Building Digital Trust: Data Ethics in the Digital Age PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This Accenture Labs report explores the role of data ethics in building digital trust. It emphasizes the need for ethical data practices throughout decision-making processes to mitigate potential risks and build consumer trust in a brand.
Full Transcript
Accenture Labs Building digital trust: The role of data ethics in the digital age The digital economy is built on data—massive streams of data being created, collected, combined, and shared— for which traditional governance frameworks and risk- mitigation strategies are insufficient. In the digita...
Accenture Labs Building digital trust: The role of data ethics in the digital age The digital economy is built on data—massive streams of data being created, collected, combined, and shared— for which traditional governance frameworks and risk- mitigation strategies are insufficient. In the digital age, analyzing and acting on insights from data can introduce entirely new classes of risk. These include unethical or even illegal use of insights, amplifying biases that exacerbate issues of social and economic justice, and using data for purposes to which its original disclosers would not have agreed, and without their consent. Provided organizations prioritize economy can scale poor judgement development, collaboration with ethical data practices throughout to a massive degree and lead to partners, and expansion into new their decision-making processes, serious ethical failures. and existing markets. risks such as these can be identified, There are many similar risks In the past, the scope for digital managed, and contained. The involving the ethical use of data, risk was largely limited to alternative? Left unchecked, where today’s best practices are cybersecurity threats. These threats they can permanently damage simply insufficient to provide a guide remain omnipresent, but leading consumer trust in a brand. The for practitioners. These new vectors organizations must now also following example puts the scale for risk demand the development of recognize risks from lackluster of these risks into perspective. robust ethical controls throughout ethical data practices. Mitigating The developers of a dating app data supply chains. With such these internal threats is critical were tasked with increasing the controls, organizations can create for every player in the digital amount of time users spend with “digital trust”—a widely accepted economy, and cannot be addressed the app. In their data analysis, they belief that a brand is reliable, with strong cybersecurity alone. discovered a strong correlation capable, safe, transparent, and These new risks require their own between engagement and ethnic truthful in its digital practices. frameworks and best practices at and racial biases. Under pressure Digital trust is difficult to build, but every step of project and service to improve business metrics, a new startlingly easy to lose. This makes delivery lifecycles, and should match recommendation algorithm it a key differentiator in the digital be integrated into every project, predicting and reinforcing these economy. Confidence in a brand offering, or new endeavor. biases went into production. This facilitates growth through product true story illustrates how the digital 2 Focus on ethics Introducing these new perspectives knew its solution would have to be Treating data in an ethical manner will ensure an organization can completely transparent, auditable, throughout its supply chain requires simultaneously manage risk and and immutable. To achieve this, it a fundamental change in how data build trust by consistently evaluating uses a blockchain architecture that is viewed within organizations. how ethics are taken into account delivers on all of these requirements. While the perspectives of security in data-driven decisions. By focusing Everledger also aggregates data (is the confidentiality, integrity, on ethics, organizations will improve from law enforcement and insurance and availability of data adequately the trust their customers have in companies, which in turn use the protected?) and privacy (do them—a mandate for those that have technology as a verification system, controls on data satisfy regulatory undergone digital transformations and reducing fraud and its associated requirements?) remain relevant, added become publishers of, or participants costs. Everledger has built a trusted, lenses for ethics and trust become in, digital platforms and ecosystems. permanent ledger for diamond critical. Organizations must begin to certification and transaction histories For example, Everledger set out to consider the ethics of data collection, that can be extended to track any minimize fraud and the prevalence manipulation, and use. This enables asset with a unique identifier. This of conflict gems in the diamond trust, but requires attention at each solution is “trusted by design.” industry. To attract investors and stage of the data supply chain and realize its goals, the company collaboration with every stakeholder. Figure 1: Data supply chain—Terms and definitions 0 0110 10 11 001001 01 001 110 10 10 00 111 00 10110 001 001 0 1111 Disclose Data Manipulate Data Consume Data a person, process, or system a person, process, or system a person, process, or system creates and publishes/shares data transforms, moves, or analyzes data benefits from manipulated data Acquire Store Aggregate Analyze Use Share/Sell Dispose Ingest data from Record data to a Combine Examine and Apply the insights Provide access to Remove data sensors, systems, trusted location disparate transform data gained from data datasets or data from servers to or humans, that is both datasets to with the purpose analysis toward insights to new prevent future recording its secure and create a larger of extracting making decisions, sets of data release or use. provenance easily accessible dataset that is information and affecting change, manipulators or and consent for for further greater than the discovering new or delivering a consumers. use wherever manipulation. sum of its parts. insights. product or service. possible. 