Data is Risky Business: The Ethics Revolution in Information

COL03x - feature image for obrien 300x300This past month, San Francisco’s City Council voted to ban the use of facial recognition technologies. Internationally, and perhaps a little less visibly, we’ve seen various municipalities step back from the roll out of IoT and machine learning technologies such as tracking of devices connected to public Wi-Fi networks. We have also seen the continued rise of worker activism in large technology companies against the development of technologies that workers feel are being applied in questionably ethical or unethical ways.

A third trend is also emerging, with companies launching formal data ethics initiatives in an attempt to placate employees and provide a forum for engaging with potential regulatory change in these emerging areas. But we are seeing the rise and fall at the pace of dotcom start-ups in the late 1990s, which doesn’t bode well for either their scope, their resourcing, or the reality of management commitment to them, particularly in larger organizations. Which brings us to the fourth trend that is emerging: retaliation against staff members who organize, protest, or debate around the ethical issues in the technologies their organizations are developing or deploying[1].

Daragh

Figure 1: Castlebridge Ethical Information Management Model.
See Chapter 9 of “Ethical Data & Information Management” for more information. Click image to enlarge.

When we look at these trends through a structured model for Ethical Information Management, such as the one developed by my colleague Dr Katherine O’Keefe and I, we can see how and where these issues are arising, and we can also begin to make some assessments and predictions of where it will end.

Ethics Forums in Tech Companies

Ethics forums in tech companies are addressing a perceived situational modifier need and, in an ideal world, would introduce an additional formal role into the overall Data Governance framework for the organization. What we see in practice at the moment is that the “Ethics Panel” tends to be established as an advisory forum, often with little or no tangible authority or ability to directly influence or direct change in the culture, ethos, or business model of the organization.

Without an ability to affect the situational modifiers in the organization, either through changing the contextual factors relating to people’s jobs (e.g. incentives, role priorities, etc.), changing the governance structures of the organization (e.g. accountabilities, responsibilities, escalation points), or providing a formal way to engage with and direct resolutions to moral conflicts when escalated, these ethics initiatives do not have the power to effect meaningful change in outcomes, whether ethical action or decision making.  They promote the appearance of caring about ethics without real power, effect, or action, and such initiatives are likely to be short-lived.

In short: they have the practical usefulness of a chocolate teapot and the life expectancy of a snowball in hell. They are a wonderful form of “Ethics Washing” for organizations seeking to pay lip service to the issues rather than drive the significant change to business models that may be required to address the ethical questions arising from the application of information management practices and capabilities.

Legislators Legislating

Legislators legislate to give form and effect to the Ethic of Society. Laws are intended to provide a formalized expression of the behaviours and conduct that is expected of actors in a society, and define sanctions for transgressions of those standards. Whether it is the EU’s GDPR, California’s CCPA, any of the dozens of data protection and privacy laws emerging in jurisdictions such as Africa, or the humble City of San Francisco banning facial recognition tech, what we see are efforts by legislators to bring the Process and Information Outcomes delivered by and through the processing of information into alignment with the ethic and expectation of society.

This trend is increasing as “self-regulation” continues to show itself to be ineffective, largely because of the conflict between short-term shareholder/stockholder value theory approaches to business and the more long term thinking needed to make careful trade-offs in the development and deployment of new information management capabilities.

Staff Protests and Employee Activism

The rise of staff protests, as exemplified by the employee walkouts in Google in 2018 and the refusal by staff in other high profile information technology companies to work on various kinds of project or application of technologies, is a classic example of individual moderators at work in organizations:

  • The individuals protesting have confidence in themselves and their views
  • They are able to organize and gather a collective (strength in numbers and field dependence)
  • They are exercising control through one of the few levers they have: the withholding of their labor (including quitting the company entirely)[2] and the publicity inherent in staff visibly protesting.

A corollary of the protests from internal staff is the decision being taken by people to turn down job offers from high profile and previously prestigious employers as a result of scandals involving data, ethics, and privacy[3].

