by Martha Heller

The 6 Commandments of Ethical Data Management

Jul 01, 20024 mins

Electronic data about customers, partners and employees has become corporate America’s most valuable asset. But the line between the proper and improper use of this asset is at best blurry. Should an employer be able to search employee files without employee consent? Should a company be able to sell customer data without informing the customer of its intent? What is a responsible approach to document deletion?

The law provides guidelines in many of those areas, but how a company chooses to act within the confines of the law is up to its officers. Since CIOs are responsible for the technology that collects, maintains and destroys corporate data, they sit smack in the middle of this ethical quagmire. Or they ought to. In an effort to provide guidelines for CIOs thinking hard about ethical data management (and to nudge those who aren’t), we have developed?with the help of more than 100 CIOs?principles for ethical data management.

Here’s how we did it: We asked members of the CIO Best Practice Exchange, our members-only online IT executive forum, to generate and then debate a set of principles for the ethical management of data. From this online discussion and follow-up telephone interviews, we drew up a set of seven principles to guide CIOs through the murky territory of data collection, manipulation and destruction.

Next, we put those seven principles back into the Exchange for a vote. The six survivors (those principles that received more than 50 percent of member votes) are listed right.

-Martha Heller

It has been proposed, and accepted, that…

1 Data is a valuable corporate asset and should be managed as such, like cash, facilities or any other corporate asset. Members gave unanimous support to this principle. The philosophy here is simple: The better you manage your corporate data, the more valuable your corporate asset. Poor management of that data is like throwing away money.

2 The CIO is steward of corporate data and is responsible for managing it over its life cycle?from its generation to its appropriate destruction.

While all voting members agree that data is an asset, only 72 percent want to be responsible for the health of that asset. This then raises the question: If not the CIO, then who?

3 The CIO is responsible for controlling access to and use of data, as determined by governmental regulation and corporate policy.

According to 73 percent of our voters, marketing, HR or anyone else who wants a piece of the corporate jewels must go through their gatekeeper, the CIO.

4 The CIO is responsible for preventing the inappropriate destruction of data. Where were the CIOs of Enron and Arthur Andersen during their massive data destruction campaigns? Most companies, on the advice of corporate counsel, destroy data on a regular basis. But when the goal is to circumvent those policies and eliminate incriminating evidence, it falls on the CIO’s shoulders, according to 69 percent of voters, to keep that data safe.

5 The CIO is responsible for bringing technological knowledge to the development of data management practices and policies.

Top executives cannot develop an effective data management policy without knowing the full range of technical possibilities for slicing, dicing, collecting and trashing it. And it is the CIO who owns that knowledge and must share with other members of the executive committee, according to all but one of the voters.

6 The CIO should partner with executive peers to develop and execute the organization’s data management policies. This statement received 100 percent voter support. It goes both ways: A company that creates data management policies without the input of its steward will wind up with a toothless policy, as will the CIO who rules over data with an iron fist.

It has been proposed and rejected that…

The CIO is responsible for maintaining the accuracy and integrity of data.

Fifty-two percent of our members voted this statement off the island. Why? Garbage in, garbage out, members told us. CIOs can build systems that force users to conform to format, but they can’t do much about users who enter inaccurate information.