New technology deployment gives start to different changes in organizations and disrupts existing practices – for better and for worse. The dynamics of control and trust are not immune to these changes. Our study focuses on the unintended consequences of new technology deployment for control and trust by investigating a case where Microsoft Office 365 was first introduced in an organization operating in financial industry.

In organizations, control emerges in how individuals regulate their own behavior and that of others, and new technology may provide different organizational members with tools to do this in new ways. As organizational members learn about new technological features, new unintended control practices may emerge that take place outside managerial gaze and influence. These practices may prompt different social interpretations and, hence, shifts in trust. For example, where one sees monitoring of other’s online activity through technical tools as normal behavior, others consider this intrusive and experience intolerable vulnerability.

Our study, published in Journal of Management Studies, advances understanding of control-trust dynamics by explicitly considering unintended control practices and their trust implications next to deliberate managerial action. We show how unintended control practices emerge in unowned processes, that is, processes that do not have a single identifiable source or purpose. While managers may deliberately pursue to adjust control and trust, unowned processes easily go unnoticed, which poses uncertainties, and a risk, for an organization where they emerge.

Emergence of unintended control practices and shifts in trust – Deployment of O365

Our story is that of an information security expert observing the attitudes and behaviors in different organizational groups when O365 became in use. Examination of this setting showed us how emergence of four control practices – incidental monitoring, organizational surveillance, individual concealment, and collective resistance – was intertwined with emergence of trust asymmetries: In one organizational group, the information security experts, suspicion and distrust emerged as they gradually learned how other organizational members had started to monitor others’ work habits. Some organizational members started to keep track of others being logged in, for example. There were also those who could track in detailed manner what others did online. Interestingly, except for the information security experts, other groups—including the top-management—did not show signs of trust erosion. They were focused on the benefits brought by the technology and dismissed any worries, which, unfortunately, further added to information security experts’ confusion and concern.

Following the developments further, we could see how the distrust development was halted and how repairing of distrust took place. In this, the key factors were trusting organizational environment, limited awareness of other organizational members of the developing distrust, and the ability of information security experts to rely on control practices that reduced their vulnerability to a tolerable level. Benevolence was built on when rectifying the situation; it was widely considered that no action was taken with the intention to harm others. The high-trust context allowed information security experts to take action to reduce excessive monitoring and surveillance, and kept others from opposing their actions that restricted the uses of the technology for monitoring and surveillance. However, the situation easily might have escalated to involve organization-wide distrust. Therefore, unintended consequences of technology deployment for control-trust dynamics cannot be overlooked.

Takeaways for managers

• Keep in mind that not all controls are consciously developed or interpreted the same way, even if adjusting control and trust though managerial action is pursued; new technology may come with unintended forms of control in organizations.
• Acknowledge that whether or not control and trust are consciously addressed, both play interacting and evolving roles in organizations.
• Pay attention also to the relevance of actions by non-managers in control-trust dynamics; different organizational members may develop perceptions and interpretations of others’ actions which may change their behavior and mutual interaction in detrimental ways if their attitudes and behaviors are not acknowledged.
• Notice that large scale managerial intervention is not always needed. Sometimes the organizational members can solve problems on their own. When managers understand control-trust dynamics and are alert to the development of unintended practices, they can make informed decisions on whether or not, and when to intervene. It is possible that organizational members find their own way to remedy damaging developments given the chance to do so.

Photo by Markus Spiske (source: https://unsplash.com/photos/iar-afB0QQw)