This week's editorial is a guest post from Phil Factor.
As a data guy, I always smile when application developers refer to ‘their’ data. If only it were that simple.
Data generally has an owner whether it is as simple as a weblog or as complex as healthcare patient data. The owner may be you, or the company that employs you. Most likely, it actually belongs to your company’s customers. In any organisation, or in society at large, several people and agencies will claim to be, as part of their role, the custodians of the data, and therefore requiring reasonable access. Any application that handles data, in whatever form, must handle it correctly and the custodians of the data must be able to check this. The role of the DBA is essential to make sure this happens
Where the data belongs to the user, customer, client, or perhaps a patient, the organisations that collect or use that data generally have a duty of care over that data. Legislation varies. In the UK, there is not only an obligation to keep personal data private, and safe from destruction, but also an obligation to keep personal data accurate and up-to-date under the Data Protection Act, enforced with six-figure fines. Organisations tend to want to ensure that they comply with legislation about data, It isn’t just the fines, but the expensive and time-consuming legal actions that tend to accompany cases of data misuse.
Whoever owns the data, if it is about people or organisations, then there are ramifications. Simple usage data, such as phone-call information or shopping habits, must be retained for a period, and then must be erased. When it comes to journalistic facts, it gets more complicated. ‘Reputation’ is a minefield. Whether intentional or not, people’s transgressions are forgotten about over time. Whereas the printed record can moulder unread, this is difficult with a computer. There is now case law which enshrines the individual’s right to have unfortunate facts taken off the record. It may sound odd, but It is the only way that redemption can really work.
Even if the data is just about usage, the result of tests, or other apparently-innocuous sources, there may be unexpected requirements for access. Within any substantial organisation, there may be a variety of business functions that will need access to the data, or aggregations from it. Business decisions are taken from the data, either objectively or from a gut reaction based on a summary. They need access to it.
It isn’t just the company that needs access to data. In the course of my database career, I’ve been occasionally obliged to provide data on behalf of my employers as evidence as part of criminal, anti-terrorist, or fraud proceedings. Sometimes, this data is apparently innocuous but provides corroboration for data elsewhere.
Newcomers to the IT industry seem entirely unaware, or bored by, the idea of the human cost of mishandling data. If you feel the same way, then beware. Those boring compliance checks, reviews and inspections before deployment could save you from a sudden career-truncation.