Welcome back to the Data Connections Blog!
In Blog #13, we took a deep dive into data governance. If you haven’t read it yet, I highly recommend doing so before starting this entry.
In this Blog #14, we’ll explore one of the key concepts from data governance in more detail: the Data Ethics Board.
I love running, especially trail running, where the best conversations happen. A running friend of mine, a fluent but non-native English speaker, recently brought up the concept of oxymorons. We discussed the classic example of a “jumbo shrimp.” He didn’t understand why this phrase was amusing—after all, wouldn’t “jumbo” logically be used to describe a large shrimp?
People may well question whether “data ethics” sounds like another example of an oxymoron.[1] Is it possible to satisfy both (1) the need for more and more data to drive a business forward and (2) the responsibility to safeguard data, especially personal data, in a controlled, ethical manner? Given the many stories of data misuse, whether intentional or accidental, how can we reconcile combining the terms data and ethics? However, much like my friend’s perspective on jumbo shrimp, this seeming contradiction is just the beginning of our discussion. Over the next thousand words or so, we’ll unpack how a Data Ethics Board can be the bridge to ensuring that data and ethics actually work together in an organization.
It is true that organizations today face immense challenges in using data responsibly. For instance, can an organization analyze its own employees’ data to link annual sick days with productivity? (Hmm... ethically tricky, right?) Organizations need vast amounts of data—especially for AI—yet no universal “seal of approval” guarantees ethical or even good sense usage of data. As we discussed in Blog #13, each organization must define its own data quality and governance standards.
A Data Ethics Board can serve as a guiding force in setting and interpreting these standards. Imagine that a data developer comes to you and says:
Good news! I found a free dataset from a government agency in Russia with great insights into fraud in recent U.S. elections. Can we use it?
First, thank the developer for consulting you first, rather than after the data has been used throughout the organization, a very common scenario. Next – how would you answer? What role do you have in this decision? Are you a lawyer? The developer’s manager? The project manager? A Data Ethics Board composed of a diverse set of key stakeholders would help in evaluating such scenarios, determining whether the dataset meets the organization’s own quality, ethical and legal standards before ingesting the data.
To be clear, a data governance board typically creates the rules, and the Data Ethics Board ensures that any tough ethical decisions that need to be made align with those rules and organizational values. An effective Data Ethics Board has the trust of the senior executives and is enabled to not just follow the rules, but also to decide what happens when an out-of-bounds data use case might be justified in a specific scenario. As one of my senior clients once said to me “I need you to help keep me out of trouble but not to protect me out of business.” Likewise, a good Data Ethics Board is empowered to act quickly to assess risk and reward and to act appropriately to help balance them so that the organization can reduce risk but still operate effectively.
For example, in Blog #13, we considered banning all datasets containing pornography, offensive language, hate speech, or advocacy of violence. But what if an organization is contracted to develop AI filters that prevent the spread of such content? In that case, that organization might need access to the very data it aims to block. How should that data be handled?
Hey, I just downloaded a few gigs of Nazi, KKK, and alt-right materials onto our server... you can thank me later!
So we’ve got sensitive data here – is it okay to use to create the filters? How should the data be acquired and stored? Should legal teams alone decide, or should business and technical teams also weigh in? A Data Ethics Board with the right stakeholders ensures balanced ethical oversight in such exceptional cases. That is why it is important to carefully consider who should be on your Data Ethics Board.
According to the International Association of Privacy Professionals (IAPP), a Data Ethics Board should include:
- A data protection expert;
- A lawyer;
- An engineer;
- A consumer advocate or academic;
- Representatives reflecting the organization’s diverse consumers and employees; and
- External members to enhance credibility.[2]
Diversity of thought, including outside perspectives, is critical to prevent the board from becoming an “echo chamber.” Including external voices ensures balanced perspectives but also introduces challenges, such as protecting sensitive organization information. Here are some key factors/considerations in establishing a Data Ethics Board:
- Start Small – A board of about five members is ideal. Too many voices can slow decision-making, turning the board into a bureaucratic chokepoint rather than a strategic asset.
- Establish Governance Principles – The board’s first task should be creating a governance document outlining key principles derived from the organization’s values. (How about: “Be better with your data”?)
- Decide on External Members – Bringing in critics of your data policies can be valuable. Their autonomy must be respected while at the same time you need to protect your business information.
No doubt, adding external members to a Data Ethics Board can be tricky. Imagine if such an external member leaks a heavily restrictive NDA you have asked them to sign to the press… claiming the organization only wants “the appearance of ethical oversight” rather than real accountability. And it looks ever worse if they claim that the real goal of adding them to the board was simply to silence them as a critic. Not a good look!
To prevent this, organizations should draft carefully tailored confidentiality agreements that balance transparency with the protection of sensitive information. This is an area where getting expert help in drafting the necessary agreements can be extremely beneficial.
So you’ve got your Data Ethics Board up and running, great! Now how do we know if it’s working? Among other things:
- It should provide a multi-disciplinary, diverse perspective on data decisions;
- It must be nimble, ensuring it doesn’t become a bottleneck;
- It should be embedded in the data intake process to assess non-standard use cases; and
- It should proactively educate employees about data guardrails rather than just reacting to issues.
These goals are important. Especially in the AI space, success is very dependent on speed to market. When researchers and developers know how the data governance process works, what is likely acceptable and not (and get updates as the landscape changes), product development times are shorter, having a positive effect on the organization’s bottom line. However, no one wants to quickly launch a product only to be stuck in litigation, Ultimately, success isn’t measured in the short term but through the organization’s ability to consistently uphold ethical data practices and be a trusted partner in the marketplace.
A Data Ethics Board won’t solve all your organization’s data challenges—but it will provide a structured, diverse group to help navigate complex ethical decisions. Returning to the oxymoron of “data ethics,” a well-functioning Data Ethics Board bridges the gap between data-driven decision-making and ethical responsibility.
And now that we’ve explored how a Data Ethics Board can make the data ethics oxymoron work… I think I am coming around to my running friend’s point of view on jumbo shrimp as well (…or maybe I’m just hungry after all this talk about shrimp!).
I hope you’ll be back next time as we continue to explore these issues and learn more about data connections!
If you have questions about your data and your legal compliance programs for data, Mortinger & Mortinger LLC can help! Contact me directly at: steve@mortingerlaw.com
https://www.cmswire.com/digital-marketing/is-data-ethics-an-oxymoron-customers-dont-think-so/
https://iapp.org/news/a/why-data-review-boards-are-a-promising-tool-for-improving-institutional-decision-making/ ↑