bsan718-m4-building-digital-trust.pdf

Full Transcript

Accenture Labs

Building digital trust:
The role of data ethics
in the digital age
The digital economy is built on data—massive streams
of data being created, collected, combined, and shared—
for which traditional governance frameworks and risk-
mitigation strategies are insufficient. In the digital age,
analyzing and acting on insights from data can introduce
entirely new classes of risk. These include unethical or even
illegal use of insights, amplifying biases that exacerbate
issues of social and economic justice, and using data for
purposes to which its original disclosers would not have
agreed, and without their consent.

Provided organizations prioritize economy can scale poor judgement development, collaboration with
ethical data practices throughout to a massive degree and lead to partners, and expansion into new
their decision-making processes, serious ethical failures. and existing markets.
risks such as these can be identified,
There are many similar risks In the past, the scope for digital
managed, and contained. The
involving the ethical use of data, risk was largely limited to
alternative? Left unchecked,
where today’s best practices are cybersecurity threats. These threats
they can permanently damage
simply insufficient to provide a guide remain omnipresent, but leading
consumer trust in a brand. The
for practitioners. These new vectors organizations must now also
following example puts the scale
for risk demand the development of recognize risks from lackluster
of these risks into perspective.
robust ethical controls throughout ethical data practices. Mitigating
The developers of a dating app
data supply chains. With such these internal threats is critical
were tasked with increasing the
controls, organizations can create for every player in the digital
amount of time users spend with
“digital trust”—a widely accepted economy, and cannot be addressed
the app. In their data analysis, they
belief that a brand is reliable, with strong cybersecurity alone.
discovered a strong correlation
capable, safe, transparent, and These new risks require their own
between engagement and ethnic
truthful in its digital practices. frameworks and best practices at
and racial biases. Under pressure
Digital trust is difficult to build, but every step of project and service
to improve business metrics, a new
startlingly easy to lose. This makes delivery lifecycles, and should
match recommendation algorithm
it a key differentiator in the digital be integrated into every project,
predicting and reinforcing these
economy. Confidence in a brand offering, or new endeavor.
biases went into production. This
facilitates growth through product
true story illustrates how the digital

2
Focus on ethics Introducing these new perspectives knew its solution would have to be
Treating data in an ethical manner will ensure an organization can completely transparent, auditable,
throughout its supply chain requires simultaneously manage risk and and immutable. To achieve this, it
a fundamental change in how data build trust by consistently evaluating uses a blockchain architecture that
is viewed within organizations. how ethics are taken into account delivers on all of these requirements.
While the perspectives of security in data-driven decisions. By focusing Everledger also aggregates data
(is the confidentiality, integrity, on ethics, organizations will improve from law enforcement and insurance
and availability of data adequately the trust their customers have in companies, which in turn use the
protected?) and privacy (do them—a mandate for those that have technology as a verification system,
controls on data satisfy regulatory undergone digital transformations and reducing fraud and its associated
requirements?) remain relevant, added become publishers of, or participants costs. Everledger has built a trusted,
lenses for ethics and trust become in, digital platforms and ecosystems. permanent ledger for diamond
critical. Organizations must begin to certification and transaction histories
For example, Everledger set out to
consider the ethics of data collection, that can be extended to track any
minimize fraud and the prevalence
manipulation, and use. This enables asset with a unique identifier. This
of conflict gems in the diamond
trust, but requires attention at each solution is “trusted by design.”
industry. To attract investors and
stage of the data supply chain and realize its goals, the company
collaboration with every stakeholder.