Crushing the Rebellion

Of course, the final trend of organizations pushing back against staff activists, represents the internal conflict in the model we set out in Figure 1 above. When that becomes toxic and damaging to all involved is where the organization tries, through malice or carelessness, to penalize or sanction staff who have raised questions about the ethical conduct of the organization.

There will always be a dynamic tension between the Ethic of the Organization and the Ethic of the Individual. However, organizations need to develop mechanisms to constructively engage with Individual Modifiers through the Situational Modifiers of their governance models and practices. The alternative is an adversarial setup which will be harmful to staff morale and will, ultimately, lead to staff leaving the organization with the loss of institutional memory and skill that that entails.

This also sets up a clear barrier to recruitment of the “best and brightest” because the organization culture is clearly one that requires adherence to a party line above all other considerations (despite what the recruitment brochure might otherwise say).

What does it all mean?

Well, it means almost exactly what it meant during the quality revolution in manufacturing, and it means exactly what it has meant in other industries that have faced a crisis of ethics (and that’s pretty much all of them at some point). For a sustainable change to happen, the leadership in organizations need to recognize a few key things:

  1. They need to “adopt the new philosophy” and “restore pride of work in a job well done”. These simple points from Deming’s 14 Points of Organization Transformation are key to addressing the risks of Ethics Washing, ensuring appropriate and effective Ethics processes for governance, and ensuring that there is constructive engagement with the concerns of knowledge workers.
  2. They need to accept that some fundamentals of business models will need to change for organizations that are trying to move to a more ethical model for information management. Shareholder value theory is, as Jack Welch famously said, “the dumbest idea in the world”. W. Edwards Deming put it more eloquently when he called out focus on short term numbers as one of his Seven Deadly Sins of Management.
  3. They need to realize that the visibility and reach of their employees today is greater than it would have been a decade ago, ironically because of the platforms that have been built by large technology companies to promote the connecting of people and the sharing of information. Both within organizations and outside the walls of the organization, it is harder for management to control the message or how workers can and will communicate about issues that are important to them. Creating an adversarial response to employee ethics concerns and attempting to “crush the rebellion” can become a damaging strategy in the long term.

Finally, leadership needs to stop dehumanizing data and realize that is about, describes, and is managed by people. In that context, we need to ensure that people are seen as an end in and of themselves and not just a means to an end. This is particularly important when we are considering how leaders should respond to the ethics concerns raised by their staff. Situational modifiers should be designed to allow for a collaborative and constructive approach to evolving the Ethic of the Organization to align better with Ethic of Society and to ensure that the right Information and Process Outcomes are delivered.

Leaders who are considering a “crush the rebellion” approach should bear in mind the words of Obi-Wan Kenobi: “If you strike me down, I will become more powerful than you can ever imagine”.

[1] https://gizmodo.com/google-staffers-say-they-were-retaliated-against-for-he-1834231599

[2] https://www.fastcompany.com/40556100/facebook-employees-are-starting-to-abandon-ship-over-ethical-concerns

[3] https://www.theguardian.com/technology/2019/may/17/facebook-job-offers-shunned-by-top-talent-after-cambridge-analytica-scandal-repor

Share

submit to reddit

About Daragh O Brien

Daragh is the Founder and Managing Director of Castlebridge, a leading Information Governance, Privacy, and Strategy consultancy based in Ireland. He has a degree in Business & Legal Studies from University College Dublin, and is a Fellow of the Irish Computer Society. Prior to founding Castlebridge, Daragh worked for over a decade for a leading Irish telecommunications company in roles as diverse as Call Centre operations, Single View of Customer Programme management, and Regulatory Compliance and Governance. He a regular presenter and trainer at conferences in the UK and worldwide. Apart from his consulting and education work, Daragh is also Data Privacy Officer for DAMA International, a faculty member at the Law Society of Ireland, and a contributing research partner to the Adapt Centre in Trinity College Dublin. He lives in Wexford in the South East of Ireland and can be reached at daragh@castlebridge.ie or on twitter: @daraghobrien. In 2016, he was ranked by Onalytica as the 24th most influential person on Twitter in Information Security (including Data Governance and Data Privacy).

Top
We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept