Businesses of all sizes across all industries are rapidly adopting digital transformation models that put data at the center of driving the business forward—as they should. However, putting data at the center of everything the business does can be risky without proper planning and rigorous management. Many companies have been wise to introduce data governance programs to protect corporate data assets and establish a framework for operational excellence when it comes to data management and use. Data governance emphasizes the enforcement of defined standards or policies and provides mechanisms for consistency and repeatable processes, but it is not enough to protect businesses in today’s world of data.
Traditional data governance models are built on business needs, such as increasing ROI and productivity, or reducing cost, complexity, risk, and liability. This has served businesses well internally, but the shift to becoming data-driven demands they also address external data needs and concerns. And while many will assume this means protecting consumer data and personally identifiable information (PII) (which it does), the issues are far greater than this. Rapidly advancing data capabilities have given businesses the ability to do more than ever before. Businesses can use data to inform the development of new products and services and potentially even new business models. But, just because you can, doesn’t mean you should!
The impact of data use by businesses and government organizations on individuals, communities, and the environment is under constant scrutiny around the world. We are starting to see this formalized with security and privacy regulations such as the EU’s General Data Protection Regulation (GDPR) and the Privacy by Design approach for data systems. But even adhering to legal requirements and compliance regulations will not be enough to protect the business when it comes to ethical data use. Why? Ethical concerns precede legal and compliance requirements. And the stakes are large. Brand reputation is at risk. One wrong move could cause a significant loss, if not the whole business to fail.
Businesses do not have a framework for addressing ethical data use because ethics are not based on business needs. Ethics are based on human values, morals, and behaviors. Ethical decisions cannot be based on business values, mission statements, or business goals and objectives. They must be based on the ever-evolving value constructs of the individuals and communities businesses serve. This makes “ethical data use” quite the conundrum. But with the right additions to a data governance program, ethical data use can be appropriately and effectively addressed.
To understand and operate within the prevailing guiding rules for what is considered ethical when it comes to data use, data governance programs must be able to identify and define consumer values, incorporate them into their existing framework of policies and procedures, and drive the business to act accordingly.
In their book, Ethics of Big Data (O’Reilly Media, 2012), Kord Davis and Doug Patterson outline four key elements for understanding values and specific considerations for data use—Identity, Privacy, Ownership, and Reputation. When governance programs consider the data-driven decisions and actions of the business, each of these value areas must be considered. And be careful; the value definitions change for individuals depending on context. Value assessments must be reviewed for every business action or decision for all target personas.
Identity: How does a person wish to be known? Characteristics? Online? Offline? Recognized or anonymous? Derived or segmented?
Privacy: What are defined rights? Interests and concerns? Who has or should have control?
Ownership: What is inherent ownership? Perceived or defined? Are there legal/compliance concerns?
Reputation: What data is trustworthy? How is this determined? How does this impact the perception of our company internally and externally?
Each of these elements can be further detailed in four key areas of data governance—data collection/acquisition, data management, data use, and data sharing/distribution.
Data collection/acquisition: How is data obtained? With consent? With transparency? Direct or secondary collection?
Data management: How is the data stored? What measures are taken for security and protection? Who has access?
Data use: How is the data being used and for what purpose? Whom does it benefit? Are there risks? Is the data used for more than one purpose? Are there uses outside of intended purpose? How is use disclosed?
Data sharing/distribution: Is data bought and/or sold? How is consent to share obtained? For how long can it be shared? For what purpose? For what use or benefit? To what degree of transparency? Can insights or derivatives be shared?
For businesses to make ethical, data-driven decisions or actions, it is critical to understand the core value positions in each of these areas for all consumers.
Data governance programs must expand to include teams that can consistently assess and monitor consumer values in relation to corporate data collection, management, use, and distribution and incorporate them into their guiding principles, policies, and procedures. Data decisions can no longer be based solely on what is good for the business; they must also be based on what consumers value and see as appropriate and acceptable.