The power of data has been appreciated for some time, but it’s now truly hitting its stride, writes Jonathan Alboum Chief Technology Officer of Public Sector at Veritas.
The ability to collect and store masses of data has been rendered cheaper and easier than ever thanks to cloud computing, while data management and analytics tools allow companies to combine, interrogate and extrapolate precious insight on people.
Governments are recognising that we lack the legal frameworks to properly regulate this data economy and stop abuses from taking place. Yet, while the market understands the value of data and policy makers are starting to recognise its power, the consumer is still largely in the dark.
With the right information and tools, a company can understand you better than yourself. This means that when an organisation has built up a detailed profile on a person, they may be open to manipulation, control and exploitation. Legally, companies are able to do this so long as the consumer offers their consent. Ethically, however, few would argue that a person should be controlled and manipulated into doing what another wants.
The UK government demonstrated its leadership in data responsibility when it revealed its Data Ethics Framework last year. These guidelines set the standard for responsible and ethical data usage in the UK. Furthermore, they will have an impact on the economy far beyond the public sector. While not legally binding, compliance with a data ethics framework will be critical to customer confidence and success for organisations of all kinds.
Above the Law
Many are asking what can be done to regulate data use through the power of the state and the law. While understandable, it might not actually be the best approach. Technology will always be two steps ahead of legal intention. The speed at which technology advances, computing power increases and new services emerge is faster than any lawmaker can legislate.
When it comes to encouraging good behaviour from businesses, the law can be an effective if sometimes blunt instrument. Unfortunately, many times companies will adhere to the letter of the law but not the spirit. This certainly seems to have been the case for GDPR which, after one year of operation, has only levied a total of $56 million in penalties – a single fine against Google accounting for almost 90 per cent of that sum. Many companies have sought simply to re-consent their customers, sending them privacy agreements that offer little insight into their data rights, while doing little to improve underlying issues around data management and privacy.
So what do you do in the interim while the law races to catch up to technology? You establish a culture and create expectations and values; the public will start demanding them and companies will listen. Market leaders are decided when consumers vote with their wallets – this alone is a powerful incentive for organisations. Many companies will do the bare minimum to satisfy compliance, but they can’t afford to ignore the wishes of the customer.
The UK has done well to establish a culture where data responsibility is expected by its citizens. It has clearly laid out and informed expectations of how its citizens’ data should be treated, all without needing to go through the trials and pitfalls of passing legislation.
The UK experience holds an important lesson for businesses. Before you can achieve company-wide data responsibility, the right culture has to be in place. Rules and policies are important but employees need to respect them in order to have any impact. By clearly communicating its own data framework to employees, a company sets the agenda and establishes the values that need to be upheld. Once the culture change begins, the required tools and policies should follow.
Ultimately, a company wants its customers to feel good about sharing their data. This can be done through bargaining – offering a unique or attractive service in return for data – but it can and should also be done by being responsible with customer data. Indeed, Veritas research shows that consumers are more likely to do business and share their data with companies they can trust it with.
The first step in forming this kind of company is ensuring you have a strong data ethics framework that is well understood across the organisation. There is no single, perfect code of ethics when it comes to data; each company will have its own needs and differing perspectives. However, a good rule of thumb when forging your own data ethics framework is to never lose sight of the person that exists behind all that data. Organisations should consider the user needs and customer benefit at every stage, from data collection to usage. If what you are doing does not benefit the customer, industry or wider public, then it probably isn’t the right thing to do.
It’s important to remember that there must always be flexibility in an ethical framework. Culture and values change all the time, so rules should be flexible to support an urgent need or overarching priority. Every rule needs exceptions, and this is something that can be decided by your own data ethics committee. Having this ability will help your framework survive in the long term. If it’s too restrictive people will look for ways to get around it, but if it allows for change and exceptions then it is more likely to be followed.
Achieving Ethical Data Governance
Another important consideration for any framework is data management – a crucial but often overlooked aspect of data ethics. Data is becoming an important part of the customer contract, and customers increasingly expect organisations to take good care of it once it’s been shared. Poor data management puts this at risk. Untagged data fragmented across multiple silos is more likely to be lost, misused or stolen by bad actors – outcomes that will create grief and anger from customers. Companies can’t absolve themselves of blame here – if the data is on your servers then it’s your responsibility, as far as the customer is concerned.
To manage data responsibly, organisations need to be certain of what data they have, where it is and how it’s protected. Yet, maintaining this top-down view over all your data in a large, complex organisation can be a real challenge. Large global companies are a mixture of applications and environments, many of which run independently of each other and both collect and generate their own specific data. Complete oversight and control is usually a pipe dream.
Inevitably, you will be reliant on the skills and leadership of individual manages and front line employees to protect customer data, so guidelines for them and those under them are critical. Data responsibility a basic requirement of employee competency. However, you mustn’t leave your staff unsupported. Include data responsibility in a code of coitasnduct that employees must follow, educate them through training sessions and reward good behaviour during appraisals.
To improve data management and responsibility further, also teach employees to never save unnecessary copies of data. Indeed, a large part of good data management is removing dark or redundant data from your system, limiting risk for your company and customers. Organisations often only operate on about 15 per cent of the data they own, redundant data often totals 32 per cent, while over 50 per cent is dark data that has lost its meaning. There is great opportunity for some much-needed spring cleaning.
To embrace data management and ethics, employees must understand and appreciate what data they collect, where it is and how it is used. When this isn’t the case it is rarely down to laziness but rather the complexity of today’s IT environments. Around 40% of employees struggle with an overabundance of data management tools, too many data sources (38%), or the lack of a centralised approach (35%).
To get around these challenges, organisations should equip their workers with data management tools that break down silos, centralising all the information they need and helping them to utilise data quickly. At a baseline, they need technology that helps them understand what data they have, where it’s stored, what it’s used for and how it’s protected.
To be successful, both governments and businesses need insight into the lives and experiences of consumers. Data is an invaluable way to gain this, but it’s up to organisations to prove they can respect it. Data abuse or breaches send a terrible message, even when no law is broken. Data irresponsibility can poison the customer relationship and lose you precious data. A responsible approach to data ethics can also offer competitive advantage. The law is the minimum – you cannot help but follow it – yet going further is an opportunity to win consumer respect, collect more and better data and secure greater market share.