As usual, the November 2019 VMSA Supplier Summit we attended was a bustling event packed with lively debates. During one particularly candid MSP roundtable discussion, we touched on the topic of ethics in the industry—not just in the sense of supporting our clients and candidates with integrity, but also about how we manage data in our increasingly digital ecosystems. The recent controversy surrounding Google’s privacy violations, involving more than 50 million health records, naturally came to mind. But it’s not just an issue that affects tech giants such as Facebook and Google. Like most things these days, recruiting and hiring efforts also transpire in the cloud. Data has become paramount. Yet, extracting more and more of it without the proper protections has created a new bonanza for hackers and cyber saboteurs. That’s why contingent workforce leaders should include data ethics—not just data aggregation and analysis—into their strategies for 2020.
Has Google Done Something Evil?
If you peruse the EULAs that pop up before eagerly signing on to use a new Internet service, you may be surprised to learn how willingly we give away our protections when it comes to personal information. “We have few rights and little expectation of privacy, except when it comes to our medical records,” wrote Julia Carrie Wong for The Guardian. “Even doctors who have our best interests at heart must get permission to access our data under the Health Insurance Portability and Accountability Act (Hipaa).” However, that foundation seems to have been shaken, as Wong explained in her article about Google’s transfer of medical records from Ascension:
So it was truly shocking to learn this week that a business partnership between Google and Ascension, a major hospital chain and health insurer, has resulted in the transfer of 50 million Americans’ most intimate medical records to the Silicon Valley company, without the knowledge or consent of those 50 million patients. Even more alarming, the records are not de-identified, and a whistleblower disclosed to the Guardian serious concerns about the program, including that individual staffers have downloaded patient records.
It took less than 48 hours for federal regulators to announce an investigation into the partnership. Google and Ascension both claim that they are fully compliant with Hipaa, but there are few reasons for the public to trust them. The combination of a data-hungry advertiser and a cost-cut-seeking health insurer is truly dystopian. The fact that a whistleblower was disturbed enough to risk their job is alarming.
It’s not just about data security, though. It’s about data integrity and ethical use. Our own industry isn’t immune from threats. We’ve seen cases go to court where staffing providers have been accused of falsifying candidate records, attempting to manipulate the E-Verify system, misrepresenting claims, and more.
Data Problems Are Human Problems
When data violations occur, the problems are almost always human in nature. They can be unwitting mistakes such as substandard, poorly implemented or outdated security protocols. In rarer cases, they can be intentional. Regardless of the cause or the figurehead who must shoulder the blame, there exists an entire network of people who contributed (knowingly or not) to the issue: executives, software developers, engineers, data analysts, product managers, data storage and processing specialists, and other people responsible for the code and algorithms that facilitated the violation. The good news is that because it’s a human problem, there’s a human solution.
Talking and Teaching Data Ethics
In many ways, problems that lead to data breaches are more human than technical in nature. For example, credit card details don’t appear in an enterprise data warehouse without an invitation. Neither do sensitive candidate details. After the information is stored, software is written to link a user’s profile to the personal data collected. The technical staff is involved both in designing the algorithms and implementing the code. Developers are engaged to perform the work based on the business need. The point is that every aspect of data accumulation, storage and use is an intentional process undertaken deliberately by humans. So it also stands to reason that misuse or abuse also fall within that realm.
Kaiser Fung, who leads the Applied Analytics program at Columbia University, observed that other business needs often take precedence over data ethics in the decision-making process: “Managers debate topics such as product innovation, user experience, resource requirements, competitive strategies, and return on investment.” Educating tech teams on the ethical standards of processing that data, however, seldom takes place.
Ensuring Ethical Data Use
Our clients and our talent have placed their trust in our abilities to keep their information secure, accurate and free from misuse. Here are some simple ways to ensure that technology leaders in the contingent workforce industry excel.
- Develop or refine onboarding processes to include training that covers the ethics of data use and handling.
- Bring in internal or external legal experts to coach team members on the legal obligations and best practices for data processing, storage, analysis and distribution.
- Ensure that all applicable contracts or agreements contain solid terms and conditions for data standards, and that related stakeholders are knowledgeable of them.
- Work to promote a business culture for tech teams that encourages open, supportive communications; team members need to be comfortable discussing or identifying topics related to data ethics, and managers must be willing to engage in those dialogs by creating a safe, repercussion-free environment.
No two companies will necessarily have the same processes, yet establishing and enforcing ethics standards is critical. They must be transparent, agreed upon, communicated, and monitored.