Professional Documents
Culture Documents
Data Ethics
______________________________________________________________________________________
This document is a collection of various key pointers and practices employed in good data governance and management. Key insights found
inside this handbook should be treated as a guide and/or advice on how data should be treated in today’s era. The following material is to be
digested and taken with a pinch of salt, as the ever-changing law and regulations behind data ethics will warrant some of the following pointers
outdated or irrelevant. Nevertheless, as new insights and findings arrive, they will be amended to the following document
______________________________________________________________________________________
First and foremost, the interaction of consumers in the online world generates a considerable amount of
data, and the trajectory of harvesting and acquiring data proliferates with time. With all the data that is
flowing in, analysts believe that they could empower their companies with a new strategic formula to
compete in the business frontier. Some businesses adopt the usual cue of picking ideas from their
existing playbook – making slight amendments to their marketing and product packaging – in order to
attract prospective customers to consume their products. However, thanks to advancements in
technology, we are seeing the unravelling of a new strategy among businesses which has the potential
and capacity to revolutionise free market capitalism.
Businesses are now harnessing new tools and capitalizing on digital expertise – not conceived a few
decades ago – to study our digital footprints and convert these seemingly ‘messy data’ into extraordinary
insights that drive decision making and formulate business models. Unprecedented in scale and
magnitude, Analytics and AI has portrayed itself as an attractive proposition to many businesses, who
worshipped the advent of a new era akin to a digital renaissance. This nascent industry has become the
epitome of strategic competition in the fight to push the limits and boundaries of industrial capabilities,
which spurred many to hop onto the Analytics - AI bandwagon so as to reap the seemingly
insurmountable rewards that grow with time, and avoid being left out in this digital race.
However, its potential does come at a price with the increasing support for human privacy and data
protection. Due to the sensitive nature of the raw data, any lack of oversight and compliance into the
handling and transaction of the data could give rise to unethical exploitation of the data – amplifying
biases, stigmatization and exacerbating issues of social and economic injustices.
Accorded with such a power, we must be cognizant of playing by the rules to treat all data collected as a
sacred entity, one that is not to be misused and exploited for immoral causes. In incisive sum, we need to
respect the sanctity of data and the rule of law, so that we can navigate the future path alongside this
new frontier of power.
1
Data Ethics Principles, by DataEthics, 2017-12-29, https://dataethics.eu/data-ethics-principles/
A Short Introduction to Data Ethics, its Governance and the Rule of Law
Incorporating an ethical-minded attitude towards the handling of data throughout the entire
business spectrum and supply chain requires a fundamental change in the organisation’s view and
perception of data. Arguably, having an existing security and privacy perspective over data is
insufficient, and this can be whole with the inclusion of ethics and trust lenses 2
- In essence, strengthening the defense of data storage is not complete in the lense of data
ethics, as the idea of ethics should extend to the acquisition, transformation and
deployment phase
Why is it important?
Focusing on ethics bolsters the trust placed by consumers on the organizations. The following are
two examples on data practices.
Example of misusing data insights for business gains at the expense of moral rights 2.1
The developers of a dating app were tasked with increasing the amount of time users spend with the app. In
their data analysis, they discovered a strong correlation between engagement and ethnic and racial biases.
Under pressure to improve business metrics, a new match recommendation algorithm predicting and
reinforcing these biases went into production
2, 2.1, 2.2
Accenture Lab - Building Digital Trust, The Role of Data Ethics in the Digital Age
https://www.accenture.com/_acnmedia/PDF-22/Accenture-Data-Ethics-POV-WEB.pdf#zoom=50
A Short Introduction to Data Ethics, its Governance and the Rule of Law
Why is it important to generate a good code of ethics (COE) that is specific to the field of industry?
