getty
In a digital, increasingly personalized economy, more and more businesses collect and use data for a variety of functions. If collected and managed ethically, data can bring significant value to many functions of an organization, including monitoring informative metrics, honing marketing campaigns, improving the customer experience and more.
However, if an organization doesn’t carefully establish and maintain comprehensive and ethical data management processes and policies, a variety of problems can erupt, ranging from misleading indicators to the introduction of biases and discrimination—there’s even the danger of running afoul of evolving government regulations. Here, 15 members of Forbes Technology Council share some important steps for businesses to take to ensure the ethical management of data in their operations.
1. Conduct Thorough Data Discovery And Classification
A critical step for an organization to ensure the ethical use of data is conducting thorough data discovery and classification to identify all the data it possesses and categorize it based on sensitive personal data and regulatory requirements. In this way, an organization can clearly understand its data and implement the appropriate controls, policies and governance to start proactively managing the responsible use of data. - Blake Brannon, OneTrust
2. Imagine Explaining How You Use Data To Your Customers Or Employees
Set basic processes and guidelines on what to do and what not to do. But the line is not always clear, so I would suggest you imagine being in front of your customers and/or your employees and clearly explaining what you do with their data. If you are comfortable doing that, and you believe your audience would be assured by your explanation, you’re likely in a good position. - Marco Costa, Exclaimer
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Create A Data Ethics Board
Create a data ethics board that’s composed of individuals from diverse backgrounds—including legal, ethical and data science experts—to review and approve all data-related initiatives and policies. This can help prevent biased or unethical use of data and ensure that data-driven decisions are made in a socially responsible and transparent manner. - Avani Desai, Schellman
4. Establish Clear And Comprehensive Data Governance Policies
One important step is to establish clear and transparent data governance policies and procedures. These should include ensuring data privacy, security and accuracy, as well as obtaining informed consent for data collection and use. Additionally, regularly monitor and audit data practices to ensure compliance with ethical standards. - Omar Jacques Omran, Six Flags
5. Make Sure Businesses You Partner With Have The Same High Standards You Do
Data privacy, data access and data protection should be guiding principles when implementing any new partnerships with other businesses. It’s important not only to adhere to the highest standards of ethical use of data in your own operations, but also to ensure that all your partners stick to similar guidelines. Otherwise, you risk the safety of both your own data and your customers’ data. - Peter Abualzolof, Mashvisor
6. Add Good Controls And Great Monitoring
Organizations must first assess risk and place stringent controls around data. However, strong controls and good user experiences rarely occur together. The best practice is to add good controls and great monitoring. When people understand that you can see how they access and use data, they’re very unlikely to abuse their privileges. In short: Trust, but verify. - Marc van Zadelhoff, Devo
7. Continuously Train Employees On Ethical And Legal Data Usage
Sadly, there are numerous public cases of data being abused. Avoiding both the illegal and unethical use of data requires executive sponsorship, oversight and accountability. Accountability for appropriate data usage requires employees with access to customer data to be continuously trained on their obligation to make use of data in ways that do not harm customers. - Rick Kelly, Fuel Cycle
8. Inventory And Classify Data Based On Sensitivity And Level Of Risk
Organizations should implement a robust data governance framework that includes data inventorying and classification that’s based on data sensitivity and level of risk, as well as a clear outline of how data should be collected, processed and shared. Additionally, implement appropriate data access controls and retention and disposal policies that comply with applicable laws and regulations. - Vasudeva Akula, VOZIQ AI
9. Only Allow Access To Data When It Will Be Used For Its Intended Purpose
The most important method organizations can use to ensure the ethical use of data is to keep it private and secure and only allow access to data when it will be used for its intended purpose. In addition, keeping records of instances of accessing data is a necessity for auditing purposes. When data has served its purpose or its legal permissions have expired, it should be properly and securely deleted. - Kevin Beasley, VAI
10. Set Up Independent Annual Audits
Organizations should set up independent annual audits to review how they use data as well as any AI models that are being used. The audit should include not only how the data is used, but also the volume, variety and veracity of the data. Such thorough audits can uncover any biases and enable an organization to take corrective actions if necessary. - Selva Pandian, DemandBlue
11. Lean On Your Industry’s Compliance Guidelines
Understand and respect your industry compliance guidelines. Ensure you know whether a new product launch will catapult the business into a new regulatory field. Being aware of what data you collect and why you collect it is vital: There’s too much out there to take in and process everything, and the urge to do so creates risks of misapplication and leakage. “Just enough for limited purposes” is the right mentality. - Agur Jõgi, Pipedrive
12. Comply With The Strictest Standards (Even If You’re Not Legally Subject To Them)
Always abide by best practices and/or standards. As a California attorney, I know our state has the strictest laws in the country (if not the world) surrounding users’ data privacy, so my company focuses on abiding by California rules so we know we’ll be in compliance everywhere else. It’s tough to say whether any one action is “ethical” or not, but it’s the best practice to comply with the strictest standards. - Jordan Yallen, MetaTope
13. Collect Data Primarily To Create A Better Customer Experience
One important step for a company is understanding the intent behind collecting the data in the first place. Data should not be collected primarily for the benefit of the company; it should be collected to make the company’s service more personalized, meaningful and powerful for the user. Companies must understand that the onus is on them to respect not just the data itself, but also the person behind the data. - Christopher Rogers, Carenet Health
14. Create A Catalog Of All Held Data
The first step organizations must take to ensure the ethical use of data is to create a catalog of all data held by the organization. This requires classifying and tagging data on ingestion, creating a data lineage as data gets distributed, authorizing and controlling access based strictly on ethical use cases, and deleting data when it is no longer needed. - Vishwas Manral, Cloud Security Alliance
15. Be Sure To Obtain Informed Consent Before Collecting Data
It is essential for an organization to establish clear and transparent data governance policies and procedures to ensure the ethical use of data in its operations, including guidelines for data collection, storage, sharing and use. These policies should include obtaining informed consent from individuals for data collection and implementing appropriate security measures to protect the data. - Cristian Randieri, Intellisystem Technologies
