Data Privacy, Sharing Tax Data, and a New Hippocratic Oath
Evidently the IRS thinks it is just fine if tax preparers are allowed to sell your tax return data and information. Here is a link to one story about this travesty: The Internal Revenue Service is quietly moving to loosen the once-inviolable privacy of federal income-tax returns.
If it succeeds, accountants and other tax-return preparers for the first time would be able to sell information from individual returns -- or even entire returns -- to marketers and data brokers.
Do you really want your personal tax data to be seen by marketers? By anyone (other than the IRS)? We are forced to provide the IRS with information about our salary and more because it is our civic duty to pay taxes that fund our government and the social services that go along with them. Why should this information be made available to anyone else for any reason whatsoever?
Even uglier is the surreptitious manner in which this "new policy" was introduced. The Houston Chronicle correctly refers to it as stealth regulation.
This is just one more in a long line of ugly legislation and policies that is stripping people of their privacy and the right to control their personal information. We must fight this however we can. As data professionals the best thing we can do is to work with other people's data the way we would want our data treated. This can be viewed as a sort of golden rule for data treatment.
Maybe we need a data professional's creed like the Hippocratic Oath that doctors take. Maybe something like this:
I give my word to keep according to my ability and my judgement, the following Oath.
"To consider dear to me the trust placed in me to faithfully protect and be a good steward of the data and information with which I come in contact. I will enact proper procedures and security for the good of my company's customers according to my ability and my judgment and never do harm to any data entrusted to me.
To please no one will I cause any data to be breached nor will I give advice which may cause a data breach.
All that may come to my knowledge in the exercise of my profession or in daily commerce with men and comapnies, which ought not to be shared, I will keep secret and will never reveal.
If I keep this oath faithfully, may I enjoy my life and practice my art, respected by all men and in all times; but if I swerve from it or violate it, may the reverse be my lot."
Is that a reasonable thing to expect of data professionals? What do you think?
I don't think an oath like you suggest for DBAs would be "the answer" (although it might be one component in the answer).
The trouble is that, as a DBA, I am rarely given the power to implement this sentence in the oath -- "I will enact proper procedures and security for the good of my company's customers according to my ability and my judgment and never do harm to any data entrusted to me."
Sometimes company policies are dictated to me. My only recourse is to implement them or quit.
In most cases, I am told that I'm responsible "for implementing good data protection policies." But then I am given no control over my time. So I'm held responsible but haven't been given a fair chance to do a reasonable job.
Bottom line -- as a DBA I'm rarely the decision maker. We need national laws that either mandate safe treatment of data or enforce penalties otherwise.
Replies to this comment