Data is the “new gold”, according to UNE’s Professor Michael Adams*, but it comes with a lot of complexities and can be poorly managed, to our peril.
In the second part of our Law and IT series, This Does Not Compute, Michael reflects on his contribution to the new book Legal Issues in Information Technology and the importance of information governance.
“Information governance, data protection and security, privacy, cybersecurity, data analytics and artificial intelligence (AI) have all become critical,” he says. “There are both opportunities and challenges arising from technological innovation and disruption. Many traditional governance processes are no longer fit for purpose and the expectations of stakeholders, regulators, owners and employees are changing.
“Effective information governance is when policies, technologies and people all align and work together to enable data and information to be optimised … to increase the overall performance of the organisation,” Michael wrote.
In this series:
This Does Not Compute: part 1
How do you think we should view information and information governance?
"We need to understand the inherent value of data and ensure it’s protected. The flip side is making sure that we use that data to make informed decisions. It costs money to do information governance well.
"Social media is just one form of technology that has made us change the way we look at how information governance laws operate. The defamation case against Fairfax, Channel 9 and other major news outlets (versus Dylan Voller) found that they did not moderate their Facebook page comments and were responsible, as publishers, for derogatory comments made regarding Voller. That showed the dangers of having open access and public forums.
"In the recent federal budget, the government allocated $10 billion to cybersecurity. That demonstrates just how important the use and management of data now is. Few organisations today would not have a business intelligence department or information officer."
What’s the relationship between information governance and corporate governance?
"Strong information governance is key to good corporate governance, and a means of ensuring due diligence and compliance. Information governance is one of those tools that is applied across all levels of governance within an organisation – good access to data, appropriate reporting mechanisms, quality assurance programs and compliance. The proper management of data is the basis for all that.
"In the top 10 list of what keeps a director awake at night, data security and breaches used to be at the bottom; now it’s in the top 2 or 3. Every director has to, for instance, understand the risks of being hacked at the corporate level and the laws that apply in that space.
People have been a little too relaxed in their understanding of their own data and security, even privacy laws, but awareness is growing.
"The reputational damage if you, as a company, give away people’s private details, is huge. And hundreds of thousands of people can potentially be impacted, so scale is the other factor. It was the American Cambridge Analytica use of Facebook to try to swing the election result for Trump that started to show how data analytics can be used against citizens in a negative or sinister way."
Is there an upside?
"There are lots of potential efficiency gains in being able to provide customers and clients with better information faster, and data analytics can be very useful to decision-making. But there is still more to be done throughout the life cycle of a customer – that whole user-experience could work much better.
"In law, we are seeing the emergence of the smart contract and e-discovery that enables you to use AI to trawl millions of documents and pull out key words or phrases. It’s changing business processes and the way that litigation is done."
Where are we heading?
"On a personal level, people have been a little too relaxed in their understanding of their own data and security, even privacy laws, but awareness is growing. That’s been shown to be dangerous.
"We’re coming to know the weaknesses of passwords and systems. During COVID, with people at home on their own wi-fi without good security, copying files left right and centre that wouldn’t normally leave the office … it exposed businesses and their systems. Flexible working has forced many companies to rethink how they handle sensitive files. I think we will see more and more multi-factorial authentication.
"I can see decentralised autonomous organisations (member-owned communities that enable internet strangers to collaborate) and blockchain growing; that’s a whole new world that’s just around the corner. I think blockchain will have a multitude of uses. But, again, we need to understand the risks and applications.
"We also have to be aware of the biases and prejudices inherent in AI, conscious or unconscious, especially when it comes to racial profiling and gender issues. Then again, look at the speed of machine learning. The ability to understand multiple languages, and in plain language, at such speeds is phenomenal.
"As futurist and founder of Thinque, Andres Sormon-Nisson, says, we need to think about which technology helps us to double our results with half the effort, which analogue processes either need to be upgraded or augmented to maintain competitiveness and, most important of all, what technology our competitors would not want us to adopt next."
* Professor Michael Adams is head of the UNE School of Law.
