Andy Petrella, profile picture
Uploaded byAndy Petrella
420 views

Governance compliance

This document discusses recipes for GDPR-compliant data science. It covers topics like data privacy, risks, ethics, compliance, and governance. On data privacy, it explains information privacy and regulations like GDPR and CCPA. On risks, it discusses risks in data like improper analytics and low data quality. On ethics, it discusses issues around automated decision-making, non-discrimination, and the right to explanation. On compliance, it advocates for monitoring and automated reporting. On governance, it notes challenges of constraints and advocates a bottom-up approach through monitoring data activities.

Embed presentation

Download to read offline
www.kensu.io GOVERNANCE AND COMPLIANCE 1 Recipes for GDPR-friendly Data Science
www.kensu.io ANDY -|- KENSU 2 Andy Petrella - Founder @ Kensu Maths MSc / Computer Science MSc 10+ years in data computing (science?) http://kensu.io Analytics, AI Governance 2 Analytics Governance Perform ance Compliance
www.kensu.io a. Data Privacy b. Risk c. Ethic I. COMPLIANCE x. How to guarantee compliance
www.kensu.io A. DATA PRIVACY Information privacy, also known as data privacy or data protection, is the relationship between the collection and dissemination of a. data,  b. technology, c. the public expectation of privacy,  d. legal  and political issues surrounding them.[1] Privacy  concerns exist wherever  personally identifiable information  or other  sensitive information  is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. https://en.wikipedia.org/wiki/Information_privacy
www.kensu.io Each  controller/processor  shall maintain a record of processing activities under its responsibility (cf. Art. 30). That record shall contain many information including: • The purposes of the processing • A description of the categories of data subjects and of the categories of personal data
 
 etc. A. DATA PRIVACY GDPR
www.kensu.io A. DATA PRIVACY Prior to collecting Californian’s personal data, businesses must disclose in their privacy policy:
 “the categories of personal information to be collected and the purposes for which the categories of personal information shall be used”
 with any additional uses requiring notice to the consumer CaCPA: California Consumer Privacy Act of 2018
www.kensu.io B. RISKS Risks are present wherever data is used: - Managing business risks with data - Building new data business https://www.eiuperspectives.economist.com/sites/default/files/RetailBanksandBigData.pdf
www.kensu.io B. RISKS - Retail worry about credit risk:
 imbalance between the sizes of classes (defaulters <<< non-defaulters) generates overly optimistic scores…
 - Commercial focus on market risk:
 VaR and variations requires important backtesting
 - Investment are concerned about operational risk:
 Just think about BCBS… govern, monitor, control! Business’ risks… risks
www.kensu.io B. RISKS Intrinsic https://unicsoft.net/risks-data-science-project/
www.kensu.io B. RISKS Intrinsic Loosers Records stolen JP Morgan Chase 76,000,000 Evernote 50,000,000 eBay 145,000,000 Target 70,000,000 LinkedIn 117,000,000 Yahoo 1,000,000,000
www.kensu.io B. RISKS Intrinsic Improper Analytics One tiny mistake can ruin the whole project. Low Data Quality Even most advanced analytics methods fail with incorrect data
www.kensu.io C. ETHIC Data Ethics refers to systemising, defending, and recommending concepts of right and wrong conduct in relation to data, in particular personal data. Data ethics is different from information ethics because the focus of information ethics is more concerned with issues of intellectual property. https://en.wikipedia.org/wiki/Big_data_ethics While data ethics is more concerned with collectors and disseminators of structured or unstructured data such as data brokers — governments — large corporations.
www.kensu.io C. ETHIC WAT? http://rsta.royalsocietypublishing.org/content/roypta/374/2083/20160360.full.pdf Data ethics can be defined as the branch of ethics that studies and evaluates moral problems related to data - generation - recording - processing - dissemination - sharing and use algorithms - artificial intelligence - artificial agents - machine learning - robots (well…) practices - responsible innovation - programming - hacking - professional codes in order to formulate and support morally good solutions
www.kensu.io C. ETHIC WAT? http://rsta.royalsocietypublishing.org/content/roypta/374/2083/20160360.full.pdf Data ethics can be defined as the branch of ethics that studies and evaluates moral problems related to data - generation - recording - processing - dissemination - sharing and use algorithms - artificial intelligence - artificial agents - machine learning - robots (well…) practices - responsible innovation - programming - hacking - professional codes in order to formulate and support morally good solutions E T H I C ? E T H I C ? E T H I C ?
www.kensu.io C. ETHIC WAT? The ethics of data focuses on ethical problems posed by the collection and analysis of large datasets and on issues ranging from the use of big data in - biomedical research and social sciences - profilings - advertising - data philanthropy - open data
www.kensu.io C. ETHIC WAT? The ethics of algorithms addresses issues posed by the increasing complexity and autonomy of algorithms broadly understood, especially in the case of machine learning applications. Crucial challenges include moral responsibility and accountability of both designers and data scientists with respect to unforeseen and undesired consequences as well as missed opportunities.
www.kensu.io C. ETHIC WAT? The ethics of practices addresses the pressing questions concerning the responsibilities and liabilities of people and organizations in charge of data processes, strategies and policies, including data scientists’ work to ensure ethical practices fostering the protection of the data subject rights.
www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf
www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Non-discrimination Right to explanation
www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Non-discrimination 1. Article 21 of the Charter of Fundamental Rights of the European Union 2. Article 14 of the European Convention on Human Rights 3. Articles 18-25 of the Treaty on the Functioning of the European Union.
www.kensu.io C. ETHIC Automated decision-making https://www.miamiherald.com/news/nation-world/national/article89562297.html Discrimination… can be unintended
www.kensu.io C. ETHIC Automated decision-making https://www.miamiherald.com/news/nation-world/national/article89562297.html Discrimination… can be unintended “Ingress players, like the database volunteers, appeared to skew male, young and English-speaking, […]. 
 Though the surveys did not gather data on race or income levels, the average player spent almost $80 on the Ingress game […] suggesting access to disposable income.”
www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Right to explanation Profiling is inherently discriminatory 
 Data subjects are grouped in categories and decisions are made on this basis Plus, as said, machine learning can reify existing patterns of discrimination
 
