Embrace the messenger” (especially when they bring you bad news)?
In response to his question, Laurel walked Amir through what had just happened when she was sending an email. As part of a retention project to provide targeted support to struggling medical students, she’d written an email giving a group of students early notification that they were failing at least one of their classes. She had intended to send it to the group of students using “bcc,” so none of them could see the email addresses and names of the other students. This was especially important in this situation because the email contained information about the students’ educational records, protected by FERPA (Family Education Rights and Privacy Act).
The problem was that Laurel had accidentally entered the email addresses in the “cc” field – not the “bcc” field – so all recipients would be able to see the email addresses of the other students who were also failing their classes. “And before I knew it,” she said,“I had pushed ‘Send’ and it was too late to stop it! Is there anything we can do?!?”
Amir remembered that there was a short delay within which a sender could go into Gmail to stop an email from being sent. He said, “Ok, we might be able to stop some of them. Quick – let’s go to your desk.”
As Laurel accessed her Gmail, they went through the steps to stop that email, but it looked like they were too late. “Oh, no!” cried Laurel. There was nothing to be done.
Amir told Laurel that he was sorry they were unable to stop the email, and that he knew how hard it was for her to tell him about her mistake. He also shared that he would alert the dean and the Information Security team about what had happened.
“Okay,” said Laurel, who was crying at the thought of the dean learning about her mistake, “I’m really, really sorry, Amir.”
The Takeaway:
Laurel made a mistake that many of us have made – she hit “Send” before double-checking her email for errors in content and set-up. But in this case, Laurel inadvertently shared Category I information with people who should never have received it.
For those of us that handle sensitive information in our roles at VCU, we are entrusted with protecting the privacy of the students, employees, and other stakeholders within our community. That means that we must go above and beyond the norm when sending that information electronically. VCU’s Information Security Office provides employees with a Data Classification tool to help us understand whether the information we are handling is considered “Category I data,” or sensitive information that is protected under federal, state or industry regulations and/or other civil statutes. When information like this is shared with the wrong people, it can result in potential regulatory sanctions, fines, and damages to the institution’s mission and reputation.
Information Security’s Exposure and Breach of Information policy offers guidance for employees on what to do if they believe a breach has occurred. The first step is to tell your supervisor, so they can alert the leader of the department and the Information Security Office. These experts can help you know what to do next.
Laurel inadvertently shared Category I data when she shared confidential educational records (student failing grades) with other students, and this type of data is protected by the Family Educational Rights and Privacy Act (FERPA). Laurel received verbal counseling, then volunteered to re-train on data privacy. Her department also changed their email protocols to further prevent information breaches through email.
If you are in charge of Category I data, make sure that you understand the laws or regulations that apply to the information you handle, as well as your department’s protocol for handling that data, electronically or otherwise. And if you have any doubt, seek help from the Information Security Office at infosec@vcu.edu or (804) 828-2227, or the Integrity and Compliance Office at ucompliance@vcu.edu or (804) 828-2336. It’s up to all of us to maintain the trust of our stakeholders, and to think twice before hitting “Send.”
The case study above was based on an actual case study investigated by the ICO; the details, including names, roles and departments, were changed to protect the people involved.
To learn more about any of this month’s topics, or discuss your ideas for future blogs, please contact the ICO at ucompliance@vcu.edu or (804) 828-2336. We’d love to hear from you!