Sharing Data

Sharing personal data is essential for most of us to do our jobs.  But there is a right way to do it and good reasons to understand why it is important.  It is important because people provide some of their most personal information to your organization and they trust you to keep it safe and confidential.  Plus, you want to honor their wishes for how it is used and only use it in a way that they would expect and understand.  Never share personal data with someone who would abuse this trust.

You should have confidence when you are sharing personal data both internally, between departments, and externally, outside your organization. 

Here are a few things to remember:

• All data about a person is considered personal data and should be protected.

• Ask why the person needs the data and ensure it aligns with the business purpose.

• Share only the minimum amount of data required.  If the person you are sending the data to doesn’t need the person’s contact information, don’t share it.

• Demographic questions like sexual orientation, gender, and ethnicity are considered ‘sensitive’ personal data and should only be shared as a number like this:   5 out of 47 participants identify as transgender Asian people.   

• Demographic information should not be shared when it directly relates to an individual like this: Sally Smith from Denver Colorado identifies as a transgender Asian person.

• External sharing of personal data to a vendor or non-co-worker is usually strictly prohibited unless authorized by your organization and where appropriate, a contract with data security terms should be in place.

• Ensure controls and protections are in place that are appropriate with the level of sensitivity and value of the data.  The more sensitive the more control and protection.

• If you share personal data in an email, always encrypt the email.