Data Analytics: Data Governance and Ethics

This paper is divided into ethics and technology, ethics and data management, and social
media use as a data governance concern. Parts one and two are divided into competency and
mastery sections. In the first part, the competency section explores the advantages and
disadvantages data analytics brings in terms of organizational data governance and ethics (for
data-in-transit and stored). In contrast, the mastery section recounts a case in which data
governance in an organization was successfully implemented. For the second part, the
competency section examines four data protection failures (integrity, accessibility, sharing, and
anonymity) and how these failures can be prevented by focusing on quality, security, privacy,
and compliance. The master part prioritizes the core areas of compliance, privacy, security, and
quality. Part three examines why social media use can be a data governance concern, identifies
the data concerns associated with social media use in an organization, and applies data
governance and ethics methods to mitigate the identified data concerns.
Part 1: Ethics and Technology

i. Competency: Advantages and Disadvantages of Data Analytics in terms of Data
Governance and Ethics
Data analytics – the systematic computational analysis of information, statistics, and data
– is a complex topic that has improved data governance and ethics and raised multiple ethical
and data governance concerns. Admittedly, data analytics and information management drive
today’s communication, portfolio analysis & investment, healthcare care, transportation, and
manufacturing sectors. It presents a host of other ethical and information management concerns.
The following part details some of the advantages and disadvantages of data analytics, in
general, in terms of ethics and data governance, specifically for in-transit or stored data.

3

a. Data analytics advantages & disadvantages in terms of ethics
Data ethics is a broad discipline in ethics that examines the morality of data practices –
gathering, creating, analyzing, transiting, and storing data/information – especially their potential
to positively or adversely impact populations and society. According to O’keefe & O’Brien
(2018), data analytics and information management tools have improved several ethical practices
when sharing or storing information/data using network-enabled tools or technology devices.
Firstly, in terms of benefits, data analytics and information management tools improve
how employees communicate with their clients or organizations sharing data. Today, data
analytics technologies ensure that people share accurate information quickly in organizations,
leading to improved decision-making. For example, data analytics and information management
tools like electronic health records (EHRs) enable clinicians to store and share accurate patient
and general practice data in the healthcare sector. Secondly, data analytics tools reduce errors in
multiple organizational areas, thus, allowing people to make informed decisions.
Taking the example of the healthcare sector, using health IT technologies like EHR and
other data analytics and information sharing tools enables clinicians to make informed decisions
at the point of care. This guarantees the quality of services rendered and patient safety
(HealthIT.gov, 2017). The third advantage of data analytics tools – although debatable – is the
ability to reduce inequity in terms of resource sharing. For example, one of the ethical challenges
that have persistently clouded the American healthcare system is equity in terms of access and
distribution of resources. Evidence suggests that healthcare resources and subsequent access
favor a certain group, especially the white population while disenfranchising and marginalizing
minority communities like Blacks. Analysis of big data using cutting-edge data analytics models
provides critical data helping to reduce inequity in resource sharing in the healthcare sector,

4
ultimately improving access and health outcomes among historically disenfranchised groups
(Ibrahim, Charlson, & Neill, 2020).
Despite addressing issues linked to accurate communication, errors and
miscommunication, and inequity in resource distribution and access, the rise of data analytics
tools raise multiple ethical concerns touching on privacy, confidentiality, and respect for users’
autonomy. Data privacy implies the aptitude to keep personal information private and safe from
access by unauthorized individuals. Confidentiality is the act of protecting private data and
confidential information from unofficial or unsanctioned disclosure. Protecting confidentiality is
shared between health information technologists/experts, the leadership, and all employees.
Finally, autonomy is the right of sound-mind people (employees, clients, leaders) to make
informed decisions independently without external influence or intimidation.

