By Aaron Bradshaw
Published on July 15, 2022
Light is both a wave and a particle. Data ethics is both an imperative and an opportunity. New regulations covering data privacy and other ethical concerns require that enterprises govern internal data processes according to these new laws. And, while change at large organisations is tough, data leaders would be wise to reframe such transformations as business opportunities rather than burdens.
I recently led an online session, Data Monetisation and Governance, looking at the evolution of data governance, defining data ethics (from the Turing Institute), and touching on the balancing act between using data to monetise (by increasing revenue, decreasing spend, or mitigating risk) and meeting ethical obligations. In other words, ethics and governance aren’t just about mitigating risk; with the right approach, they can boost profits, productivity, and ROI.
The session began with an audience poll. I asked attendees:
How often do you think about data ethics?
What does data ethics mean to you?
Interestingly, from a pool of data professionals, the vast majority think about data ethics just a few times a month. Contrast this response to a wider audience of non-data practitioners and this response changes to rarely/never.
Why is data ethics overlooked? When it works well, it doesn’t make headlines. I raised the Cambridge Analytica Scandal and pointed out how it is often only when these stories hit the news that people question the ethics behind how companies are using data.
In the Cambridge Analytica case, the company went from a data strategy focused on monetisation by increased revenue to company closure due to the reputational damage from the negative media and public response. Clearly, using private Facebook data collected in a nefarious manner to sway political elections is not ethical. In the court of public opinion, Cambridge Analytica had violated a clear ethical boundary.
Should individuals have autonomy over their personal digital data? The growing consensus is that individuals should have a say in how their private data is collected and used. People are demanding they have the choice to opt out of personal data sharing. Multiple regulations across the globe (GDPR, CCPA, CPRA, POPIA, HIPAA, PIPEDA, LGPD) are rising to this demand. Such laws are pushing the rights of the individual, ultimately trying to give everyone their own decision-making ability around how their private data is collected and used.
This presents a challenge to data practitioners, and an opportunity. Meeting regulations such as GDPR takes a huge amount of effort. A narrow focus has meant that a lot of organisations haven’t taken a step back and frankly assessed the collateral created to transform the organisation. Yet this collateral is valuable for more than just meeting GDPR demands! Organisations who do assess can gain additional benefits from the work that’s already done.
Indeed, ethical data practices can actually support data monetisation strategies. In the session, I walked through the matrix below, sharing examples of how organisations have used ethical standards to monetise or where monetisation has driven ethical innovation.
Under GDPR Article 30, the Record of Processing Activity (ROPA) document needs to be created and maintained. This effectively collates every process in an organisation that uses personal data, the type of personal data, what the process does, etc.
In an organisation with 500 processes, there is overhead to maintain the ROPA. Each process has a cost and a value (for example, the FTE cost divided by the time spent annually, plus infrastructure cost, against attributed revenue from the process). Once the ROPA has been created, organisations can review all operations from a bird’s-eye view, identify costly processes that are no longer effective, and decommission them.
Decreased spend: One business saved £100,000 on average per process decommissioned and enjoyed less ROPA maintenance.
Reduced risk: Less processing of personal data, lessened chance of breach, saving up to 4% of global turnover for GDPR fine mitigation.
Increased efficiency: FTE resources can be reallocated to rewarding tasks that add value.
This was a great example of how ethical standards mandated in a personal data privacy regulation can be used to create value for a business.
Financial services businesses must meet extensive regulatory requirements, which demand full governance including: Data ownership, definitions, agreed-upon data quality rules and results, and lineage (BCBS239, CCAR, etc.).
Data governance exposes inefficiency. Many processes executed in silos for decades require numerous manual steps. However, these manual steps weren’t transparent until active data governance required it. Delivery of governance around these processes can unveil massive, inefficient processes with multiple manual (and often redundant) steps.
In my time working as part of the data teams in multiple financial services organisations, I’ve seen companies revisit processes due to data governance. With governance-as-guide, those organisations can simplify onerous processes, reducing 25+ stages with 10+ manual steps to just 15 stages with 5 manual steps, for example.
Reduced cost: Finding and eliminating wasteful steps and processes saves time and money.
Reduced risk: Streamlined processes reduce the chances of data being misused or untraceable.
Digital transformation: Moving from end-user computing (and the associated benefits of disaster recovery, access control, and automated data quality), as well as faster processing times and improved operational efficiency.
The 2007/2008 financial crisis unveiled the monstrous risk of mis-reporting data. In its wake, many data leaders have made ethical standards core to their operations. This focus has led to simplified legacy processes, reduced total steps, and minimised manual effort (all of which contribute to lower costs and improved efficiencies!).
At a credit card company, there was an initiative to work with mobile phone networks to share data.
Imagine the scenario: You’re going on holiday in a foreign country. You land and disembark the plane. In the terminal you switch your phone on and, within a few minutes, you get a message from your credit card provider. It knows you’re overseas, offers you the chance to disable overseas spending, or extends a personalized 0% foreign exchange fee just for you.
For some people, these are received as great benefits that make their lives easier. However, for others, this can lead to impulse spending and they may not want to receive these. Further still, some people will not like the thought of these data exchanges occurring between companies they patronize.
Nicola Askham raised the concept of a “Daily Mail Test”. If the media could make an embarrassing headline out of your data usage, then it’s probably out of most people’s ethical limits.
Why do we collect data? What is our duty to the individuals whose data we’ve captured? What does it mean to use this data ethically?
Such questions capture the complexities of data ethics today and reveal why some argue that data philosophers will be the new data scientists. Ultimately, every individual will have differing thoughts on what appropriate data usage means. Regulations will eventually empower people to exercise control over how organizations manage their personal data.
For data leaders facing such laws, communication around these topics is vital. The important thing is that, as a collective of data professionals, we need to promote and increase the conversation around these data uses, whether that is increased discussion at Data Councils to gain a consensus of acceptable uses within an organisation or raising awareness across the various users looking to gain insight and value from data.