Figure 1: Data supply chain—Terms and definitions

0
0110

10
11
001001

01
001
110 10
10 00 111
00

10110 001
001
0
1111

Disclose Data Manipulate Data Consume Data
a person, process, or system a person, process, or system a person, process, or system
creates and publishes/shares data transforms, moves, or analyzes data benefits from manipulated data

Acquire Store Aggregate Analyze Use Share/Sell Dispose
Ingest data from Record data to a Combine Examine and Apply the insights Provide access to Remove data
sensors, systems, trusted location disparate transform data gained from data datasets or data from servers to
or humans, that is both datasets to with the purpose analysis toward insights to new prevent future
recording its secure and create a larger of extracting making decisions, sets of data release or use.
provenance easily accessible dataset that is information and affecting change, manipulators or
and consent for for further greater than the discovering new or delivering a consumers.
use wherever manipulation. sum of its parts. insights. product or service.
possible.

3
To build solutions that are trusted Given the relative youth of data
by design, a new set of best ethics, such a common language
practices must be created to guide does not yet exist. Accenture is
practitioners through the process of proposing a taxonomy that will help
embedding ethical considerations at enable practitioners to describe the
every stage of product development, nuances of making ethical decisions
service delivery, and the data supply about data.¹ Having a taxonomy
chain. The “pivot to trust” strategy provides clarity to all parties
rewards those who demonstrate involved in the exchange of data
a commitment to strong ethical and will prove increasingly valuable
standards and sets them apart from as regulatory and insurance industry
those who do not. This focus on standards evolve. Already, companies
data ethics requires a portfolio of must have policies and procedures
considerations—outlined below— in place to address the types of
that are new to many practitioners. behavioral risk vectors exploited
by cyber attackers. However, as
Taxonomies for impact insurance markets (and regulators)
begin to recognize internal versus
across the data supply chain
external threats, policies focused on
In a digital marketplace where ethical considerations throughout
consumers discriminate based on the data supply chain will become
their ability to trust, achieving a high commonplace as a strategy for
level of trust adds gravitational pull managing risk. Ultimately, Accenture
to a brand and is becoming a strong sees a future where insurers will
differentiator for companies. This is offer both cybersecurity and digital
true across industries and sectors ethics policies. Being ready for these
of the economy. But to move data developments with a language
ethics forward as a discipline, there and approach to account for these
must be a common language that largely internal risks will be a
professionals can use for discussing significant advantage.
and classifying data ethics—
from acquisition to sharing and
throughout the data supply chain.

“81 percent of executives agree that as
81% the business value of data grows, the risks
companies face from improper handling of
data are growing exponentially.”²

4
Developing a code of ethics organizations can use to develop a have a generally agreed-upon set
With a language in place to code of ethics.³ Rather than attempt of norms that reflects its values. In
facilitate evolution of data ethics to deliver dozens of industry-specific civil society, these so-called “social
frameworks, organizations should codes, this framework approach norms” vary widely. Defining a code
begin to consider the implications of lets organizations incorporate their of ethics for a community of data
working with data from an ethical industry knowledge and domain practitioners is a necessary precursor
perspective. Pre-existing codes of expertise in developing a code of to defining policies and procedures
conduct are generally written for ethics for their industry, ecosystem, that ensure digital trust is established
other domains or are grossly out or organization. The result will be consistently, and in tandem with, all
of date, barely taking data into a domain-specific code, directly new products and services. When
account (if at all). Addressing this applicable to each organization. done correctly, a code of ethics
gap, Accenture has developed a This is critical because, when it helps to improve transparency for
set of data-centric principles that comes to ethics, a community must stakeholders and accountability for
governance bodies.

Figure 2: Universal principles for data ethics—Guidelines for creating a code of data ethics

1. The highest priority is to respect the persons behind the data.
Where insights derived from data could impact the human condition, the potential harm to individuals and communities
should be the paramount consideration. Big data can produce compelling insights into populations, but those same
insights can be used to unfairly limit an individual’s possibilities.

2. Account for the downstream uses of datasets.
Data professionals should strive to use data in ways that are consistent with the intentions and understanding of
the disclosing party. Many regulations govern datasets on the basis of the status of the data: “public,” “private” or
“proprietary,” for example. But what is done with datasets is ultimately more consequential to subjects/users than the
type of data or the context in which it is collected. Correlative use of repurposed data in research and industry represents
the greatest promise and the greatest risk of data analytics.