b. Data analytics advantages & disadvantages in terms of data governance
Data governance is one of the integral function elements used to express an organization’s
ethical standards, norms, and practices regarding the collection and use of data. According to
O’keefe & O’Brien (2018), data governance is an exercise of control and authority (planning,
monitoring, controlling, and enforcing) over the management of data and data assets. There are
multiple ways data analytics supports data governance. Firstly, organizations can leverage
analytics-enabled data governance in multiple ways. For example, different machine learning
algorithms can keep track and improve data quality management across an organization through
analytics-enabled data governance, addressing issues associated with self-learning in the process.
Enhanced data quality addresses the problem of user mistrust and data unreliability and thus
improves data uptake for analysis. Secondly, machine learning can serve an integral role in
compliance efforts, especially assisting with automatic monitoring for any instances of non-

5
compliance. Active monitoring and analytics allow firms to determine areas of violation and
breach proactively. Finally, data analytics tools can also help organizations improve their data
modeling processes. Data modeling is defined as the” process of discovering, analyzing, and then
representing and communicating these data requirements in a precise form called a data model”
(O’keefe & O’Brien, 2018).
Although data analytics is inextricably positively linked to data governance, it can
present multiple setbacks to the data management processes, often denting the authenticity of the
outcomes and data management processes. There is also the possibility of data analytics violating
the principles of privacy and confidentiality, manipulating customer records, and increasing
social stratification and bias. Sometimes, data analytics can provide misleading results if the
modeling of algorithms is done incorrectly.
ii. Mastery: Case Study of Successful Application of Data Governance
BJC Healthcare is among the major healthcare players in Missouri, consisting of fifteen
hospitals and multiple other ancillary services, physician offices, and care facilities. BJC
Healthcare is also a key affiliate of the Washington University School of Medicine, providing
training services for medical students. In 2015, the organization created an operating model that
would see it implement “data governance” to guide data transformation and sharing of quality
information to support organization-wide actions and decisions (Dennis, 2017). The operating
model was proposed to include top-level decision-makers, including C-Suite members. The
second level included a group of trustees responsible for grouping data called “domain.” Trustees
were to meet twice a month and were tasked with building steward communities, sharing best
practices, establishing standards, and writing policies. Trustees were selected from data

6
managers and key business areas. Steward communities were positioned at the bottom of the
pyramid to perform most of the duties.
In 2016, Washington University and BJC health rolled out new electronic medical
records (EMRs) or electronic health records (EHRs). The Health Informatics Executive at BJC,
Laura Tellmann, said that the company’s main goal at the time was to ensure that the
foundational pieces of data going into that EHR were of the highest quality the company could
get. The organization set an ambitious agenda/goal for building the new system: to select and
train data stewards and develop data steward communities with the ability to build standard
reference data, business glossaries, and ideal data sources for at least six Master Data domains.
Tellmann pinpointed the following three strategies that the firm leveraged to accomplish this
agenda (Dennis, 2017).
a. Using a Guide
Firstly, Tellmann and her team developed a maturity model using the Data Governance
Framework by the First San Francisco Partner, the 10 steps listed in the Data Governance
Framework by the Data Governance Institute, and CMMI Institute’s Data Management Maturity
Model, and the Data Management Book of Knowledge wheel. The maturity model Tellmann
built was specifically used to develop a list of strategic objectives/goals and a matrix to appraise
the maturity of information/data linked with each objective. In the planning process, Tellmann
reveals that they could identify little “data domain” groups that were misgoverned but strategic.
The team asked trustees privately, “Where each member believed the firm is on the maturity
curve and where they envisioned the company to be in five years.”
b. Getting Top-Level Support and Engagement

