Just another face in the crowd?

Aggregating reams of data on your users and customers, then mining that data for business intelligence, is powerful indeed. But combining these otherwise disparate stockpiles of personal data has grave ethical implications, particularly if these datasets should ever fall into the wrong hands. Conrad Bates*, from C3 Business Solutions, discusses these considerations and the need for ethics standards for information management.

There is growing complexity as to how to use, store and secure information, what is and what isn’t acceptable and who gets access.

There are few rules that govern how an organisation can use newly combined data, whether it is company, customer or general consumer data, and too often organisations are faced with an ethical question.

The ethical questions

Data only has meaning in context, so organisations often don’t understand the value of the information they hold. There is a common belief that aggregating data is an acceptable form of analysis; that anonymity of personal data ensures privacy compliance. But there is a serious ethical question to be asked - does simply removing names mean that companies can use personal information as they wish?

Business intelligence (BI) and information management enable organisations to assess customers and potential customers on an individual basis. Companies can now target their marketing and advertising specifically to each customer or web user, so the question again arises - where does privacy begin and end and does individual targeting fall under ethical behaviour?

As more information becomes available and business intelligence implementations become normal, many organisations are able to unite previously separate information. While information that exists in silos is often secure, this is not always the case for information that is combined from various sources and then exists in its own right. What are the ethical implications of allowing access to this new data, which is often considerably more dangerous in the wrong hands?

In addition to these questions, there is a heightened awareness of data privacy issues amongst the general public. Paradoxically, Generation Y tends to freely share personal information on commercial websites and social networking sites, but is reluctant to share its data with the government, as witnessed by the high volume of Gen Y-ers unwilling to allow their census data to be kept online. These new attitudes toward personal information will give rise to new ethical standards and norms.

Ethical standards

Information management is a highly complex industry and legal boundaries are changing. Unlike industries (such as medicine) that have a strict code of ethics, information management has no rules or guidelines to steer ethical behaviour.

What our industry needs is to establish a broad set of ethical standards to which everyone is required to adhere.

We need to take a leaf from the medical profession and ensure that, upon entering the industry, each person involved in information management commits to working within these strict guidelines.

We need open and honest dialogue in the industry about ethical conduct. As an industry, we need to govern ourselves where the law does not.

I hope to see an ethical charter in the very near future. In the interim, in the absence of strict law and compliance, there is an increasing need to make ethical considerations part of our daily professional information management activity.

I urge any organisation looking at business intelligence projects to ensure their vendor is ethically aware and aligned appropriately. Talk to your vendor about ethical implications at the beginning of the project and make sure the vendor understands any potential pitfalls, and how to address them. The right vendor will advise on both the moral and legal implications of combining data.

The big challenge, then, is to ensure the correct safeguards are put into place to avoid any ethical breach. I highly recommend investigating the delivery of BI solutions and the planned result. Some projects can be delivered quickly but may leave holes in security. Ensure the correct level of quality certification, understand the privacy implications, and implement the technical safeguards that limit access and ensure security.

*Conrad Bates is a managing partner of C3 Business Solutions. C3 Business Solutions is an award winning Australian Business Intelligence and Information Management company that delivers measurable business improvements for its clients. The company can be found at www.c3businesssolutions.com.