The Ethics of Business Intelligence: Balancing Data Collection & Privacy

The era of big data means there’s more data to mine and potentially more insights to uncover. But it’s critical that data collection, and its subsequent usage, is done ethically, in a way that respects individual privacy.

After all, data can tell us a lot about customers, their preferences and their habits—and that means navigating complex issues of privacy and bias when using that data for analysis. But committing to ethical data use isn’t just the right thing to do, it’s also the smart thing to do.

From a practical standpoint, it helps to ensure compliance with government and industry privacy and data governance regulations. A breach of these regulations could lead to hefty fines and penalties, as well as bad press and reputational damage.

For example, the European Union’s General Data Protection Regulation (GDPR), which went into effect in 2018, imposes fines on any organization—even outside the EU—that violates the privacy and security of data collected on EU citizens. Penalties could be as high as tens of millions of euros.

The California Consumer Privacy Act, which went into effect in 2020, gives Californians more control over the personal information that businesses collect about them—and the Act applies even when travelling out of state or outside the U.S. That means any business collecting or selling the personal information of California residents must abide by the Act, even if they don’t have a physical presence in California.

Other jurisdictions in the U.S. and around the world will likely follow suit. But there are also industry-specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) that addresses the use and disclosure of health information, and the Gramm-Leach-Bliley Act (GLBA), which requires banks, securities firms and insurance companies to protect the privacy of consumer finances.

Why data governance policies need an update

What that boils down to is a need for organizations to update their data governance and privacy policies—if they haven’t done so already—to deal with new regulations as well as evolving technologies.

“Simply put, many of the initial data privacy laws, often created in the 1980s, fail to provide adequate guidance today because they never foresaw a future in which compute is distinct from storage. Therefore, it is not surprising that modern data privacy policy seeks to set personal data protection rules that are appropriate for the virtualized, cloud era,” according to a market insight report from 451 Research.

There’s also the issue of bias, which should be incorporated into an organization’s data governance policy. That’s because there’s the potential to introduce bias—even inadvertently—into the collection and application of data.

“Data ethics includes a sound knowledge of data-protection law, other relevant legislation and the appropriate use of new technologies. It requires a holistic approach incorporating best practices in computing techniques, ethics and information assurance,” according to a KPMG report on privacy, security and ethics.

Some of these ethical challenges, according to KPMG, include the violation of personal privacy due to inappropriate data processing; profiling individuals, which could lead to discrimination; and intrusive advertising, which could invade customer privacy.

Here’s how to put ethics at the top of your BI agenda:

1. Update your data governance policy: This requires understanding the full scope of your organization’s data collection and analysis. It should be embedded directly into the data collection process, which helps to protect user data—and your organization—from the get-go. Since data will continue to grow exponentially, privacy protection needs to scale with it, so the policy should also map out how data is stored, how long it’s retained and how it’s safely deleted.
   
2. Keep up with the latest cybersecurity measures: Strong security measures can help to protect against data theft and loss, as well as unauthorized access. A multi-layered approach to security includes technology—such as anti-malware, access control and encryption, as well as backup and recovery systems—along with user training on social engineering attacks such as phishing. With remote and hybrid workforces, it’s critical to deploy endpoint security and enforce BYOD (bring your own device) policies.
   
3. Integrate ethics into BI design: Ethics should be part-and-parcel of BI design—and not an afterthought. There are a number of frameworks that can guide organizations in operationalizing their data governance policy, including Fair Information Practices (FIP), Privacy by Design (PbD) and the National Institute of Standards and Technology (NIST) Privacy Framework. Bias training can also help teams understand how bias could be inadvertently programmed into data algorithms and analysis.

Good compliance makes for good BI

There’s some concern that privacy regulations will limit the amount of data an organization can work with. But it also means the data they do collect will be of higher quality, which in turn could result in more relevant and accurate analyses.

Paige Bartley, senior research analyst for data, artificial intelligence and analytics at 451 Research, told ComputerWeekly that organizations are “looking for ways to leverage improved data governance and data visibility to meet not only compliance requirements, but to accelerate other data-driven initiatives as well.”

Committing to ethical data use in BI ensures that data collection and usage is fair, transparent and accountable, while protecting against breaches of compliance and reputational damage—and that’s good for business.

Vawn Himmelsbach

Vawn Himmelsbach is a writer and editor specializing in enterprise IT, writing for national newspapers and technology trade magazines on everything from AI to zero-day threats. She also spent three years working abroad as an Asian correspondent, covering all things tech.