The Challenges of Ethical Data Stewardship (Image Credit: Gabriel Crismariu on Unsplash)The impact of data on businesses and people is growing. Organisations are increasingly seeking to stay competitive in a challenging market by providing hyper-personalised customer service and frictionless user experiences, while at the same time ensuring they are using, sharing and protecting customer data with the utmost integrity. With additional pressures coming from constantly evolving data privacy regulations and the rise of ESG (environmental, social, and governance), there is an expectation from customers, employees and investors alike for businesses to be able to demonstrate their ethics.

Anna Langhorne, Chief Privacy Officer, Precisely (Image Credit: Precisely)
Anna Langhorne, Chief Privacy Officer, Precisely

This trend has resulted in an explosion of data-related job titles at the C-suite level. Chief Data Officer, Chief Privacy Officer, Chief Compliance Officer and Chief Ethics Officer are all examples of the impact data has on a business. To get some understanding of the challenges that this is all bringing, Enterprise Times talked with Anna Langhorne, Chief Privacy Officer, Precisely.

Langhorne has recently been appointed to the role and comes with an impressive background. Among her previous roles, she has been a professor researching computer interfaces, studied law and held a number of key privacy roles in organisations. Her background in law will help her in her new role, especially as more attention is paid to privacy from a legal and compliance point of view.

The explosion of new roles

What about all those new roles? There are certainly a lot of them, and they all seem to have an overlap in how we behave professionally with data. We asked Langhorne how these titles overlap.

She replied, “It’s a journey. As we become more mature in our understanding of data, we better understand the various complexities and views and the need for nuanced roles.

“I wouldn’t be presumptuous to speak to all areas. Even within privacy, there isn’t one expertise, because it is such a vast knowledge area with many specialisations. It takes a multi-disciplinary team to really understand even just the privacy perspective. Many different lenses should be applied, and  you don’t get that in one role or one person.”

Langhorne raises an interesting point. There can be a misunderstanding that areas such as privacy, compliance and ethics can all be covered by one group. But as businesses, and their use of data, mature, so do the complexities of data stewardship – requiring new areas of expertise to be brought into the business.

The challenge of privacy

It’s taken a lot of effort by regulators to agree what is personally identifiable data and come up with rules. Today, we have GDPR, the CCPA and other pieces of legislation. But these are technical measures for technical problems. Privacy is softer and affected by a range of other factors. How should we define and look at data from a privacy perspective?

Langhorne points out that privacy is both an art and a science. “We have rules we need to follow and requirements we need to address. But then, we also need to think more about the holistic approach to privacy compliance and really understand what is the intention here? Why are we processing this data?”

The question of why are you processing the data is one that privacy advocates have been asking for a while. For many organisations, it’s not an easy question to answer. They know data is key to the business, and personally identifiable information (PII) is key to engagement with customers. But nailing it down to specific use cases that can be codified is often tricky.

One solution, says Langhorne, is to look at this from different angles. The legal angle is set out in legislation as well as the operational aspects of the programme. She also identified another angle that she personally sees as important. She commented, “there is a privacy ethics layer here that I think is very important, and that I am very committed to. Asking the question about, what is the intention of this process? Why are we collecting this data? How are we using it? Is it an ethical thing to do?”

How do we approach the ethics question?

Ethics is a tricky thing because it is not necessarily something we can code. It relies on human behaviour and interpretation. If we’re going to have ethics, how do we communicate that to our staff? And how do we make that a cultural requirement?

Key here, for Langhorne, is that there is no finish line around privacy and compliance. It creates a monumental task and one that impacts all organisations, irrespective of size. She says, “I‘ve worked in a number of different spaces and the complexities of these rules and being able to manage a programme across multiple jurisdictions. It’s tough, and it’s dynamic. There’s no finish line there.”

But what does this mean for Precisely and the role Langhorne has taken on? She replied, “In terms of Precisely, we’re a leader in data integrity. To us, that leadership obligation extends to ethical data stewardship. Our programme is aligned with meeting our legal requirements, but we want to do more. We are continually looking at how we’re doing things and what can we do better.

“One of the perspectives I am bringing is how can we think more broadly about the Precisely ecosystem. We don’t have direct relationships with data subjects, with individuals. We are providing tools that support that data integrity vision. That means data with accuracy, consistency and context. Applying a privacy ethics lens to that, to me, means always looking at what else can we do, even though we don’t have a direct relationship with data subjects. Is there something else there that we can do more transparently? It’s also important to look at ways to plant that seed of thinking ethically about what we’re doing.”

How do we get that critical thinking about ethics?

Growing that seed into something that bears fruit is challenging. It’s easy to see how commercial needs can often override ethics. To help grow the idea, Langhorne is drawing on her experience of teaching as a professor.

Just this week, I did training on privacy by design for product managers, and some engineers, and developers. There are principles out there on privacy by design. Part of the training that I present prompts some privacy design considerations for these folks to be thinking about.

“Is it personal data? What is personal data? What is the use? What is this tool going to be doing? Is it ethical? Is this use ethical? Because it is about building a mindset around it, that doesn’t happen overnight.

