Last week I was reading a really intersting article by Renee Boucher Ferguson (@RBoucherFerguso) on the MIT Sloan Management Review website, “Why Predictive Analytics Needs Due Process”, which referenced the work of Kate Crawford (@katecrawford) and Jason Schultz (@lawgeek), and called for “a new framework to regulate the “fairness” of analytics processes”. This, and similar initiatives, are hugely important. If we “the analyzers” don’t start getting really serious about protecting the people whose data we are consuming, there is going to be a backlash that will completely kill our business and ultimately negatively impact the future of the social web. While I very much like Kate and Jason’s focus on regulating the fairness of analytical processes, my instinct is that we need this type of framework as an accompaniment to “regulation of personal data collection, use, or disclosure”. A combination of technical, legal, open standards, regulatory, ethical, and analytical process frameworks, with full transparency and control, is required in order to ensure that personal data and analytics is used appropriately and never to exploit or unfairly treat any individual.
Over the last year I’ve been working on enterprise social measurement systems and have become increasingly aware of the differences between the legal structures around data privacy and the frequently separate considerations of ethics. Just because I can (legally) doesn’t mean I should (ethically). and this is particularly important as the law continues to trail the technological advancements in bigdata analytics. The distinction between privacy and ethics isn’t always clear, however when you look at employee analytics it becomes a very important consideration.
Let’s take engagement analytics as an example; this allows you to start to measure things like individual impact, influence, eminence, contribution, expertise, etc. And since all the data being used is company data, on the surface it looks as though you are legally free & clear to do whatever you want. However, this is where ethics enters the scene, as does the “fairness framework” mentioned in Renee’s article. Now that I am assigning such scores to individuals, how am I allowed to use that information? Can I use it to decide who gets a promotion? Maybe who gets fired? How about someone’s bonuses or salary increase? And if I am planning to do this, how do I guarantee that these algorithms are fair? Was the data I collected complete? Was it accurate? Was it useful? Was the analytics algorithm using the right data in the right way? These are all questions that have to be critically asked and answered before you can use engagement analytics for what is often referred to as “HR Action”.
I’m not raising all these issues to scare data scientists against social business analytics, in fact quite the opposite. It’s just a case that we need to understand the ethical implications and design our analysis in such a way as to adequately protect the Analyzees and the Analyzers. It’s not actually rocket science, but does require a structured and transparent framework within which we work. It also requires close partnership with our colleagues in the legal profession and also in the HR organizations who (should) care about the employee rights considerations.
So to finish up, while I can’t argue with the statement that “Unless one decides that privacy regulations must govern all data ever collected, processed, or disclosed, deciding where and when to draw the lines around these activities becomes extremely difficult with respect to big data information practices.”, I wouldn’t suggest that we walk away from tackling this privacy regulation and governance issue. We need to “grab the proverbial bull by the horns” and combine strong privacy & ethical considerations with due process and a fairness framework. One without the other is unlikely to be successful in the long term, but together could provide an environment within which analytics can thrive for the betterment of all members of society. At least one can only hope :-)
Some more of my ramblings on this topic:
- C’mon guys, let’s get serious about Privacy! (July 2013)
- The Hippocratic Oath for the Data Scientist (July 2013)
- Is PRIVACY the Software Industry’s SOPA? (February 2012)
- Is privacy dead, or merely snoozing? (September 2011)