3. The consequences of utilizing data and analytical tools today are shaped by how they’ve been
used in the past.
There’s no such thing as raw data. All datasets and accompanying analytic tools carry a history of human decision-making.
As far as possible, that history should be auditable. This should include mechanisms for tracking the context of collection,
methods of consent, chains of responsibility, and assessments of data quality and accuracy.

4. Seek to match privacy and security safeguards with privacy and security expectations.
Data subjects hold a range of expectations about the privacy and security of their data. These expectations are often
context-dependent. Designers and data professionals should give due consideration to those expectations and align
safeguards and expectations with them, as much as possible.

5
5. Always follow the law, but understand that the law is often a minimum bar.
Digital transformations have become a standard evolutionary path for businesses and governments. However, because
laws have largely failed to keep up with the pace of digital innovation and change, existing regulations are often
miscalibrated to current risks. In this context, compliance means complacency. To excel in data ethics, leaders must define
their own compliance frameworks to outperform legislated requirements.

6. Be wary of collecting data just for the sake of having more data.
The power and peril of data analytics is that data collected today will be useful for unpredictable purposes in the future.
Give due consideration to the possibility that less data may result in both better analysis and less risk.

7. Data can be a tool of both inclusion and exclusion.
While everyone should have access to the social and economic benefits of data, not everyone is equally impacted by the
processes of data collection, correlation, and prediction. Data professionals should strive to mitigate the disparate impacts
of their products and listen to the concerns of affected communities.

8. As far as possible, explain methods for analysis and marketing to data disclosers.
Maximizing transparency at the point of data collection can minimize the more significant risks that arise as data travels
through the data supply chain.

9. Data scientists and practitioners should accurately represent their qualifications (and limits to their
expertise), adhere to professional standards, and strive for peer accountability.
The long-term success of this discipline depends on public and client trust. Data professionals should develop practices
for holding themselves and their peers accountable to shared standards.

10. Aspire to design practices that incorporate transparency, configurability, accountability, and auditability.
Not all ethical dilemmas have design solutions. But paying close attention to design practices can break down many of
the practical barriers that stand in the way of shared, robust ethical standards. Data ethics is an engineering challenge
worthy of the best minds in the field.

11. Products and research practices should be subject to internal (and potentially external) ethical review.
Organizations should prioritize establishing consistent, efficient, and actionable ethics review practices for new products,
services, and research programs. Internal peer-review practices help to mitigate risk, and an external review board can
contribute significantly to public trust.

12. Governance practices should be robust, known to all team members and regularly reviewed.
Data ethics poses organizational challenges that cannot be resolved by compliance regimes alone. Because the regulatory,
social, and engineering terrains are in flux, organizations engaged in data analytics need collaborative, routine and
transparent practices for ethical governance.

“80 percent of executives report strong
80%
demand among knowledge workers for
increased ethical controls for data.”²

6
Guiding ethical decisions ethics review (much as processes
A code of ethics also helps in exist for code reviews in software 83%
defining the types of questions development). With this approach,
and concerns managers should be organizations can be certain that
raising at each stage of project trust is baked into and reinforced
management and service delivery with all new offerings, engendering “83 percent of executives
loyalty and confidence among
lifecycles.⁴ This includes advice on
consumers and partners.
agree that trust is the
how to design and implement an
cornerstone of the
digital economy.”²

Figure 3: Ethical decision-making across the data supply chain

Data
Supply
Chain
Step Acquire Store Aggregate Analyze Use Share/Sell Dispose

Lifecycle Initiation Planning Executing Monitoring Closing
Phase Strategy Design Launch Operation Improvement

Sample Are data disclosers What are the classes Did the data discloser Do data disclosers Are stakeholders
aware that they have of harm that a bad provide consent to expect control, aware of the time
ethical
disclosed data? Can actor or group of this specific data ownership, frame that their data
questions they inspect it? Are actors could cause use? Did any consent remuneration, or will be retained?
to address they aware of how if they had access agreement make it transparency over Would they be
external they disclosed this to the entire set of clear that data could the data they have surprised to learn it
concerns data (e.g. directly, aggregated data be used in this way? disclosed if it is still exists?
tracking, derived)? sources or any related being shared or sold?
Has intent for how analysis? Did they provide
the data will be used informed consent for
been communicated? this action?

