DAMA New England

DMBoK Chapter 4: Data Handling Ethics

February 16, 2022
Lynn Noel, DAMA New England – VP Membership
Email: membership@[Link]
Hosted by DAMA New England
• A Chapter of DAMA International
• The premier educational & professional networking resource for the
enterprise data management community in New England
• Host educational events, via Webinars and on-site (when permitted)
• Promote learning based on the DMBoK2 knowledge areas
• See our Website: [Link] for more information
• Membership benefits include:
• Free or discounted admission
• Educational and networking events
• Growing base of knowledge items available via Member-only section of the Website
• Peer-to-peer networking and mentoring opportunities

We welcome you to be part of our growing community!

New England Data Management Community

WELCOME OUR PRESENTERS
LYNN E. NOEL
▪ Principal, Digital Heritage Consulting
▪ Certified Data Management Professional (CDMP)
▪ Master data management consultant, Sanofi Pharmaceutical
▪ Executive Certificate in Digital Business Strategy, MIT
▪ M.S. Geography, University of Wisconsin-Madison
▪ Director/mentor for IM & analytics, architecture & modeling
▪ Digital workplace platforms at Big Five IT, midsize, & startup firms

CONTACT INFO:
EMAIL: membership@[Link]
PHONE: +1-978-985-2707
: /IN/lnoel

New England Data Management Community

Principles, Practices & Processes Protecting People’s Personal Privacy

New England Data Management Community

What is the DMBoK definition of ethics?

Right Wrong

New England Data Management Community

Name at least four of the seven example ideas on which
ethical principles are focused.

Fairness

Trust Respect

Transpa- Responsi
rency IDEAS bility

Reliabilit
Integrity
y

Quality

New England Data Management Community

What is the DMBoK definition of data handling ethics?

Procure

Store

ETHICAL
Manage
DATA
PRINCIPLES
Use

Dispose of

New England Data Management Community

What are four reasons that DAMA says that data
handling ethics are important?

Loss of
Long-term
reputation and
success
customers

Unethical
Social
practices may
Responsibility
be illegal

New England Data Management Community

List three core concepts of data handling ethics
from the DMBoK.

Impact on people

Potential for
misuse

Economic value of
data

New England Data Management Community

Which one of these goals is NOT in the DMBoK as a
business driver for data handling ethics?

Monitor Define

Auto
Educate
mate

Culture

New England Data Management Community

Name at least three of the six inputs needed to define
data handling ethics for an organization.
Organiza-
tional
ethics
Business
Existing Strategy
Policies and
Goals
INPUTS
Organiz-
Regula-
ational
tions
Structure
Business
Culture

New England Data Management Community

What are the six core activities of data handling ethics?
1) Review Data Handling
Practices

Data Handling Ethics

2) Identify Principles, Practices,
and Risk Factors

3) Create an Ethical Data Handling

Strategy

4) Address Practice Gaps

5) Communicate and Educate

Staff

6) Monitor and Maintain

Alignment

New England Data Management Community

Name at least five of the nine deliverables that the DMBoK
recommends for a data handling ethics program.

Current Ethical Data

Communication
Practices and Handling
Plan
Gaps Strategy

Ethical Awareness of
Ethics Training
Corporate Ethical Data
Program
Statements Issues

Aligned Ethical Data

Incentives, KPIs, Updated Policies Handling
and Targets Reporting

New England Data Management Community

Name at least three of the six key stakeholders needed to
supply the inputs to an ethical data handling program

Executives

Data
Regulators
Stewards

INPUTS
Executive
Data
Data
Providers
Stewards

IT
Executives

New England Data Management Community

Name at least four of the seven key stakeholders needed to
conduct the activities of an ethical data handling program

Data
Govern-
ance
Data Bodies
Manag-
CDO/CIO
ement
Services

ACTIVITIES
Change
Executives
Managers

Coordi-
Subject
nating
Matter
Data
Experts
Stewards

New England Data Management Community

Name the three key stakeholders recommended
as consumers of an ethical data handling program

Employees

Regulators Executives

New England Data Management Community

List four core techniques and tools used as technical
drivers for a data handling ethics program

Annual
Communi-
Ethics
cation Plan
Statement
Checklists
Affirmation

Microblogsi Wikis,
internal knowledge
communi- bases,
cations intranet
tools sites

New England Data Management Community

List three key metrics of a successful ethical data
handling program

Exec
involvement

Compliance
incidents

# employees
trained

New England Data Management Community

What are two assumptions that lead organizations to fail at data ethics,
and two trends that make it important to succeed?

