Out-Law Analysis | 07 Dec 2021 | 2:08 pm | 4 min. read
The Covid-19 pandemic has accelerated digital transformation projects, with surging amounts of data fuelling automation and artificial intelligence (AI) programmes for businesses from a wide range of sectors.
But in the middle of this information explosion, addressing data ethics is becoming an urgent task. According to the Open Data Institute, data ethics is “a branch of ethics that evaluates data practices with the potential to adversely impact on people and society – in data collection, sharing and use”.
Data ethics requires organisations to realise the power and insight that can be garnered by utilising the vast amounts of information available to them. In order to act responsibly and ethically, firms need complete visibility into the data they collect, store, share and use to ensure transparency when addressing customers, regulators and the supply chain.
A strong ethical ethos can help companies stand out from the crowd. A powerful ethics stance goes much further than environmental sustainability: it also covers the increasing amounts of data organisations collect and use.
However, as data regulation increases, and consumers become more aware of privacy and data-tracking issues, there is a risk that a perfect storm of complexity is developing. Data collection and use – and therefore data ethics – is under the spotlight now more than ever before.
The data ethics challenge spans multiple vectors. One of the most concerning issues centres around the AI and machine learning-powered algorithms that form a key part of many organisations’ operations.
Head of Data Management, Pinsent Masons
A strong ethical ethos can help companies stand out from the crowd
These technologies have the potential to revolutionise crucial sectors such as healthcare through automating processes, increasing efficiency and cutting costs. But not all algorithms are the same: like the humans who created them, they are often inherently biased.
Organisations need to take account of potential bias against particular groups when devising their data ethics strategies. The ethical issues inherent in AI were made all too clear in 2018, when technology giant Amazon was reported to have dropped an automated recruiting tool because it was biased against women.
There are steps organisations can take to avoid this bias and ensure ethical data use. For example, questions need to be asked when examining the reference data involved. Businesses should validate where a particular algorithm has originated, and carry out due diligence to avoid putting bias into their platforms.
Transparency is a key part of any data ethics strategy and this applies to why and how an algorithm made a decision. It is a company’s responsibility to ensure its systems are inclusive.
Increasing data protection regulation across the world goes hand-in-hand with a strong data ethics stance. The EU update to General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA) both outline how consumer information can be stored and shared.
Meanwhile, Singapore’s Personal Data Protection Act comprises requirements governing the collection, use, disclosure and care of personal data. In November 2021, China implemented the Personal Information Protection law to protect online user data privacy.
The US is also implementing state privacy laws at both a federal and state level, with examples including the California Consumer Privacy Act. Health privacy is already covered by the Health Insurance Portability and Accountability Act.
Compliance with these national and global regulations, along with sector specific requirements, complement an organisation’s data ethics strategy. For example, the GDPR outlines rules around customer consent, which ties in with data ethics.
If personal information has been provided, organisations should always assess the scope of how they can and should use it. It is crucial to remember there is a person at the other end of the data, and how it is handled may have ramifications for that individual.
Businesses should consider the intention behind their use of data, and what the possible outcomes may be. The GDPR and DPA both outline a privacy-by-design approach, and require data to go through a data protection impact assessment.
Organisations can include data ethics as a policy requirement alongside other important areas such as security, anti-harassment, and anti-money laundering. The data ethics policy needs to be clear, with a central decision outlining the organisation’s expectations when handling information.
Data ethics emphasises transparency, and the first step towards this is visibility of the data a company collects, stores and uses. At the same time, businesses should consider data ownership, taking into account an individual’s rights over their personal information.
When undertaking a data protection impact assessment, companies should examine who needs to see the data, how long for, and what it will be used for. Intention is key in data ethics, and businesses should ask what they are trying to achieve when using data as well as whether they should own it in the first place.
As part of this approach, businesses need to accept more individual responsibility themselves and across the supply chain.
Security is also an important consideration when protecting valuable customer data. Organisations can employ tools to protect information and ensure the right people are accessing it in a timely and authoritative manner. The vast majority of security breaches involve a privileged access management failure, according to research firm Gartner, so this aspect should be addressed as a priority.
At the same time, legacy data is still a burning issue for many organisations. It is with this in mind that businesses must ensure a bona fide retention schedule. In tandem, firms need to include conversion as part of their data management strategy, to ensure documents will always be kept in a readable format.
As well as forming part of a strong policy, managing legacy information can help cut costs, freeing up resources to invest in data ethics and management. In the end, any further investment will be worth it. In today’s privacy-conscious landscape, data ethics shores up organisations for the future, helping them to gain a powerful competitive advantage.
Chad Schuessler is head of data management at Pinsent Masons
31 Aug 2021
23 Jun 2021