As data management underlies almost all areas of organizational operations, the way in which that data is collected (or procured) and used has been the topic of intense focus and legislative debate. This area is often called “data ethics” and is the purview of analysts, data scientists, and IT professionals. For anyone in your organization who handles data, they must be well-versed in the basic principles of ethical data collection and management.
Why? Because ethical data procurement is central to establishing and keeping customer trust and also helps internal users know that their data will not be exploited. The ethical use of data is a constant effort that involves knowing how you secure the data itself, how it is processed, and how it informs your decision-making and outcomes in your organization.
Here are five main factors every organization must keep in mind as it handles data collection:
1. Consent and ownership
The first principle of data ethics is that an individual has ownership over their personal information. Just as it’s considered stealing to take an item that doesn’t belong to you, it’s unlawful and unethical to collect someone’s personal data without their consent. Consent can be given through a number of tech-based methods, such as virtual document signing, checkboxes when filling out online forms, biometric signatures, and recorded verbal agreements.
2. Subject privacy
The privacy of any data subject must be ensured, even after consent has been given for a specific organization to collect, store, analyze, or otherwise use the data. Privacy is connected to personally identifiable information (PII), which can be harmful to the subject if it is publicly exposed—or stolen via a cybersecurity breach.
Examples of PII include:
- Full name
- Birthdate
- Street address and phone number
- Social Security number
- Financial information (bank accounts, credit cards, etc.)
- Health records
Protecting PII requires storing data in a secure database that’s reinforced by data backup and protection solutions to keep the system safe. Extra precautions should be implemented, such as multi-authentication password authorization and data encryption.
3. Data management transparency
Even once you have a subject’s consent in acquiring their data, they still need to be aware of how you plan to use it. Those same subjects retain a right to know how that data will be stored and used after it has been collected. This requires transparency as far as collection and processing methods.
This also necessitates questioning your own intents before data is collected at all. What is the need for the data, how will you gain from it, and how will it be altered in the gathering? Will the subjects be in any way harmed or taken advantage of through the collection and analysis process—or will your possession of their information expose them to possible future threats if a data breach occurs?
4. Accountability oversight
As methods of acquiring and analyzing data evolve through machine learning and artificial intelligence-based systems, so ethical management practices must also evolve in step. New policies and regulatory oversight must be evaluated and established not just for internal organizational approaches but also to help you adhere to local and national compliance standards. This can be helped by establishing a data ethics panel or board that assesses your organization’s data procurement strategies and determines what changes may be necessary to remain ethically aligned.
5. Subject anonymity
A powerful way to increase data protection during procurement is to strip the data of any identifying elements through the collection and analysis process. Or an organization should consider ways to shield the subject’s identity from those who access the data. If identifying data is not needed for a study being performed or analysis being run, then why not remove or block it altogether for the highest precaution?
Everyone within your organization should be made aware of your stance on data ethics and procurement methods, even if they’re not directly responsible for managing the data in question. This way, if any questionable practices arise or some data oversight occurs, your team will be trained in how to properly respond and keep unethical usage or storage from exposing subjects to harm—as well as exposing your organization to potential legal and reputational ramifications.