Delving Into the Intricacies of Responsible Data Use: A Comprehensive Deep Dive
Weâre done singing hosannas for data.
Organisations already know data is critical to success. And with an estimated 181 zettabytes (ZB) set to be generated in 2025âcontinuing a decades-long trend of data being created at an exponential paceâcompanies will have even greater opportunities to derive value from data.
However, with great power comes great responsibility as the growing importance of data necessitates a renewed focus on its responsible use.
But what is responsible data use?
Defining an Abstract Concept: What Is Responsible Data Use?
It is a question worth asking because, unlike other tech-related terms, there is no one universal definition of responsible data use. You could ask different experts to define responsible data useâlike we did at Data & Storage Asia (DSA)âand get completely different answers.
Sophos Field CTO Commercial John Shier views responsible data use âas a principle that organisations adopt whereby they treat that data with care and respectââtreated as if it were your own, especially if it is non-proprietary such as business partner records, personal information, and financial records. But if the data are proprietary and non-personal (e.g., chemical formulations), Shier said organisations can decide for themselves what is most appropriate.
Michael King, VP & GM, Asia Pacific and Japan, at Wasabi Technologies, has a slightly different take, defining responsible data use as âthe ethical and transparent stewardship of data that respects privacy, ensures integrity, and maximises value while minimising risksââall observed at every stage of the data lifecycle.
Kingâs definition closely resembles the one given by Loh Khai Peng, Vice President and Managing Director, Singapore & Southeast Asia, at Hewlett Packard Enterprise (HPE), who pointed out that responsible data use ârefers to lawful, secure, and ethical data practices, from collection, storage, processing, to transfer and sharingââand that it means âensuring the handling of data aligns with not only legal and contractual obligations but also ethical standards regarding data privacy, security, and integrity.â
These definitions have common tangents, and based on these commonalities, we can define responsible data use as the ethical, secure, and legal handling of data to benefit from it while keeping it secured, protecting peopleâs privacy, maintaining customer trust, and complying with laws and mandates related to data.
Exploring Responsible Data Use Piece by Piece
Letâs break down the important dimensions of this definition.
Ethical dimension
First is the ethical aspect of responsible data use, which is meant to ensure that the privacy of individualsâthe owners of sensitive personal data many companies today collectâis adequately protected and used appropriately and in morally acceptable ways. Businesses nowadays gather more personal information than ever, increasing the risk of infringing on privacy rights exponentially. Companies can avoid this by adhering to stringent privacy protection standards meant to prevent unauthorised access and the misuse of personal data.
Security dimension
The second dimension is data security, which is paramount today given the continuing rise of cyber threats. With nefarious actors constantly looking to steal or compromise often sensitive data, businesses are expected to implement robust data security measuresâadvanced encryption, modern threat detection, and advanced firewalls, for instanceâto protect this sensitive information from falling into the wrong hands. This need for security is fundamentally an ethical obligation as well, as is the third dimension.
Legal dimension
The third dimension of responsible data use is legal and cannot be ignored. Laws and regulations, like the Personal Data Protection Act in Malaysia, the Data Privacy Act in the Philippines, and the General Data Protection Regulation (GDPR) in Europe, impose strict guidelines on how data should be collected, stored, and processedâand these need to be followed to the letter. Non-compliance can be costly as it can result in hefty fines and damage to a company’s reputation, thus highlighting the need to ensure constant compliance.
âAdvancements in the digital economy have propelled and enabled more sophisticated data sharing and usage, which leads to the growing emphasis on data security, privacy, and transparency,â Glenn Gore, CEO at Affinidi, told DSA in an exclusive commentary. âFor modern companies to ensure responsible data use, they should always ensure that their data collection methods adhere to regulatory laws such as the GDPR while, at the same time, be built on the foundations of transparency and consent for any and all data exchanges.â
GreaterHeat Chairman and CEO David Li agrees that transparency is crucial in any discussion about responsible data use. It is, according to Li, one of the two core principles of this important concept, the other being human-centricity.
âTransparency encompasses the entire data lifecycle, from collection to storage. It requires that all processes be compliant, legal, and open to scrutiny. Users should be fully informed about how their data will be used, with clearly defined usage scopes and robust security measures in place,â he explained. âHuman-centricity emphasises that data, as a powerful technological tool, should ultimately serve and benefit humanity. Companies should approach data use from the consumer’s perspective, respecting their genuine needs and ensuring fair, unbiased decision-making.â
Responsible data use regards data not merely as a tool for profit, but as a means to bridge people and the world and create valuable experiencesâbalancing the potential of data-driven insights with ethical considerations to ensure that technological advancements âalign with human values and societal well-being.â
The Challenges of Responsible Data Use
Thatâs a noble way to look at data. Unfortunately, it doesnât make responsible data use any easierânot with some very formidable challenges getting in the way.
Securing data is obviously a gargantuan challenge, especially now that organisations have to manage vast amounts of data at a time. This can be overwhelming, so much so that 70% of business leaders in the Asia Pacific region admitted in Hitachi Vantaraâs âModern Data Infrastructure Dynamicsâ report they cannot detect a breach in time to protect their data.
âThe explosion in data volumes and the lack of the right data management infrastructure can lead to serious security and sustainability implications for companies in Asia,â said Joe Ong, Vice President and General Manager, of ASEAN, at Hitachi Vantara. âIn the next two years, most companies expect their data needs to nearly double and to be overwhelmed by the need to manage their data efficientlyâŚâ
Maintaining transparency is another big challenge. Businesses must be open about what data they collect, how it is used, and with whom it is shared to build trust with customersâand maintain it. However, achieving transparency can be difficult, especially for organisations with complex data ecosystems and multiple stakeholders.