Sample What methods were What biases have Are the uses of the Does the act of Should the original
ethical used to collect the been introduced data consistent with sharing or selling discloser be notified?
data? Do collection during manipulation? the intentions of the data enhance the Is metadata being
questions methods align with Was an ethics review discloser? What are experience for the retained? Are there
to address best practices? performed? the potential risks to data discloser (not any disaster recovery
internal Did data disclosers the organization if including the data archives that have
concerns provide informed a watchdog group seller’s own ability copies of the data?
consent? What are knew the data was to operate)? Is there
the security risks used in this way? another way to share
with how the data is or sell this data
stored? that would increase
transparency?

Project Lifecycle Stage Service Lifecycle Phase
7
Informed consent of the initial disclosing party. This But they might have felt differently if
Trust can be improved at the leads to uses of data that could not they’d known these offerings would
beginning of a data supply chain by have been predicted at the time data eventually include insurance products.
making informed consent a priority. was disclosed—calling into question
Given these circumstances, what does
When consent is granted by an whether or not truly informed
“consent” mean in the context of data
informed data-discloser, organizations consent is possible.
collection? How can organizations
have the added benefit of reducing Consider the growing platform obtain meaningful consent from
their exposure to potential harm. economy, where organizations from their customers and, as the platform
With data being collected at an different industries are partnering economy continues to grow, their
unprecedented scale, stored longer to create new offerings. Imagine a partners’ customers? Figure 4 shows
than ever, and combined with other fitness company partnering with an a framework for analyzing informed
datasets, it is critical to consider insurance business, and bringing their consent as a way to meet the “do
potential harm arising from its use. customers’ data with them. These no harm” ethos for data scientists—
As data moves through its supply customers may well have originally proactively addressing new risks that
chain, the scope for its use often given their consent for this data to be are only now starting to appear.⁵
creeps further away from the consent used to tailor fitness-related offerings.

Figure 4: Guidelines for avoiding harm

DATA AT REST DATA IN MOTION
Data may be sourced from archives or Data is collected in real-time from machine sensors, automated
other backups processes, or human input; while in motion, data may or may
not be retained, reshaped, corrupted, disclosed, etc.
Guideline: Ensure the context of original consent is
known and respected; data security practices should be Guideline: Be respectful of data disclosers and the individuals behind
revisited on a regular basis to minimize risk of accidental the data. Protect the integrity and security of data throughout networks
Data Disclosure disclosure. Aggregation of data from multiple sources and supply chains. Only collect the minimum amount of data needed
often represents a new context for disclosure; have the for a specific application. Avoid collecting personally identifiable
responsible parties made a meaningful effort to renew information, or any associated meta-data whenever possible. Maximize
informed consent agreements for this new context? preservation of provenance.

Data is stored locally without widespread Data is actively being moved or aggregated; data
distribution channels; all transformations transformations use multiple datasets or API calls which
happen locally might be from multiple parties; the Internet may be used

Guideline: Set up a secure environment for handling Guideline: Ensure that data moving between networks and cloud
static data so the risk of security breaches is minimized service providers is encrypted; shared datasets should strive to minimize
Data Manipulation and data is not mistakenly shared with external the amount of data shared and anonymize as much as possible. Be sure
networks. Data movement and transformation should to destroy any temporary databases that contain aggregated data. Are
be fully auditable. research outcomes consistent with the discloser’s original intentions?

