Abstract
The proliferation of sensors, electronic payments, click-stream data, location-tracking, biometric feeds, and smart home devices, creates an incredibly profitable market for both personal and non-personal data. It is also leading to an amplification of harm to those from or about whom the data is collected. Because federal law provides inadequate protection for data subjects, there are growing calls for organizations to implement data governance solutions. Unfortunately, in the U.S., the concept of data governance has not progressed beyond the management and monetization of data. Many organizations operate under an outdated paradigm which fails to consider the impact of data use on data subjects due to the proliferation of third-party service providers hawking their “check-the-box” data governance systems. As a result, American companies suffer from a lack of trust and are hindered in their international operations due to the higher data protection requirements of foreign regulators. After discussing the pitfalls of the traditional view of data governance and the limitations of suggested models, we propose a set of ten principles based on the Medical Code of Ethics. This framework, first encompassed in the Hippocratic Oath, has been evolving for over one thousand years advancing to a code of conduct based on stewardship. Just as medical ethics had to evolve as society changed and technology advanced, so too must data governance. We propose that a new iteration of data governance (Next-Gen Data Governance) can mitigate the harms resulting from the lack of data protection law in the U.S. and rebuild trust in American organizations.
Citation
Kimberly A. Houser & John W. Bagby, Next-Generation Data Governance, 21 Duke Law & Technology Review 61-106 (2024)
Available at: https://scholarship.law.duke.edu/dltr/vol21/iss1/2