What Do Your Other Customers Do?

Early in my career, I was tasked with loading sensitive data into an HR system during a massive payroll conversion. I won’t get into what data, but just know that it was extremely sensitive.

Lacking a way to systematically verify the file against the legacy source, I chose the illusion of responsibility. I stood in a room full of stakeholders and asked for verbal confirmation that this was the final version. Nobody wrote anything down.

Then, I uttered a sentence I still catch myself repeating every odd week.

“Well, I asked. Our CYA is intact.”

Technically, I was right. I said the right words out loud, so if things went wrong, I was personally covered.

And then things went wrong for the business.

The data mismatched on an employee ID because someone upstream had accidentally deleted a single row on a filtered spreadsheet. Highly sensitive information landed in the wrong accounts and in front of the wrong people, all with my name permanently stamped on the transaction. The audience I had built my verbal cover for wasn’t around when the damage finally surfaced. I was left entirely on my own to answer the uncomfortable, face-to-face questions from employees asking what, exactly, I had been doing with their personal data.

Enterprise software is an accelerator. It doesn’t create the hole; it just automates the digging. If I had insisted on real, systemic verification, we would have exposed a pothole for the business. Instead, I took a standard operational assumption and stretched it over the Grand Canyon to cover myself.

It took me a while to realize where the true failure took place. The people who actually owned that legacy data were already gone, swept out in a reorganization that never quite finished. There was absolutely no one left in the building who could have validated the file in the first place. My little ritual of saying “I’ve got my CYA” didn’t protect me. It just threw a tarp over a massive structural hole in the business.

From a personal perspective, I hadn't done anything reckless. I did the standard, defensible, this-is-how-it’s-done thing. Yet, it was a failure of ownership—one driven by accepting the easy default over pushing for real, systemic accountability.

That is the exact trap I look for today. As a consultant, I don't just look for obvious mistakes anymore. I look for the decisions that never felt like decisions at all. And the place they hide best is the configuration screen.

The Moonlit Ocean

There is a question I hear on nearly every consulting project: What do your other customers do?

A reasonable question, but it only asks about the surface.

Picture someone wading into the ocean at night. In the moonlight, they can see the water stretching out to the horizon. What they can’t see is how deep it is right in front of where they are standing. Most of the shoreline is shallow and forgiving. But occasionally, the bottom drops out without warning. It is ankle-deep on one step, and over their head on the next. From above, the surface looks exactly the same.

“Best practice" is that moonlit surface. It is the wide view, and it's true on average. Vendors recommend the standard setup because it holds up statistically across all their clients. It is safe for them to stand behind.

But your business isn’t their statistic. A configuration setting either fits the ground under your feet, or it doesn’t. The more “standard" a setup looks, the less it knows about your actual reality. Standard isn’t safe; it’s just the view everyone else has. It is a suit designed around the average measurements of every customer the tailor has ever had—perfectly fitting the mannequin, which is the average of a thousand bodies and the shape of absolutely none of them.

This means a company can do everything right and still end up in court—not in spite of following the standard, but because of it.

When a project team asks what everyone else does, the motive is the tell. Asking to calibrate (to weigh an external data point against your own unique context) is healthy. Asking to abdicate (so you don't have to look, or so you can build an alibi) is a trap. The honest reason people chase best practice is usually to be blameless rather than correct. However, the law, the market, and your own people do not care what a company three states over did with their dropdown menu.

Let’s say that I’m configuring a time-off accrual. There is a setting for how to round the time. The default rounds to the nearest tenth, meaning it occasionally rounds down. And sure, it is accurate enough for almost everyone. The entire legal mess is prevented with a single, simple question to the business: We have options on how this rounds. Does it matter to you?

But I don't ask it. I leave the default, because the default is standard.

There’s no error in the math. The system does exactly what the configuration told it to do. But the law doesn’t care about “clean config” when a single worker (rightly) points out they were shorted five minutes of earned time. Accurate enough instantly becomes a stolen five minutes with a human name attached to it—and the rounding drop-down a team waved off is suddenly what General Counsel has to defend.

