What data standards should we expect when procuring digital coaching?
Organisations are rightly protective about personal data of their employees and of commercially sensitive information such as finance, sales or strategy. With the growth of digital coaching, how can employees and organisations ensure their data is safe and secure?
As a coach, I have been fortunate to work with government ministers and company directors and, during these coaching conversations, I have been informed about events before they’ve appeared in the newspapers or on TV. Clients trusted me to keep these discussions and their personal reflections confidential, not just at the time, but forever. To achieve this, what should organizations do when looking to employ a coaching provider? What questions should they be asking during the procurement process to ensure data privacy is respected.
The answer to this question depends on the size of the business and the scale of the coaching assignment. Greater safeguards are needed as the scale of the investment increases and when the profile or responsibilities of the coachee are larger. We also can’t forget that, when working in digital environments or with AI coach bots, this brings an additional set of challenges for organisations and data privacy.
What data collection is already in place as standard?
Some digital providers record calls for analysis and future training. For companies operating within the European Union, they are covered by GDPR which means explicit informed consent would be needed, but for those outside the EU regulations and laws are more permissive, and thus consent may not be required.
Within coaching, AI coach bots too are likely to be recording conversations to use as a feature of its machine learning process and thus, while it can personalise its responses, managers and organisations may feel less comfortable being open in such conversations as it may be unclear where this data is held and how it might be used by the software provider or the AI app in the future.
So, how can you make sure data standards are upheld when procuring digital coaching for your company?
When looking for a digital coaching provider, ask potential providers the following questions, which can be clustered under three broad headings: (i) procurement, (ii) management and (iii) end of contract (1).
10 questions to ask a coaching provider
1. Does the organisation have a data-management policy?
2. Who has access to personal client data of clients?
3. How does the organisation train its employees and its associate coaches in its data protection policy?
4. How does the organisation manage data rules across different regions? (Is it compliant with all territories where its coaches and its clients live)?
5. What arrangements does it have in place should a data breach occur?
6. How does it comply with ‘forget me’ requirements, in deleting data of past clients, and within what period (1 month, 1 year, 2 years)?
7. Who does it share data with?
8. What external standards does it meet, such as ISO27001 or SOC2?
9. How does it manage non-digital data, such as coaches’ notebooks, reflective journals, or supervision notes?
10. How does it dispose of its data?
Getting this right is as important for individuals as it is for an organisation, and while digital coaching is relatively new, and AI coaching is only in its infancy, failing to ensure appropriate safeguards can have both short- and long-term consequences for both organisations and individuals.
Jonathan Passmore is a Professor of Coaching & Behavioral Change at Henley Business School, Senior Vice President at EZRA and Chair of EZRA’s Science Board
Reference
Passmore, J. & Issacson, S. (2023) The Coach Buyers Handbook, London: Libri Press.