Sometimes it takes a billion-dollar mistake to bring the murkier side of data ethics into sharp focus.
Equifax found this out to their own cost in 2017 when they failed to protect the data of almost 150 million users globally. The catastrophic breach was bad enough on its own — but Equifax waited three months to go public with the news.
As the public furore rose to a crescendo, the credit organization dragged its feet on disclosing exactly what kind of information had been leaked. Instead, it directed customers towards a website to find out whether or not they’d been affected, and offered to waive their standard $10 credit freeze fee.
Equifax’s delayed reaction to the event was one thing. The lax $700M fine was another. But the sheer scale of the breach opened up a larger dialogue on the often precarious relationship between data, ethics, and corporate responsibility.
And in the years since the breach, public awareness in how organizations track, collect, store, and use data has only continued to grow. Data organizations have faced increasing public pressure and legal obligations to actively craft transparent, ethical policies around data.
Most recently, this debate has centered on the rising need for organizations to take ownership of their ethics in-house with the appointment of a Chief Ethics Officer. But is this emerging role the silver bullet for all organizations’ ethical data dilemmas moving forward?
Equifax was by no means the first organization to experience a data breach. But the very public data misuse case highlighted a critical component that had until this point been underestimated: trust.
These days, trust is exceptionally hard-won for data-led organizations. Public distrust of data organizations is high, while changes to legislation, such as the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR), mean organizations face heftier sanctions and vilification for any missteps.
But when organizations do make an effort to foster trust, it pays off. A report by Adobe found that 57% of consumers would stop purchasing from a brand if they were victims of identity theft due to a data breach. Meanwhile, numerous studies connect high levels of trust to long-term customer loyalty and business profitability.
For the data-driven business model, trust and ethics are a central tenet of long-term future profitability. In order to gain trust, organizations need to show they’re taking responsibility first.
“This is one of those scenarios where technology has outpaced our thinking,” explains Nicholas Creel, Assistant Professor of Business Law at Georgia College and State University.
The question of ethics goes beyond just morality in business – it's essential for reducing risk. Whether you're considering investing in a Chief Ethics Officer or not, learning more about ethical AI and governance makes good business sense.
“Businesses are collecting consumer data at such volume and speed that they’ve never stopped to consider what they should do with it, only what they can. As the public becomes increasingly aware, the next challenge is defining how organizations can take responsibility for the information they collect. Every time there’s another breach, we trust data organizations a little less.”
We only have to look at the recent skirmish between Apple and Facebook to see this in action. When Apple launched a new iPhone feature that allowed users to opt out from tracking their online activity for marketing purposes, it cost Facebook a projected $10 billion. But it meant that Apple took responsibility for its customer data — and that was no small feat.
“Historically, we’ve placed the onus on the public to be more discerning about who they give their information to,” says Creel. “But we’re at a point where these events are becoming so big and frequent that organizations must accept responsibility.”
For some organizations, the challenge of apportioning responsibility and a more ethics-led approach to their data has led them to consider a new key hire: the Chief Ethics Officer.
Salesforce famously hired one back in 2019 — and other organizations are now following suit. So is the Chief Ethics Officer the next big hire organizations need to make to regain trust and steer them right on ethical data usage?
Not necessarily, counters Nicholas: “From an operational standpoint, there’s definitely a practical element of having a Chief Ethics Officer or other senior leader that is ultimately responsible for preventing breaches or misuses of data. But I’m not convinced that they should also be the only individual in the organization defining what ‘good’ looks like, or crafting those rules on what constitutes a misuse of data. That needs to come with buy-in across the whole organization.”
So how should organizations proceed if they want ethics to become more central to their data processes? Making positive progress is about driving collective accountability, rebuilding policy, and focusing on proactive measures.
Whether you hire a Chief Ethics Officer, a data ethicist, or a compliance expert, the individual title doesn’t matter. What’s more important is that organizations define ownership and accountability across the whole organization. That will take a collective effort, rather than the work of one individual.
“A committee system could work well here,” Nicholas says. “Data and ethics are a cross-functional issue that impact every part of an organization — so these processes should be discussed and implemented transparently at all levels. If they’re not, there’s a risk that the organization becomes a black box, processes and decisions on data become siloed, and ethics aren’t applied properly.”
One rising concern for commentators on the Chief Ethics Officer question revolves around whether or not organizations will view the role as a checkbox to demonstrate they’re taking the issue seriously.
“If organizations are hiring a Chief Ethics Officer because they think they need one, that’s the wrong approach,” Nicholas notes. “An advisory ‘window dressing’ type of role won’t bring about real change, and it won’t demonstrate to customers that you’re taking the issue seriously.
“Instead, you need to look at the level of power and authority embedded within the structure of the organization, and implement the changes needed to better hold people accountable, and to call things out when the rules aren’t followed.”
If there’s one thing we can learn from the Equifax case, it’s that organizations need to be proactive about their ethics and data policies, rather than reactive. This means that ethics leaders and committees need to be working from day one across the whole organization.
Data ethics must be baked into an organization’s ecosystem, shaping ways of operating, making decisions, and embedded in all departments from product design to marketing.
While we don’t know the entire scale of damages faced by the nearly 150 million people impacted by the Equifax leak, we do know that any trust they once held for the organization has been irreparably lost.
As organizations consider what the next steps look like for their data and ethics policies, it’s trust that should be central to every conversation.
If they operate in a way that builds and preserves it, then the question of hiring a Chief Ethics Officer becomes secondary to driving collective ownership, accountability, and responsibility that trickles down through the entirety of the organization.
Ultimately, it’s the companies that don’t have this defined, collective ownership and processes on who collects, controls, and safeguards their data that stand to lose out on trust and profit.
To learn more about the role of ethics as it relates to data and AI, check out: In AI we Trust? Why we Need to Talk about Ethics and Governance.
Santiago Giraldo is a Senior Director of Product Marketing for Hybrid Data Services at Cloudera. A data and technology business professional with more than 10 years of experience in B2B SaaS/PaaS/IaaS companies, leading global campaigns and technical projects.