The business world runs on the fuel of data, but those wells of information could dry up if companies fail to take into consideration the value and impact of personal information to individuals. If people feel unable to trust an organisation with their personal information, they may become reluctant to share it. Consequently, businesses may find themselves without the data they need to operate or function fully. Why then, is data still so frequently managed like a bi-product?
The idea of information ethics extends beyond the concepts of fair dealing into the information space and provides the foundation for building trust with individuals regarding the collection, use and disclosure of their personal information. Undoubtedly, GDPR cast a spotlight on the importance of the ethical use of data. For many businesses, this sparked a change not only in how they store personal data, but also how they use it and what information is shared with their clients. However, boundaries are still being pushed and companies are still unclear on what they can and can’t do. It is therefore vital business develop an ethical approach to data management.
Understanding the customer
A fundamental part of ethical data management is understanding the different aspects of building trust and the concerns individuals might have regarding handing over their personal data. Frequently, people see giving organisations their personal data as a risk as they must trust that the business will protect and safeguard it. Often, people don’t have a clear view of how their data will be consumed and processed, and what will happen with their personal information, which may lead to some individuals refusing to give up their personal data altogether. Businesses must therefore take a clear view on the issues of how personal data is being stored, managed and used, in order to maintain trust with consumers.
Developing a trust model
Further to this, to address the three concerns of risk, reliance and results, businesses must build a trust model for their interactions with individuals. Firstly, focusing on risk, they must be transparent about the handling and processing of personal information. Next, the organisation must stand behind what it does with the information and be accountable for anything that occurs that is not consistent with how it communicated the processing of it. Finally, the organisation must provide the individual with a map detailing the path of their data so they can see the lifecycle of the information relative to their relationship with the organisation. This framework will ensure they are operating in a way that is both compliant and ethical.
Leading from the top
Yet, while the subject of privacy is a board-level and senior management risk issue, barely half of organisations have adequate controls in place. To change that, it is vital that the message of data privacy, the support for controls throughout an enterprise and the organisation’s stance on the ethical use of data comes from the top. It is important that business leaders use clear language when talking to employees about the use of data and ethics. Often, the harder job is making sure that what is said matches the actual activities that occur with personal information. Fortunately, by adopting a culture that includes a trust model of transparency, accountability and governance will provide a framework for the organisation to address this challenge.
Creating new roles
Not only should organisations lead from the top, but they should also consider appointing somebody whose responsibility it is to look after data. As organisations begin to look beyond compliance to drive competitiveness through the governance of personal information, the issues of trust and ethics pertaining to that information become more crucial to the success of the business. As such, more businesses are beginning to treat personal information as a critical asset like they would treat money and are appointing senior people to governance and ethics roles. This is seeing the creation of new Data Protection Officer, Trust and Ethics Officer or Chief Ethics Officer roles to ensure businesses not only maintain compliance but also maintain trust. Developing these roles sends a strong message that trust, and by extension, privacy, security, and ethics, are at the forefront of the culture of an organisation. But more than that, this approach moves the discussion on from businesses purely being interested in being compliant, to focusing more on operating ethically and doing the right thing.
Currently, the main data management consideration for a large number of businesses is that they comply with regulations with few organisations giving much thought to the idea of ethics. Therefore, it’s pivotal that the gap between regulation and morality closes to ensure that the ethical treatment of data isn’t merely best practice. To achieve this, the relevant bodies must ensure that regulations evolve as quickly as the data they govern. With all other aspects of data management falling under some kind of regulation, surely it will only be a matter of time before the ethical treatment of data is also regulated.
The ideal outcome
Ultimately, as individuals begin to choose which organisations that they will interact with dependent not only on economic or convenience factors, but also how well the organisation protects and safeguards personal data, information ethics is a competitive differentiator. Consequently, businesses must continually come back to the idea of what should they do with data, rather than what could they do with it. Vitally, this should is not from the perspective of doing more with the data, but rather doing more to add value to the relationship with the consumer. This approach will ensure businesses continue to be compliant in their treatment of data, but also gain the trust and potentially loyalty of their customers.
Ken Mortensen, Data Protection Officer, Global Trust & Privacy, InterSystems