Security, compliance, and data ethics are related concepts that everyone who works with software should know about, from the help desk to the C-level office… but almost everyone thinks that worrying about these things is someone else’s problem.
As data breaches become increasingly common and data privacy regulations pass in more regions, there are increasing reasons to start regularly bringing up questions about security, compliance, and privacy in your everyday work: opportunities to contribute in this area are likely going to grow, and these opportunities are an emerging area open to everyone.
By gradually improving your own practices when it comes to these concepts, you’ll become a more valuable employee and broaden your options for advancing your career.
The first step is getting an understanding of the concepts.
Security includes everything you do to protect your data and systems. You may implement security measures to protect personal data, but you may also implement security measures for many other reasons: to protect other data that should not be in the public domain, to protect resources and make sure they are used only by their owners, etc.
Compliance answers the question: are you meeting your obligations? These obligations often involve data privacy, and the obligations can come from international laws, such as GDPR, from industry-specific regulations made by governments, such as HIPAA and SOX, or even to your own company policies.
Data privacy is concerned with information related to an identifiable person. “Personal data” is not anonymized: it might directly identify someone, or it might be multiple pieces of data that together identify a person.
Data ethics concerns questions about our individual and societal responsibilities when it comes to how data is collected, used, stored, shared, and maintained.
These concepts get neglected by many data professionals because of a “not my job” mindset. Security is a scary topic: it’s complex, threats to security evolve quickly, and it’s a high stakes game. Compliance is no different: as new regulations are passed and implemented, it’s intimidating to think about keeping up with the details. Many people think that these are important topics, but they are best left to the specialists.
Not everyone needs to become a security specialist, but everyone who works with data, or governs an organization that works with data, does need to think about these concepts. Bringing up conversations around data ethics and implementing processes that address data privacy, security, and compliance will benefit your employer and your customers.
A good way to break out of the “not my job” mindset is to build a checklist of questions to ask when you interact with a dataset in your work environment– and then to use it regularly. Here’s a great example checklist for developers building data-driven applications. Your checklist may start small, but if you use it consistently then you will find yourself refining it and increasingly becoming more proactive when it comes to data privacy, security, and compliance.