Chapter 12. Privacy, Ethics, and Risk

You have zero privacy anyway. Get over it.

Scott McNealy¹

An ethical person ought to do more than he’s required to do and less than he’s allowed to do.

Michael Josephson

In the previous chapter, I quoted Patil and Mason, who suggest that “Everyone in the organization should have access to as much data as legally possible.” While I agree in theory, in practice there are some important caveats when you consider the issue from a privacy, ethics, and risk standpoint. In many cases, who should access which data and, further, what they may do with the data, is often more restrictive from a self-imposed ethical and risk perspective than from a legal one. A data-driven culture is one that respects both the power of data and the humanity of the people who are the source of that data. 

How should a data-driven organization treat its users’ or customers’ data from these three perspectives?

I’m assuming here that a data-driven organization has:

• More data
• A richer context than other organizations
• More points of integration among the nonsiloed data sources
• Greater data access and visibility
• More staff across the organization who are skilled at analytics
• More data scientists who can eke out subtle patterns