Data Ethics & Data Governance

Last week, I was fortunate enough to join fellow industry leaders at the IAPP privacy, security, risk conference in San Diego. The event highlighted the importance of data privacy and its future as a key asset within organizations. I had many discussions on process and legal obligations but also attended multiple sessions on using data ethically in an organization. When we think about data ethics, we need to consider how our day-to-day decisions impact individuals who ultimately this data belongs to.

At a high-level, data ethics is our consideration of obligations to individuals’ data rights and how using their personally identifiable information (PII) will impact them. The key question organizations are asking is: are we doing the right things with individuals’ data and can we serve our customers better with the use of that information. Data Governance is a data management practice built to ensure high quality data is used across the data’s lifecycle, to support business objectives and protect customers’ privacy. Controls on availability, usability, and data consistency are essential to ensuring quality and security amongst your data holdings. Data Governance also extends into data risk, fines and is now starting to include concepts around the ethical use of data in the enterprise. Legislation is being implemented worldwide to protect customers and ensure they can trust how their data is being handled.  

Let’s break this down into key areas of data use that require effective data management but also consider concepts of care, control, and guidelines for effective, responsible, and considerate data use.

Harvard defines data ethics into key principles to understand the process and policies in an organization that relate to personal data. The guidelines in support of this fall into 5 key data areas including:

Ownership: who owns the personal information and what rules are in place to obtain consent regarding data use to include digital privacy policies, cookie, and consent management. This must engage the client and gain consent.

Transparency: How is an organization using data and what plans do they have to store, manage, collect, and ultimately monetize that data. Is this process clearly understood by the data owners?

Privacy: How data is being managed securely by the organization to ensure its protected and PII is ultimately known, understood, and handled with care such as putting in effective controls to de-identify PII information.

Intention: When collecting information for customer data the organization must define the intentional use cases of why the data is being collected and will the data use be beneficial to the customer.

Outcomes: While data use cases must be understood and shared the enduser should also understand the outcomes of data processing and measure the outcomes to ensure there is no intentional or unintentional bias in the data process.

Understanding the guide rails of your data process is the first step to ethically drive your data management decisions. Gartner defines data ethics as a ‘system of values and principles related to responsible collection, use and sharing of data.’  

My understanding of data ethics and data governance continue to enforce my belief that these two systems of data management and ownership continue to converge every day. The privacy conference informed me that while many of these organizations are considering both capabilities, many of them have yet to begin implementation of a solution for either. Many of those that have, are in the early stages of this process. More and more organizations are asking the questions: if you haven’t started your program yet, what little steps can be taken to begin? And if you’re more mature in the process, how can you rapidly enhance your program by taking a more considerate approach regarding PII data?

Taking all of this in and speaking to multiple stakeholders across the business I have a fresh understanding of the modern demands of data and how to effectuate change. It ultimately comes down to data quality, and executing an approach that considers effective governance and stronger data controls on privacy information. One of the sessions I attended was focused on benchmarking the organization and a study was taken from over 400 organizations on how they are approaching these challenges. Some key takeaways were that companies with privacy teams were focused on data through committees with focus on key data areas for privacy, design, data transfer and ultimately the need for a data inventory and mapping solution to support new guidance.

Privacy technology needs to work at scale across the organization and requires personal data discovery capabilities to not only support compliance requirements but to also find, label and manage data related to privacy, governance, and data ethics initiatives. To enforce controls and manage your information more effectively, take an approach that automates the process of data inventory. Leverage deep learning and AI to drive this across all your data assets and provisional policies.

Data Sentinel was built to address this challenge in a democratic way, simplifying the process through automation and data visualization. Our solution is unique in the market to handle this process at scale across all data types and locations for our customers. We built our solution to support data governance and data ethics individuals. Whether you’re technical, or business focused, connect today to discuss how we can help manage all your data challenges.

‍