This is the era of data revolution. Data is being traded as a commodity and has even been dubbed “the new oil”. Almost 2.5 quintillion bytes of data are created daily, and that number is only going up. With this rapid proliferation of data, instances of data misuse are rising. Instant information sharing has both saved and endangered lives. These polar opposite outcomes have sparked debate on data management and governance, with many seeing regulation as a threat to business.
For example, Facebook’s recent data breach, if found to violate the EU General Data Protection Regulation (GDPR), could cost them 4% of their global revenue (or $1.63 billion) in fines. This resonated as a warning shot to enterprises across the globe. As concerns grow, it will serve enterprises well to remember how valuable consumer trust is to them. That is precisely why the threat of punitive action could, in fact, be enterprises’ biggest ally in this data revolution.
Why should businesses handle their users’ data ethically? The answer is simple: it helps them earn their customers’ trust. Every organization is, at its core, in the people business. The trust they establish determines their success. That trust is notoriously easy to lose; a single instance of unethical behavior by a company could jeopardise its future. Companies have expended enormous amounts of money and effort to fix small negligences in ethical data handling.
To preserve consumer trust, companies will need to go beyond data security and privacy to ensure that there is ethical handling of data within and beyond the organisation. Like climate change, data misuse is becoming a global problem that demands a far-reaching action. Clearly defined and communicated principles and practices can drive honest and appropriate behaviors. That’s where Data Governance comes in.
Before enterprises can initiate Data Governance, they must identify the regulations and frameworks relevant to their businesses. Data Governance programs could benefit from ethics frameworks from the government and/or the wider public sector. The UK’s Department for Digital, Culture, Media & Sport, for example, formulated one in service of its National Data Strategy.
It outlines principles on how data should be used in the public sector, emphasising the importance of collective standards and ethical frameworks. Such frameworks serve as guidelines on understanding the effects of technology, data workflows and data sharing, as well as their ethical and real-world consequences.
A potential blind spot in these efforts is the team, which can be an organisation’s weakest link. This is usually because they don’t understand the risks. Regular security training and awareness programs can help enterprises secure the perimeter, so to speak.
Data Governance and training help organisations prevent data misuse. In the future, we might even see data scientists take something similar to the physician’s Hippocratic Oath as a declaration of integrity. However, what consumers are placing their trust in now is regulation. We are witnessing a surge of rules and regulations, for example, the GDPR and the California Consumer Privacy Act.
Designed to give users more control over their data privacy, they place hefty fines on enterprises that violate it. India, too, is making moves in that direction, and will soon introduce a law for comprehensive data protection. This law will regulate the processing of individuals’ personal data by the government and private entities incorporated in India and abroad. In general, data privacy laws have two things in common: Data Protection and Breach Notification. Violating either leads to punitive action. The enterprise is compelled, in this way, to bring transparency to the journey of consumer data.
The importance of ethics in Data Management and Governance is being recognised in various spaces world over. Bloomberg’s Data for Good Exchange (D4GX) announced they would partner with other companies to bring the data science community together and explore this very topic. Universities are pushing courses on ethics because powerful tools like machine learning could alter human society and students need to understand the potential consequences.
An ethics-driven approach to Data Governance encourages sound knowledge of data, protection laws, and the appropriate use of the technology that generates, analyses and propagates data. How we collect, protect, and use personal data is going to matter increasingly to consumers.
While punitive action is often the focus of discussions around such legislation (i.e., comply or suffer the consequences), enterprises should not lose sight of what they stand to gain from it. Instead of viewing regulation as restrictive, it can be seen a means to secure consumer trust. Ultimately, a delicate balance of controls, rights, accountabilities, and processes will create confidence in data.
It is my hope that we will form a data ethics movement, one that calls for us to define and agree on how best to handle data. To achieve this, I recommend that we begin with introspection – an internal quest for our own individual data ethics lighthouse.