What is Data Access, Usability, and Behavior?

Data access, usability, and behavior includes how different types of data (e.g., financial and employee success program data) is collected and stored in technology or paper-based systems across the organization, as well as the process of cleaning, transforming, and modeling data to discover useful insights for decision-making.

Why is it important?

Data access, usability, and behavior is important for employment social enterprises because it:

• Is a part of everything the employment social enterprise does: Data is included in and a part of everything for an organization. Whether it’s names of staff and team members, sales records, lists of customers, or records of insurance coverage, every organization uses and manages data in some form.
• Impacts the employment social enterprise’s ability to report on impact and business outcomes: Data informs the metrics and KPIs of an organization and is therefore essential to the organization’s ability to monitor and report on performance related to impact and business metrics. Ensuring there is proper access to and management of the data needed to inform these metrics is critical to the metrics being accurately reported on in a timely manner.
• Is important for decision-making and strategic discussions: Good data access and usability not only informs metrics and KPIs but can also be a differentiator for an organization. An employment social enterprise that can more quickly access and utilize good data about the performance of their organization can more rapidly take action to prepare for or respond to anticipated future changes in the market landscape or ecosystem. 
• Can be a liability if not managed properly: Data is powerful, but if it’s not managed and secured properly, it can put an organization or its staff and team members at risk. Data that may be particularly vulnerable and sensitive for an employment social enterprise may include personal information of its staff and team members or customer data (to include addresses, phone numbers, or emails). An organization may find itself at risk of damaging relationships with important stakeholders or could even face other forms of liability if it does not take the proper care to store and secure these types of data sets.    

Best practices 

• Getting started with the basics
  • Understand how you’re storing data: Conduct a preliminary high-level review of what data you’re storing, how you’re currently storing data, and what kinds of data may be particularly sensitive. Where do you have financial or business performance data? Where is data stored on staff and team members? Make a list of the databases that are used, including spreadsheets that may be stored in shared drives or folders. Additionally, note where you may be storing data on paper (i.e., in a file system, on slips of paper, or notepads). 
  • Ensure sensitive data is stored correctly: Once you understand how your organization is storing data and you’ve identified what kinds of data may be particularly sensitive, ensure that you are taking actions to safeguard the sensitive data sets. Here are some guidelines to follow for safeguarding sensitive data if it is stored in the following ways:
    • If the data is paper-based: Store the data in a locked cabinet or filing drawer. Ensure that only those who need access to the data have a copy of the key.
    • If the data is in a spreadsheet and/or stored in shared drives or folders: Revisit the permissions in the shared drives or folders and ensure that team members have the correct access permissions. In some cases, team members may need what’s usually referred to as “read only” access permissions in order to view the data. Other team members may need “edit” access in order to change or update the data. Team members or staff who don’t need to either view, edit, or manage the data should not have access to these sensitive data sets. Additionally, advise all team members and staff with access to sensitive data to not print out the data or send it as an email attachment, as that can put the data at unnecessary risk. 
    • If the data is associated with software or an application: Your organization likely has large sets of data stored in or accessible through software or applications it uses. Similar to the above, revisit this software or these applications to ensure that access rights are set properly. Additionally, consider updating all passwords associated with logins to this software or these applications.
  • Align data accessibility with required business functions: In conjunction with the above, evaluate whether team members and staff who perform certain functions have reasonable access to the data they need in order to successfully carry out those functions. For example, team members who are regularly deployed to different job sites on a daily basis will likely need access to the address and job type requested. Additionally, the organization should ensure that digital files or data that should be accessible to multiple team members are on a shared drive with correct permissions and not simply stored or kept on one person’s local drive. Reviewing these needs and ensuring that the team members and staff who need access to certain data sets have that access (while keeping in mind the secure storage practices above) will help to improve efficiency and effectiveness.
• Keeping momentum with high-performance practices  
  • Ensure data is useful for decision-making: Data should be structured for use and analysis, and processes should be established in such a way that data is collected and aggregated in a timely manner, so it is useful for decision-making. This includes ensuring data is uniquely identifiable and attributable data is clearly tied to an individual or process (see below for more on managing or storing individuals’ sensitive data). Additionally, it is advisable that internal organizational processes be designed so that data is available in a format and on a timeline that is useful for decision-making. For example, if a monthly review of accounts receivable occurs on the 5^th of each month, then an organization should have the processes in place to update the general ledger a few days before that date and to generate a report that reflects the actual status of all outstanding invoices. 
  • Ensure data collection is secure and data has backups where needed: For data that is particularly critical to the organization’s functioning, it is advisable to utilize cloud-based storage solutions for this data that automatically create off-site backups. For any personally identifiable or sensitive information, adopt proper privacy protocols by maintaining secure storage systems (which includes cloud-based data backups). In cases where sensitive data is being collected on individuals (such as that which could be considered protected health information or PHI), that information should be aggregated and saved in a secure database (note: systems or databases that are compliant with Health Insurance Portability and Accountability Act (HIPAA) regulations typically offer a high level of data integrity and security for this purpose).  As an added protection for PHI, consider anonymizing any PHI data that is regularly shared within the organization or with external entities for metrics or reporting purposes. For example, use a random number generator to assign a unique (but unattributable) number to an individual’s PHI data when that data is shared, and store the “key” that associates the unique number to the individual in a secured database.           

Additional Resources

• 7 Best Practices for Successful Data Management
• Tips for Storage of Sensitive Data

About Emerging Market Enterprises

Emerging Market Enterprises (EME) is an advisory firm based in Washington, DC, that works with startups, scaleups, and intermediaries in the impact ecosystem. EME provides a variety of services to its clients and partners to include market strategy, operations improvement, and leadership coaching.