3 To build solutions that are trusted Given the relative youth of data by design, a new set of best ethics, such a common language practices must be created to guide does not yet exist. Accenture is practitioners through the process of proposing a taxonomy that will help embedding ethical considerations at enable practitioners to describe the every stage of product development, nuances of making ethical decisions service delivery, and the data supply about data.¹ Having a taxonomy chain. The “pivot to trust” strategy provides clarity to all parties rewards those who demonstrate involved in the exchange of data a commitment to strong ethical and will prove increasingly valuable standards and sets them apart from as regulatory and insurance industry those who do not. This focus on standards evolve. Already, companies data ethics requires a portfolio of must have policies and procedures considerations—outlined below— in place to address the types of that are new to many practitioners. behavioral risk vectors exploited by cyber attackers. However, as Taxonomies for impact insurance markets (and regulators) begin to recognize internal versus across the data supply chain external threats, policies focused on In a digital marketplace where ethical considerations throughout consumers discriminate based on the data supply chain will become their ability to trust, achieving a high commonplace as a strategy for level of trust adds gravitational pull managing risk. Ultimately, Accenture to a brand and is becoming a strong sees a future where insurers will differentiator for companies. This is offer both cybersecurity and digital true across industries and sectors ethics policies. Being ready for these of the economy. But to move data developments with a language ethics forward as a discipline, there and approach to account for these must be a common language that largely internal risks will be a professionals can use for discussing significant advantage. and classifying data ethics— from acquisition to sharing and throughout the data supply chain. “81 percent of executives agree that as 81% the business value of data grows, the risks companies face from improper handling of data are growing exponentially.”² 4 Developing a code of ethics organizations can use to develop a have a generally agreed-upon set With a language in place to code of ethics.³ Rather than attempt of norms that reflects its values. In facilitate evolution of data ethics to deliver dozens of industry-specific civil society, these so-called “social frameworks, organizations should codes, this framework approach norms” vary widely. Defining a code begin to consider the implications of lets organizations incorporate their of ethics for a community of data working with data from an ethical industry knowledge and domain practitioners is a necessary precursor perspective. Pre-existing codes of expertise in developing a code of to defining policies and procedures conduct are generally written for ethics for their industry, ecosystem, that ensure digital trust is established other domains or are grossly out or organization. The result will be consistently, and in tandem with, all of date, barely taking data into a domain-specific code, directly new products and services. When account (if at all). Addressing this applicable to each organization. done correctly, a code of ethics gap, Accenture has developed a This is critical because, when it helps to improve transparency for set of data-centric principles that comes to ethics, a community must stakeholders and accountability for governance bodies. Figure 2: Universal principles for data ethics—Guidelines for creating a code of data ethics 1. The highest priority is to respect the persons behind the data. Where insights derived from data could impact the human condition, the potential harm to individuals and communities should be the paramount consideration. Big data can produce compelling insights into populations, but those same insights can be used to unfairly limit an individual’s possibilities. 2. Account for the downstream uses of datasets. Data professionals should strive to use data in ways that are consistent with the intentions and understanding of the disclosing party. Many regulations govern datasets on the basis of the status of the data: “public,” “private” or “proprietary,” for example. But what is done with datasets is ultimately more consequential to subjects/users than the type of data or the context in which it is collected. Correlative use of repurposed data in research and industry represents the greatest promise and the greatest risk of data analytics. 3. The consequences of utilizing data and analytical tools today are shaped by how they’ve been used in the past. There’s no such thing as raw data. All datasets and accompanying analytic tools carry a history of human decision-making. As far as possible, that history should be auditable. This should include mechanisms for tracking the context of collection, methods of consent, chains of responsibility, and assessments of data quality and accuracy. 4. Seek to match privacy and security safeguards with privacy and security expectations. Data subjects hold a range of expectations about the privacy and security of their data. These expectations are often context-dependent. Designers and data professionals should give due consideration to those expectations and align safeguards and expectations with them, as much as possible. 5 5. Always follow the law, but understand that the law is often a minimum bar. Digital transformations have become a standard evolutionary path for businesses and governments. However, because laws have largely failed to keep up with the pace of digital innovation and change, existing regulations are often miscalibrated to current risks. In this context, compliance means complacency. To excel in data ethics, leaders must define their own compliance frameworks to outperform legislated requirements. 