The Data Engineer’s Security Oath

As data engineers, we hold the keys to our organization’s most sensitive systems. As we build infrastructure that provides real value to our organizations, our first responsibility must always be to ensure the security of the digital assets we are entrusted with. This oath is both a practical guide and a personal commitment: to build systems that are not only powerful, but also secure by design.

Data Engineer’s Security Oath

I recognize that the data I handle represents real people — their identities, habits, and lives. My work has ethical and societal impact. Therefore:

I will protect and respect privacy, remembering that the data I work with belongs to real people. I will use robust techniques such as anonymization and encryption to safeguard their information, and will only collect, process, and retain data with proper consent and clearly defined purposes.
I will prioritize and build for security by design. I recognize that data breaches cause massive reputational and financial harm. I will implement strong safeguards across the entire data lifecycle, stay informed about emerging threats, and continually strengthen defenses.
I will ensure the integrity and quality of data under my care, maintaining accuracy, consistency, and reliability across all systems.
I will remain transparent and accountable for my work. I will document processes thoroughly, communicate risks clearly, and take responsibility for the outcomes of my decisions. If a data incident occurs, I will report it immediately and participate fully in its resolution.
I will strive to produce information that illuminates rather than misleads. The information I produce informs decisions big and small. I will use data that is accurate, complete, and contextualized.
I will comply with all laws and regulations governing the data I handle, understanding that legal and ethical frameworks are essential to responsible data management.

Data Security Implementation Checklist

Strong data security requires proactive measures. To make the above commitments real in day-to-day engineering work, I follow these operational principles:

Maintain integrity and quality of data — accurate, complete, and consistent.
Use data to illuminate rather than distort; actively check for bias.
Collect and retain data only with consent and clear purpose.
Map data flows; identify threats and implement mitigations.
Apply Role-Based Access Control and the Principle of Least Privilege.
Encrypt data in transit and at rest with proper key management and rotation.
Secure endpoints and networks.
Maintain detailed logs for access, changes, and data flow; review regularly.
Audit and test vulnerabilities; document and report findings.
Maintain clear incident response and recovery procedures.
Evaluate and monitor vendors and third-party tools for compliance.
Incorporate privacy-by-design and collect only the data absolutely necessary.
Collaborate with and educate teammates on responsible data practices.
Review and update policies regularly to adapt to new threats and technologies.

Resources & Influences

ACM Code of Ethics and Professional Conduct — The foundational ethical framework for computing professionals worldwide.
The Data Ethics Manifesto (DataPractices.org) — A concise, modern statement on responsible data collection, sharing, and use.
EU Charter of Fundamental Rights – Articles 7–8 — Establishes privacy and data protection as fundamental human rights.
Universal Declaration of Human Rights, Article 12 — The moral basis for privacy and protection from arbitrary interference.
OECD Privacy Guidelines — Early international framework on fair information practices, still referenced in modern data-protection law.