Data analytics processes do not rely on live or Data insights could be context-aware, informed by
real-time updates sensors, or might benefit from streamed data or API calls

Guideline: Consider how comfortable data disclosers Guideline: The data at rest guidelines for data consumption are
would be with how the derived insights are being applied. equally important here. In addition, adhere to any license agreements
Gain consent, preferably informed consent, from data associated with the APIs being used. Encrypt data. Be conscious of
Data Consumption disclosers for application-specific uses of data. the lack of control over streamed data once it is broadcast. Streaming
data also has a unique range of potential harms—the ability to track
individuals, deciphering network vulnerabilities, etc.

8
Data-sharing best practices These collaborations necessitate
widespread and constant data 94%
Strong ethical and risk mitigation sharing, bringing new and difficult-
practices preclude sharing data to-predict risks. These risks are
without the consent of the people compounded by the fact that once
who disclose it. They also preclude data sets reach a large enough size, “94 percent of
sharing data with parties to whom anonymity is a myth.⁶ And when
access has not been granted. But the additional data sets are aggregated, organizations are
effective use of data demands that individuals can be identified with required to comply
it should be shared—and particularly relative ease.⁷,⁸ Addressing the
so in the digital business era, with with ethical data
issues and damage associated with
a growing platform economy. sharing data, Figure 5 shows a set of handling requirements
More and more organizations guiding principles that can be put in
are partnering to create new that go beyond their
place to mitigate risk.⁹
offerings and even new industries. own protocols.”²

Figure 5: Best practices for data sharing

1. Ongoing collaboration and mutual accountability are necessary between data sharing partners.

2. Build common contracting procedures, but treat every contract and dataset as unique.

3. Develop ethical review procedures between partners.

4. Be mutually accountable for interpretive resources.

5. Maximalist approaches to sharing are not always advisable.

6. Identify potential risks of sharing data within sharing agreements.

7. Repurposed data requires special attention.

8. When ethical principles or regulations are unclear, emphasize process and transparency.

9. Published research requires additional attention.

10. Treat trust as a networked phenomenon.

9
Ethical algorithms The well-intended system amplified collection, aggregation, sharing,
and automation existing economic inequality issues and analysis, to monetization,
and damaged public trust. storage, and disposal—can have a
New risks and challenges in the
decisive impact on their reputation
digital economy extend to various Building public trust in these
and effectiveness.
types of automation that are systems, and in the decisions that
powered by data insights. Online result from their use, is critical New vectors of risk are scattered
shoppers may be well aware that to furthering their adoption (and, throughout the data supply chain.
retailers will use purchase histories in the example above, the public How businesses, governments,
to drive discount offers, but the safety improvements that could and NGOs address this risk, within
fact that ecommerce brands have been realized). But building and beyond the four walls of the
offer the same items at different that trust requires transparency and enterprise, is critical to their ability
prices based on location and other auditability, along with recourse to operate. As ethical data concerns
factors is only slowly becoming and responsiveness when failures continue to proliferate, organizations
common knowledge. With careful happen. These measures cannot be need to find a new way forward, and
deployment, this approach can afterthoughts. They require careful should embrace the opportunity:
deliver better marketing. But foresight and planning. Accenture this new ethical frontier offers a
companies must carefully consider has a strategy for the ethical design, way to engender trust and provide
what they are using as input, how deployment and operation of sense- vital differentiation in a crowded
their algorithms are designed and-respond systems—each of marketplace.
to consider that input, and how which requires specific and tailored
customers may react to its use. Organizations should begin taking
attention within the larger field of
steps now to reduce their exposure to
digital ethics.¹⁰
This targeting is accomplished digital risk by integrating a wide array
entirely via automated sense-and- of data ethics practices throughout
respond systems using previously Start building digital their data supply chains. In doing so,
collected data to make decisions. trust today they’ll gain the trust of stakeholders,
These and other systems that In the digital era, data is the reap business benefits, and position
operate in the physical world are fundamental currency. And how themselves for prolonged success in
subject to many of the same ethical organizations handle it throughout the digital economy.
issues as the machine-learning the data supply chain—from
systems that drive ecommerce. But
they also raise their own unique
challenges. Take the case of the
smartphone app that monitors for
potholes in the road by passively
collecting accelerometer data.
The first cities that deployed
this technology to prioritize
road maintenance saw wealthy
“This new ethical frontier offers a way
communities receive the most to engender trust and provide vital
attention—because those were the
people with the most smartphones. differentiation in a crowded marketplace.”