6. Be wary of collecting data just for the sake of having more data. The power and peril of data analytics is that data collected today will be useful for unpredictable purposes in the future. Give due consideration to the possibility that less data may result in both better analysis and less risk. 7. Data can be a tool of both inclusion and exclusion. While everyone should have access to the social and economic benefits of data, not everyone is equally impacted by the processes of data collection, correlation, and prediction. Data professionals should strive to mitigate the disparate impacts of their products and listen to the concerns of affected communities. 8. As far as possible, explain methods for analysis and marketing to data disclosers. Maximizing transparency at the point of data collection can minimize the more significant risks that arise as data travels through the data supply chain. 9. Data scientists and practitioners should accurately represent their qualifications (and limits to their expertise), adhere to professional standards, and strive for peer accountability. The long-term success of this discipline depends on public and client trust. Data professionals should develop practices for holding themselves and their peers accountable to shared standards. 10. Aspire to design practices that incorporate transparency, configurability, accountability, and auditability. Not all ethical dilemmas have design solutions. But paying close attention to design practices can break down many of the practical barriers that stand in the way of shared, robust ethical standards. Data ethics is an engineering challenge worthy of the best minds in the field. 11. Products and research practices should be subject to internal (and potentially external) ethical review. Organizations should prioritize establishing consistent, efficient, and actionable ethics review practices for new products, services, and research programs. Internal peer-review practices help to mitigate risk, and an external review board can contribute significantly to public trust. 12. Governance practices should be robust, known to all team members and regularly reviewed. Data ethics poses organizational challenges that cannot be resolved by compliance regimes alone. Because the regulatory, social, and engineering terrains are in flux, organizations engaged in data analytics need collaborative, routine and transparent practices for ethical governance. “80 percent of executives report strong 80% demand among knowledge workers for increased ethical controls for data.”² 6 Guiding ethical decisions ethics review (much as processes A code of ethics also helps in exist for code reviews in software 83% defining the types of questions development). With this approach, and concerns managers should be organizations can be certain that raising at each stage of project trust is baked into and reinforced management and service delivery with all new offerings, engendering “83 percent of executives loyalty and confidence among lifecycles.⁴ This includes advice on consumers and partners. agree that trust is the how to design and implement an cornerstone of the digital economy.”² Figure 3: Ethical decision-making across the data supply chain Data Supply Chain Step Acquire Store Aggregate Analyze Use Share/Sell Dispose Lifecycle Initiation Planning Executing Monitoring Closing Phase Strategy Design Launch Operation Improvement Sample Are data disclosers What are the classes Did the data discloser Do data disclosers Are stakeholders aware that they have of harm that a bad provide consent to expect control, aware of the time ethical disclosed data? Can actor or group of this specific data ownership, frame that their data questions they inspect it? Are actors could cause use? Did any consent remuneration, or will be retained? to address they aware of how if they had access agreement make it transparency over Would they be external they disclosed this to the entire set of clear that data could the data they have surprised to learn it concerns data (e.g. directly, aggregated data be used in this way? disclosed if it is still exists? tracking, derived)? sources or any related being shared or sold? Has intent for how analysis? Did they provide the data will be used informed consent for been communicated? this action? Sample What methods were What biases have Are the uses of the Does the act of Should the original ethical used to collect the been introduced data consistent with sharing or selling discloser be notified? data? Do collection during manipulation? the intentions of the data enhance the Is metadata being questions methods align with Was an ethics review discloser? What are experience for the retained? Are there to address best practices? performed? the potential risks to data discloser (not any disaster recovery internal Did data disclosers the organization if including the data archives that have concerns provide informed a watchdog group seller’s own ability copies of the data? consent? What are knew the data was to operate)? Is there the security risks used in this way? another way to share with how the data is or sell this data stored? that would increase transparency? Project Lifecycle Stage Service Lifecycle Phase 7 Informed consent of the initial disclosing party. This But they might have felt differently if Trust can be improved at the leads to uses of data that could not they’d known these offerings would beginning of a data supply chain by have been predicted at the time data eventually include insurance products. making informed consent a priority. was disclosed—calling into question Given these circumstances, what does When consent is granted by an whether or not truly informed “consent” mean in the context of data informed data-discloser, organizations consent is possible. collection? How can organizations have the added benefit of reducing Consider the growing platform obtain meaningful consent from their exposure to potential harm. economy, where organizations from their customers and, as the platform With data being collected at an different industries are partnering economy continues to grow, their unprecedented scale, stored longer to create new offerings. Imagine a partners’ customers? Figure 4 shows than ever, and combined with other fitness company partnering with an a framework for analyzing informed datasets, it is critical to consider insurance business, and bringing their consent as a way to meet the “do potential harm arising from its use. customers’ data with them. These no harm” ethos for data scientists— As data moves through its supply customers may well have originally proactively addressing new risks that chain, the scope for its use often given their consent for this data to be are only now starting to appear.