8 guiding principles for DoD data (3/8)

DISA has compiled a set of 8 guiding principles for DoD data. They are published in the DISA Data Strategy Iplan v1.0:  https://disa.mil/-/media/Files/DISA/News/DISA-Data-Strategy-IPlan-Final-072022.ashx.

I'm working through all 8 principles, providing my perspective.

#3 - Data Ethics

DoD must put ethics at the forefront of all thought and actions as it relates to how data is collected, used, and stored.

Data ethics refers to the moral principles and guidelines that govern the collection, use, and sharing/dissemination of data. It encompasses issues related to privacy, security, transparency, accountability, and fairness.

One fundamental tenant of data ethics is the protection of personal privacy. Agencies should be concerned about ensuring that any data they collect on individuals, whether PI, PII, or PHI, is done so with their informed consent and that it is kept secure to prevent unauthorized access or breaches. 

Another important aspect of data ethics, and one that is proving difficult, is transparency. Government agencies are required to maintain a high level of transparency.

"The basic function of the Freedom of Information Act is to ensure informed citizens, vital to the functioning of a democratic society."

Agencies are feeling the pain as they seek to balance the protection of individual privacy with the need to be transparent. Data sources containing data that should be made available to the public are often riddled with PI and PII content. These data sources need to be scoured for personal information and cleaned in a timely manner prior to allowing searches to be performed.  

Accountability is also a key tenant of data ethics. As discussed in the previous blog entry, organizations are responsible for ensuring that their data collection, use practices, and recognition of citizen data rights comply with relevant laws. And, while the government is not under held accountable under today's consumer privacy regulations, they do still abide by The Privacy Act of 1974 which is still alive and well. Check out this snippet.

The Privacy Act of 1974, as amended to present,

Protects records about individuals retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual has rights under the Privacy Act to seek access to and request correction (if applicable) or an accounting of disclosures of any such records maintained about him or her.

Prohibits disclosure of such records without the prior, written consent of the individual(s) to whom the records pertain, unless one of the twelve disclosure exceptions enumerated in subsection (b) of the Act applies.

These two bullets, although decades old, are highly similar to requirements seen in the latest and greatest data privacy regulations coming out of the EU, US, and many other countries around the globe.

Data ethics also encompasses issues related to fairness. Organizations should be mindful of potential biases in their data and algorithms and take steps to mitigate them. This includes ensuring that their data collection and use practices are fair for all constituencies.

In summary, data ethics is a complex and evolving field that organizations need to be mindful of. They need to ensure that they are protecting personal privacy, being transparent about their data practices, being accountable for any violations or breaches, and mitigating any potential biases in their data and algorithms.

BigID is a data discovery and intelligence platform that helps the federal government understand and manage their data. It can assist with data ethics challenges by allowing agencies to identify and classify sensitive data, such as personal information, in order to ensure compliance with regulations and ethical principles. Additionally, BigID can help organizations understand where data is located, who has access to it, and how it is being used, which can aid in identifying and addressing potential data breaches or misuse.

Previous posts in this series 

#1 Data is a Strategic Asset

See article: https://www.dhirubhai.net/pulse/8-guiding-principles-dod-data-phil-mcquitty/?trackingId=Yl1Fzsa%2FT9KiwRL6yYTLPw%3D%3D

#2 - Collective Data Stewardship

See article: https://www.dhirubhai.net/pulse/8-guiding-principles-dod-data-phil-mcquitty-1c/

Upcoming posts

#4 Data Collection

#5 Enterprise-Wide Data Access and Availability

#6 Data for Artificial Intelligence Training

#7 Data Fit for Purpose

#8 Design for Compliance