Ethical data management in an unethical world
In the world that we live in, data is gold, as the saying goes.
In 2021, a lawsuit was filed against Cambridge Analytica because of its interception of millions of Facebook users' data without consent. David Carroll, the man who filed the suit, wished to access the personal data that was collected and used for political purposes.
At his request, the company sent him his data in a USB stick that contained only two files: a PDF document with his name, email address, and some basic demographic information, and an MP3 file with Rick Astley's "Never Gonna Give You Up", which left him totally shocked.
The reason why data and analytics are so treasured by companies is that they give better-informed answers to customer preferences and behaviour, how competitors react to them, and how markets and whole economies create commercial advantages or threats. But the need for data also opens the door to abuse, as proved by many local and global incidents.
In recent years, the EU has fined companies more than 1,400 times, for a total of nearly 3 billion euros, for violations of the General Data Protection Regulation. Stories abound over how AI-driven decisions discriminate against women and minority members in job recruitment, credit approval, health care diagnoses, and even criminal sentencing, stoking unease about how data is collected, used, and analysed.
Such fears will only intensify with the use of chatbots, which acquire their "intelligence" from data fed to them by their creators and users. What they do with that intelligence can be scary.
The reasons behind ethical data failures are many, including those in data sourcing, storing security and data leakage of 5 crore people, using data for the wrong purpose, and data preparation before using.
In a recent article in Harvard Business Review titled "The Ethics of Managing People's Data", the author recommends five Ps of ethical data handling:
Provenance: Where does the data come from? Was it legally acquired?
Purpose: Is the data being repurposed? It should not be collected for purposes that are not disclosed to individuals.
Protection: How is the data being protected? How long will it be available and who is responsible for destroying it?
Privacy: Who will have access to data that can be used to identify a person? How will individual observations in the data set be anonymised, and who will have access to it?
Preparation: How was the data cleaned and are they being combined to preserve anonymity?
These principles are not only ethical but also practical. They can help companies avoid legal troubles, reputational damage, and public backlash.
Where is Bangladesh on this front?
So much is being said about data leakage of citizens, banks etc., while ethical practices of companies on data are being overlooked both in the public and private sectors due to a lack of awareness of its importance.
In a country like Bangladesh, obtaining the personal data of employees, elite club members, and bank clients should be a piece of cake! But where ethical practice is a rare commodity, expecting ethics in managing data is a far cry.
Skilled teams should be created to ensure ethical use of data. It must also be remembered that too little control over data privacy is not accepted in most government regulations. Conversely, too much control can make the data useless.
While the ethics of managing people's data is a challenge, it is an opportunity to build trust, loyalty and reputation. It is also an opportunity to create value and a positive impact in the country.
The author is founder and managing director of BuildCon Consultancies Ltd