Culture is the secret sauce for ethical data management
Data privacy regulations are relatively new and not well understood within an organization. With that context, the way organizations should approach data privacy isn’t only about compliance with regulations; it’s also the right thing to do to build trust with their customers. How do you introduce privacy and trust as part of your culture?
We’ve all heard the stories about Facebook leaking data about 500M users or the recent Experian data leaks. Companies like Facebook have some of the smartest engineers in the industry and have access to a wide range of the latest technology and tools. Yet, they face constant data privacy breaches. These breaches are not solely a technology or skill problem. Data privacy regulations are relatively new and not well understood within an organization. With that context, the way organizations should approach data privacy isn’t only about compliance with regulations; it’s also the right thing to do to build trust with their customers. That’s what makes this a cultural problem.
How do you introduce privacy and trust as part of your culture – let’s look back a couple of decades to look at how project management evolved from spreadsheets and waterfall methodology to agile methodologies. More recently, new DevOps practices have become central to modern software development culture. So is that what is missing in data management? A technology, framework, or methodology? Maybe all, but I would argue these technologies, frameworks, and tools are facilitators to a culture shift. First and foremost, there is a lack of employee awareness and education on data management and privacy policies.
SEE ALSO: The last mile of sensitive data
An organization might be delivering software releases every few weeks or months; hence it is relatively easy to see how modern DevOps automation and agile methodologies benefit a high-quality software development life cycle. A Software Engineer or DevOps Engineer can quickly realize the benefits of implementing new technologies and methodologies.
When it comes to building data products, most of us will agree that easy access to high-quality data for analytics can drive innovation and solve business problems. What role does data management and privacy policies play in this? In most organizations, the perceived benefit of data management is the effective use of data across the organization to drive data analytics and comply with regulatory requirements. Measuring the goal of meeting regulatory requirements is a binary factor at a point in time. It is a far more difficult problem to measure and be proactive about this over time. When it comes to data analytics, how do we measure the effectiveness of data management strategies? Most perceived benefits of data management practices are indirect, making it difficult to measure the success of a data management initiative in a short time frame. Similarly, a data privacy breach is a rare occurrence, but the impact of such an occurrence is very high. Lose trust, customers, and face potential monetary fines.
To embrace this cultural change, an organization or team driving data management must modernize its strategy and define a tactical approach towards this problem.
- Take a data-driven approach towards data management. It should start with asking the right business questions such as how many employees and datasets get affected by enabling a governance policy? How can we make analysts’ experience around accessing these datasets easier while allowing them to comply with a specific policy? This data-driven approach will enable defining and measuring success criteria as the data management program evolves.
- Every organization is different in its culture and ability to roll out a company-wide initiative. A good starting point is building a centralized team driving data management initiatives and responsible for defining organization wide policies. Implementation and execution of these policies however may be decentralized to each department or line of business within an organization.
- Data Privacy regulations are complex to interpret. Therefore, while driving data management for privacy compliance, organizations should take these rules as input but define and implement them in a way that affected employees and departments can relate to these regulations with the proper business context with an on-demand training program.
- Define and implement data management strategies from an operational readiness perspective to develop a culture of ownership by departments responsible for managing and deploying new applications/systems. Data management policies need to be part of the software development, deployment, and distribution processes DevOps checklist. e.g. When a new application is developed, will the new database store PII data, is the data transfer encrypted, etc.
- Drive towards automation of both simple and complex tasks required to comply with data management policies.
- Consider data management or DataOps tools that are designed with governance in the fabric to ensure your customers’ data is protected and can allow you to provision access in a secure and automated way.
Data Management is not a silver bullet or a singular defined methodology to solve all data problems. Instead, it requires a constant discovery process to develop a unique data management and governance framework based on a company’s culture.
By setting objectives and goals for data privacy and data analytics, implementing policies, and onboarding the proper tools and technology, a company will find data and analytics success.