Data privacy is an important policy element for any organization, and one that has been receiving more, but perhaps not enough, attention. Honestly, I did not expect this to be a controversial issue, but it has become one in the United States and probably elsewhere. Organizations that operate outside the boundaries of countries with very strict data privacy standards (such as those in Europe) are going to have to decide whether to share learners’ personal data.
Who would be interested in buying such information? For one, an organization looking to recruit a person with certain skills or interests, which may be gleaned from the number and type of modules in the learner’s profile. This allows the provider to generate a revenue stream by selling information of value to recruiters. The information may also be of interest to sellers of learning content for the insight it could provide on the types of learning taking place in an organization.
This is not necessarily a problem if the user is engaging the content provider on their own time outside of work. We make decisions all the time to freely provide information to sellers and others about ourselves which they can use to tailor their marketing to us or sell to others. The issue for your organization arises when you contract with providers to make their content available to your employees and when the provider insists your employees sign their user agreement which allows them to sell your employee’s personal information. If the providers you are using follow this same policy, I submit that you have a data privacy issue.
Like I said earlier, I had not expected this to be an important issue for us, but I think it is. And it may well be that most employees don’t mind that their personal data are being sold, but does that make it alright? Last, let’s come back to the likely buyer of this information: an organization that is recruiting talent. Do you want to make it easy for them to recruit your employees? Of course, your employees may update their profiles on their own time for the express purpose of finding a new job and there is nothing you can or should do about that. So, the issue is just how easy you want to make it for recruiters to find your employees.
There are no easy answers to these questions, but I believe we need to address them. Some organizations (like libraries) that were using these providers stopped using them when the providers mandated that users sign the user agreement allowing their data to be shared and sold. Unquestionably, these providers make content available that benefits both the organization and employee, but what responsibility does the organization have to ensure data privacy? This is the bottom-line issue.