One of the most important reasons business, especially consumer facing business, wants to have lots of data is to know as much about the market, us, as possible. Artificial intelligence (AI) has made that focus on customers more and more accurate. While business has been becoming more invasive, governments have begun to look at and pass regulations that begin to provide certain limits. Privacy matters to the electorate, and smart business looks at how to use data to find out information while remaining in compliance with regulatory rules.
Almost ten years ago, Target created an algorithm that figured out if people were pregnant based on purchase patterns, and the company then sent coupons to the addresses of those customers. That kind of predictive action was problematic, especially in an instance when a young woman hadn’t yet told her father she was pregnant, but mailed coupons informed him instead. The choice to send information is an ethical issue, one that business often handles badly. The more important question is what businesses can know about individuals. The EU’s GDPR and California’s CCPA are just the beginning. Neither is perfect and both will evolve, but Privacy laws will expand. While each business must look at what to do with legally obtained data according to its own corporate ethics, all must pay attention to legal compliance issues.
One of the important areas where the issue of up-front privacy matters is the medical sector. This privacy matters, especially in the US, one of the few nations without universal healthcare and where protections against pre-existing conditions remain fragile. HIPAA (The Health Insurance Portability and Accountability Act) was passed in 1996, and it is the US foundation for defining personally identifiable information (PII) and creating limitations on how PII can be shared. While it has focused on how a company can share data with other medical industry firms, and who in a company can see the information, IT and development teams have often decided they are not part of the ruling. The developers claim to need all the data to make accurate systems.
That claim has led, over the last few decades to an evolving set of techniques that allow data to be manipulated in ways that protect PII still leaving data that is still statistically valid for analysis. Their complexity continues to increase, to handle both privacy and analysis, and are, fortunately, beyond the scope of this article.
Other sectors, such as finance, life sciences, and government have similar needs to protect PII as information is passed around internal organizations and between companies and governments.
AI has made the challenge both more addressable and more of a risk. The ability to train a deep learning (DL) system on large amounts of data has increased the speed of analysis and results, but the need for more and more data increases the risk of lack of privacy. In order to provide processes to handle that challenge in a reasonable time frame, software can again help.
Every mid- and large-sized company is likely to have legal and compliance teams to manage regulatory and contract risks. They are also involved in privacy issues. However, it’s no surprise that they speak a different language than do developers. Just like between German and Spanish, neither language is intrinsically better, they are different. How can we better translate?
The inclusion of legal and compliance teams also means an increased importance of the CxO suite.