Defining a COE for a community of data practitioners is a necessary precursor to defining policies
and procedures that ensure digital trust is established – consistently and in tandem – with all new
products and services. Done correctly, it helps to improve transparency for stakeholders and
A Short Introduction to Data Ethics, its Governance and the Rule of Law
accountability for governance bodies3 Having a good COE also aids in defining the type of questions
and concerns managers can raise at each stage of the project management, development and
service delivery lifecycle
Source: Accenture
Example of data movement along the supply chain and the widening scope of data uses not
covered in the initial consent3.1
A fitness company partners with an insurance business and brought their customers’ data with them.
Customers of the fitness company may well have originally given their consent for their data to be used to
tailor fitness-related offerings. But they might have felt differently if they’d known these offerings would
eventually include insurance products. Given these circumstances, what does “consent” mean in the context of
33, 3.1
Accenture Lab - Building Digital Trust, The Role of Data Ethics in the Digital Age
https://www.accenture.com/_acnmedia/PDF-22/Accenture-Data-Ethics-POV-WEB.pdf#zoom=50
A Short Introduction to Data Ethics, its Governance and the Rule of Law
data collection? How can organizations obtain meaningful consent from their customers and, as the platform
economy continues to grow, their partners’ customers?
The following guidelines, adapted from Accenture, shows us how to analyse informed consent as a
means to uphold good data ethics in light of addressing new risks that are only now starting to
appear
Source: Accenture
Known to all data practitioners… and humans in general, if more data is being collected
over time, anonymity becomes is a myth4. In Sci-Mobility, there is an algorithm that
measures the degree of re-indentifying a person base on the dataset, and this is called
Privacy-Risk-Assessment
4
de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & Pentland, A. “Sandy.” (2015). Unique in the shopping mall: On the reidentifiability of credit
card metadata. Science, 347(6221), 536–539. http://doi.org/10.1126/ science.1256297
A Short Introduction to Data Ethics, its Governance and the Rule of Law
Source: Accenture
A Short Introduction to Data Ethics, its Governance and the Rule of Law
The above Principles of Data Ethics is a combination from both DataEthics and Accenture
1. Individuals should have the autonomy to decide how their data should be used and
ultimately, they should be empowered by their data. The individual has the primary control
over the usage of his/her data, the context in which his/her data is processed and how it is
activated5.
3. With regards to the method of handling, purpose employment and key processes of data
activities, these processes should be communicated to the user in both a clear and concise
manner. The users must be aware of the underlying risks, alongside the social, ethical and
societal implications associated with them giving their consent to share and allow their
personal data to be used by the business for transactional, promotional and marketing
related activities or intra-business-related operations
4. Accountability spans across the entire business and it also applies to all parties involved –
directly or indirectly - in the business transaction. An organisation needs to respect the
sanctity of data as a sacred digital resource, and develop proper measures to protect and
answer for the misuse or loss of personal data under their management. Sustainable
personal data processing must be embedded organisation-wide to ensures ethical
accountability in all stages of the business process. Correlative use of repurposed data in
research and industry represents the greatest promise and risk of data analytics
5. Knowing the societal implications that the data systems sustain, reproduce or create,
businesses should devote special attention to the management and insights generated from
the data, such that the resultant transactions or findings protect segments of the
market/society that are signalled as vulnerable to profiling, that may negatively impact their
self-determination and control or expose them to unnecessary discrimination or
5
Data Ethics Principles, by DataEthics, 2017-12-29, https://dataethics.eu/data-ethics-principles/
A Short Introduction to Data Ethics, its Governance and the Rule of Law
stigmatisation – from a financial, social or health perspective. This could require added
layers of protection and masking in the algorithms to reduce biases in the development
process
Source: Accenture
A Short Introduction to Data Ethics, its Governance and the Rule of Law
Data Breaches
The following pointers highlights the most common ways data breaches occur, according to reports
published by Verizon. The findings can be found in the 2018 Data Breach Investigation Report.