That’s how easy it is for me to configure the precise thing people fight over in state supreme courts. Not because I was careless, but because asking the question wasn’t anyone’s job until it became everyone’s problem.

Where the Bottom Drops Out

“The Standard” isn't the enemy. For almost everything a company configures, it is the right answer. Customizing things that don't need customization just buys you brittle systems and upgrade pain.

The valuable question isn’t Does the average fit us? The better question is, Which parts of our business are not average?

Every company has one or two custom, high-stakes exceptions carrying the weight of compliance. They don’t turn up in the wide view. They turn up because someone standing in that exact spot feels the bottom drop out and screams.

The most dangerous vulnerabilities concentrate where you thought your organization was strongest— in places where you have made a public promise. Your core corporate values are your densest cluster of system entanglements, and best practice is values-blind by construction.

Imagine an organization that collects an employee’s preferred name during a modern, inclusive onboarding experience. HR believes the matter is handled. But downstream, the single-sign-on infrastructure and the front-facing benefit feeds pull exclusively from the legal name fields to satisfy legacy system architecture. Suddenly, an employee is deadnamed across every internal application they use to do their daily work. The configuration choice was technically defensible under standard design models, but it silently broke a cultural promise. The system logs the error forever, and a small setting has propagated a compliance and cultural disconnect while everyone was looking elsewhere.

I keep a running list of these drop-offs. They aren't exotic edge cases. They are standard, mundane choices I’ve watched get made on a normal Wednesday. Underneath the legalese, it is the exact same move every time. A tired person clicks “next” on a screen and assumes a default setting isn't a landmine (because it’s defaulted).

Take a look at how this plays out in discovery. A company buys a well-reviewed AI tool to screen applicants. They turn it on, exactly the way everyone else does. A rejected applicant sues. But they don't just sue the employer; they sue the software vendor. In Mobley v. Workday, the court let the case proceed on the theory that the vendor acted as the employer’s agent. The judge ordered the vendor to turn over a list of every single employer who had switched that feature on.

You don't have to lose a case like that to work (and pay) the hours for it. Your company’s name gets dragged into discovery simply because you acted as a blind consumer of technology. In response to these exact suits, vendors are quietly tightening their terms of service, pushing the liability for “improper configuration” straight back onto the employer—most AI contracts now cap the vendor’s own exposure at a year of fees and decline to warrant compliance at all.

In Kistler v. Eightfold AI, filed in early 2026, the complaint doesn’t even allege bias. It alleges the tool scored applicants in secret against a scraped database of more than a billion profiles, then discarded the low-ranked ones before an actual human ever looked, with none of the disclosure the Fair Credit Reporting Act requires. Same unexamined default, entirely different statute.

In California, thousands of organizations used a single standard payroll setting to calculate missed-break penalties. The state’s highest court decided in Ferra v. Loews that the standard way was wrong—and they made the correction go back in time. A standard default, applied to a non-standard reality, became an immediate retroactive penalty.

Across the country, employers are facing class actions over 401(k) forfeitures and tobacco wellness surcharges. The companies caught in the crosshairs share one structural flaw. Their legal paperwork promised one reality, their system logic enforced another, and nobody ever bothered to audit the paperwork against the software configuration.

The failure mode is identical every time. A small configuration choice spreads silently while everyone looks elsewhere. By the time the damage is caught, the fix requires legal surgery rather than a simple settings update. HR is abandoning its human agency in favor of the agentic, throwing a tarp over structural holes while automating the speed at which the business falls into them.

To be clear, I wasn’t in any of those rooms (and allegations are allegations). I’m just pointing at the shape of the case, not the verdict.

The Audit Log and the Relay

I have watched one of these lawsuits surface. The moment a system choice becomes a legal exhibit, your job instantly changes. You are no longer managing an IT infrastructure. You are sitting in a room full of attorneys, explaining an old configuration choice that someone else made (or that you didn’t even know you made).

The professional who clicked “next" is almost never a named defendant. They don’t have to be. The system's audit log already holds their name and a timestamp in the “Created By” field. The audit log neither blinks nor forgets.

