II.2.5 Respecting Individual Privacy is Key

 Better safe than sorry!   - English proverb.   

When I left industry and came back to MIT nearly twenty years ago to study social networks, my late mentor MIT professor Thomas J. Allen, who had been examining social networks for over forty years, taught me two lessons: first - don’t trust surveys, and second – never disclose the name of an individual employee in the network to management. Tom had been studying networks of engineers  and researchers at large firms well before social network analysis as a discipline emerged, drawing complex network maps by hand, and authoring a seminal works in this area, “Managing the Flow of Technology”. He had collected all his networks through surveys, asking his users questions such as “whom are you asking for advice”, or “how satisfied are you with your workplace”? He had found that people forget very quickly, and that a network is only valid for the day when the question is asked. Already on the next day everything might have changed: the organizational structure, the office layout, the weather, and the mood of the person being asked. He also taught me to use very short surveys, ideally not more than three to five questions, otherwise people will not answer them, particularly if they are asked to answer them repeatedly.

The second learning, about respecting individual privacy, is even more important. Tom told me that in his forty plus years of doing social network analysis, he had never given any information about individual employees to management. If management insisted on getting individually recognizable networking information about a particular employee, Tom would refuse to do the project at this site. Tom was proud to tell me that he had never had any problem with his network research in his entire career while pursuing that approach. Only once did he break his own rule, and then by his own initiative to the advantage of both the company and the affected employee, when he noticed that management was about to fire the employee who – according to Tom’s network analysis – was the key connector and knowledge expert to whom all other employees went for advice. This employee just was not high enough in the hierarchy, and too modest to be on the radar screen of management, only Tom’s network analysis had brought his invaluable contributions to the company to light. 

In my own work I experienced this principle the hard way in I my very first e-mail social network analysis project. I was proposing an e-mail network analysis to a large high-tech company, however I had not built in safeguards regarding individual privacy. I was stopped cold in my tracks when presenting the project to the employees who were supposed to participate. I had previously introduced the project to management, which loved the idea. When I presented my slides to the employees, they told me that they would sabotage the project, as they did not trust their company to not use these insights for employee layoff and demotion.  The project was then canceled on the spot, and I had learned my lesson the very hard way. 

In a project about ten years ago at a large teaching hospital, I applied Tom’s privacy principle to the advantage of the participants. We were studying the communication among patients, nurses and anesthesiologists in the PACU (Post Anesthesia Care Unit) of the hospital. This was a beehive of over twenty patients waking up from serious surgery, cared for by over twenty medical staff simultaneously. We promised participants absolute anonymity, however, each individual participant could get an early version of their virtual mirror, a chart of their social network interaction, on paper in a sealed envelope. We measured interaction between medical staff and patients using sociometric badges worn by the nurses, and placed on the beds of the patients. We found that the more the nurses communicated with the patients, the faster and with less complications would the patients wake up. We also found that some doctors were surprisingly peripheral in this interaction network. When we presented these results to the nurses, they loved it, and were using their individual communication networks and insights for their annual performance reviews.

So, to reiterate, it is essential to treat all of the data that you collect with utmost confidentiality. The basic principle is to remove personally identifiable information (PII) in all interaction with management, and only present information about an individual to the affected individual with no way for management to eavesdrop. The manager and any other outside users will only get to see aggregated information about a team, department, business unit, etc. with no option to track down an affected individual. This means anonymizing all e-mail, sensor, and picture data and de-identifying it, storing the personal identifier and the data separately. Similarly, for instance when computing facial emotions, only the emotions should be stored, not the facial pictures, and also be de-identified. When calculating network variables from e-mail, only the de-identified networking and content variables such as degree and betweenness centrality, and emotionality, tribes, moral values, and risk-attributes should be stored, but not the content. 

I have been living by this principle since my big blunder in my very first (canceled) project, and it has served me very well.