⁵ creeps further away from the consent used to tailor fitness-related offerings. Figure 4: Guidelines for avoiding harm DATA AT REST DATA IN MOTION Data may be sourced from archives or Data is collected in real-time from machine sensors, automated other backups processes, or human input; while in motion, data may or may not be retained, reshaped, corrupted, disclosed, etc. Guideline: Ensure the context of original consent is known and respected; data security practices should be Guideline: Be respectful of data disclosers and the individuals behind revisited on a regular basis to minimize risk of accidental the data. Protect the integrity and security of data throughout networks Data Disclosure disclosure. Aggregation of data from multiple sources and supply chains. Only collect the minimum amount of data needed often represents a new context for disclosure; have the for a specific application. Avoid collecting personally identifiable responsible parties made a meaningful effort to renew information, or any associated meta-data whenever possible. Maximize informed consent agreements for this new context? preservation of provenance. Data is stored locally without widespread Data is actively being moved or aggregated; data distribution channels; all transformations transformations use multiple datasets or API calls which happen locally might be from multiple parties; the Internet may be used Guideline: Set up a secure environment for handling Guideline: Ensure that data moving between networks and cloud static data so the risk of security breaches is minimized service providers is encrypted; shared datasets should strive to minimize Data Manipulation and data is not mistakenly shared with external the amount of data shared and anonymize as much as possible. Be sure networks. Data movement and transformation should to destroy any temporary databases that contain aggregated data. Are be fully auditable. research outcomes consistent with the discloser’s original intentions? Data analytics processes do not rely on live or Data insights could be context-aware, informed by real-time updates sensors, or might benefit from streamed data or API calls Guideline: Consider how comfortable data disclosers Guideline: The data at rest guidelines for data consumption are would be with how the derived insights are being applied. equally important here. In addition, adhere to any license agreements Gain consent, preferably informed consent, from data associated with the APIs being used. Encrypt data. Be conscious of Data Consumption disclosers for application-specific uses of data. the lack of control over streamed data once it is broadcast. Streaming data also has a unique range of potential harms—the ability to track individuals, deciphering network vulnerabilities, etc. 8 Data-sharing best practices These collaborations necessitate widespread and constant data 94% Strong ethical and risk mitigation sharing, bringing new and difficult- practices preclude sharing data to-predict risks. These risks are without the consent of the people compounded by the fact that once who disclose it. They also preclude data sets reach a large enough size, “94 percent of sharing data with parties to whom anonymity is a myth.⁶ And when access has not been granted. But the additional data sets are aggregated, organizations are effective use of data demands that individuals can be identified with required to comply it should be shared—and particularly relative ease.⁷,⁸ Addressing the so in the digital business era, with with ethical data issues and damage associated with a growing platform economy. sharing data, Figure 5 shows a set of handling requirements More and more organizations guiding principles that can be put in are partnering to create new that go beyond their place to mitigate risk.⁹ offerings and even new industries. own protocols.”² Figure 5: Best practices for data sharing 1. Ongoing collaboration and mutual accountability are necessary between data sharing partners. 2. Build common contracting procedures, but treat every contract and dataset as unique. 3. Develop ethical review procedures between partners. 4. Be mutually accountable for interpretive resources. 5. Maximalist approaches to sharing are not always advisable. 6. Identify potential risks of sharing data within sharing agreements. 7. Repurposed data requires special attention. 8. When ethical principles or regulations are unclear, emphasize process and transparency. 9. Published research requires additional attention. 10. Treat trust as a networked phenomenon. 9 Ethical algorithms The well-intended system amplified collection, aggregation, sharing, and automation existing economic inequality issues and analysis, to monetization, and damaged public trust. storage, and disposal—can have a New risks and challenges in the decisive impact on their reputation digital economy extend to various Building public trust in these and effectiveness. types of automation that are systems, and in the decisions that powered by data insights. Online result from their use, is critical New vectors of risk are scattered shoppers may be well aware that to furthering their adoption (and, throughout the data supply chain. retailers will use purchase histories in the example above, the public How businesses, governments, to drive discount offers, but the safety improvements that could and NGOs address this risk, within fact that ecommerce brands have been realized). But building and beyond the four walls of the offer the same items at different that trust requires transparency and enterprise, is critical to their ability prices based on