7
The second most important step was to secure buy-in and support from the top-level
executive at BJC and Washington University. After getting C-Suite members like the Chief
Clinical Officer (COO) on board, Tellmann embarked on a mission to help these top leaders
understand the importance of effective data governance and rolling out the electronic health
record system across the facilities. Once the top executives were on board, the next step for
Tellmann and her team was to build a glossary map with a Data Dictionary and create a
reference data standard for measuring the quality of electronic data generated. Amid growing
unrest and resistance among the C-Suite to the potential of data governance destabilizing the
organization, Tellmann and her team organized several meetings to assure the top leaders about
the importance of data governance and the proposed EHR framework. During these meetings,
Tellmann also stressed the essence of teaching data governance language and terminologies to
the leadership.
c. Metadata Management
The final strategy that Tellmann leveraged was metadata management. She insists on
creating a repeatable process around Metadata management to ensure the project stays within
scope and addresses an immediate need. She also notes that it is vital to have a plan to transition
to the operating phase as quickly as possible to determine the right people to make the project
function independently. Once people have been identified, the next step is to teach them
elementary terminology (Dennis, 2017).

Part 2: Ethics and Data Management

i. Competency: Data Governance Failures and How to Protect such Failures in the
Future Using Four Data Governance areas of Quality, Security, Privacy, and
Compliance

8
In the area of data protection, the main existing data governance failure stems from the
inability or failure of organizations to control and monitor who accesses their networks and data,
how data is used, and provide compliance training, leading to the theft of confidential/private
information by hackers, sharing of wrong information, or unauthorized access by employees
internally. This issue often elicits data concerns linked to integrity, accessibility, sharing, and
confidentiality. The following section address how these four concerns can be addressed in the
future using the four data governance areas: quality, security, privacy, and compliance.

a. Integrity
Data integrity refers to the overall consistency, completeness, and accuracy of data.
Allowing intruders or hackers to access private enterprise information in unsecured networks can
lead to data inconsistency and inaccuracy as these individuals can alter information for
individual gains. It also refers to how secure and safe data is, especially related to regulatory
compliance like General Data Protection Regulation (GDPR) compliance. Data integrity can be
addressed by focusing on the four key areas of data management: quality, security, privacy, and
compliance. Quality can be improved by implementing established industry-wide data quality
standards, such as the ISO and IEEE standards (O’keefe & O’Brien, 2018). Security can be
enhanced using three physical, operational, and management controls. Physical includes hiring
guards and using door locks to prevent unauthorized physical entry or intrusion into data centers
or premises. Operational controls include data encryption, two-way password authentication, and
antivirus software and firewalls to block suspicious activities and websites on the internet.
Management controls include training and using proper data use and security practices (Willis,
2020). Privacy can be augmented by implementing the HIPAA Privacy Rule, which protects the
privacy of “protected health information” like patients’ names and sets conditions/limits on the

9
disclosures and uses of this private information without individual consent. Compliance can be
improved by ensuring that information technologies, such as EHR are designed, built,
implemented, monitored, and measured performance using standard rules.

b. Accessibility
Data accessibility refers to the extent or degree to which individuals in a firm or
institution can access and use data meaningfully. Data accessibility concerns are often linked to
incomplete information, missing links/information/labels/images, low contrast texts, limited
access by certain groups due to lack of knowledge of the terminologies used, or access to private
data by unauthorized individuals (O’keefe & O’Brien, 2018). Accessibility concerns make it
difficult for certain individuals to access data in networks. Like integrity concerns, accessibility
issues can also be addressed using four data governance areas: quality, security, privacy, and
compliance. In the future, data accessibility can be improved by ensuring that technologies or
programs developed incorporate tools to improve quality like business glossaries and Data
Dictionaries. This ensures that all workers can understand the meanings of data and the
terminologies used.
Privacy can be guaranteed by implementing industry-wide policies like the HIPAA Rule
to control access of private user data between unauthorized individuals. At the same time, the
new systems should be built to comply with the industry-wide information management rules.
For example, a healthcare organization planning to improve access to electronic data must
purchase and roll out an electronic health record (EHR) system that has been accredited
nationally by bodies like the HHS. Security during access can be improved by ensuring
enterprises follow the HIPAA Security Rule. The Rule requires enterprises and physicians to

10
safeguard patients’ digitally stored ePHI (electronically protected health information) using
relevant technical, physical, and administrative measures to guarantee security.

