Minimum viable data collection

I worked for the federal government for several months in 1989. Along with at least 21,499,999 other people information that can be used to identify me (and as me) was stolen from the U.S. Office of Personnel Management. I held up the letter I'd received about this while giving a speech recently (hard copy, put it back in my pocket immediately) and several people in an audience of foundation and media professionals nodded and raised their hands. They'd received the same letter.

Government, hacked. Big companies (Sony, Target, etc), hacked. Health insurers, hacked. 

Nonprofits and foundations - really? You think you can protect our info? I don't. Individually and collectively I think you lack the resources, the skills, the financial capacity, and, sadly, probably, the knowledge and the will.

So, please, reconsider your collection policies.

What do you really need to collect? From whom and why? What are you using it for? What information proxies might you use instead? Can you store the info offline (disconnected from the Internet). Can you destroy it, please, after you've used it?

Can you answer the evaluation questions you have and attain the program improvement you seek and create datasets with research and policy value without collecting information that can be triangulated back to identify individuals? Without collecting any personally identifiable information (PII)? Really? I bet you can. At the very least, I bet we can all do much better at this than we have been.

If we think hard and creatively about it I bet we can have both - the answers we seek and the privacy we are ethically obligated to provide. The privacy we seek to respect is also a precursor to the "open" we claim to want.

Tech start ups and design engineers love to talk about "minimum viable product." This means getting the most basic functionality out to the public and in use as fast as you can. This reflects the value they place on feedback, iteration, and moving fast toward market share.

In civil society, our approach should reflect a different set of values. Seeking public benefit while respecting private choice. This calls for a different approach - "minimum viable data collection."

Let's do it.

No comments: