Digital data further blurs boundaries between sectors

The White House released its report, Big Data: Seizing Opportunities, Preserving Values, yesterday.

The only place the word "nonprofit" appears in the report is in the appendix explaining where public comments to the process came from. The report focuses on the collection, use, sharing, storing, mining, retention, and destruction of personally identifiable data by corporations. Many analysts have already commented that the report was timed and designed to draw attention away from the government's own practices regarding data collection, use, sharing, storing, mining, retention, and destruction of personally identifiable information. The report rightly points out the potential of digital data for efficiency and convenience and the perils it poses in terms of due process, discrimination and privacy.

Regardless, no attention is paid to the role of digital data in civil society, philanthropy, and the social sector. (This despite the fact that several of the public meetings held to inform the report were coordinated with university and nonprofit partners.)

Nonprofits and foundations do all the same things with digital data that businesses do - they collect, store, use, share, mine, retain, and destroy it. They may not do it on the scale of business or government, although certainly nonprofit research universities, hospitals, and science centers are pretty big. Often nonprofits will do everything they do with digital data on commercial services - internet service providers, telecommunications companies, and broadband providers. In this blended reality, where you willingly give your cell phone number and email address to the politically active social welfare organization you support because you think that that information will be kept private, you'd be wrong. If the organization stores the information on commercial cloud servers, moves their information over telecommunications firms wires or broadband connections, or made it easy for you to sign up with an online form, your information - and its connection to that organization - is already being stored somewhere else. It is subject to the same rules of disclosure or chance of being hacked as data on you collected by a commercial app or website.

Do we care? Should we expect nonprofits to treat our data differently? Do we want the text message alert system we agree to from our kids' after school program or the prenatal clinic or the cause-related group to be protected somehow? Do donors opting for anonymity in their charitable giving expect that their online interactions with the groups they support will somehow stay unreleased, protected, anonymous?

Does civil society have a set of values and/or norms that should be brought to bear in how organizations working within it treat digital data? If so, what are they? Given how digital data flattens terrain between organizations - it may be collected via a nonprofit website that is hosted on a commercial service - how will nonprofits express those values, how will they treat those data, and how will they affirm the expected norms with the constituents and donors they serve?

Nonprofits are distinguished in the corporate code by the rules that govern how they manage financial assets. Excess revenue above costs must be returned to the mission (it cannot be distributed as profit) and the enterprise has no owners. What are the analogous structures for governing digital data? Once we figure out how we expect nonprofits to value and protect our digital data, perhaps we'll look at how those practices need to be encoded into the organizational structure.


Dale T said...

When you say encode into the structure of the organisation a set of values I presume you mean more than simply identifying a set of organisational values in a brochure or in a wall plaque? I only ask as these minor efforts to identify the organisation's values to the public or other entities I often find spectacularly ineffective as the idea of organisational values is for many organisations an afterthought, that as an organisation they should have instead of must have. I'm also often concerned by the origin of the organisation's values, as they can have little input from the employees, volunteers and public.

Lucy Bernholz said...

Hi Dale

Thanks - yes, I know what you mean about empty value statements. I am actually thinking along the lines of literally "encode" as in the statutory requirements for nonprofit organizations. Just as the corporate code now defines NPOs as orgs that don't distribute surplus revenue and have no owners, perhaps there is a requirement about the ownership/treatment/governance of digital data we should be thinking of for the long term protection of the public interest?


Peter Manzo said...


Thanks for your post, it raises some interesting questions.

On the encoding question, I wonder if the coding of the rules should be done with regard to the type of information and its purposes, rather than by the type of entity that holds it (so, not encoded in the tax rules governing nonprofit status). You've probably seen Alastair Croll's suggestion that we should "link what the data is with how it can be used. I might, for example, say that my musical tastes should be used for song recommendation, but not for banking decisions." Not sure how to do that, but it sounds like a good place to start.

Also, on how nonprofits approach this kind of information, it seems philanthropy and nonprofits don't use their access to personal information as well as they could to better target funding and services. Is it because they respect and protect privacy more than for-profits or governments do, or is the reason less noble—that we simply don’t know how to take advantage of it in these ways, and can’t afford to do it? Or worse, are we just being squeamish—do we shrink from the hard question of whether we have an obligation to use personal data targeting to prevent harm - for example, to use commercially-collected data to reach out to people who may be eligible for food assistance?

(Full disclosure: I tried, unsuccessfully I think, to address some of these issues in an SSIR post last year.)

Lucy Bernholz said...

Super important point - see this response -