Five Reasons Why a Privacy and Ethics Impact Assessment Will Make Your Project More Successful
15/11/21, 6:10 am
Firstly, what exactly is a Privacy and Ethics Impact Assessment (PEIA)? You may have heard of Privacy Impact Assessments before. They are a widely used and highly recommended privacy compliance tool, helping projects and companies understand how personal and sensitive data is utilised and will be managed throughout its lifecycle.
True privacy compliance, however, needs to work within a larger understanding of ethics. Ethical principles and values drive your decision-making processes; the intent and motivation behind how data will be utilised within every layer of your business. The PEIA harnesses this thinking and conceptual might, building out a more holistic tool to assess your compliance, cultural, governance and architectural/security protocols.
So how exactly will this tool make your project more successful?
1. Social capital will elevate your project's design
NEC’s PEIA consistently refers back to our ten principles for ethical technology development and solution implementation. These principles are based on values tied back to the UN Human Rights Accords (both the UN Covenant of Civil and Political Rights and Convention on the Rights of Persons with Disabilities) as well as other globally recognised standards, for example, the EU’s High Commission Ethics Guidelines for Trustworthy AI. This means that values such as Democracy, equal participation in society and thinking of those that are most vulnerable in our communities when developing and implementing solutions and projects, will not hold your project back but make it better.
By assessing the impacts on sectors of the communities potentially at risk of being forgotten in the early planning stages of a project, the PEIA highlights opportunities to increase the social capital of your organisation through your staff, as well as externally, through stakeholder consultations. The knowledge gained through this process should impact the architecture build of a solution, its delivery and business requirements (workflows), building a much better and robust solution.
2. Protect your brand's reputation whilst actively building trust
Data mismanagement most often occurs when staff and organisations are not aware of their obligations when it comes to privacy compliance and mistakes are made in data handling. More alarmingly, the value of the data organisations possess is often misunderstood as classification of data within processes, and the value and classification of data may change depending on how it is used and combined with other information, which is often never performed.
Security architecture is one avenue to ensure privacy is maintained in part. However, non-technical attributes must also be worked into a workflow and process, to safeguard data privacy. On top of this, a brand does not develop trust by simply not mishandling data. Brands must actively demonstrate to their staff and clients that they are ethical members of society and communities, by demonstrating that they are taking proactive steps in understanding the value of data and implementing ethical safeguards that prevent the misuse of personal and/or sensitive data wherever possible. Negating negative risks and actively raising trust in your brand through engagement and transparency will forbode well for the acceptance of new technology and industry regulation (particularly since completing Privacy Impact Assessment is best practice although not compulsory).
3. Activate your company's mission statement and vision
Not only will your PEIA help you achieve privacy compliance, but the recommendations report that is delivered to you at the end of the service will give you the knowledge and language to discuss compliance and privacy as well as ethics-related issues with your industry and stakeholders. No project is risk-free and while data utilisation creates an enormous opportunity for both businesses and clients, these risks need to be balanced proportionally with the social value created through your project.
Ethical risks need to be highlighted, worked through, and offset. Understanding this paradigm will provide your business with a powerful way to implement your business’ mission statement and vision strategically and tangibly.
4. Empower your staff, empower your organisation
Misunderstood compliance requirements, environmental stressors, cultural challenges, and lack of governance structures to address ethics and privacy concerns, all present missed opportunities as well as great risks when implementing new solutions and business targets. Your new project and any new technology implemented, will not work at its optimal level if it does not work in harmony with the people who utilise the services.
Many of the gaps highlighted here can be addressed with non-technical means once identified. Our ethics assessments delve into the functioning and messaging your staff and management are responding to daily (or lack thereof) and what can be done about changing any weakness or gaps. Once changes, technology, compliance requirements and business challenges are understood, staff across your organisation will be empowered to deliver services more ethically for your business.
This drive changes culture within an organisation, elevates customer service and provides a return on investment for your solutions because they are better understood and therefore, you can expect optimised utilisation long-term.
5. Better implementation control and success
By rushing through solution implementation and projects, businesses can be become focused and blindsided by delivery timeframes, cost pressures and business deliverables, without taking stock of the bigger strategic value of a project, including its social value proposition. Completing a PEIA allows you to consider, at various intervals, the short and long-term consequences of your solution and project on your business but also your community and industry.
Social value and a project’s strategic purpose can easily become lost or misguided even when a company has the best of intentions if no ‘stock take’ is taken during the implementation stage of the project. By doing so, you can catch issues before they become bigger and more costly to fix (both technical and non-technical solution and business project designs).
Sylvia Jastkowiak
Senior Consultant, Privacy & Security
sylvia.jastkowiak@nec.com.au