A CIO’s Code Of Ethics For Managing Company Data

A code of ethics has to be worth more than the paper that it is written on
A code of ethics has to be worth more than the paper that it is written on
Image Credit: Tom Lianza

As the person with the CIO job, it turns out that you have a daily job in which you are the person who is responsible for keeping control over your company’s data. Not only do you have to make good decisions about who can get access to the company’s data, but you also have to take the time to educate the rest of the company on how to behave ethically when it comes to dealing with company data.

It’s All About Information Flow

As CIOs, I’m hoping that we already realize that our company’s customer data is perhaps some of the most valuable data that the company has. What this means is that as the person in the CIO position, it is our job to make sure that this data is protected at all times. Not only do we have to set the rules for guarding this data, we also have a responsibility to make sure that the company’s employees understand both the rules and how to apply them. This can often create challenges when it comes to dealing with the company’s marketing department!

As the CIO you are responsible for how data flows within the company. This means that you are going to have to go about setting up systems that will allow data to flow from the low levels where it enters the company all the way up to the top where the senior management will make use of this data. You need to take a look at your internal systems and decide if you have a way to make sure that information gets into the right hands. Once the information is there, do you have systems in place that will ensure that follow up happens?

Not all data is good data. In fact, sometimes data is just plain downright bad data. Depending on how the CIO has got things set up within the company, employees may or may not be willing to communicate bad data up to their management. The CIO has to create a work environment where employees feel comfortable reporting accurate and complete information to their bosses. What you don’t want your employees doing is coloring information in order to provide their bosses with the inaccurate information that they think that they want to hear.

Data Has To Be Protected

CIOs realize that all data is not created the same. Data has a natural life cycle: it is created, it is used, and then potentially it will be disposed of. What this means for you is that you are going to have to create clear rules for the company’s employees so that they know what to do with it at all stages of its life cycle. You won’t be able to provide hands-on monitoring of every employee, so you need to know that they are doing the right things.

A big part of protecting a company’s data has to do with making sure that only the people who are supposed to be able to access data are able to get their hands on it. Who gets access to what will always be something that can cause conflict. Various parts of the company will be asking for more access to private data for a wide variety of reasons. As the CIO you are going to have to be willing to step in and make the hard decisions about who can access what. Please note that this means that you will end up not being everyone’s friend.

Since there is only one of you and there are a lot of other employees in the company, you are going to need to find ways to spread the responsibility for managing the company data out over other people. What you are going to want to do is to reward responsibility with trust. You are going to want to give the company’s managers decision making responsibilities about who they want to allow to have access to their data. If you do this right, then within the company people will have greater access to information, but only the people who really need to have access to it.

What All Of This Means For You

Within any company, the most important asset the company has is the data that it has collected about its customers and its employees. As the company’s CIO, it’s going to be your job to make sure that you control who gets access to that data. This is yet another one of your decisions that has to do with the importance of information technology.

Not only are we responsible for establishing the rules that govern who can access what data, but we are also responsible for making sure that everyone in the company knows what the rules regarding this data are. Data is only useful if it gets to where it can be used. This means that you are going to have to create paths for accurate information to flow from the bottom of the company to the top. This flow needs to happen even if you are asking employees to pass on information that is not positive information. The data that you are responsible for protecting has a natural life cycle and you need to make sure that employees know how to protect it at each stage of its life. To keep data secure you’ll need to take steps to ensure that only the people who should be accessing the data can get their hands on it. This is a big job and so you are going to have to enlist the help of your management team to make it happen.

Data is what allows our company to keep moving forward and competing in its markets. As the CIO it is our responsibility to create a code of ethics that relates to this data and to ensure that all employees both know and understand it. If we take the time to accomplish this, then we’ll be able to sleep at night knowing that the company’s data is secure.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: If you discover that an employee has been sharing data that they should not be sharing, what steps do you think that the CIO should take?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

I’m pretty sure that we all know who General Electic (GE) is. The company has been around for 124 years and employees over 315,000 people. The company has made everything from toasters to railway locomotives to aircraft engines to nuclear power plants. They truly understand the importance of information technology. As impressive as all of that is, it may start to pale in comparison to what the company is planning on doing now: completely changing how they evaluate their employees. As the person with the CIO job at your company, perhaps you should sit up and take notice of what they are planning on doing…