Ethical leadership in a digital age
In my previous blog post, I wrote about how ethical leadership applies to everyone, regardless of where you work. In this post, we’ll have a look at promoting ethical leadership in the digital space, particularly when it comes to sharing data and data security.
New Zealand does pretty well on ethical leadership. Our institutions and professions – including doctors, teachers, and yes, auditors, accountants and IT professionals – are generally held in high trust by the public. That trust is well-earned, but fragile. Once lost, it is very hard to win back – so we cannot be complacent.
When something goes wrong – like an accidental release of people’s private information – that can have a harmful effect on the trust and confidence in public organisations’ management of data. So how can ethical leadership contribute to the safeguarding of that data and information?
Functional leaders
In the public sector, we have a number of functional leaders. Their role includes maximising benefits and reducing overall costs to government of common business activities – benefits that might not be achieved by an agency-by-agency approach. These functional leaders are responsible for getting agreement from many chief executives about priorities and overcome obstacles to collaboration – more on that later.
One example of functional leadership is the Government Chief Data Steward, who is responsible for – among other things – building people’s trust and confidence in how the government uses data that’s been collected about them.
Citizens provide a great deal of personal data to government. I want to say they have high trust and confidence in how government will use it; maybe they do, but regardless it’s provided because receiving public services depends on providing that information. It’s how we, in the public service, access, use, and protect this data that affects people’s trust and confidence.
Two entwined issues make it challenging to show ethical leadership in this space: sharing data and data security.
Sharing data securely
Sharing data while keeping it secure can be a hard balance to get right. You don’t always have confidence that the organisations you’re sharing data with will use it in the right way, or keep it secure. Organisations with different data maturity levels can find it hard to share relevant, timely information in a compatible format.
Some think the biggest obstacle to sharing information is the Privacy Act. Actually, a bigger obstacle is not understanding the Privacy Act. There is a lot of room to innovate within the bounds of the Act, and there are reforms in the pipeline to better reflect the digital age we live and operate in.
A bigger barrier still is a culture that discourages taking risks. Functional leaders and senior public servants expect organisations to collaborate – but people are then discouraged by risk-adverse leaders and managers in their own organisations. We get told by people about their frustrations that sharing particular data in a particular way was entirely appropriate, but not being able to convince people at more senior levels..
Part of good ethical leadership is getting the culture right. And it needs to be right before you can make the best use of your data. This means overcoming the fear of failure. Create an environment where it is safe to innovate with data analysis, and where making mistakes won’t compromise the security of the data.
Also, find ways to make life easier for citizens and customers. People commonly complain about having to continually provide the same basic details when filling out a form for a different organisation. Another common complaint is having to deal with one organisation after another, and another, and another when trying to get through one life event.
The SmartStart service works to address both issues by bringing together in one place all the government-provided services that expectant parents need: from the start of a pregnancy through to when a child is six months old. This came about because of collaboration between several public and non-government organisations.
The project, and others like it, succeeded for several reasons:
- the organisations weren’t afraid to share information;
- those using the service were involved in the process from the start; and
- the organisations used “privacy by design” – that is, they had privacy experts around the top table, and they proactively sought permission from users of the service to share their data.
There’s a lot to recommend this approach. By involving service users from the start, and giving them a say in the privacy settings, you will find they are more likely to be comfortable with how you use their data.
What our audits tell us
For the Office of the Auditor-General’s recent article on data security, we reviewed the findings from our audits of 61 public organisations. In our annual audits, we often make recommendations to organisations to fix weaknesses in controls that we find. Several of these recommendations are recurring for many years, which in itself is a lapse in ethical leadership.
Our auditors found most issues concerned user access, change controls, business continuity, malware, and information system policies. The article goes into more detail – I highly recommend you have a read and ask yourself if these issues are ones your organisation need to fix also.
Questions to consider
The Office of the Auditor-General has recently published a report about how well public sector organisations use information.
The report contains a number of questions for organisations to ask themselves when using and managing information. Here’s some examples:
- Do you consider how to share information with other agencies to improve the outcomes for individuals or business?
- Do you identify and, where possible, remove barriers that prevent you and your staff from sharing information with other agencies?
- Do you consider and build appropriate privacy settings into the services you provide?
- Do you make use of expert guidance when considering privacy issues?
- Do you have safe and secure information systems and policies that you regularly review?
Whatever sector you’re in, I think there’s value in there for you.
This was adapted from the keynote speech given at the ISACA Education Day given at the Wellington KPMG offices on 26 October 2018.