Data bias is a hidden risk in data governance. It can creep in during data collection, storage and use, and via applications used by a human or in an AI algorithm created by a human. Although there is no question that data bias exists, we often overlook or neglect it when formulating data governance policies and regulations. We tend not to take ethics as seriously as we should.
Data governance, which is ensuring that data are available, usable, honorable and consistent, is impossible if there is data bias as it impurifies honorable data. Data security, which is the set of regulations used to defend digital information against internal and external and intentional, malicious and accidental threats, is difficult with data bias because it makes the execution of the regulations discriminatory. Data protection, which is the action of safeguarding information from corruption, compromise or loss and strengthening data privacy, is impotent when data bias occurs because it dilutes the effectiveness of the action. In addition, neglecting data bias exacerbates the already chronic data protection problem. The complicated and entangled legal and ethical issues arising from our increasing reliance on emergent technologies such as artificial intelligence and machine learning calls for mitigation of these issues.
Quantifying the results of an ethical analysis helps. The messy issues must be untangled to gain insight into the causes of the problem, the most prominent piece of which being the neglect of or exclusion from the social, ethical aspects of the problem in the formulation and establishment of the protection policy and countermeasures. It is necessary to measure and quantify the consequences of each identifiable issue.
Cost-benefit analysis and risk analysis, which tend to focus on physical damages and financial losses, are inadequate in handling the hidden risk in the social and ethical aspects of the problem, such as data bias. Although the proposed ethical matrix is helpful in providing a holistic view of the ethical issues, the results of the analysis often are interrelated and sometimes contradictory, making it difficult for decision-makers to determine a conclusive verdict. An ethics-based algorithm could be the answer.
To make this point, we can use the example of an employee, Alex, taking a USB device home from work with the intention of continuing to work at home. As simple an act as it is, it may violate enterprise rules and regulations against removing enterprise property from the premises, cause the device to be vulnerable to physical damage or result in loss of the device, and breach privacy policy because the USB device may contain proprietary data and may or may not have been encrypted, which may result in unpredictable consequences and potential liability such as the cost of a lawsuit, reputational damage and diminished trust. Applying the proposed ethical matrix algorithm and the hexa-dimension metric algorithm can help stakeholders make decisions based on Alex’s actions.
For another example, consider the role of the King of England. He has no authority nor power to govern, which is in the hands of the UK Prime Minster. Instead, he is the symbolic head of the government. Some may consider his role useless; however, in reality, the use of the useless is pivotal because the king symbolizes, authenticates and projects a tolerant, approachable and ethics-binding monarch at the frontend, smoothing the path for the UK Prime Minister who rules by law at the backend.
Ethics is important in data protection by virtue of the use of the useless and by the mutual support of law and ethics. In fact, the chronic data protection problem amounts to a rebuke for those who do not take ethics seriously because they consider ethics passive and lacking power to persuade (i.e., useless). The efficacy of ethics manifests in the law-ethics partnership—where ethics is feeble, law comes to the rescue and where law gets stuck, ethics lends a hand. A verdict is reached according to legislated rules and regulations, and ethical principles.
The existent countermeasures that are falling short of the hefty investment and failing to deliver will improve when they are measured up to the hexa-dimension metric.
Editor’s note: For further insights on this topic, read Wanbil Lee’s recent Journal article, “An Ethics-Based Algorithm for Governing Data Ethics,” ISACA Journal, volume 6 2022.