Ethical Use: Do You Have A Data Policy for That?

Security and privacy have always been at the core of data governance.  Typically, company policies, processes, and procedures have been designed to comply with these regulations to avoid fines and in some cases jail time.  Very internally focused.  However, companies now operate in a more external and connected fashion then ever before.

Let's consider this.  Two stories in the news have recently exposed an aspect of data governance that muddies the water on our definition of data ownership and responsibility.  After the tragedy at Sandy Hook Elementary School, the Journal News combined gun owner data with a map and released it to the public causing speculation and outcry that it provided criminals information to get the guns and put owners at risk.  A more recent posting of a similar nature, an MIT graduate student creates an interactive map that lets you find individuals across the US and Canada to help people feel a part of something bigger.  My first reaction was to think this was a better stalker tool than social media.

Why is this game changing for data governance and why should you care?  It begs us to ask, even if a regulation is not hanging over our head, what is the ethical use of data and what is the responsibility of businesses to use this data?

Technology is moving faster than policy and laws can be created to keep up with this change.  The owners of data more often than not will sit outside your corporate walls.  Data governance has to take into account not only the interests of the company, but also the interests of the data owners.  Data stewards have to be the trusted custodians of the data.  Companies have to consider policies that not only benefit the corporate welfare but also the interests of customer and partners or face reputational risk and potential loss of business.

Policy forms posted obscurely on your website or in a microscopic link in an email aren’t transparent.  Complex opt-in and permission settings confuse rather than support data owners to communicate allowed use – think about what happened when Facebook’s permission setting were so complicated that Randi Zuckerberg’s personal status was accidently syndicated across the world.

Ethics matter to your customers and your partners.  Providing transparency to your data governance policies and the appropriate mechanisms for data owners to truly govern their data at points of interaction and engagement is critical. Blur the lines between your back-office and front office, and even extend to the interactive edge for comprehensive data govnerance across all data owners.  Keep in mind that by not addressing ethical use of data in your governance policies and procedures, there are unintended consequences that may not harm you, but certainly can affect or harm your customers and partners. 

By the way, the interactive tool that the Journal News posted to show gun owners on a map?  Ultimately the Journal News took down the site on January 18 after reconsideration. 

What’s your policy for ethical use of data?



Excellent points

Hi Michele
Thanks for starting this very relevant and often overlooked aspect of data management. Most are familiar with the need for data governance to define the policies and standards for data usage, but so often those policies are of course driven by regulatory, risk or bottom line-based motivations.
I like to think of "Ethical Use" as you phrased it as the intersection of corporate policy and corporate culture. Instead of asking the question "Can we do that?", it asks "Should we do that?" Technology innovation is such that there's very little that we can't do today - or soon. But only strong leadership and social/corporate citizenship can answer the "should we" question.

Just 'cause you can doesn't mean you should

Rob - I find it interesting in data governance conversation how this aspect of ethical use does not come up, even in the discussion of ownership, security, access, and risk. I agree with your point on "should we do that?" and the corporate culture that sets that policy. Is it me first? Or are we in this together? Maybe not always a popular thought, and possibly perceived as a barrier. But, data strategy and policy is set with a long term vision and perspective in mind. With principles defined, guardrails exist allowing fluid data governance. Thanks for the point of view!

Data Protection Framework?

Great article, Michele. There is no question that some data must be protected. Period. But as companies become smaller and smaller, governance and execution of these protection rules become just one of many things that must be dealt with by a small staff. And this raises the further question of "What happens when 'big' unruly data is freely available to hobbyists?" By "hobbyist", I mean anyone who records and uses information for pleasure rather than for profit. An extreme example might include someone who takes a large number of photographs and simply posts them online for all to see. Is there a "data protection line in the sand" that we should become aware of or advocate for? Should coursework in human privacy be mandated during some part of the education process?

Without trying very hard, we can find extremes on both sides of the data protection issue. The amount of data available at our fingertips, corporate and otherwise, will continue to grow exponentially. So, is some sort of a "data protection framework" needed? And if so, what would that look like?

In the comment above, Rob advocates for "strong leadership and social/corporate citizenship" as a way to answer the "should we" question. I agree. Governments can mandate that companies within its borders follow certain policies. But how can we work toward ethical privacy and decency policies on a global scale?

The "Hobbyist"

Jeff - You make a great point on a data protection framework and scale. Do we rely on government to drive policy and compliance? Do we need to institutionalize ethical use of data in university? How does privacy and decency go global?

My reaction to this is, too big in scale. For all the efforts at the government and educational level after Enron, we still had a historic failure in banking due in a significant way to lack of ethics in lending. Also, consider that government will only get involved in a reactionary way. Where data governance done well works is to ensure a longer term perspective on actions. Ethical consequences occur after the immediate reward sought. The consequences were not necessarily considered, or devalued. Society will let you know when you hit the wall. I'd even say that most know when and if they will cross the line. It is about the choice to cross the line we have to contend with in governance. Wether you have 2 people or 50 for governance, forethought in ethical policy should occur prior to an action, not when the immediate reward is too enticing in the moment.

Avoiding policy creation in the moment is the first and easiest step. This is mature governance.