Sometimes, companies take a very liberal approach to transparency, often resorting to ambiguities in their data privacy fine-prints and confusing users on how their data will be used. In some extreme cases, companies disregard transparency entirely, as in the case of political consulting firm Cambridge Analytica harvesting the personal data of millions of Facebook users back in 2018 without consent.
These two challengesâthere are more, to be clear, but it would take another feature to discuss them allâcan make responsible data use extremely difficult to observe and operationalise.
Unlocking Responsible Data Use: What You Need to Do
Now, for the elephant in the room: How can organisations use data responsibly?
Collect only what you needânothing more, nothing less
A good start, according to Ping Identity Principal Solutions Analyst Johan Fantenberg, is to be judicious with collecting data and collect only what is needed.
âIn today’s digital world, it is tempting to gather more data than actually is required to deliver a service. We should always question whether we really need a piece of data or not; if we do need it, we should only ask for it when it is required,â Fantenberg pointed out to DSA. âWe also must be very clear about the purpose when we ask a user to provide their consent for collecting their data. It should not just be for compliance reasons but to give the user meaningful and practical reasons for why some data is required.â
Sophosâ Shier shared the same sentiment, noting how âorganisations should only collect data that are strictly required. In the same way, âorganisations should not collect any additional data in the hope that they may be useful later. Any additional data capture should be opt-in.â
Like Fantenberg, Shier advises companies to be upfront when it comes to data collection by disclosing âwhat data they are collecting and for what purposes, how they are protected, how they will be used, and how they might be sharedâ (a.k.a. consent-based data collection). All this, he emphasised, must âadhere to all laws and regulations in every jurisdiction where the organisations do businessâ and comply with the strictest protections âas a defaultââwith a mechanism for deletion in place in case certain customers request it.
HPEâs Khai Peng agreed that only the necessary personal data for business purposes must be collected, to begin withâand in compliance with applicable laws and regulations. This must also be protected through encryption and deleted from all systems and records once it is no longer needed, making sure due diligence is observed to anonymise it.
Practice self-discipline and observe external governance
For GreaterHeartâs Li, organisations must look inward to implement âa dual approach of self-discipline and external governanceâ to ensure responsible data use.
âSelf-discipline involves proactively integrating data ethics into corporate culture and business decisions. This requires support from top management, dedicated governance departments, comprehensive ethical policies, and ongoing employee trainingâŚ,â Li explained. âExternal governance, on the other hand, entails strict adherence to data protection regulations and cautious practices in data sharing and trading. Organisations must maintain transparency by actively disclosing their data practices and establishing efficient complaint channels for users. Prompt rectification of issues and acceptance of oversight from government, media, and consumers are crucial.â
Lean on the right technologies
Using the right technologies is also critical to what should be a multifaceted approach to safeguard data integrity, privacy, and security, according to Wasabi Technologiesâ King. Central to this approach, he pointed out, is protecting the organisationâs own data, with choosing the optimal cloud provider being a good first step in this case. Thatâs because a reliable cloud partner can offer robust security measures such as immutable backups that serve as an impregnable shield against data loss and ransomware attacks and multi-user authentication to deter unauthorised access and data manipulation.
Modern solutions, like the Affinidi Iota Framework and HPE systems, also help, with the former facilitating consent-based data sharing while keeping individuals informed on exactly what and how their data will be used at all timesâfostering trust and transparency. HPEâs systems, on the other hand, are specifically engineered for accountable data use and adhere to corporate cybersecurity policies such as the ISO 27000 family and NIST standards.
Educate and collaborate
A multipronged strategy for responsible data use doesnât end there. King also identified two crucial factors that organisations might be overlooking: Employee education and collaboration with stakeholders.
âEmployee education is equally vital. Fostering a data-centric culture where employees understand the importance of data protection and ethical handling is essential. Regular training, combined with internal audits and risk assessments, helps identify vulnerabilities and implement corrective measures,â the Wasabi executive explained. âResponsible data use also involves collaboration within the entire ecosystem, including suppliers, customers, and regulators. A shared commitment to data protection is essential for building trust and can determine the contrast between seamless business operation and a complete standstill.â
A Word for the Wise
While it seems using data responsibly is a lot of work, it actually isnât. Not if you heed Shierâs sage advice: âIf businesses treat others’ data as something that is being entrusted to them, rather than something they can take, we end up with a more deliberate and respectful environment.â
Put simply, you are not the owner of that data (unless itâs proprietary) but a caretaker of itâa custodian if you will. It isnât the sexiest of roles, but itâs critical nonetheless as the responsible use of customers’ sensitive data, according to Fantenberg, can help greatly in fostering customer trust, avoiding legal and reputational threats, and providing âa frictionless experience that cultivates customer and stakeholder loyalty and confidence in the long run.â
Indeed, it pays to respect data, take good care of it, and use it in morally acceptable waysâeven when the opposite might be easier and more convenient to do.
As King underscored to DSA, the importance of responsible data use cannot be overstatedâespecially with evolving technologies giving rise to new threats and challenges associated with data security and privacy. This is why organisations need to be even more proactive in updating their data protection strategies and fostering a culture of responsibility and awareness among employeesâand, in turn, build trust with customers.
This trust will then form the core of long-term partnerships that will benefit both the business and its customers.