As America’s favorite spider once said, with great data comes great responsibility. Organizations both public and private have enormous amounts of information at their disposal. They use it to further their purposes and better serve their customers. But this information also serves as a major point of vulnerability.
It’s easy for hackers to infiltrate a system, sometimes lingering there for years without detection. It takes only a minor slip to create a major data breach. What does this mean for organizations that handle large swaths of information?
In this article, we take a look at what it means to handle data ethically in an age where virtually every business is a custodian of personal information.
Transparency and Consent
One of the most important steps in ethical data management is to make sure that everyone:
- Understands what information is being stored and
- Consents to its storage.
That doesn’t mean that every customer or employee gets to rewrite the way a business approaches its data management. Storing personal data may very well be a term of service or employment. That’s ok—as long as the person whose information is being stored understands that.
Realistically, most people no longer object to some basic information being kept on an anonymous and abstract database somewhere. They understand this is a standard compromise inherent to living in a largely digital world.
Still, it’s important to give them the chance to know what they are getting themselves into. Data management comes with the potential for data breaches. You don’t want to risk mishandling information customers/employees didn’t even know you had in the first place.
Make it Anonymous
In many cases, data management does not require any personally identifying information. This, naturally, depends on the circumstances. However, where personalized data is not necessary, it should not be included.
Organizations can improve their data management practices by de-identifying personalized information. This can be done through automation, making it a relatively easy way to radically improve the ethics of your collection and management process.
Manage Risks
The most important factor in ethically handling other people’s information is to understand the risks and handle them accordingly. Think about the lengths you would go to protect this information if it were a physical item. You might keep the data in a file cabinet. Would you lock the cabinet? Sure. And you’d probably lock the door to the room as well. Heck. The room would be in a larger building, wouldn’t it? And that building would have its own locked door. And standing in front of that door, there might be a guard. And the guard might almost feel superfluous because the door is also hooked up to a state-of-the-art burglar alarm system.
Why, then, did you leave windows open?
This is a mistake that many organizations make with their data management. They invest in all of the right cybersecurity software, but then make tiny, avoidable errors that allow bad actors to get in anyway.
When Ireland experienced a major breach of their online healthcare network, it was through a phishing email that the hackers were able to work their way in.
This is very common. Similar mistakes resulted in the infamous Marriott breach. Many a Fortune 500 company, with resources beyond the comprehension of a small business, has made all the right cybersecurity investments and still wound up in the news with a headline that had the unwelcome phrase “Data breach,” in it.
What can be done?
Yes, Virginia, Firewalls Matter
They do. You won’t get very far where data management is concerned without a well-appointed set of firewalls and antivirus software. These tools are readily available, though choosing the right one can be complicated.
There are cybersecurity analysts and consultants who can be hired to help connect your organization with custom-tailored recommendations. From there, of course, you will need to properly manage and maintain your system. But, as mentioned earlier, that’s not the end of it.
You can do everything right from a software perspective, and wind up in the same position as someone who never spent a dime on cybersecurity at all. How do you avoid mistakes caused by human error?
Set Clear Expectations
Cybersecurity can get tedious. Multi-factor authentication is enough to drive anyone insane, and there are lots of little other hoops people have to jump through to keep up with best practices. The more sensitive the data, the more strenuous the requirements. Healthcare workers, for example, are constantly re-entering their credentials and going through the multi-step process of signing into their terminals.
Because these requirements are annoying, they are also often skipped, wherever possible. Well-meaning people will inevitably find workarounds in the spirit of adding efficiency to their routine.
It helps to set clear expectations. Recognize the frustrations that intense cybersecurity requirements cause, and make sure everyone understands why these requirements are in place. When data management practices are implemented from the top down, they have a much better chance of being successful.
Educate
The other step is to routinely educate people on how to effectively manage their cybersecurity habits. Many mistakes are accidental. Phishing emails get better every day, and there are loads of other ways to slip up online.
Routine education opportunities are another great way to make sure that cybersecurity practices are applied appropriately. Make sure that your staff knows what threats are out there and has a clear understanding of how they can avoid some of the most common internet pitfalls.
Tedious? Sure. But also important. You can improve the attitudes around these training sessions considerably by 1.) Paying employees for their participation and 2.) Ensuring that the training does not interfere with their other responsibilities.
In other words, don’t mandate an hour-long meeting on best data management practices and then still expect the same work output from them that day.
Ultimately, the best data management practices can be summarized in a few words. Transparency. Proactivity. Consistency. By preparing for the worst-case scenario, and consistently applying good cyber security/data management practices to everything you do, you can avoid experiencing a breach.
About the Author
Ryan Ayers is a researcher and consultant within multiple industries including information technology, blockchain and business development. Always up for a challenge, Ayers enjoys working with startups as well as Fortune 500 companies. When not at work, Ayers loves reading science fiction novels and watching the LA Clippers.
Leave a Reply