June 22, 2016
Incorporating data ethics into Security practices
By: Lisa O'Connor

Digital risk has expanded beyond cybersecurity and privacy into new territory: digital ethics. While protecting the security and privacy of data at rest and in motion continues to be an essential responsibility for Security professionals, the stakes are higher in the digital era.

Now organizations must also consider the ethics around what they do with that data at every step of the data supply chain. In other words, how they act on the data they collect and analyze. It’s more than traditional data stewardship, it’s about stewardship of the experience through the ethical use of learnings, insights and inferences throughout the customer journey. The companies and government agencies that achieve the proper balance—effectively managing security risks and building digital trust by making ethics a core part of data-driven decisions—will be better positioned for success in the digital economy.

These are some of the findings from a new Accenture report, “Building digital trust: The role of data ethics in the digital age.” The result of a two-year collaboration, this report includes an initial set of data ethics recommendations, substantiated by expert insights from Accenture and more than a dozen other organizations around the globe. It will be followed by more in-depth reports on multiple data ethics research tracks.

Bottom line, the research reinforces core tenets of Security: be vigilant and proactive. With this in mind, organizations have a prime opportunity to reduce their exposure to digital risk by integrating a wide array of ethical data practices throughout their business processes. Each more personalized learning requires more robust ethical controls. In order to mitigate the risks, Security professionals and data practitioners must understand and follow a new data ethics framework and set of best practices, which Accenture has helped formulate.

The timing could not be more critical. According to our Twitter poll, only 40 percent of respondents currently have formal data ethics guidelines in place.

Sizing up the risk
How does data ethics even fit under the purview of Security? It’s a valid question. As a Security executive, you have diligently protected the inner workings and perimeter of the enterprise—infrastructure, networks, applications and, of course, the data flowing through all of these channels—from external and internal actors. Digital advancements have expanded the role of the Security function from protecting devices outside of the enterprise all the way to the minutiae of Internet of Things sensors.

But now your Security team is being called upon to support the organization in an entirely new way: to uphold and even strengthen the digital trust established with customers, suppliers, regulators and business partners. You are being asked to prepare for the ethical implications of what your company can do with the data they collect, combine and share in the digital age.

In fact, we are seeing organizations use data strategically in innovative and exciting ways—to pursue new growth, develop new products and services, connect more meaningfully with customers, and establish digital platforms with cross-industry business partners.

However, all of this opportunity brings newfound responsibility. Just because organizations can do these things with data, the question is, should they? Where is the line between ethical and unethical practices?

In the digital era, the way in which organizations handle data throughout the data supply chain—from collection, aggregation, sharing and analysis, to monetization, storage and disposal—can have a decisive impact on their reputation and effectiveness. That’s why it is critical for Security to help embed strong ethical considerations into every stage of product development, service delivery and data supply chain.

Key recommendations to get started
In order to develop and ultimately demonstrate Security practices in data ethics, companies must first have a shared language—a taxonomy, so to speak. In the report, Accenture proposes a common set of terms that organizations can use as they develop guidelines in this space.

Using this taxonomy, organizations should begin work to develop a code of ethics. We outlined 12 data-centric principles in the report that, among other things, are designed to help protect individuals and communities; match privacy and security safeguards to expectations; and establish regular ethical reviews for new products, services and research programs.

Organizations should also develop guidelines for ethical decision-making across each stage of the data supply chain: acquire, store, aggregate, analyze, use, share/sell and dispose. A sample of ethical questions to address external and internal concerns is contained in the report.

In addition, Security should proactively work to reduce exposure to potential harm during data disclosure, manipulation and consumption. Take informed consent, for example. As data moves through the supply chain and away from the reason it was originally collected, how does a customer’s informed consent apply and evolve? Addressing this is vital as companies (think wearable manufacturers, insurance companies, utilities providers, etc.) share data across platforms in the digital economy. Speaking of which, the report also provides best practices for data sharing.

Last but not least, organizations should consider design principles for the use of ethical algorithms and automation in order to build trust into these systems. When using data analytics paired with automation (aka “sense-and-respond” systems), organizations must carefully consider what data they are using as input, how their algorithms are designed to consider that input, and how customers may react to its use.

Accenture is committed to helping our clients prepare for a new wave of risks that will come with data ethics. We are also applying our learnings to our own company so that we can lead by example. In order to guide your organization securely into the digital age, I invite you to read “Building digital trust: The role of data ethics in the digital age” and start answering these pivotal Security questions. For related information on the Security implications of key technology trends, including more on the concept of Digital Trust, take a look at Accenture Security Technology Vision 2016.

1 The intent of the Accenture Data Ethics research initiative was to outline strategic guidelines and tactical actions that organizations can take to raise the ethical bar across the business and public sectors.