Organizations are
using data in new
ways and
legislation cannot
keep up with
evolving
environment

Technicians
profess not to
understand the
data and assume
following the
letter of the law =
no risk

New England Data Management Community

What are five key business drivers (3 opportunities
and 2 threats) that motivate a data ethics program?
Increase
trustworthiness
3 Improve relationships
Stakeholders expect
ethical behavior

Reduce
2 organizational risk
Secure data from
criminals

New England Data Management Community

List the six groups of essential concepts for data
ethics in the DMBoK.

Ethical Principles for Data

Principles Behind Data Privacy Law

Online Data in an Ethical Context

Risks of Unethical Data Handling Practices

Establishing an Ethical Data Culture

Data Ethics and Governance

New England Data Management Community

What is entailed in creating an ethical culture for
data handling?

Ethical
Governance Controls
Outcomes

New England Data Management Community

How does data ownership influence data handling
ethics?

Ethics of
Sharing
Ease of Others’
Data Data
Sharing
Improved
Technology

New England Data Management Community

Name five emerging roles with responsibilities for
data handling ethics

Chief
Chief Risk
Privacy
Officer
Officer

Chief
Chief Data
Analytics
Officer
All Officer
Employees

New England Data Management Community

What are the six essential concepts that the
DMBoK gives for data handling ethics?

3.3 Online 3.5

3.1 Ethical
Data in an Establishing
Principles for
Ethical an Ethical
Data
Context Data Culture
3.4 Risks of
3.2 Principles Unethical 3.6 Data
Behind Data Data Ethics and
Privacy Law Handling Governance
Practices

New England Data Management Community

Name and define three tenets of bioethics that provide
a starting point for principles of data ethics

Respect for
Dignity Autonomy
Persons

Do No Maximize
Beneficence
Harm Benefits

Justice Fair Equitable

New England Data Management Community

List the European Data Protection Supervisor's four pillars required for
an information ecosystem that ensures ethical treatment of data

EDPS
Future-oriented

Accountable

Empowered
individuals
controllers
regulation

conscious
New England Data Management Community Privacy-
What are the seven principles of the General Data
Protection Regulation of the EU (GDPR)?
Lawfulness, fairness, and transparency

Purpose limitation

Data minimization

Accuracy

Storage limitation

Integrity and confidentiality (security)

Accountability

New England Data Management Community

Name at least five of the ten statutory obligations of the Canadian
privacy law PIPEDA (Personal Information Protection and Electronic
Documents Act)

Accountability

Identifying Limiting
Consent
purposes collection

Limiting Use,
Disclosure, Accuracy Safeguards
and Retention

Individual Challenging
Openness
access compliance

New England Data Management Community

What are the five Fair Information Processing Principles
recommended by the US Federal Trade Commission (FTC)?

Notice/
Awareness

Enforcement/ Choice/
Redress Consent

Integrity/ Access/
Security Participation

New England Data Management Community

Name at least four of eight additional FTC focus
areas for fair information practices
Choice
Privacy
Data
By
Mgmt
Design

Educa- Do Not
tion
FOCUS Track

Con-
Access
Platform sent
Data
Transpar
ency

New England Data Management Community

Identify a global trend affecting information
privacy and risk

New England Data Management Community

List four principles that inform ethical behaviors
online as context for online data

Right to Be
Ownership
Forgotten

Freedom
Identity
of Speech

New England Data Management Community

 challenges

Timing

Misleading Visualizations

New England Data Management Community

Unclear Definitions or
Invalid Comparisons

Bias

Transforming and
Integrating Data

Obfuscation / Redaction
of Data
Identify six unethical data handling practices or
How does timing create risk of unethical data handling?

New England Data Management Community

How do misleading visualizations create risk of
unethical data handling?

30% 50%

30%

New England Data Management Community

What are two ways that unclear definitions or invalid
comparisons create risk of unethical data handling?