The real horror for the business is in the delay. Discovery surfaces the log years later. A highly competent professional ends up under oath, trying to explain why they bypassed a warning prompt or left a dropdown menu on its default three years ago. The company might survive the lawsuit, but the person whose name sits on that field cannot erase that moment from their record.

This breakdown is mechanical, not moral. Accountability fails because of an observation problem built directly into the corporate structure. An operational issue is simply a signal that needs to travel to a place where someone has the authority to act on it. Every person in the corporate hierarchy is a relay whose actual job is to pass that signal along, not to suppress it.

The system dies when a relay stops observing the signal, jumps down the rabbit hole, and starts observing itself being observed. A manager sees a data error, a compliance mismatch, or a configuration gap. Instead of passing the warning signal up the chain, they sit on it or soften it to protect how they look to the one executive watching them. The reporting line (the very channel built to carry information to the top) becomes the exact structure that kills it. Plausible deniability is the cancer of modern enterprise, and the org chart is its diagnostic failure.

To combat this, people often rely on the routine opening of system tickets. But the ticket itself can become a tool of appearance-management (the CYA shadow). If a ticket is opened simply to build a personal paper trail rather than to clear the channel and force a resolution, it is just accountability's uniform worn to hide an abdication of choice. True communication is the only mechanism that recovers the joint reality between separated business units.

Forcing the Choice

Modern enterprise systems push the “average” out at scale. No one wades out to check the specific depth of a client’s shoreline. Most of the time, this automation is mandatory for survival. It works perfectly—right up until the system encounters a human reality it wasn’t taught to see.

When an organization brings me in to architect a system, I don't just audit the screens; I audit the silent assumptions keeping the room in lockstep. I stop the project on the high-stakes configuration gates—the structural rules that dictate how data transitions, who handles exceptions, or downstream maintenance.

I look at the project team and ask the typical questions: Who are the downstream stakeholders here? Who actually owns this configuration once I leave? Who owns the final sign-off, and who is responsible for testing the gaps?

Usually, the room goes dead silent. People look at their laps or point toward an outsourced implementation partner. Nobody wants to hold the live wire, and in some cases no one has any context.

And then, inevitably, someone tries to break the tension with the phrase I now dread most: “Well, what do your other customers do?”

There’s no problem in asking that question in any other setting. It’s usually a good grounding question to ask. But the moment I hear that sentence in that specific room—in response to my baseline questions—I know we have a problem.

They aren't asking for best practices because they want to build a better system. They are asking for best practices because they are looking for an algorithmic escape hatch. They want a configuration default to stand in for a business decision they will not, cannot, or have not made.

“If you take the standard approach,” I tell them, “you save your team a week of heavy administrative labor and cross-departmental alignment right now. But you also assume your business has no internal friction, no historical data debt, and no operational edge cases. The software will faithfully execute the default rule every single time, quietly dropping anomalies onto automated fallout reports that nobody reads—until a massive compliance penalty surfaces. Keep the default, and you buy speed today. Change it, and you eat the labor of auditing your own reality. There’s no wrong answer for the business because time is always a factor. Which do you want?”

That is the entire job. I am not there to catch a data error for them. I am there to feel for the bottom in the exact spot the wide view skips, to ruthlessly expose the ownership vacuum, and to force the choice down the line to someone who can actually own the risk.

A Permanent Court Stenographer

It is easy to explain a mess after it happens. It is much more useful to name a disaster while it is still taking shape.

Sometime in the last two years, AI meeting transcription turned itself on by default across major enterprise platforms. It happened simultaneously across thousands of companies (most of which never realized they had a choice to make). Without a single vote, we effectively placed a permanent, silent court stenographer in every internal meeting in corporate America.

No one sat in a boardroom and decided that every offhand manager comment, messy reorganization debate, and sensitive performance review would now be captured. But they are. They are time-stamped, highly searchable, and quietly fed into your internal (or external) AI tools every day.