“That’s aligned with what I have seen as part of Precisely’s culture. Our company values of openness, determination, individuality, and collaboration help to orientate ourselves so that we can work towards that aim together.”

What about third-party data?

A real challenge for businesses is how to manage third-party data. It often has no control over how that data was gathered or how its partners use the data it provides. Another challenge that is often overlooked is data that comes as part of an acquisition of a company. How do you extend ethical controls to that?

Langhorne believes that Precisely is aligned in thinking about these different aspects, needs and requirements. Although she is new to the company, she sees Precisely’s privacy journey continuing to mature. In the short term, she says, “we have principles that we follow and compliance expectations. In considering the suppliers of our data, we do due diligence. We also have contracts with obligations, and we are very concerned about the quality of our data because that is part of our brand promise. It is about data integrity, and that means having data you can trust.

“These same principles extend to our M&A activity, an area we have a lot of experience in having acquired seven businesses in the past two years! All businesses are assessed on their approach to governance, as well as the other aspects of ESG, before we consider acquiring them.

“We’re also not in the business of the linking of personal data. It’s really a different focus than perhaps other companies. We’re focused on trying to provide context for companies to understand their data, and to be able to make better, more confident, business decisions.

“There is an ethical piece of that, because making decisions on erroneous data is problematic, it leads to bad decisions. Precisely is already aligned to trying to do the right thing and making sure that there’s high-integrity data out there to work with.”

The risk of data enhancement

This leads to an interesting issue over data enhancement. Precisely, like other players in the data space, provides data for customers to use when enhancing and enriching their data. The problem with this is that the more enhancement you do with data, the less privacy there may be. For retailers, this is a bonanza as it gives them deep insight into customer buying patterns.

But how does Precisely educate customers about managing it? How does it take that message of ethics around how to use that data for enrichment but still keep ethics central? Can it really get customers to be as diligent as it is?

Langhorne says that is something Precisely is actively engaged with. She commented, “We are constantly maturing and reevaluating our approaches and always looking at how we can positively impact the data enrichment ecosystem. I would expect that we will be looking at other ways that we’re able to impact that positively downstream. There are limitations on what we can do but it is important to us that we empowering our customers to do the right thing.”

Of particular interest is that Langhorne sees Precisely customers as very focused on data integrity which means having data that this accurate, consistent and contextual. She also says that the interest in ESG across the data industry is aligning it with ethical activities. She said, “we are definitely thinking about privacy within the context of ESG. I am a member of Precisely’s ESG commission and we are making privacy part of that core set of strategic ESG initiatives.”

Is there any such thing as anonymisation?

A lot of organisations proudly proclaim that they anonymise data and therefore they have no privacy issue. However, there have been numerous studies that show that isn’t true. Most attempts at anonymisation are poorly done and it doesn’t take much to mix different data sets to get back to PII. How does Precisely work to ensure data it provides cannot be de-anonymised?

It’s a key question for the whole data industry and Langhorne doesn’t underplay the enormity of it. She pointed out that three terms; aggregation, de-identification, and anonymisation, are often used interchangably. The other problem Langhorne identifies is that anonymisation is an extremely difficult standard to meet from a privacy perspective. She also believes that most organisations are not doing true anonymisation.

But do we need true anonymisation? Not for everything, according to Langhorne. She says, “If we talk specifically about what Precisely is doing, we’re using data that is from a lot of credible public sources, or verified sources. Examples of the kinds of questions that we’re trying to help customers answer are,  a real estate developer who wants to know if it makes sense to build a mall in this location? What is the property validation for that? Or, in terms of a restaurant owner, what is the demand for this particular kind of food? Where’s the best place to offer it?

“We’re not in the business of developing individual profiles. That’s not what we’re doing nor is it of interest to us. We’re ensuring the context we are providing for other organisations to understand their data is correct.”

How do we frame data ethics for the business?

The biggest challenge for businesses would seem to be around what is ethical management of data. So what does Langhorne think is required?

Langhorne replied, “A first step is providing the prompts at various points  throughout the data lifecycle such as privacy impact assessments and as part of privacy by design. If we consider the example of a website, it’s more than just stopping information from being shared and ensuring that, by default, the targeting cookies are off. Those are checklist items to perform. The question is, is our approach to collection of the data ethical, looking at the lifecycle of personal data from start to finish?

“It’s about incorporating multiple perspectives and getting all the stakeholders thinking about data ethics. At Precisely, there’s definitely that commitment. I’m really thrilled to have that level of engagement and seeing people care about it. It’s an issue of cultural values and having a foundation for building an ethical perspective. I think it is harder to achieve at some organisations because they don’t necessarily have the same kind of DNA in the company.”

While companies are rushing to fill out those C-suite data roles, there is still a long way to go before we can really say we are using data ethically. Increased digital innovation will provide greater opportunity for personalised customer experiences, but will inevitably place more pressure on businesses to ensure data is being handled in an ethical way – in no small part driven by changing regulations and expectations on ESG related initiatives.

It’s clear that Precisely is intent on furthering its leadership in the data integrity category, in part by setting the standard for which all data should be viewed in an organisation – with a responsibility to ethical data stewardship and trust.

LEAVE A REPLY

Please enter your comment!
Please enter your name here