Data Ethics is the new Data Privacy — Interview with Bill Mew

In this episode of the Masters of Data podcast, I speak with a guest who is no stranger to the concepts of data, ethics and privacy, nor is he a stranger to the MOD podcast. Some clear themes have arisen on the podcast so far — trust, privacy, and ethics around data. We have talked to authors, company leaders, big thinkers, influencers. Bill Mew, was a guest in June of 2018 talking to us about data privacy and the European General Data Protection Regulation (GDPR). We have brought him back on to talk about his current focus — data ethics. With his long experience, Bill has crafted a very solid message around what companies have to do to avoid some of the recent privacy and ethical disasters that lead to huge problems for the brand and loss of their customers’ trust. With all of the recent developments (not to mention heightened awareness) surrounding data ethics, Bill and I discuss how Bill’s goal now is not only help companies when things go wrong but more importantly, to help them develop strategies to help them ahead of time…before things could go wrong.

Having discussed Bill’s professional background in our prior conversation we kick things off simply reviewing what Bill has been up to since their last discussion. With further developments in GDPR and data ethics, Bill explains how he has been focusing his time and attention on consulting and teaching to help people strike a good balance between changing the world and doing the right thing in light of the recent changes that have taken place. And as they discuss, these changes will create a spike in privacy and opt-out options throughout 2019 as more consumers are becoming more aware of data privacy and as a result, are becoming more proactive to find measures to protect their personal privacy at all costs. As Bill aptly notes, data security and privacy is now the #1 issue for all companies, not just technology companies-something that is a new development in light of the recent data breaches and privacy failures worldwide. In fact, for the first time in history he believes we will begin to see issues like security and privacy become a brand’s leading attribute (when being upheld) or leading threat (when failing), something unique to today’s climate. Never before have the brand risk and brand attribute been so closely upheld.

But aside from merely acknowledging the changes that are and will continue to take place, the heart of the conversation focuses in on what has even caused the looming changes to occur. As we review, historically people have just inherently trusted technology, believed that it worked and felt that it would be used ethically. And while there was a measure of naivety in this trust, it’s been shown that we shouldn’t simply trust our data is secure which is initializing the transition of people exercising their right to have their information be removed and made private across the board. Another similar talking point we share is why is the average consumer is becoming more aware now of ideas like data security and ethics. The truth is, most companies don’t have an adequate handle on the proper use of data — which is being paired with an accelerating data migration to the cloud, presenting a tremendous security risk for a large amount of data. The result, unfortunately, is that many people are having their information more at risk and accessible, something that is becoming an increasing point of awareness.

In addition to the idea of heightening awareness, Bill and I also spend time reviewing the idea of ethical responsibility for companies who access and even hold our data. As Bill sees it, a company really has to have it together to show responsibility with data, which requires unity on all fronts. What this means is that the CMO, the CIO, and the CRO must all be working together to ensure that all the goals and objectives are coming together seamlessly and are aligned to uphold the ethical use and treatment of data. Additionally though, even when things are going well, companies need to be thinking ahead about how to deal with data and demonstrate ethical behavior while making strides in creating a culture to protect people’s data. Because this is not just a phase or fad, it’s becoming the new reality for all companies. In fact, as Bill shares, data ethics is such a global issue now that we are seeing legislation be put in place to ensure people’s privacy is being taken seriously.

So the question naturally becomes then, where does a brand or company start in developing a plan to ensure they are a leader in protecting people’s data? The key, as Bill shares, is to develop an information crisis management plan before it’s too late and to make data ethics part of the culture of the company to help minimize the chances of major mistreatment while helping to better identify issues. By helping people see a client’s data is precious and an asset that needs to be protected you can decrease the chances of someone mistreating it. When you begin to understand that it’s a strategy that all cogs of the machine have to be in sync on (and it’s not a department-specific issue), you will be able to make better strides to help protect people’s data privacy and ensure data ethics.

Outbound Links & Resources Mentioned

This episode on the Masters of Data podcast

Review Bill’s first episode on the Masters of Data podcast:

https://www.sumologic.com/masters-of-data/bill-mew-the-data-privacy-view-from-the-u-k/

Learn more about Bill and his firm Mew Era Consulting:

https://mewera.biz/

Follow Bill on Twitter @BillMew

Connect with Bill on LinkedIn:

https://www.linkedin.com/in/billmew/

Follow Bill on Facebook:

https://www.facebook.com/bill.mew

Takeaways

  • Soon after GDPR a lot of organizations were left in a state of shock.
  • Companies need to learn to strike the right balance between digital transformation and digital ethics; between changing the world and doing the right thing.
  • In 2019 there will be a predicted spike in privacy tool adoption and the use of opt-out settings.
  • Consumers are becoming far more aware and therefore far more active in enforcing their privacy. They’ll alert regulators to any kind of malfeasance, they’ll be filing lawsuits and class action lawsuits.
  • It’s not just tech firms that need to be data ethics aware, it’s any company out there that’s processing data or any company that could have an issue and that’s almost all of them.
  • It is the first time that we’ve ever seen a single issue (like data ethics) be both the leading brand attribute and the leading brand risk at the same time.
  • Historically we’ve just trusted technology. We trusted that it would work. We trusted that wherever the data went, it would be held securely and it would be used ethically and responsibly. We shouldn’t just accept that our data is being shared and taking it for granted.
  • Under GDPR, we have the right to have our records removed, to privacy, to be removed and forgotten, and people are going to be exercising those rights and they’re also going to be coming out and really punishing companies that don’t get this kind of thing right.
  • The rise in data privacy failure is due to a migration of our data to the cloud at the same time as seeing an exponential rise in the amount of data being captured which causes an enormous risk.
  • A company has to actually have it together in order to have any chance of acting responsibly and ethically with data.
  • Acting responsibly requires an alignment of functions that haven’t traditionally worked together.
  • The privacy impact assessment isn’t necessarily aligned with the information security strategy or the crisis management plan. To be in a position to actually deal effectively and ethically with your data, you need to have those three aligned.
  • You need to have the alignment between your crisis management plan then also the guys in the CIO department and what they’re doing about information security management and also the chief risk officer or the compliance group around their privacy impact assessment to make sure those are aligned.
  • With regulations like GDPR, it actually mandates that you have to make prompt disclosure to the regulatory authorities and to the impacted customers. And therefore containing the issue or hushing it up is no longer an option.
  • Any kind of malfeasance is going to be punished exceedingly harshly by consumers. The awareness is now much higher. Their propensity to actually act is higher. They’re going to be alerting regulators immediately to any malfeasance.
  • If you’re a brand custodian, take digital ethics seriously and try and get it as part of your corporate culture to establish yourself as a trusted brand because that will differentiate you in the market, that will be a competitive advantage.
  • If you suddenly decide “I’m going to start learning to swim now because I’m starting to drown”, it’s too late. You’re never going to pull to get things together in the first hour, the first day, it may even take you weeks, and you will be behind the game all the way throughout that period and your brand will be cut to shreds.
  • If you make data ethics part of your cultural behavior, your employees are far more likely to act responsibly. They’re also far more likely to deal with customer data as an asset and something precious.