12/6/2016
Big Risks In Big Data
Presenters
Kate Bischoff, JD, SHRM‐SCP, SPHR
Leona Lewis, JD
tHRive Law & Consulting LLC
ComplyEthic Consulting LLC
www.thrivelawconsulting.com
www.complyethic.com
1
12/6/2016
Brave New World of Big Data
Overview
1. What Big Data Can Do?
2. Regulation of Data ◦ Examples of Data Gone Wrong
3. Privacy ◦ Anonymity
4. Risk of Bias
◦ Examples of Bias in Data Analytics
5. What Can you Do?
◦ Good Data Management Practices
◦ Cross Functional Involvement in Big Data Projects
2
12/6/2016
Prediction
•The usefulness of Big Data is using enough data about the past, so that predictions can be made about the future
•Correlative, rather than causation
Data Analytics & Artificial Intelligence
• Consumer Marketing • Purchase recommendations on Amazon
• Movie recommendations on Netflix
• Timing of product offers
• Medical
• Spread & cure disease
• Surveillance & Policing
• Facial recognition
• Predict crime
3
12/6/2016
Data Analytics & Artificial Intelligence
• Transportation
• Predicting traffic jams
• Self‐driving cars
• Supply chain logistics advances & risks
• Employment
• Selecting the right candidate
• Determining who is a threat to the organization
• Succession planning
Regulations & Agencies
A lot of regulations apply to big data
◦
◦
◦
◦
Fair Credit Reporting Act
Federal Trade Commission Act
Title VII of the Civil Rights Act Executive Orders
Agencies
◦
◦
◦
◦
◦
◦
◦
Federal Trade Commission
Consumer Finance Protection Bureau
Equal Employment Opportunity Commission
Office of Federal Contract Compliance
States Attorneys Generals
Privacy lawsuits
Acquisition & organization values
4
12/6/2016
Big Data Gone Wrong
Incorrect information disclosed led to a Fair Credit Reporting Act claim because the information made it seem like the plaintiff was well‐to‐do
Algorithm used by a testing company inadvertently charged Asians higher prices for test prep courses
Dirty data ruins customer relationships
Lack of understanding of data analytic software thwarts politician’s get out the vote efforts
Incorrect conclusions about results
Individuals denied opportunities by mistake due to the actions of others
Privacy Principles
Privacy Principles
◦ People
◦ Notice
◦ Choice & Consent
◦ Quality ◦ Access
5
12/6/2016
Data Management
Information governance
“Dirty” data
Combining data
 Extract, transform & load data
 Through APIs
 Consider combining public data sources, including social media
 Creating vulnerabilities
Controls
 Good Data Management
 Security Safeguards
 Collection Limitation Principle
 Use Limitation Principle
 Monitoring
 Enforcement
6
12/6/2016
Big Data Gone Wrong
Create of reinforce existing disparities. Targeting adds for financial products not targeted to low‐income consumers even though they may qualify
Expose sensitive information
Assist targeting vulnerable consumers for fraud scams.
Create new justifications to exclude individuals
Create discriminatory pricing structures depending on zip code for online purchases
Weaken the effectiveness of consumer choice
Bias
Bias can be unintentionally included in the results of data analysis
7
12/6/2016
Bias Example – Street Bump
City of Boston created an app to track potholes
Demographics of smartphone users
Disparate impact
◦ Wealthy neighborhoods more likely to use the app
◦ Wealthier neighborhoods got potholes fixed faster
Boston recognized this issue
Police officers & other city workers used the app too
Anonymity
Can you identify a person from the data?
Scrubbing data of names and contact information often not enough
Large data sets can be used to identify individuals due to the detail provided
From Harvard Business Review: ◦ Guaranteeing anonymity (that is, the removal of PII) in exchange for being able to freely collect and use data — a bread‐
and‐butter marketing policy for everyone from app makers, to credit card companies — might not be enforceable if anonymity can be hacked.
8
12/6/2016
Does Anonymity Exist with Large Data Sets?
Minnesota
Lawyers
Female
40‐50 years Old
HireVue Sources
9
12/6/2016
Example: HireVue & Chipotle
•Chipotle Area Managers
• Eye contact
• Word choice
• Word complexity
•Chipotle workforce demographics
•Is there something we should be worried about?
Should We Be Worried?
◦ Maybe for discrimination
◦ Protected classes
◦ Disability
◦ Validate under Uniform Guidelines for Employee Selection Programs (UGESP)
◦ Job study
◦ Job‐related & business necessity
◦ Should we consider more than just statistics?
◦ Should the factors we use be “substantively meaningful”?
10
12/6/2016
Discrimination Conundrum
How will we validate?
◦ More than just statistics?
◦ Strength of the statistics?
What doctrine will apply?
◦ Disparate treatment or impact
◦ Classification bias (new)
Will we be able to get at records?
◦ Machine learning alters algorithm ◦ Keep the algorithm at the time
Do we even know what’s in the algorithm?
◦ Trade secrets of vendor
◦ Weight given to each factor
Managing Risks
 Build a diverse team from the beginning of the project
 Team needs to understand the analytic model
 Be transparent with the weaknesses of analytic models
 Be open to the concerns of many viewpoints
11
12/6/2016
Knowledge is Power
Know what you have
◦ What data do you have?
◦ How did you get it?
◦ Consent to give it
◦ Consent to use it
Know the law
◦ What laws are impacted based on the data you have?
◦ What laws are impacted based on how you intend to use the data?
Ask the Right Questions
 Can the answer to the question be acted upon?
 Are we able to use the data in the manner we intend?
 Creep factor?
 Are we able to trace the flow of data into the this analysis?
 Are the results of the analytics well understood?
 Have we considered applicable laws?
 Could the results cause a public relations problem?
12
12/6/2016
Coffee & Donuts on Us!
Leona Lewis, J.D.
Founder| ComplyEthic Consulting LLC
[email protected]
www.complyethic.com
Kate Bischoff, SHRM‐SCP, SPHR
tHRive Law & Consulting LLC
[email protected]
thrivelawconsulting.com
13