An Ethical Framework for Enterprise-Wide Data Integrity

Data integrity means different things to different people. To the IT Security group, it’s the assurance that information can be accessed and modified only by those authorized to do so. To the Database Administrator, it’s making sure data entered into the database are accurate, valid, and consistent.

To the Data Owner, it’s a measure of quality, with appropriate business rules and defined relationships between different business entities. To the Regulator, data integrity is the quality of correctness, completeness, wholeness, soundness, and compliance––along with the intentions of the data’s creators.

This difference in meaning creates fertile ground for miscommunication and misunderstandings, setting the stage for poor activity performance due to unclear accountabilities.

Free white paper: Ensuring Enterprise-Wide Data Integrity in FDA-Regulated Industries

Notwithstanding the impossibility of eliminating all vulnerabilities to data integrity in the organization, controls should be established to reduce the propensity for data integrity errors and vulnerabilities. Such controls should integrate and coordinate the capabilities of people, operations, and technology through a data integrity assurance infrastructure.

We highlighted the key ethical pillars that support an effective framework for data integrity below.

Ethics: The Foundation of Data Integrity

Ethics are the criteria by which those in your organization base their actions and decisions. While the topic of corporate ethics is a massive area of study, we’ve highlighted seven essential elements company executives should use to guide their own ethical codes and directives.

1. Assume people behave differently alone than when in a group

Studies in behavioral psychology suggest that individuals can take on very different personal codes of ethic in the home versus in their place of work. While someone may be honest in certain settings, they may embody a whole different set of values in others.

Read Also: 6 Ways to Ensure Data Integrity in FDA-Regulated Industries

2. Establish a clear policy on ethical standards or codes of conduct

Company leaders should establish clear policies on ethical standards and codes of conduct to make these values clear to those who may act perniciously in the absence of clear direction. Avoid obscuring ethical policies and directives with complex and obscure language. Policies must be understood by everyone in the organization if they’re expected to be followed.

3. Develop management practices and supervision to encourage reporting problems

Everyone in the organization should be encouraged to report issues without fear of retaliation. Establish a company telephone number for reporting issues anonymously by voicemail.

4. Approach problem-prevention and problem-solving constructively

Always consider ways staff can work together to mitigate risks and solve problems.

5. Identify root causes without finger pointing

Creating a culture of fear will only prevent staff from risking the consequences that could result from an investigation. Make it clear in your code of conduct that when issues arise, root cause analysis will be conducted without finger pointing and blame.

While situations involving intentional fraud or reckless negligence must be dealt with, some issues arise from honest mistakes and should be treated as such with the aim of productive correction and prevention.

6. Create an Ethics Standard Operating Procedure

The SOPs related to ethics should be clearly presented in two key documents:

• The Ethics Directive: This should outline the moral principles on which the company works. This should not be a dense or lengthy document––two pages at most. Think of this as a list of maxims by which anyone in the organization can use to make a sound decision.
  
  
• The Code of Conduct: This covers the behaviors expected of staff. For data integrity issues in particular, the company should offer a telephone number for reporting issues observed on-site anonymously, which should be followed by an investigation. The code of conduct should also make repercussions clear. Any indications of deliberate efforts to falsify data with intent to mislead will result in termination. Don’t leave any grey area of interpretation.

7. Create an Office of Ethics Compliance and staff it with an expert

Ethics form the foundation of all activities related to data management and governance. As data integrity grows more complex, a dedicated office should serve as a constant authority over all actions taken throughout the organization.

Want to learn more about ensuring data integrity throughout your organization? We've compiled expert insights from some of the industry's top data integrity professionals and wrapped them into a free white paper explaining how to implement just such a system in your organization while mitigating common compliance risks.