Historically, HR infrastructure relied on the quiet, unrecorded space where candid deliberation happens. It is where a manager talks through a touchy situation before taking action. It is where people ask half-formed questions that would look damning if stripped of context. Total automation, switched on by default, quietly burned that room down.

I don’t believe it’s farfetched to say that these automated transcripts will become the centerpiece exhibits in a massive wave of discrimination and retaliation lawsuits in the coming years. If so, the exposure will trace directly back to a choice nobody made: We just left the default on.

And the exhibit itself might be the smaller problem. The larger problem is the bill. When legal discovery arrives, someone has to pay to produce, review, and redact thousands of hours of un-curated machine transcripts. That expense alone will force companies to settle claims they otherwise would have won, simply because it is too expensive to read their own meetings back to themselves.

Once the transcript is on, turning it off becomes an administrative paradox. If a manager kills the AI transcript for one high-risk call, but keeps it on for a standard team meeting, that missing file instantly becomes a target during a deposition. It gives a plaintiff’s lawyer a glaring line of questioning: Why was this specific hour the only one left unrecorded? The very act of choosing privacy after the fact becomes a marker of liability.

The First Move

This isn’t just an HR problem. The pattern doesn’t care about departments. The same “round to the nearest, it’s accurate enough” default I left in a time-off setting is hiding in your billing, inventory counts, and financial reconciliation right now.

The mid-level practitioner or the systems analyst who does not control a massive corporate audit budget still has moves available. You can break the observation problem by passing the signal along. When you encounter an unexamined default that contradicts an operational reality, document the tradeoff and put it in front of the business. Convert a private question into a documented business decision that the next person in the chain cannot (quietly) drop.

External parties can’t help solve an unnamed problem. And they certainly can't solve the problem you already feel but refuse to say out loud: the configuration handoff nobody owns, or the setting that stopped matching your actual operations years ago.

If your organization truly fits the average, then take the default. There is no shame in it. If you read this and the “standard” configuration actually maps to your reality, you got your answer for free.

But if you recognized your own system here—if you know exactly which default switch is sitting unexamined in your platform right now—then you already know what to do.

Finding your hidden divergence takes time. It takes budget. But a configuration audit costs thousands; a retroactive class-action costs millions.

You have to wade out into the water and find out how deep it really goes.

Sources

Allegations and case postures are current as of June 2026; verify before relying on any case. This analysis reflects operational systems-configuration risk and does not constitute formal legal counsel; organizations must consult their own legal teams regarding local statutory compliance and litigation strategy.

1. Mobley v. Workday, Inc. (N.D. Cal.) — AI applicant screening and service-provider “agent” liability (Seyfarth Shaw LLP); court-ordered list of the employers that enabled the features, with notice to a certified ADEA collective whose opt-in period ran through early March 2026 (AI Governance for HR).

2. Kistler v. Eightfold AI (Contra Costa County, Cal.; filed Jan. 2026) — Fair Credit Reporting Act theory: applicants scored and screened out without disclosure (Jones Walker LLP).

3. AI-vendor liability shift — roughly 88% of AI contracts cap vendor liability at subscription fees; only about 17% warrant regulatory compliance (Jones Walker LLP, “AI Vendor Liability Squeeze”).

4. Ferra v. Loews Hollywood Hotel, LLC (Cal. 2021) — meal/rest-break premium pay owed at the “regular rate of compensation,” applied retroactively (Shook, Hardy & Bacon).

5. ERISA 401(k) forfeiture litigation — most suits dismissed at the district level; in May 2026 the Eighth Circuit became the first appeals court to affirm a dismissal (Matula v. Wells Fargo), on standing (Mayer Brown).

6. Tobacco-surcharge ERISA class actions — courts split: Williams v. Bally’s dismissed (D.R.I., Nov. 2025; on appeal to the First Circuit) (Gibson Dunn), while Wilson v. Whole Foods survived dismissal (W.D. Tex., Jan. 2026) on the retroactive-reimbursement theory (HR Dive).

7. Sacramento City USD v. Workday — HR/payroll implementation failure on a roughly $250M payroll (“no customer like us”) (Panorama Consulting).