With the explosion of companies collecting data, it is imperative that proper guidelines are followed. The data revolution is influencing all facets of human society in which we live, fundamentally altering how we function and interact with other individuals, businesses, and the government (Richards & King, 2014). Richards and King argue that cultivating ethical sensibilities on how we collect and act on data elements. However, most people working WITH data do not have any training or education in data ethics.
Many facets of life that affect other people require knowledge tests and training. Doctors, lawyers, construction equipment workers, even driving, require a significant amount of commitment to understand the safety and ethics behind the operations. Data is not the same – any employee at any organization can begin working with data. What I believe is most important is that leaders in the organizations are properly trained – either through an MBA or law degree that teaches data ethics.
I have worked mainly in two industries – Healthcare and Finance, both of which require strict data guidelines. When I worked with healthcare clients, I had to study the pillars of HIPAA (Health Insurance Portability and Accountability Act) which protects Protected Health Information (PHI) (“Summary of the HIPAA Security Rule”, 2013). When I have engaged with a client, our employee NDAs were in effect to protect the client from having data leaked. Strictly speaking, the only way we would see PII would be if we were on the client’s premise. However, if I had to create a Proof of Concept for the client using their data, the client would have to scrub the data of any Personally Identifiable Information (PII) by removing any data that identified a person BEFORE sending me the data set over the internet.
When working with data, we should not share PHI or PII data over the internet, unless it is properly encrypted and transferred between secure locations with authentication protocols. Even then, we should limit the transfer of identifiable data to only when it is necessary. This includes name, social security number, address, account numbers, official government ID numbers, and credit card numbers.
Resources
Richards, N. M., & King, J. H. (2014). Wake Forest Law Review. Wake Forest Law Review. Retrieved from http://www.informatica.uniroma2.it/upload/2017/IA2/RIchards and King BigDataEthics.pdf
Summary of the HIPAA Security Rule. (2013, July 26). Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html.
Comments