I recently attended the Data Modeling Zone conference in Portland where I presented a session about modernizing data governance. Most of the presentation focused on governance and agile, big data governance, and cloud data governance. I added a segment about governance and ethics at the end because it is a “soap box” topic for me – something that I feel is important but often invisible. I was pleasantly surprised when the most active discussion of the entire session was about ethics. When ethics has greater interest than agile, big data, and cloud, we’re moving in the right direction.
“There are precious few at ease with moral ambiguities, so we act as though they don’t exist.” This song lyric, quoted from Wicked, captures the essences of the ethics challenges that we face with data. Data ethics is ambiguous so many simply choose not to discuss it – to act as though the ethical ambiguities don’t exist. It is time to recognize that data ethics is an increasingly important topic of data management and an area where data governance can take a leading role.
Ethics is the challenge of deciding the right thing to do – how to do good for all stakeholders. It is challenging because “right” and “good” are not always clear. It is common to think of ethics as doing right for others, but when doing right for others is harmful to the self, ethics is not served. Nor is ethics served when doing right for self is harmful to others. Ethics has two aspects – the tension of right vs. wrong and the tension of right vs. right.
Four hard questions that help to sort out the uncertainties of ethical dilemmas are:
- Which course of action will do the most good and the least harm?
- Which alternative best serves others’ rights, including shareholders’ rights?
- What can I live with that is consistent with my basic values and commitments?
- Which course of action is feasible in the world as it is?
Data itself has no ethical implications. The ethical questions arise from the things that we do (or don’t do) with data – how we collect data, how we protect it, and how we use it. Collection, protection, and use of data all call for ethical judgments. The need for judgment is the core of the problem – judgment has no absolutes.
So we need to ask hard questions, make organizational judgments about hypothetical dilemmas, and translate those judgments into policies and guidelines that help people to make ethical decisions in day-to-day work with data. Ten areas where we need to ask questions and make judgments include:
Informed Consent: Should individuals be provided with full disclosure about the data that is collected about them? Should collection and use of individuals’ data be subject to their agreement?
Anonymity: Should all personally identifying information be eliminated from the data? Should data be collected only in the form of aggregates such that individuals can’t be identified?
Confidentiality: Should sources and providers of data be protected from disclosure?
Security: To what degree must data be protected from intrusion, corruption, and unauthorized access?
Privacy: To what degree should individuals have the right to determine which data about them can be shared with third parties?
Accuracy: What level of exactness and correctness is required of the data?
Ownership: Is personal data about individuals an asset that belongs to the business or privately owned information for which the business has stewardship responsibilities?
Honesty: To what degree should the business be forthright and visible about data collection, protection, and usage practices?
Responsibility: Who is accountable and at what level for use and misuse of data?
Transparency: On a continuum with polar extremes of “totally open” and “stealth data collection,” what is the right level of transparency?
We can’t succeed at managing ethics until we begin to talk about ethics. Most of us believe that ethical conduct yields rewards and unethical behavior brings risk. Belief and conviction, however, are not enough to drive the discussion of ethics. Someone must be responsible to start and to sustain the discussions. I believe that someone is data governance leadership.
Data ethics has a direct relationship with four core goals of data governance – quality, privacy, security, and compliance. For each of these, we need to address ethics in six dimensions:
- We should discuss ethics because doing so will advance the level of professionalism in our data management and governance practices.
- We should discuss ethics because doing so will help us to avoid abuse and the negative consequences of abuse.
- Policy gaps. We should discuss ethics because technology advances create and will continue to create temporary policy vacuums.
- New policies. We should discuss ethics because the use big data and analytics transforms some ethical issues to a degree that requires major policy reform.
- New issues. We should discuss ethics because the use of big data and analytics creates unique ethical issues that require special attention.
- We should discuss ethics because the set of novel and transformed issues is large enough to define a new domain of corporate governance requirements.
Intersecting governance goals with ethics dimensions yields 24 areas of focus for ethics in governance as shown in this matrix.
From this view, it is clear that data ethics is a topic that is broad in scope and deep in complexity. We can’t solve it all at once. As with any complex problem, prioritization and iteration are essential – small steps and steady progress. The first step is simply to start talking about it. We can’t afford to act as though ethical questions don’t exist. It is time to start the conversations and involve all data stakeholders. Data governance must take the lead to make data ethics a reality.