c. Sharing
Data sharing, especially externally, is another major data use process often linked to data
governance concerns like unauthorized access and sharing private/confidential information with
unofficial third parties (O’keefe & O’Brien, 2018). When sharing, exchanging, or sending
information, approved users must follow strict quality, security, privacy, and compliance rules or
guidelines to ensure relevant information is relayed in the correct way to the right people. Health
information teams can implement multiple quality, security, privacy, and compliance
requirements to ensure a breach does not occur in the future. For example, they can build quality
and integrated systems that guarantee the seamless sharing of accurate information. All
employees should be familiar with communication platforms, the terminologies used, and other
requirements. The communication systems should also have security systems like encryption to
ensure unauthorized persons do not share or access information. In terms of privacy, an
enterprise can introduce a standard rule requiring all employees to follow the HIPAA Privacy
Rule by disallowing sharing of “protected patient information” through non-secure sites or with
unauthorized third parties. Finally, the enterprise can establish a process of monitoring and
measuring compliance levels within the institution with all quality, privacy, and security rules
and standards.

d. Confidentiality
Confidentiality is another major data governance concern that often stems from a lack of
proper security, privacy, quality, and compliance measures. Typically, confidentiality is about
safeguarding data against unauthorized, unlawful, and unintentional theft, disclosure, and access.

11
Therefore, enterprises can guarantee the confidentiality of data and security systems through
quality, security, privacy, and processes. Access control, physical security, backups, two-way
password authentication, antivirus software, access control, and encryption are a few security
measures for ensuring confidentiality (O’keefe & O’Brien, 2018). Setting compliance data
management standards and rules for managing devices and data use, acquisition, storage,
sharing, and disposal can also ensure private data remains confidential and does not land in the
hands of hackers or unauthorized personnel. Organizations can also design and implement
quality health IT systems and software programs and other ISO-certified technologies to
minimize potential system errors. ISO-certified technologies are built to meet all the security,
communication, and data sharing standards. Finally, enterprises can set up data privacy rules
according to the HIPAA Security and Privacy Rules to ensure all staff members share
information only allowed by these regulations.
Summary of the Core Area and Concerns of the Most Vulnerable in the Data Protection
Area and Potential Data Governance Solution to Prevent Future Occurrences
Data integrity and security are the major and most vulnerable concerns and core data
management areas. Data integrity relates to invalidity, inaccuracy, and unreliability of
information or data shared across networks. The major cause is often a lack of quality systems,
infrastructure, and processes for creating, sharing, accessing, storage, and disposal of valid,
accurate, and reliable data. Essentially, several security factors can threaten data integrity,
including lack of elementary security monitoring, excessive levels of privileged access, and
improper maintenance of devices, networks, and systems. Therefore, to prevent future data
integrity breaches, health IT teams must introduce validation measures, systems to back up and
clean up data regularly, and audit changes to permissions and data (Robinson, 2020).

12
ii. Mastery: Prioritizing the Core Areas of Quality, Security, Privacy, and
Compliance
Data governance generally refers to managing the integrity, usability, availability, and
security of data within internal enterprise systems and using standard industry policies, codes,
and rules. One major responsibility the team often holds is guaranteeing quality, security,
privacy, and compliance. The most remarkable role of the data governance team is to guarantee
data quality, reduce management costs, improve access to the relevant data across all
organizational areas, decrease risks of errors, and ensure clear guidelines and rules about access
to data are developed and enforced complied to.
Prioritizing each core area of quality, security, privacy, and compliance is unique to the
data management process. For example, data quality ensures that people vested with the
authority to make decisions make sound and informed judgments. This can significantly lower
the error margin, conflicts, and potential cost implications arising from data misinterpretation.
Data security can lower potential litigations arising from ethical standard breaches like privacy
and confidentiality violations. Finally, compliance is focused on ensuring that the modeling of
algorithms and information systems, storage and processing of data, and its use are done
according to the laws and policies governing the industry (Jaeger, 2008).
Part 3: Social Media Use and Data Governance
i. Why Social Media Use can be a Data Governance Concern
Data governance issues often arise when organizations fail or cannot control and monitor
how their information systems and the data generated within the organization are used, stored,
and shared. This is usually associated with non-compliance and failure to observe industry-wide
rules, policies, and regulations governing information creation, sharing, storage, and disposal.

