Data Ethics in action
The Data Ethics discussion is not a new one. Momentum has been building for years, with industry awareness generally increasing in line with sporadic watershed events such as data breaches, whistleblowing, or admittance of controversial privacy practices from well-known Tech giants; examples of which were highlighted in the first of our blogs in this series.
We have also argued the need for and importance of robust Data Ethics frameworks as well as the economic case, in the second blog of this series.
What was once a niche conversation is now becoming a driving force for consumer trust, affecting the wider perception of an enterprise and, increasingly, the bottom line. The certainty of some form of regulatory controls soon, combined with the rapid advancements in technology (AI/ML, internet of things, quantum computing etc.) and exponential increases in data volumes, means the need for organisations to have a data ethics framework has never been more important.
In 2020, the year of the pandemic, the decline in trust is overwhelming and permeating countries, industries and sectors (Edelman Trust Barometer 2021). However, and most interestingly, Business as a whole has now become the single most trusted institution as Media, Governments and NGOs all lose the public’s confidence.
It is evident that the public wants Businesses to fill the trust void, exacerbated by the pandemic. Acting now, organisations can grasp the opportunity to solidify this trust and further establish themselves as leaders in Data Ethics.
So where do you start?
The key to launching any successful companywide change initiative is ensuring it has strong foundations to build on, which means understanding your organisation’s current stance on the issue and developing an appetite for change with key business stakeholders and executives. Data Ethics is no different. Building initial momentum can be as simple as asking some of the questions below, as DTSQUARED advises a structured approach to assessing your current organisational situation, individual circumstances, environment and appetite for change.
- Ask your CDO: Is Data Ethics a priority?
- Ask your Business Partners: Are Data Ethics a consideration?
- Ask your Compliance Officers: Are they worried about future Data Ethics controls?
- Ask your Staff: Are Data Ethics in their daily working lives?
- Ask your Customers: Do they see you as trustworthy and ethical?
- Tell your board and win support!
An existing appetite in data ethics from business stakeholders is helpful, but given the relative immaturity of the space there’s likely to be a requirement to invest time in educating and sparking the interest amongst the key groups. Establishing a business case and robust approach towards Data Ethics is in our eyes the best way to do this, and can be supported by a current state assessment, depending on the maturity of the organisation.
Data Ethics has a wide definition that, although instinctively understood, in the absence of a necessary explanation, it is usually just a synonym for Data Privacy. This is one of the common misconceptions that need to be clarified in a broader communication effort. Educating the organisation at all levels is essential to the success of a Data Ethics framework as any member of staff who works, creates, processes, reads, handles, reports and interprets data, which is practically everyone, is responsible for reducing the risk of data negatively impacting customers and organisation alike.
Results and facts collected in the information gathering effort can be analysed and turned into organisation specific messages. A communication strategy is necessary to:
- Secure training and campaign resources
- Select medium and tooling
- Craft the message per target group
- Roll out comms and training waves
The message should be simple: we are serious about Data Ethics.
Planning and developing a Data Ethics framework should go beyond the typical defensive measures you would expect in a regulated environment. There are clear external benefits to positively changing the public and consumer perception of organisational ethical behaviour. In the absence of strict and defined regulatory controls, each organisation can define their Data Ethics framework to match their strengths, aspirations and preferred results.
Developing the Data Ethics frameworks starts with some basic first steps:
- Create a high-level roadmap: set Now/Near/Far organisational targets and milestones
- Establish governance: create a Data Ethics review board
- Start creating an organisational Code of Data Ethics: set the principles and goals
Ultimately, the decisions and directions of the Data Ethics governance boards will be enshrined in new or updated company Policies and Procedures. This effort requires some initial advances in the Code of Ethics – to the point where reviewing Policies and Procedures is meaningful; they can be flagged as relevant to Data Ethics and are therefore candidates for intervention.
Updating existing policies or creating new ones will also require a deep dive into the current processes and ways of working of the organisation. Any touchpoints that result in data being created, processed, shared or secured, with subsequent business decisions being made off the back of this, should be reviewed for Data Ethics implications. These questions can be asked in the form of a Data Ethics Impact Assessment (DEIA) or as an extension to existing Data Protection Impact Assessments (DPIA).
Policy changes have a direct or indirect impact to cost, which should not be underestimated. Adding Data Ethics controls will marginally increase cost, via increased resources and more procedural steps which may, in turn, increase time to market. Cost and benefit arguments should be addressed early in the Data Ethics process and the desired tolerance for change adjusted accordingly. The World Federation of Advertisers suggests that a 1% increase in Brand trust is equal to 3% growth in value, meaning the ability to assess how growth offsets against the costs of an operational Data Ethics framework should be easy.
Putting Data Ethics into practice requires an active organisational framework (people, processes, technology), no different in shape to other frameworks implemented in a company. It requires:
- Enforcement of Data Ethics Policies and Procedures
- Implementation of all necessary Data Ethics controls
- A Governance layer of necessary boards and working groups
- Changes to Data / Business Architecture, Infrastructure, tooling
- Implementation and monitoring of Data Ethics metrics (internal and external)
The operating structure of a data ethics framework contains many of the core principles present in the ‘Three Lines of Defense’ risk management model, championed by the FCA, whereby there are set functions and groups that both own and manage risk (Line 1) and oversee framework governance (Line 2).
Without regulation driving compliance to accepted standards, effective operationalisation of data ethics must come from companywide cultural change to ensure the established framework and controls are continually enforced and governed.
Making Data Ethics work
Having established companywide acceptance and understanding of the significance and necessity for Data Ethics, the daily work of each employee is vitally important to the wide change of view, by practice and perception, of the company as an ethical organisation.
The Board is equally crucial for making Data Ethics work. By combining the bottom-up effort mentioned above with the top-down steer and resolve, the Data Ethics message is amplified internally and externally; ultimately building digital trust.
Making Data Ethics work is a clear win-win for companies, individuals and wider society. Acting as an enabler of social responsibility and an accelerator of good, ethical practices that are implemented via a strong Data Ethics framework account for far more than virtue signaling. Businesses and CEOs are now trusted to proactively lead positive change, rather than wait for change to be imposed on them (Edelman, 2021) and this is an opportunity that no organisation can afford to miss.
If you enjoyed this three-part series on data ethics but still want to find out more about this exciting space and how you can integrate it into you organisation, please contact us today for a complimentary session.