TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | What is a chief data ethics officer, anyway? Related reading: Google to block third-party cookies in 2024




Privacy professionals find themselves in an age where data ethics have become part of the global conversation, receiving unprecedented attention worldwide. Just last month, the 40th International Conference of Data Protection and Privacy Commissioners focused on debating ethics with its theme, “Dignity and Respect in a Data Driven Life." While companies amass data on consumers worldwide, a recurring issue involves how that data is analyzed and utilized to drive innovation. One company that seems to be taking the cue is marketing service provider Acxiom.

Despite the fact that the amount of data held by marketing service providers is undeniably vast, Acxiom is taking steps to ensure it delivers ethically sourced data to all its customers. To do this, Acxiom’s head of data ethics, Jordan Abbott, CIPP/E, CIPP/US, CIPM, explained how his team incorporates an ethics-by-design approach. 

Almost three years ago, Acxiom renamed its privacy program to become the"data ethics, governance, protection and privacy program." Abbott, who heads what used to be considered the company’s chief privacy officer position, said, “We have always believed that ‘privacy’ is too narrow. There is more to what we do, including data governance and data ethics. The name change is a better representation of what the company is doing with respect to analyzing the responsible use of data.”

Getting his start as an assistant attorney general in the consumer protection division of the Arkansas attorney’s general office, Abbott said he offers a unique perspective in his role at Acxiom.

“Having worked in consumer protection, I’m afforded the ability to see things from the consumer's point of view, and that is something that I hope always guides me to the right decision.”

Abbott agrees that the privacy field’s attention to data ethics is the next area of exploration, almost by necessity. Ensuring a company handles consumer data in an ethical and responsible manner goes a long way in the court of public opinion, he said.

“With respect to privacy, trust is critically important in our industry. To keep up with the rapid pace of innovation, we have to build trust with consumers, the regulators and our clients. The way to establish trust is by having an ethics-by-design program, and one that has accountability. That is the only way to 'future-proof'' the use of data. We need be able to demonstrate that we are using data in a responsible manner.”

While ethics by design might not be as commonplace as privacy by design these days, it accurately places attention on a hot topic in privacy. Abbott noted the "watershed of events" over the past 18 months, pointing to the enforcement date of the GDPR, Equifax’s historic security breach, the Cambridge Analytica discovery and the new California Consumer Privacy Act of 2018, Abbott said all of those events indicated the need for ethics by design to ensure that companies keep the consumer at the center of decisions on how to use data.

What exactly is ethics by design? Abbott said it's the implementation of an ethical data-use framework in all phases of the data life cycle, from the collection and use of data to the destruction and disposal of it. In doing so, the company credentials data sources by making sure they have collected data in a transparent manner and that they have provided appropriate notice and choice to the consumer before Acxiom performs data protection and privacy impact assessments.

“We are trying to apply advanced ethics and accountability. It’s an idea that’s been championed by Martin Abrams, executive director of the Information Accountability Foundation, but basically, we are going beyond privacy by design to make sure that the use of the data is legal, just and fair," he said.

In addition to ensuring if the data use is compliant with the law, Abbott said he asks if there are any sort of unfair or discriminatory consequences that could occur.

“I've thought of ethics as the way we treat other people," he said, adding it's about having a process that's fair to all parties and is repeated the same way each time.

But data ethics certainly isn't a cut-and-dry area. Deciding what is and is not usable data can sometimes be a hard decision, Abbott said. “An obvious decision would be if a client wanted to use marketing data in a manner that might be deemed a consumer report under the Fair Credit Reporting Act. That’s clearly off limits and is an easy discussion to have.”

Other instances, particularly those that represent new uses, could be more challenging. Abbott said that while the decisions can come down to him, it is usually met by consensus. 

“Right now, the data industry and companies like Acxiom are misunderstood with respect to the benefits we provide,” he said. “We help our clients make the data that they have more actionable, which leads to a great number of benefits. We’ve got to do a better job of educating consumers and policymakers on the benefits that we provide and the ethical data use frameworks we have in place.”

At the end of the day, he said implementing an effective ethics-by-design approach helps him keep to his personal mantra of asking, “Am I doing the right thing?” Ultimately, he said, "I stand on the shoulders of giants. I'm honored to be a part of a team that has a long and distinguished dedication to privacy and data ethics."

photo credit: james vela IJWMFTT via photopin (license)


If you want to comment on this post, you need to login.

  • comment Aleksandrs Zimecs • Nov 28, 2018
    I wonder how to merge the exellent article with this one:
  • comment Marc Groman • Dec 4, 2018
    Putting aside the data broker industry, the fundamental premise of the post is correct. The word "privacy" does not cover the scope and range of activities or responsibilities of most senior-level Chief Privacy Officers. Any effective, strategic and successful privacy program must cover the full range of issues discussed - data ethics, governance, protection, and privacy. I would add risk to that list. I didn't want the word "privacy" is my last job title, but I was stuck with it for political reasons and optics. The fact is, "privacy" was just one slice of my portfolio. Most successful CPOs feel that way. Personally, I would do away with the term "privacy" and move on. As for ethics in the data broker industry, that's an entirely separate discussion.