13

Today, social media poses one of the greatest concerns to the proper governance and
management of enterprise data. A majority of the youthful clinicians today from Generations Y
and Z are addicted to the internet and often attempt to use it in clinical settings. However, its use
is restricted because of the potential of breaching privacy and confidentiality rules. In the US,
displaying information on social media accounts like Facebook and Twitter that can reveal a
patient’s or client’s identity or confidential information is considered a breach of the HIPAA
Rule. It can be punishable by fines or cancellation of the practicing license. Such confidential
information includes clients’ social security numbers, residential addresses, names, mobile or fax
numbers, and full-size photographs. Managing or governing data on social sites like Facebook,
Instagram, or Twitter can be hard for organizations considering its scope (Khan, 2017).
ii. Data Concerns for Using social media in an organization
Multiple data concerns can be associated with social media use in an organization. These
concerns include quality, security, privacy, respect for individual rights, compliance,
confidentiality, bias, integrity, informed consent, transparency, and responsibility. A social
media company is a platform open to millions and billions of subscribers. Controlling the flow of
information on these platforms is often beyond the control of individual organizations. Hackers
and cybercriminals can use these platforms to stage ransomware attacks or steal confidential
information from companies. Considering that these social networks have fewer security
measures can predispose organizations and their members to security, confidentiality, informed
consent, and privacy issues. At the same time, these sites are unregulated and published, or
printed information can sometimes be unverified, leading to quality, integrity, and transparency
concerns (Brown, 2009).
iii. Ethics and Data Governance Methods to Mitigate the Data Concerns

14
There are multiple data governance approaches that organizations can institute to ensure
data concerns arising from social media use are addressed. One such way is establishing
organizational rules and standards that stipulate what staff members can do and what they should
avoid (Khan, 2017). For instance, a healthcare institution can set a rule that requires all staff
members to avoid using social media while using the facility’s network. Another strategy is to
train workers on appropriate social media practices and standards, including what to avoid
posting on social sites like patient information.

References

15
Brown, R. (2009). Public relations and the social web: How to use social media and Web 2.0 in
communications. Kogan Page.
Dennis, A. L. (2017, Sep 21). Case study: Three strategies for data governance. Dataversity.
https://www.dataversity.net/case-study-three-strategies-data-governance-success/
HealthIT.gov. (2017). Benefits of health IT. https://www.healthit.gov/topic/health-it-and-health-
information-exchange-basics/benefits-health-it
Ibrahim, S. A., Charlson, M. E., & Neill, D. B. (2020). Big data analytics and the struggle for
equity in health care: The promise and perils. Health Equity, 4(1), 99-101. doi:
10.1089/heq.2019.0112
Jaeger, T. (2008). Operating system security. Morgan and Claypool Publishers.
Khan, G. F. (2017). Social media for government: A practical guide to understanding,
implementing, and managing social media tools in the public sphere. Springer.
O’keefe, K., & O’Brien, D. (2018). Ethical data and information management: Concepts, tools,
and methods. Kogan Page, Ltd.
Robinson, P. (2020, June 17). What is data integrity, and how to reduce data integrity risk?
Lepide. https://www.lepide.com/blog/how-you-can-improve-data-integrity-in-3-easy-
steps/
Willis, B. (2020, Jan 10). Three categories of security controls. IBMC.
https://www.lbmc.com/blog/three-categories-of-security-controls/
Winter, A., et al. (2017). Quality requirements for electronic health record systems. A Japanese-
German information management perspective. Methods of Information in Medicine,
56(7). doi: 10.3414/ME17-05-0002