location and other auditability, along with recourse to operate. As ethical data concerns factors is only slowly becoming and responsiveness when failures continue to proliferate, organizations common knowledge. With careful happen. These measures cannot be need to find a new way forward, and deployment, this approach can afterthoughts. They require careful should embrace the opportunity: deliver better marketing. But foresight and planning. Accenture this new ethical frontier offers a companies must carefully consider has a strategy for the ethical design, way to engender trust and provide what they are using as input, how deployment and operation of sense- vital differentiation in a crowded their algorithms are designed and-respond systems—each of marketplace. to consider that input, and how which requires specific and tailored customers may react to its use. Organizations should begin taking attention within the larger field of steps now to reduce their exposure to digital ethics.¹⁰ This targeting is accomplished digital risk by integrating a wide array entirely via automated sense-and- of data ethics practices throughout respond systems using previously Start building digital their data supply chains. In doing so, collected data to make decisions. trust today they’ll gain the trust of stakeholders, These and other systems that In the digital era, data is the reap business benefits, and position operate in the physical world are fundamental currency. And how themselves for prolonged success in subject to many of the same ethical organizations handle it throughout the digital economy. issues as the machine-learning the data supply chain—from systems that drive ecommerce. But they also raise their own unique challenges. Take the case of the smartphone app that monitors for potholes in the road by passively collecting accelerometer data. The first cities that deployed this technology to prioritize road maintenance saw wealthy “This new ethical frontier offers a way communities receive the most to engender trust and provide vital attention—because those were the people with the most smartphones. differentiation in a crowded marketplace.” 10 11 Contact Us About Accenture Labs Data Ethics Research Initiative Steven Tiell Accenture Labs invents the future Launched by Accenture’s Technology Senior Principal—Digital Ethics for Accenture, our clients and the Vision team, the Data Ethics Accenture Labs market. Focused on solving critical Research Initiative brings together [email protected] business problems with advanced leading thinkers and researchers technology, Accenture Labs brings from Accenture Labs and over a Lisa O’Connor fresh insights and innovations to dozen external organizations to Managing Director—Security R&D our clients, helping them capitalize explore the most pertinent issues of Accenture Labs on dramatic changes in technology, data ethics in the digital economy. [email protected] business and society. Our dedicated The goal of this research initiative team of technologists and is to outline strategic guidelines Contributors researchers work with leaders across and tactical actions businesses, Harrison Lynch, Accenture the company to invest in, incubate government agencies, and NGOs and deliver breakthrough ideas and can take to adopt ethical practices Richard Bartley, Accenture solutions that help our clients create throughout their data supply chains. Jacob Metcalf, Ethical Resolve new sources of business advantage. MJ Petroni, Causeit, Inc. Accenture Labs is located in six key About Accenture Aman Ahuja, The Data Guild research hubs around the world: Accenture is a leading global Silicon Valley, CA; Sophia Antipolis, professional services company, Scott L. David, University of France; Arlington, Virginia; Beijing, providing a broad range of services Washington China; Bangalore, India, and Dublin, and solutions in strategy, consulting, Ireland. The Labs collaborates digital, technology and operations. References extensively with Accenture’s Combining unmatched experience 1 “Taxonomies for impact along the data supply chain” network of nearly 400 innovation and specialized skills across more 2 Accenture Technology Vision 2016 Survey centers, studios and centers of than 40 industries and all business 3 “Universal principles of data ethics” excellence located in 92 cities and functions—underpinned by the 4 “Ethical decisions throughout the data supply chain” 35 countries globally to deliver world’s largest delivery network— 5 “Informed consent/implications of doing no harm” cutting-edge research, insights Accenture works at the intersection 6 de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & and solutions to clients where of business and technology to help Pentland, A. “Sandy.” (2015). Unique in the shopping mall: On the reidentifiability of credit card metadata. they operate and live. For clients improve their performance Science, 347(6221), 536–539. http://doi.org/10.1126/ more information, please visit and create sustainable value for their science.1256297 www.accenture.com/labs. stakeholders. With approximately 7 Berinato, S. (2015, February 9). There’s No Such Thing as Anonymous Data. Retrieved June 1, 2016, from 373,000 people serving clients in https://hbr.org/2015/02/theres-no-such-thing-as- anonymous-data more than 120 countries, Accenture drives innovation to improve the way 8 Sweeney, L. (2015). Only You, Your Doctor, and Many Others May Know. Technology Science. Retrieved from the world works and lives. Visit us at http://techscience.org/a/2015092903/ www.accenture.com. 9 “Data sharing best practices” 10 “Ethical algorithms for sense and respond systems” © 2016 Accenture. All rights reserved. Learn more: www.accenture.com/DataEthics This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy This document makes descriptive reference to trademarks that may be owned by others. of this license, visit http://creativecommons.org/ licenses/by/4.0/ or send a letter to Creative Commons, The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended PO Box 1866, Mountain View, CA 94042, USA. to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.