Operationalizing Ethics
The notion behind operationalizing ethics has got to do with translating all the principles and
guidelines that govern Data Ethics into transformative solutions. This can take the form of strategic
implementation and precise framework guidance that spells out how to treat data and ensure that
they are parallel with the defined principles
Information governance (set strategy and manage risk) should be treated as a board-level
responsibility
Social preferability is about the overwhelming support that key stakeholders have for the intent and
outcome of data processing or data enabled business activities
Independent Audit:
An external org will –
Access all relevant docs (ethics repository)
Assess the steps taken, trade-offs made, and products/service relevant to processing activity
in the context of the organisation ‘s data ethics principles
Document the findings and provide recommendations for board and committee re-
addressment
Findings are taken by the group’s governance team and operational leads to –
Define strategic changes to roadmap, with references made to identified risks and mitigation
measures
Outline external ‘go to market’ communications to be executed on in the immediate term
Provide guidance on operational workstreams that are impacted with details that include
A Short Introduction to Data Ethics, its Governance and the Rule of Law
The Federal Trade Commission (FTC) of the United Sates highlighted some pointers that individuals
and organisations can consider to better handle and manage their data.8
7
DPEX – Data Protection Excellence Network, https://www.dpexnetwork.org/events/webinar-data-protection-service-dpaas-new-way-
managing-personal-data-smes-and-be-protected-s250000-liabilities/?
gclid=EAIaIQobChMIk_aKg5jg6QIVyteWCh1rKAn8EAAYASAAEgJUm_D_BwE
8
Federal Trade Commission, Consumer Information, https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-
secure
A Short Introduction to Data Ethics, its Governance and the Rule of Law
The following guidelines are rolled out by the Personal Data Protection Commission of Singapore
(PDPC)9
a) Managing Access Control
- This involves setting up a system to ensure that only authorized personnel have access to the
data
Protecting personal data through user account and passwords
>> Unique password and username for every individual, and prompt them to update
regularly
>> Limit the number of failed logins attempt
>> Conceal passwords when users are keying in
>> Deny a user access once he/she is away for long periods of time
c) Protect Databases
- Providing clearance for certain databases
- Encrypting confidential/sensitive personal data
9
Is Personal Data Safe With Your Organization? Electronic Personal Data Protection for Organisations,
https://www.pdpc.gov.sg/-/media/files/pdpc/pdf-files/resource-for-organisation/is-personal-data-safe-with-your-organisation-v1-0.pdf
A Short Introduction to Data Ethics, its Governance and the Rule of Law
Individual Level
To ensure that you are thorough in the complete removal of unwanted data, the following steps can
be supplemented to the usual practice of deleting and emptying the trash bin:
1. Using specific software to overwrite selected file or the entire storage drive
2. Using specialized hardware appliances (degausser machine that produce strong EM fields to
destroy magnetically recorded data)
3. Physically destroying storage device by crushing or shredding the drive
4. Communicate internally
- Communicate all of the organisation’s data protection policies to all individuals (employees
and 3rd parties)
The following is a sample questionnaire, adapted from DataEthics website, that can be used as a
gauge in assessing the integrity of your data governance, or a checklist to create your data ethics
guidelines
________________________________________________________
Do you ensure that users’ data – as far as possible – is processed directly on the users’ own device(s)?
When the processing of data is necessary other than on the user’s own devices, such as your server or a cloud solution, is collected data
not related to an identifiable person?
Profiling
Do you use profiling? If so, do you allow the user to influence and determine the values, rules and input that underlie the profiling?
Predictions
Transparency
Data Storage
Do you use machine learning / artificial intelligence? If so, can you explain the algorithms – the criteria and parameters?
Behavioural Design
Do you operate with open source software, so others can use it and possibly develop it further ?
Accountability
Anonymity
Sales of Data
Do you enrich data with external data, such as social media data, bought data or web scraping?
Does this enrichment occur in response to, or in cooperation with, your users?
Organisational Anchoring
Do you have an individual or a department responsible for the ethical managing of data?
How is the work with data ethics embedded in the organisation?
How do you ensure that your data ethics guidelines are respected?
External Control
Equality
Public Platforms
Do you ensure that the use of artificial intelligence / machine learning is to the benefit of the individual and does not cause physical,
psychological, social or financial harm to the individual?
________________________________________________________