10
11
Contact Us About Accenture Labs Data Ethics Research Initiative
Steven Tiell Accenture Labs invents the future Launched by Accenture’s Technology
Senior Principal—Digital Ethics for Accenture, our clients and the Vision team, the Data Ethics
Accenture Labs market. Focused on solving critical Research Initiative brings together
[email protected] business problems with advanced leading thinkers and researchers
technology, Accenture Labs brings from Accenture Labs and over a
Lisa O’Connor
fresh insights and innovations to dozen external organizations to
Managing Director—Security R&D
our clients, helping them capitalize explore the most pertinent issues of
Accenture Labs
on dramatic changes in technology, data ethics in the digital economy.
[email protected]
business and society. Our dedicated The goal of this research initiative
team of technologists and is to outline strategic guidelines
Contributors researchers work with leaders across and tactical actions businesses,
Harrison Lynch, Accenture the company to invest in, incubate government agencies, and NGOs
and deliver breakthrough ideas and can take to adopt ethical practices
Richard Bartley, Accenture
solutions that help our clients create throughout their data supply chains.
Jacob Metcalf, Ethical Resolve new sources of business advantage.
MJ Petroni, Causeit, Inc. Accenture Labs is located in six key About Accenture
Aman Ahuja, The Data Guild research hubs around the world: Accenture is a leading global
Silicon Valley, CA; Sophia Antipolis, professional services company,
Scott L. David, University of
France; Arlington, Virginia; Beijing, providing a broad range of services
Washington
China; Bangalore, India, and Dublin, and solutions in strategy, consulting,
Ireland. The Labs collaborates digital, technology and operations.
References extensively with Accenture’s Combining unmatched experience
1 “Taxonomies for impact along the data supply chain” network of nearly 400 innovation and specialized skills across more
2 Accenture Technology Vision 2016 Survey centers, studios and centers of than 40 industries and all business
3 “Universal principles of data ethics” excellence located in 92 cities and functions—underpinned by the
4 “Ethical decisions throughout the data supply chain” 35 countries globally to deliver world’s largest delivery network—
5 “Informed consent/implications of doing no harm” cutting-edge research, insights Accenture works at the intersection
6 de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & and solutions to clients where of business and technology to help
Pentland, A. “Sandy.” (2015). Unique in the shopping
mall: On the reidentifiability of credit card metadata. they operate and live. For clients improve their performance
Science, 347(6221), 536–539. http://doi.org/10.1126/ more information, please visit and create sustainable value for their
science.1256297
www.accenture.com/labs. stakeholders. With approximately
7 Berinato, S. (2015, February 9). There’s No Such Thing
as Anonymous Data. Retrieved June 1, 2016, from 373,000 people serving clients in
https://hbr.org/2015/02/theres-no-such-thing-as-
anonymous-data
more than 120 countries, Accenture
drives innovation to improve the way
8 Sweeney, L. (2015). Only You, Your Doctor, and Many
Others May Know. Technology Science. Retrieved from the world works and lives. Visit us at
http://techscience.org/a/2015092903/
www.accenture.com.
9 “Data sharing best practices”

10 “Ethical algorithms for sense and respond systems”

© 2016 Accenture.
All rights reserved.
Learn more: www.accenture.com/DataEthics
This work is licensed under the Creative Commons
Attribution 4.0 International License. To view a copy This document makes descriptive reference to trademarks that may be owned by others.
of this license, visit http://creativecommons.org/
licenses/by/4.0/ or send a letter to Creative Commons, The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended
PO Box 1866, Mountain View, CA 94042, USA. to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.