Nearly every company today relies on technology to operationalize their business in one form or another. While the use cases for technology, including artificial intelligence (AI), vary among companies and industries, its responsible and ethical use should be the tie that binds them all.
This article highlights five core elements of a digital trust program, taking inspiration from industry roadmaps, including the World Economic Forum’s digital trust insight report, as well as from current best practices of leading, global companies.
A shared set of values: Technology evolves faster than companies and regulators can keep pace with it, while cultural values and ethos remain largely unchanged and timeless. Values should serve as the foundation upon which all other ethics and compliance practices, policies and procedures stand.
Relevant to structuring a digital trust framework, values should “inform the concept of digital trust, including security and reliability; accountability and oversight; and inclusive, ethical and responsible use,” according to the World Economic Forum’s digital trust insights report.
For an example to emulate, consider Walmart’s foundational Digital Trust Commitments:
- Service: Our use of technology and data will be in service of people.
- Excellence: We strive for excellence in our technology, making it simple, convenient, and secure.
- Integrity: We will use data responsibly and transparently, and always with integrity.
- Respect: Our data practices and technology will treat people fairly, with dignity and respect.
Fairness principles: Fairness is another core principle of a digital trust program that speaks, in part, to the inclusive, ethical and responsible use of technology, including responsible AI, and data processing. Best practice includes, for example, building and deploying technology that is clear and accessible to all; and designing technology systems that are explainable and transparent to help reduce bias in data.
Fairness also speaks to “being fair in both process and outcome” as a goal of accountability and oversight activities from a governance standpoint, according to the digital trust report. Best practice is to have a cross-functional team in place to keep the company true to its digital trust commitments. The form and function of such leadership may vary company to company or industry to industry.
Walmart has a Digital Citizenship team, for example, made up of “compliance and legal associates with expertise in digital values, emerging technology, privacy, data, records, information management, and cybersecurity.” As Walmart explained in a blog post, this team helps other parts of the business – including operations, marketing, and technology – “live up to our Digital Trust Commitments as the company develops and implements emerging technologies, new services, and innovative ways to use data.”
Technology company IBM’s AI Ethics Board is another good example. Its mission, according to IBM’s website, is “to support a centralized governance, review and decision-making process for IBM ethics policies, practices, communications, research, products and services. By infusing our long-standing principles and ethical thinking, the board is one mechanism by which IBM holds our company and all IBMers accountable to our values.”
A robust cybersecurity program: A robust cybersecurity program is another element of a digital trust program not only for the sake of reducing the risk of a cyberattack, but further to establish accountability and data oversight responsibilities. As with many companies today, Walmart protects its digital infrastructure through “adherence to industry standards, incident reporting policies and escalation practices, vulnerability testing, and continuous improvement.”
There are many industry standards and frameworks out there for companies to follow in building a cybersecurity program. Just one example is the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (NIST-CSF).
Privacy protections: Privacy protections and privacy by design are other important elements of a digital trust program. As explained by the digital trust insights report, privacy by design ensures that “appropriate privacy considerations are embedded in the design, acquisition or implementation of new products or services.”
When implementing privacy by design in practice, it’s recommended to have in place a guiding set of principles. Consider, for example, the privacy-by-design principles that Walmart follows:
- Proactive and preventative: Privacy controls and practices should be considered from the outset rather than after development.
- Privacy by default: We seek to respect privacy and protection by default, through methods including transparency in the collection of personal information, only processing the personal information necessary to achieve our business purpose, and using and retaining data in line with law and policy.
- Design assessment: Our teams conduct privacy risk assessments and privacy impact assessments as part of the design or redesign of technology, processes, and projects to determine risks, legal requirements, and mitigation measures.
- Balancing interests: We strive to accommodate both the privacy of individuals and Walmart’s legitimate business objectives so we can better serve our customers now and in the future.
- Security: End-to-end security considerations that support privacy protections will be assessed and addressed prior to implementation.
A comprehensive data governance program: As the digital trust insights report explains, “information governance is the organizational management of data storage, quality and integrity. It ensures that data can be relied on to be accurate and complete for all functions in an organization.” There are many branches of a comprehensive data governance program, including policies and procedures, training, monitoring, continuous improvements, and accountability in the event of an incident.
Taking inspiration from Walmart’s data governance policies, some policy considerations include the following:
- Records management policy: A policy defining how to manage, retain, and dispose of records created or used by the business.
- Data governance policy: A set of policies that address roles and responsibilities, data classification, data sharing, and data products designed to ensure the business understands the data it has and how that data is handled, shared, and classified.
- AI policy: Provides guidance for the company in the design, implementation, and review of automated decisioning solutions, models, and technology; and
- Data incident response policy: Provides guidance for reporting and addressing actual or suspected data incidents in a timely manner, supported by data breach notification and regulatory reporting guidelines and standards.
Beyond the five core elements of a digital trust program discussed above, it’s important to continue to collaborate with industry peers and seek out industry resources. IBM provides a fairly comprehensive list of initiatives furthering the goal of AI ethics, for example.
One resource is The Data & Trust Alliance, a non-profit organization focused on the adoption of responsible data and artificial intelligence practices. Among its latest initiatives, The Data & Trust Alliance has created Responsible Data & AI Diligence for M&A, a tool designed to help M&A teams in their screening and due diligence “to assess the value and risks of data, algorithms, and the cultures in which they are built.” It also offers a tool to help HR teams mitigate bias in workplace-related decisions.
Another valuable resource, as mentioned above, is the World Economic Forum’s digital trust insight report, which serves as “both a framework and a roadmap for how to become more trustworthy in the use and development of technology.” Through continuing to share knowledge among one another, it is the wider goal that all companies will design, develop, and adopt technology in a responsible and ethical manner.
To learn more about best practices in data privacy and cybersecurity, download our eBook, “Addressing Cybersecurity & Data Privacy in 2023”: