4. Information Governance
A set of rules and guidance to how data or information is handled within an organization. An information governance strategy should specify the decision rights and an accountability framework which encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information.”
The goals are to:
- Maximize the value of information to the organization by ensuring that information is reliable, secure, and accessible for decision making
- Protect information so that its value to the organization is not diminished through technology or human error, loss of timely access, inappropriate use, or misadventure.
Information Governance
Building an information governance strategy
Information Governance
Risk assessment
UNDERSTAND YOUR RISK
Audit the data and information that is most valuable; ask how it is stored, who has access and how it’s protected by both technology and processes.
MINIMISE YOUR RISK
Take action to mitigate the weak points in your current system. Explore cyber-insurance if appropriate.
CREATE A RESPONSE PLAN
Develop a plan of action in case of data breach or incident. It should include:
- Legal response
- Investigation and rectification of the situation Informing customers
- Handling media queries
Information Governance
Principles for creating a code of data ethics
- The highest priority is to respect the persons behind the data
Where insights derived from data could impact the human condition, the potential harm to individual and communities should be the paramount considerations. Big data can produce compelling insights into populations, but those same insights can be used to unfairly limit an individual’s possibilities. - Account for downstream uses of datasets
Data professionals should strive to use data in ways that are consistent with the intentions and understanding of the disclosing party. Many regulations govern datasets on the basis of the status of the data: “public”, “private” or “proprietary,” for example. But what is done with datasets is ultimately more consequential to subjects/users than the type of data or the context in which it is collected. Correlative use of repurposed data in research and industry represents the greatest promise and the greatest risk of data analytics. - The consequences of utilizing data and analytical tools today
are shaped by how they’ve been used in the past. There’s no such thing as raw dat. All datasets and accompanying analytic tools carry a history of human decision-making. As far as possible, the history should be auditable. This should include mechanisms for tracking the context of collection, methods of consent, chains of responsibility, and assessments of data quality and accuracy. - Seek to match privacy and security safeguards with privacy and security
Data subjects holds a range of expectations about the privacy and security of their data. These expectations are often context-dependent. Designers and data professionals should give due considerations to those expectations and align safeguards and expectations with them, as much as possible. - Always follow the law, but understand that the law is often a minimum bar.
Digital transformations have been a standard evolutionary path for businesses and governments. However, because laws have largely failed to keep up with then pace of digital innovation and change, existing regulations are often miscalibrated to current risks. In this context, compliance means complacency. To excel in data ethnics, leaders must define their own compliance frameworks to outperform legislated requirements. - Be wary of collecting data just for the sake of having more data
The power and peril of data analytics is that data collected today will be useful for unpredictable purposes in the future. Give due consideration to the possibility that less data may result in both better analysis and less risk - Data can be a tool of both inclusion and exclusion
While everyone should have access to the social and economic benefits of data, not everyone is equally impacted by the processes of data collection, correlations, and prediction. Data professionals should strive to mitigate the disparate impacts of their products and listen to the concerns of affected communities. - As far as possible, explain methods for analysis and marketing to data disclosers.
Maximizing transparency at the point of data collection can minimize the more significant risks that arise as data travels through the data supply chain. - Data scientists and practitioners should accurately represent their qualifications (and limits to their expertise), adhere to professional standards, and strive for peer accountability
The long-term success of this discipline depends on public and client trust. Data professionals should develop practices for holding themselves and their peers accountable to shared standards. - Aspire to design practices that incorporate transparency, configurability, accountability, and auditability
Not all ethical dilemmas have design solutions. But paying close attention to design practices can break down many of the practical barriers that stand in the way of shared, robust ethical standards. Data ethics is an engineering challenge worthy of the best minds in the field. - Products and research practices should be subject to internal (and potentially external) ethical review
Organisations should priortise establishing consistent, efficient, and actionable ethics review for the new products, services, and research programs. Internal peep-review practices help to mitigate risk, and an external review board can contribute significantly to public trust. - Governance practices should be robust, know to all team members and regularly reviewed.
Data ethics poses organizational challenges that cannot be resolved by compliance regimes alone. Because the regulatory social, and engineering terrains are in flux, organisations engaged in data analytics need collaborative, routine and transparent practices for ethical governance.