Today, the main topic on the radio happens to be the news regarding gathering the private data of citizens. There has been some talk about what is and isn’t secret. In some ways, we liken our data security to the ability to keep a secret. There’s sometimes a lot of discussion about how to keep secrets. Some people will ask questions such as, “Who do we tell? How do we distribute it?”
Here’s the first tip on keeping a secret – if you want to keep a secret, you don’t tell anybody. Once you tell someone, it’s no longer a secret. Secrets can’t be distributed or, by the way, they’re no longer a secret.
Not Telling Anybody
If we were to keep all our data secret – if we didn’t tell it to anybody, at all, then it would be useless to gather. If the data can’t be used within the concept of “knowledge management” in order to create strategic business information, then it’s not of any value. Data that can’t be shared for analysis is just that – it’s just data. That “stuff” that we gather is just data – it’s not information. It doesn’t turn into information until we “do” something to it or with it. Until it becomes information, it’s about as useful as any other random thing we might collect and never use.
Customers I’ve worked with who seem to keep their data secure don’t do it with secrecy – they do it with process and methodology. They train people to share the right information with the right people at the right time. They make it clear what they mean by “right.” In the spirit of “it’s not a threat – it’s a promise!,” they make it clear that those people who ignore the rules will be: fired/prosecuted/thrown into the deepest, darkest pit. For those who make a genuine mistake, it becomes a training issue – if a person didn’t understand, they weren’t properly trained, which means there is a possibility the training wasn’t sufficient, to begin with.
Most of this works only for data and information that can be justified. When companies cheat, lie or steal, those actions are difficult to justify – that information might be able to be kept under wraps for a while by creating an environment of fear, but it usually eventually emerges in one form or another. Illegal actions and improper conduct is not the type of data that I’m addressing, here.
Here, I’m writing about proprietary testing data on products or business knowledge gained through that testing. However, if the data shows the product to be dangerous and that danger is not disclosed to its users, please re-read the last paragraph for my opinion on that.