ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Hexa-dimension Metric: Not Just for Data Privacy Protection

The Hexa-dimension Metric:  Not Just for Data Privacy Protection

| Published: 12/29/2016 3:08 PM | Category: Privacy | Permalink | Email this Post | Comments (0)

The Hexa-dimension metric is an initiative that was prompted by the phenomenon that ramifications for privacy breaches are seldom satisfactory, no matter how meticulous the decision-making process. The reason for this lack of satisfaction is that consequences are argued in rational, logical and financial terms only. This deficiency leads me to reflect on the status quo:  the solution that is derived from the Herbert Simon decision-making model, which is the guiding light for decision making and deep-rooted in our thought and practice of management, is congenitally defective. We need to improve the decision formulation. The Simon doctrine does not deliver a satisfactory decision because decision makers are not always rational and are sometimes judgmental, emotional or reliant on escalation of commitment. In addition, the decision variables are considered in financial terms only, but risk and cost can be ethical, social, legal, technical and ecological in nature.

A New Risk Paradigm
We always take risk for granted as a technical concern and measure it in economic and legal terms. It is, in fact, a managerial concern also and should be evaluated in sociotechnical, legal and financial terms. A shift of the way risk is viewed is necessary.

The 6-d Operationalization Framework for Striving for Balance/Trade-off
A justifiable return and an optimized rate of utilization for the hefty investment in expensive technologies are expected. Measuring success at this point, in financial and technical terms, is essential. Because the huge amount of generated information can be abused, legal and ethical issues arise. The use of the information may serve some well, but not others; therefore, a social issue immediately emerges. As more technologies are used, more natural resources are consumed, and the impact on the environment must be considered.

To arrive at a satisfactory solution, decision makers must consider financial viability, technical effectiveness, legal validity, ethical acceptance, social desirability and ecological sustainability. To balance, or strike a tradeoff among, and measure the 6 attributes, I recommend the adopted Ethical Matrix that is embedded in the 6-d Operationalization Framework. The Ethical Matrix is also good for clarifying/determining the pragmatically ethical and effective, in ethical leadership and effective leadership, for which all professionals strive, and is not just for data-privacy-protection policy formulation.

Read Wanbil W. Lee’s recent Journal article:
An Ethical Approach to Data Privacy Protection,” ISACA Journal, volume 6, 2016.


There are no comments yet for this post.