New England Data Management Community

List at least three of five types of bias that create
risk of unethical data handling
Data
Collection for
pre-defined
result

Context Biased use

and of data
Culture collected

BIAS

Biased Hunch
sampling and
methodology
search

New England Data Management Community

List four data integration practices that create risk
of unethical data handling

Limited knowledge
Data of poor
of data’s origin and
quality
lineage

Integration

No documentation
Unreliable of data
Metadata remediation
history

New England Data Management Community

List three instances of data obfuscation / redaction
practices that create risk of unethical data handling

Data Data
Masking Aggregation

Data Marking

New England Data Management Community

How do large data sets and data lakes raise practical
data ethics concerns in data science and analytics?

Individuals
identified
after
anonym-
ization

Sensitive
data not
analyzed
for
protection

New England Data Management Community

Define a process that moves an organization
toward establishing an ethical data culture

Review Identify Create an Adopt a

Current Principles, Ethical Data Socially
State Data Practices, Handling Responsible
Handling and Risk Strategy and Ethical Risk
Practices Factors Roadmap Model

New England Data Management Community

What is the first step toward establishing an
ethical data culture and what are its outcomes?

• Data • Data
Understand handling Document Collection
the Current practices Ethical
State Principles • Use
• Employee
awareness • Oversight

New England Data Management Community

Give an example of ethical data handling
principle, risk, and practice supported by controls.
• Right to privacy about
PRINCIPLE personal health info (PHI) =
accessible only to caregivers

• Public access to PHI could

RISK jeopardize privacy

• Only nurses/doctors may

PRACTICE access PHI for providing care

• Annual user review of PHI

CONTROL systems

New England Data Management Community

Give at least four of seven components of an
ethical data handling strategy.
Values statements

Ethical Data Handling Principles

Compliance Framework

Risk Assessments

Training and Communications

Roadmap

Auditing and Monitoring

New England Data Management Community

List and define four risk areas of an ethical data
sampling project that uses personal data
• How populations
Identification selected for study

Behavior • How data will be

capture captured

BI/Analytics/ • What activities

Data Science analytics will focus on

• How results will be

Results made accessible

New England Data Management Community

What ethical risks of the identification of a population for
data science analysis may require ethical and legal review?

New England Data Management Community

What ethical risks of behavior capture for data science
analysis may require ethical and legal review?

New England Data Management Community

What ethical risks of BI/Data Science/Analytics
may require ethical and legal review?

New England Data Management Community

What ethical risks of distributing the results of data
science analysis may require ethical and legal review?

New England Data Management Community

Give at least two of four examples of how to use a risk
model to execute a data handling project ethically

Risk Model

Anonymize data

Remove private information

Tighten security

Review applicable privacy law

New England Data Management Community

What are the roles and responsibilities for
oversight of ethical data handing?
• Set Standards and
Data Policies
Governance • Oversight of Data
Handling

Legal • Keep up to date on

legal changes
Counsel • Employee awareness

• Fair Handling
Employees • Reporting Protection
• Non-Interference

New England Data Management Community

Give at least three of five ethical obligations for members of
DAMA as included in the DAMA Code of Ethics.
Observe DAMA bylaws

Practice DAMA ethics and

values

Education and lifelong learning

in data management

No harassment or bullying

Promote DAMA’s image

New England Data Management Community

Give at least three of six additional ethical obligations for officers and
advisors of DAMA as included in the DAMA Code of Ethics.

Actively support DAMA programs

Not profit personally from my

performance as an officer

Raise conflicts of interest to the DAMA

Ethics Officer

Conduct all DAMA business under its

values and ethics

All DAMA communications are official

and on the record

Protect member PII and do not

distribute or sell it

New England Data Management Community

Thank You For Attending!
• Just a reminder, our chapter meets regularly, and we continue to
update our schedule of events and Website content…visit often
• CDMP Study Group is still open – we invite you to join the chapter
and get involved!
• If you are interested in joining our Chapter, please contact
membership@[Link] or any board member via our
website or email.

If you are not on our mailing list, please email marketing@[Link].

We’d love to stay in touch!

New England Data Management Community

Q&A

New England Data Management Community