Clients expect their data to be treated with respect. In a world where companies have nearly unrestricted access to personal information, a new dilemma emerges: what separates right from wrong when it comes to collecting and using this data for commercial purposes. Individuals, companies, and policymakers are all working to understand what is ethical or not, what is legal or not, and how best we can progress when utilising innovative and disruptive technologies.
The world’s fast expanding digital economy is fuelled by ever growing datasets – some call data the new oil, it is a precious corporate asset. Datasets are continuously created, harvested, combined and shared. It’s all happening at a scale and pace that traditional regulatory frameworks struggle to keep up with.
It’s why a new branch of ethics is emerging – data ethics – that addresses new challenges associated with data itself. Where digital risk used to be considered in terms of cyber security, organisations now recognise the need to consider the wider risks posed by organisational data practices including the unethical use of insights, the introduction of biases that amplify social and economic inequality, or the exploit of data for uses that its sources would never have agreed to.
Data governance and data ethics
Against this dynamic background, the concept of data governance is taking root. Data protection regulations, such as the EU’s GDPR from 2016, and the draft Data Governance Act published last year by the European Commission, are examples of steps towards addressing data ethics. Similar discussions and regulations are emerging in other parts of the world too, including the Americas and APAC.
Data governance is the control framework that an organisation puts in place to not only meet regulatory requirements but oversee the business and its risks related to data. In the Aon Centre for Innovation and Analytics (ACIA), we qualify data ethics as the ethical principles needed to work with data - and data governance as the control framework employed to deliver these principles – for all colleagues to abide by.
What firms can do now to up their game
We started our data ethics journey from the belief that these principles are as important as any other, such as respect for individuals’ privacy. We also expect to see more legislation develop as new technologies evolve and become more widely integrated into the economy. Until that time, it is important that firms step up in starting discussions around Data Ethics and cover aspects that are important for them.
- Build a stronger ethical culture
Instead of waiting for specific regulations to be written or letting others define parameters, consider establishing key principles to guide your business around data and new technologies from the foundations that already exist.
We published our own Code of Data Ethics that covers what we believe are essential attributes, including individual privacy, transparency and accountability. It works on the basis that complying with data protection is our minimum standard. In terms of transparency, regardless of whether business opportunities are found with a dataset, all assessments, agreements and engagements must be reviewed and approved as part of our product governance processes.
- Be conscious of responsibilities
Each of us is responsible for our behaviour; accountability applies in all our business interactions, with one another, our shareholders, our clients, our business partners, and the communities in which we conduct business.
Every colleague in ACIA is required to complete a review of the Code of Data Ethics and abide by the principles outlined. It underpins the tasks they’re performing, while meeting our clients’ and our firm’s expectations. Similarly, it better supports us in defining policies; it influences how we plan to deliver analytics and enable innovation for our clients.
- Step up and be part of the discussion
Current and future data protection regulation will be broadly adopted but until that time companies should take a stand on how they handle and protect the personal data they collect – even if it’s not currently required in the jurisdiction they operate in.
Lessons learned
We are learning a lot as we put data governance guard rails in place, including our Code of Data Ethics. To begin with, we had to be conscious of the ethical dilemmas present when working with data: the question is not what we can do with new technologies but whether we should do it and how. We also discovered that it is important for everyone to step up and to be part of the discussion. A stronger ethical culture benefits everyone. And we saw that it was better to build up our principles around data and new technologies from the foundations that already existed.
We did not need to reinvent the wheel to codify an ethical approach to handling data, but we do need to be conscious of our responsibilities and be accountable at all times. We are on a constant journey, closely following and abiding by new data governance regulations, and proposals that support our premise of data ethics.
As environmental, social and corporate governance criteria take on greater importance in the wider economy, data governance should be viewed by all companies as a critical risk factor. In this way, upholding principles that protect individual privacy, being transparent when managing and using data and new technologies, keeping data secure and establishing a governance framework have become key attributes in the digital economy and in the way we work – creating a stronger society.
About the Authors
Yvonne Jacobi has been with Aon for eight years, becoming chief operating officer for the Aon Centre for Innovation and Analytics (ACIA) in Dublin in November 2016, extending to the ACIA Krakow team in February 2018. Her particular areas of focus are risk management and data privacy, portfolio and delivery management, human resources, and ACIA financials.
Prior to her tenure at Aon, she spent six years in New Zealand in the area of strategy and business planning for the NZ divisions of two Australian insurance carriers. Yvonne holds a master’s in business studies from University College of Dublin’s Michael Smurfit Graduate Business School.
André Miniussi is a member of the Risk and Compliance team in the Aon Centre for Innovation and Analytics - Dublin, Krakow and Singapore. Having joined Aon in 2018, he has more than 11 years’ experience working with Ethics, Compliance and Risk Management in large organisations across the Media, Healthcare, Education and Data Analytic sectors.
André holds an Honours Bachelor of Business Administration degree, and two post-graduation degrees, one in Fraud Risk Management and another in Accounting.