Data leakage or devalued information: Heads or Tails?
by James Turner
IT security writer, James Turner finds a link between the results of a university study in the United States and the problem organisations face from improper data handling.
A study by Dan Batson at the University of Kansas in the United States produced the fascinating and yet strangely intuitive finding: people like giving the appearance of being altruistic when in fact they are not.
The study placed a person or "subject" in a room and then one of the experimenters gave the subject this information: that the subject and a teammate had won a ticket to a draw for a desirable prize. It was not possible to split the prize, so it was up to the subject to choose who should get the ticket: themselves or their teammate?
The subject was then advised their teammate would be told that the result (who got the ticket) was selected by chance and that some people like to flip a coin to help them make the decision. The subject was then given a coin.
Roughly half the subjects did not flip the coin and, as we might expect, 90 per cent of those non-flipping subjects chose themselves to receive the ticket. They knew that their teammate would not know and they acted in pure self interest. And fair enough too. After all it was their decision to make.
Now here is where it gets interesting. Batson had surveyed the subjects prior to the study and found that the people who were most expressive about their desire to help others were also the most likely to use the coin. Yes, this is very interesting! They wanted to use an impartial mechanism so as to avoid being unfair.
Incredibly, though, the subjects who did flip the coin had the same likelihood (yes, 90 per cent) of coming out of the room as the designated recipient of the ticket.
So what on earth just happened to the laws of probability? The conclusion drawn is that people who consider themselves to be moral and more aware of social responsibility are more likely to want to be seen to be doing the right thing, will then do what they want and find a way of justifying it later through moral arguments. (I have simplified some of the details, but I am also constrained by space).
We can learn from this study
Where we can learn from this study is by using this perspective: in this study there was no harm from the subject making a self-serving decision. By the subject choosing for themselves over their teammate, the teammate did not have any material loss. The teammate did not have the ticket before and they donít have it now.
A specific area where I think many people are likely to come unstuck from their moral foundations is in the value of information.
When the vast majority of our daily work involves handling data at a digital level, and we get used to the fact that it can be endlessly duplicated with no loss of quality, then we can find ourselves drifting towards a state of complacency towards the value inherent to the data. When data is so freely available and easily accessible it can seem like it has no value. Of course, this is not the case.
In fact, harm can and does occur from improper data handling and this was one of the drivers for software vendors to develop Data Leakage Prevention (DLP) technology. I maintain that the area of DLP will be a flash in the pan for the IT security market, though.
Devalued information is not a problem we can fix through more technology. DLP technology belongs in larger information management product suites which help information workers manage information flows.
Inherent value of information
So, if we think about the inherent value of information, and the lessons from Batsonís study, we should then take the opportunity to look at the level of education and training which our employees have around the value of the information they deal with.
Specifically, we need them to be completely conscious of the harm that can come from mishandling information.
Devalued information is a people management issue. it is a problem perpetrated by people, and it can only be addressed by people.
About the author: James Turner is an advisor with IBRS, an Australian company that provides research and advice to IT and business managers in Australasian organisations. James specialises in the IT security sector. www.ibrs.com.au