Other Journeys in ‘TPP Guidelines’.
Open Banking enabled services facilitate the transfer of high-quality datasets from the consumer to the TPP. How you collect, collate, draw insight and inference from the data, and how you store it, use it and share it and for what purpose, all have ethical implications.
For any TPP, it is essential to understand:
(1) The data you collect, collate, draw insight and inference from, how you use it, for what purpose and how it is shared. It is important to have a clear approach to personal data, including data which may be considered personal, sensitive, commercial, as well as, data that may be pseudonymised and/or anonymised.
(2) How the data interplays with the algorithmic system and the models you use, particularly in regard to how data is weighted or attributed in the algorithmic system to produce the outcomes.
(3) What impact the combination of the data and the algorithmic system has on your end result.
(4) What outcomes your data-driven service is achieving for your customers and wider society.
(5) What consequences (both intended and unintended) will this have on customers and society in the short, medium and long term?
Your evaluation of the above will help you identify not only legal and PR risk, but also potential ethical risks.
To help you consider how to ‘operationalise’ data ethics, we recommend you start with an existing framework. Readers can refer to Ethical Data and Information Management, O’Keefe & O Brien, 2018. You will also find useful links in the box at the foot of this section.
An ethical framework ensures that you have provided for the consideration of ethics within and across your organisation at all levels and functions.
A data ethics framework provides principles for the acquisition, collection and collation, accuracy, cleansing, analysis, use, and sharing of personal data. It would also provide for a consistent process and document procedures through which an organisation decides, documents and verifies that its data processing activities are (1) lawful and (2) generating fair and good outcomes for both the individual and wider society.”
Having a data ethics framework in place can, therefore, be a powerful risk mitigator and value creator.
Your approach to implementing a data ethics framework and operationalising data ethics in your organisation should be one which is collaborative, diverse, and transparent.
This walkthrough of a hypothetical (industry agnostic) Data Ethics Framework will introduce you to the concept and key components of a framework.
Although the entirety of this framework is specific and intentional, there are three distinct components worth noting:
Data Governance sets an information strategy, whilst effectively identifying and managing information risks. Your board or organisational governance body must become accountable for this function and should have a representation of the appropriate expertise. This matters because boards have to sponsor the authorising environment for action, and this may result in uncertainty and new risks. By explicitly incorporating an operational Data Ethics Framework into information strategy, boards create the environment for Data Ethics to become an integral function of their enterprise.
Social Preferability Testing challenges what is ‘normal’ today by proposing those data processing activities, the intent behind them and the real-life impacts, are ‘socially preferable’ rather than merely ‘socially acceptable’. This is an important distinction. It’s about finding ways to make what is good for people and society at large great for modern information businesses. For a firm wanting to consider itself as operating at a best practice level, it should be doing this kind of analysis.
Social Preferability Testing helps organisations collaborate directly with their key stakeholder groups, from independent advocacy groups through to regulators and of course, customers. The general process for Social Preferability Testing is outlined in the steps below. These can be adapted, depending on the size and maturity of your business or organisation, in the context of your customer base and the nature of the personal data in your possession.
The steps for Social Preferability Testing:
These practices should be embedded into existing workf so they augment ways of work.
The inclusion of independent audits in the workflow of an operational Data Ethics Framework is important to mitigate risk, both of potential customer harm, and to the organisation. It could also expose new value opportunities.
The Information Commissioner: ico.org.uk
Change Management Previous
Data Privacy / GDPR Next