The data ethics principles cover all types of data collected, analysed, stored, shared, and otherwise processed.

The principles draw on established concepts in privacy, bio- and healthcare ethics, human rights, and business ethics to ensure we work with data in a way that maximizes benefits and minimizes harm for individuals and society.

We are in the process of expanding our global data protection programme, to cover data ethics through policies, training, communication, monitoring activities and audits. 

Data should be collected and used in ways that are consistent with the intentions and understanding of the individual. Best efforts should be made to make individuals aware of how their data will be used and, where appropriate and possible, offer them choices about who has access to their data and how it may be used.

Individuals should be informed, in a manner that is appropriate and understandable to the relevant audience, regarding:

  • the type and extent of data collected about them, 
  • how it will be used (including, to the extent possible, secondary uses of data), 
  • how technologies are used to aid databased decisions that impact them,
  • how their rights (including the right to privacy) are protected, and 
  • what actions they may take to exercise their rights.

Legally permissible limitations on such rights should be clearly explained. Data governance standards and practices should be made available for public review, when appropriate.

Data use should include processes to identify, prevent, and off-set poor quality, incomplete, or inaccurate data.

When data quality, completeness, or accuracy presents risks of bias or harm to the individual, processes for the mitigating these risks should be pursued and documented.

Engaging a diverse set of stakeholders in decision-making around data use and development of technologies to leverage data can build trust and support efforts to eliminate harmful biases. Technologies leveraging data should also include data-driven processes for quantifying the potential for bias in the populations in which they are being deployed.

This includes having processes in place to identify, assess, and mitigate risks of intentional and unintentional discrimination and bias, breaches in privacy and security, physical harm, and other adverse impacts on individuals.

Protecting privacy also includes applying strong cybersecurity standards (as well as notifying individuals when their data is breached, where the risk to the individual is deemed high) and appropriately preparing the data for use (e.g. anonymization and pseudonymization techniques where relevant) and restricting re-identification of anonymized data without permission.

Data should always be obtained by legitimate means, and there should be designated individuals accountable for protection and confidentiality of data.

Third parties working with IFPMA members should be informed about and expected to adhere to these principles.

In addition, data interoperability initiatives should prioritize, include, and support ethical and responsible data sharing practices.

Senior management should be aware, and ensure the application, of ethics principles in decisions around the use of data in strategic activities.

Your Career Guide