Skip to main content

Ethical use of personal data – a Data Governance use case

Paul Malyon 9 minute read Data governance

I’ve been involved in personal data for my entire professional career – it’s something that I fell into but that I now find fascinating due to the power that data can have to change lives.

I wanted to use this blog to look at something that I’ve certainly been aware of for a long time but is now becoming a much more visible area of data governance - namely Data Ethics.

Before we start, it’s worth pointing out that Ethics is an important element of the Data Governance framework developed by DAMA (the Data Management Association International). I’d recommend anyone exploring Data Governance look into their Body of Knowledge publication and read Chapter 2 on data handling ethics.

data-governance-dama.png

Where we’ve come from

If I think back along my own career, the ethical use of data on individuals (both consumers and business people) has been a key focus – whether it was named as such or not.

From directly sourced business contact data through to business credit reports, consumer marketing preferences, and location data; I’ve been involved with most forms of personal information in one way or another. Over the years, I’ve certainly seen a change in approach to managing that data and have also seen many, many media stories on what happens when things go wrong.

When I started out in 2004, the Data Protection Act had been in place since 1998, yet many organisations were still coming to terms with Privacy as a business essential rather than a ‘nice to have’. The perception I found in the B2B marketing world that I entered was one of unawareness – because the rules were perceived as consumer-focused, many thought that it did not apply to them.

Whilst there were some differences in areas such as consent, the 1998 DPA was still important to my early work managing a B2B marketing database. What I also had to consider was the messy patchwork of different regulations around Europe and the attitudes of people to their data being used for marketing, with countries like Germany having a very different expectation of how their data would be used than people in the UK.

It was in April 2010 that I saw a real indication that change was coming – the UK ICO were able to issue fines up to a maximum of £500,000 where previously it was only £5,000.

At this point, I was working for Experian and saw first-hand how seriously data protection was taken. It was clearly important for our business model – when entrusted with sensitive personal data; security, quality and trust is critical.

Whether it was our internal Data Council, annual information security training, internal security best practise programs, customer support teams or data supplier on-boarding processes, we had steps along every data journey that asked questions of the data we used to ensure it was of the highest quality possible and could be used for the destined business purpose.

As a product manager responsible for data, I always asked myself questions around how data was used by suppliers, clients, and partners on top of my own use within products and services. Whilst this was supported by our internal compliance processes for new developments, I worked hard to find additional ways to share thoughts with colleagues and gather feedback on how we wanted to use data in the same way as my software product colleagues would do things like A-B testing on a user interface.

Today, things are changing across industries thanks to a combination of factors which will make the consideration of privacy and data ethics more important and visible to all. If I were stepping into my old job now, I would expect the kinds of additional questions I asked my stakeholders to be part of ‘business as usual’.

The rise of Data Ethics

I’ve spent the last couple of years working with our clients to help them prepare their data for the GDPR. On top of considering what the regulations mean and how to abide by them, many of the discussions I’ve had have focussed around the softer, non-regulatory reasons behind a focus on data governance.

Many of these conversations have centred on the ethical use of data with some organisations already introducing a ‘customer promise’ as part of their work. Many of these promises look to crystalise a Privacy Policy into something tangible and easy to understand – very much in the spirit of the Transparency principle of the GDPR too!

Along with some notable events, the approach to Privacy and Data Ethics is beginning to change rapidly. When I started my career, it wasn’t a commonly used term – today, we have businesses, government and 3rd sector bodies all working on Data Ethics. Some notable developments include:

  1. UK government launch and consultation on a Centre for Data Ethics and Innovation (supported by the Data Ethics Framework)
  2. The Open Data Institute data ethics canvas
  3. Ethical principles for data scientists from DataKind UK

These three developments alongside many, many others show that now is the time not just to consider your Data Governance approach but to embed Data Ethics within it. Consumers are beginning to vote with their feet – our own research shows that trust and transparency are important factors in the decisions made by consumers on when and what to share with organisations providing them with services.

Ethics as business sense

Privacy as a business differentiator or USP is becoming a very real thing – this is not only based upon regulation and a reaction to media interest, it is a stance by some organisations to take particular approaches to managing customer data and perhaps most interestingly, being public about it is proving to be financially advantageous.

As I mentioned earlier, more organisations now have ‘customer promises’ or charters that explain clearly what they will and won’t do with the data of an individual. Some even set up entire ecosystems in a certain way to share (or not share) data with apps, developers and other 3rd parties.

Making public statements about these approaches has also become more common (partly encouraged by the GDPR) and consumers are now able to make more informed decisions around which services to use or products to buy.

Whether it be a choice of online retailer, mobile phone or media streaming service; consumers are beginning to understand the value of their data and the importance of privacy. Brands are responding by taking an ethical and transparent approach to how they use personal data.

This ethical approach isn’t completely new – organisations have been making public their ethical business commitments for many years. Whether it be organic, non-GMO or fair trade food to their investment strategies, child labour protections, animal testing stance or climate change credentials – doing good is good business.

Data for good

Whether it be to meet regulatory requirements or create innovative new propositions, data ethics is a term we should all get used to.

When planning your next data migration, new CRM system, single customer view or new product launch - consider the impact on privacy. Ask your colleagues how the data governance framework they are following takes a privacy by design approach and whether the ethical use of data is a central element of that.

However you want to approach data ethics, have the customer at the heart. Would they expect you to do what you’re planning to do with their data? Is the outcome clearly in their interests? Does it match the general ethical standpoint of your organisation?

Also consider how transparent you want to be with your customers. As part of the requirements set out by the GDPR you'll have updated your privacy policy. However, if customers are placing more importance than ever on responsible data management, then taking transparency a step further gives you a USP over your competition and it could be a valuable asset. That could be anything from making visual aids to explain how you use customer data through to implementing a dedicated team to manage it.

Where to start?

While there may not be a single recipe for data ethics, it’s becoming increasingly important to have a proactive, responsible approach to managing individuals' data and it should be a key consideration for the technologies and processes you're employing as part of a wider governance strategy. What will also become clear is how fundamental a good foundation of data quality is to all of this - after all, how can you demonstrate an ethical approach to customers if you can't get the basics right in the first place? Putting solutions in place to manage, clean, standardise and de-duplicate customer data, as well as supress records that should no longer be contacted is therefore an important first piece of the data ethics jigsaw.

If you can say to your colleagues and customers that you treat data with respect, then you’re well on your way to having an ethical approach to data.