4 questions to ask before collecting personal data

Before you capture data, ask some tough questions about and provide guidance on how data is acquired and used in your organization.

Full disclosure: Employers shouldn't let the value of employee data overshadow ethical collection and use

It seems that a week doesn't go by without another news story about personal data being captured, sold, and used for everything from selling products and influencing our political views, to potentially discriminating against us in encounters from home buying and the legal system. This extensive data capture, analysis, and trade is nothing new, but the public has awakened not only to its extent but the seemingly callous ways in which intimate data are captured and used.

As technology leaders, we're often involved in designing and implementing the technical plumbing that supports the data trade, even if we're somewhat unknowing and unwitting participants in how data are ultimately used. However, as consumer attention and government interest and oversight in the data trade grows, it's worth understanding, asking questions about, and providing guidance on how data are acquired and used in your organization.

SEE: Vendor relationship management checklist (Tech Pro Research)

I've long admired the Rotary as a global organization, and its Four-Way Test, which it bills as "a nonpartisan and nonsectarian ethical guide for Rotarians." As your organization explores how it acquires and uses customer, employee, and partner data, I recommend a " Four-Way Data Test" as a starting point for your own framework. Here are some questions to consider.

1. Are the data necessary and true?

The guiding principle at many organizations when it comes to data are "If it's technically possible to capture, do it." This ignores any evaluation of whether or not the data are factually true and whether or not the data are actually relevant and necessary to further your relationship with the customer. Just because you can capture and store customer information forever doesn't mean it's always a good idea.

2. Are data captured and used in a fair and transparent manner?

Perhaps the most troubling aspects about many recent stories of data abuse are the means in which data were captured and later shared. A seemingly innocent game, app, or marketing collateral might serve as a Trojan horse for capturing reams of highly personal data; in some cases details like voting history and menstrual cycles were recorded and shared with social media companies, without consent or direct knowledge of the consumer beyond a generic statement or two in a multi-page legal document.

If you're uncertain on where your company falls on the spectrum, imagine calling one of your customers, and very clearly stating what data you're capturing about them, how you're using it, and with whom you're sharing it. If you'd be unwilling to have that kind of direct and frank conversation you're likely failing this part of the test. Just imagine one of the social media giants calling up one of its many users and starting the conversation with, "We're using your social media posts and the data you've shared with us to get your income, demographic information, current living arrangements, and ethnicity, without your knowledge, and sharing that with banks who use that to exclude you from the best mortgage interest rates."

SEE: Disaster recovery and business continuity plan (Tech Pro Research)

3. How will you store and share the data?

Even worse than the secretive capture of personal data is becoming a bad steward of that data. Bad stewardship includes storing data in a haphazard manner that results in its capture by hackers or bad actors or happily selling that data to anyone and everyone without raising any concerns about whether they're using it in an ethical manner. Both customers and regulatory bodies are becoming less willing to tolerate the I-didn't-know-how-it-would-get-used defense when the data you've captured are used for less-than-savory purposes.

4. How are the data updated and corrected?

Individuals and organizations constantly evolve, grow, and change. Similarly, the data about us should grow and change. Imagine if your bank never updated your income level when considering whether to provide you with a loan. As an increasing amount of data are gathered, it becomes important to ask how the data will be updated, or at a minimum, what useful life should be assigned to each data element we store about a customer, employee, or partner. A late invoice payment a decade ago probably shouldn't be used to make decisions today, just as social media data from an employee's teenage years may not be the best indicator of how they'll perform in their thirties.

A more challenging question is how you share the data you've gathered about an individual and allow them to correct anything that's in error. Customer data now can prevent us from boarding an airplane, opening a bank account, or traveling across borders. Poorly managed and updated data may no longer frustrate a customer when dealing with your organization, but it can limit an individual's ability to productively interact in society. This is a sobering thought, which should convey the importance of asking these questions as you consider your own data acquisition, storage, sharing, and retention policies.

Also see

Image: vchal, Getty Images/iStockphoto