Did you hear the story about the man who was fired by a robot? Ibrahim Diallo got caught in his own Kafkaesque nightmare when he suddenly found himself progressively locked out of the systems at the company he worked for. It culminated in him being escorted from his office by security. His human employers couldn’t give him an explanation as to why, nor could they reverse the machines ‘decision’. A long investigation revealed that a former manager failed to update his credentials on their IT systems. When he was eventually reinstated, he found himself alienated from his colleagues and quit. Put another way, because of some bad data, Ibrahim found himself arbitrarily sacked and under suspicion.
It’s an anecdote for our time. The world is fuelled by data, and with more control and decisions being given to AI and automated, the integrity of this information is now fundamental.
Simple human errors or mismanagement of data can lead to incredibly damaging consequences. Imagine a financial institution that incorrectly changed your credit history – leading to your mortgage being denied and the deal on your dream house falling through. How about a medical institution that incorrectly modifies your medical history, or even mixes you up with another individual? You can imagine hundreds of scenarios where corrupted, incorrect or manipulated data could impact your life leaving you with little knowledge or recourse that it has happened.
This is why an aspect of GDPR, which got surprisingly little press, was so critical – the obligation to report a data breach. Knowing where and when your data may have been compromised is a powerful new weapon. When you align it with the ability to request your data from any organisation, it becomes an important way to check if your data is accurate.
For businesses, there is a huge burden of responsibility to ensure that systems are safe and data governance procedures are robust and adhered to. A data breach isn’t just about passwords or financial information being compromised, it’s also about the digital life of individuals being manipulated or damaged – whether deliberately or accidentally. Passwords can be changed, but identifying and rectifying instances where personal data has been altered is even more important.
The fines that GDPR outline for failure to protect personal information may just be the tip of the iceberg for a business that fails in its duty of care. Liability for personal loss, or in the most extreme scenarios criminal liability, should be a real concern. So is the potential reputational harm. Imagine your business’s lax data governance procedures being the route cause of a customer’s life being serious damaged or disrupted. The headlines write themselves.
Using GDPR as a framework to underpin the data governance procedures of your business is the first step towards protecting you and your brand. The second, and arguably more important step, is changing your businesses’ mindset towards data. It is not just abstract information used for business intelligence – it is your customer’s life. Protecting it, respecting it and understanding how it can be misused should be top of mind for every staff member. Training and managing staff so that they can use data management systems and follow clearly articulated procedures should be a business priority. Every organisation needs to store, manage and use data in a secure way and have systems in place that enable malicious or erroneous changes to be quickly identified and rolled back.
Much of the oxygen surrounding the GDPR debate has been used up by discussing the collection and use of personal data. While this is a highly important issue, it does mean that less thought has been dedicated to questions its integrity. How do you ensure that accurate data has been collected, kept up-to-date and remains free from errors?
The Cambridge Analytica scandal brought questions of data privacy to the mainstream. People learnt what many businesses had known for years – how data can reveal intimate personal preferences and be used for profit. I’m certain we will soon see a scandal related to data integrity which will reveal to people how damaged data can have profound and far reaching negative consequences. The question for every business is, when that time comes, will customers trust you with their data, and by extension their lives?