Ethical data handling (including collection) practices are becoming even more important and need a rethink as the recent example of Cambridge Analytica’s misuse of Facebook data highlights, This was not just a question of information security as such, but rather one that revolves around the issues of data privacy and data ethics. Let us explore these things and how data ethics really needs to fit in with overall approaches to risk management.
Information Security is the practice that is concerned with preventing unauthorised access, use, disclosure, disruption, modification, inspection, recording or destruction of information and its’ primary focus is the balanced protection of the confidentiality, integrity and availability of information - the CIA triad! I rather like this term; it is a security model that was developed to help people think about important aspects of information security, there are of course other models out there but as a basic framework this is as good a place to start as any. Information Security includes the planning, development and execution of policies and processes that are intended to support the protection of information assets. A multi-step risk management process (part of the risk management discipline) that identifies information assets, threat sources, vulnerabilities, potential impacts, and possible controls, underpins this.
So what are ethics? Where do they fit? Simply put, ethics are principles of behavior based on ideas of right and wrong. Ethical principles often focus on ideas such as fairness, respect, responsibility, integrity, quality, reliability, transparency, and trust. The DAMA DMBOK framework defines data handling ethics as being concerned with how to procure, store, manage, use, and dispose of data in ways that are aligned with ethical principles. Handling data in an ethical manner is necessary to the long-term success of any company that wants to get value from its data.
Unethical data handling can result in the loss of reputation and customers, because it puts at risk people whose data is exposed. It has far-reaching implications for any company that deals with data privacy, as well as the millions of people whose data is currently stored, managed, and shared somewhere in the cloud. The ethics of data handling is complex and in many ways is really still emerging as as discipline.
So whose responsibility is it for Data Ethics?
In his article “The New Ethics of Data Management” Dr. Barry Devlin raises some good points, not the least of which relates to the responsibility of ethical data use. He makes the point that it is we as customers and citizens who must decide what we accept, not philosophers, ethicists, economists and politicians!.
As data management professionals, these questions relating to the ethical use of data must become part of the consideration and justification of any project undertaken, this includes all types of big data analytics, Internet of Things, and artificial intelligence related initiatives.
Data professionals must consider the ethics of WHO and HOW does the data we collect impact upon - even when used according to the objectives of the project? What are the consequences of misuse? Ethics need to be considered through the whole data project lifecycle (and this includes analytics), right from requirements through to design, development, ongoing use, and eventual decommissioning, and throughout the lifecycle of data itself
Further reading and References: