My son stood rubbing his head in silence with a pained expression on his face. It finally dawned on me what happened. My arms were full of long handled tools – a hoe, rake, cultivator – and a spade. As we past a tree, I saw a woodpecker fly away. I turned to look, which is when it happened. The ends of the tools had struck him unintentionally. I didn’t even notice till I turned back to him.
Thankfully there was no blood, he was more stunned than anything. We laughed about it, while I was secretly ashamed and thankful that none of the sharp parts had hit him. I should have known better. My parents, brothers, grandparents, uncles and aunts had all drilled into me how to be careful with tools. I was glad it was just a minor bump we could laugh about.
It’s surprising to me how often we unintentionally cause harm with how flippantly we treat the data of those we seek to serve. One story I’ll never forget is how a team made their process of dealing with complaints and feedback digital. Given they were working with highly vulnerable groups, it was very sensitive data. And they wanted to improve their process so they could provide better responses and care. So they went digital, DIY, and cheap. Unfortunately this meant the data they collected and used was publicly available and exposed. With a few clicks you could see who was complaining about what and about who, where they lived, and what sensitive health conditions they had. Not intentional, but a reality.
Thankfully we stumbled across this initiative in its early days and were able to fix the problem. So the harm was minor like my son’s sore head. But it could have been much worse.
Just because it is unintentionally does not mean we are not responsible.
Two of the most effective things we can do as organisations to reduce harm are collect less data and delete the data we collect. And yes, I know my organisations have policies requiring us to collect and hold onto data. However, many of these policies or requirements have been introduced and updated in the past decade. Therefore the policies are changeable. We can change them requiring us to collect less and delete quicker.
The choice is up to us.