 Consequences: Biased decisions are presented as the outcome of an “objective” algorithm.
www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Right to explanation Standard supervised machine learning algorithms are based on discovering reliable associations to make predictions. There is no concern for causal reasoning or “explanation”
www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Right to explanation For Burrell in How the machine “thinks”: Understanding opacity in machine learning algorithms, there are three barriers to transparency 1. Intentional hiding of the decision procedures by corporations 2. Code sources are overly complex 3. Machine learning can reason at very high dimensions, humans’ brains don’t
www.kensu.io X. HOW TO GUARANTEE COMPLIANCE a. Monitoring b. Automated Reporting
www.kensu.io X. HOW TO GUARANTEE COMPLIANCE In (data) engineering, processes have improved to satisfy the need for stability, quality and compliance by introducing: 1. logging 2. testing 3. continuous deployment Monitoring
www.kensu.io X. HOW TO GUARANTEE COMPLIANCE Data science projects are slightly different in nature than pure engineering projects. In that, most issues may come from the dynamicity of the experimentations and the volatility of the data. Such that, monitoring becomes key to AUTOMATED compliance! Monitoring
www.kensu.io X. HOW TO GUARANTEE COMPLIANCE For data project, monitoring is about: - what/how data are used (e.g. data lineage, products, …) - what/how models are build (e.g. methods, metrics, …) - where/how data products are used (e.g. marketing, fraud, …) Monitoring
www.kensu.io X. HOW TO GUARANTEE COMPLIANCE Pursuing the parallel with engineering: 
 CI/CD and Q/A are similar to our current compliance needs! Automated Reporting The automation of compliance can be approached with a set of rules to estimate the level of risks and to limit the efforts to only actionable events. Reporting is mandatory for compliance.
 Reports can be generated from the conjunction of monitored activities and established rules dictated by regulations.
www.kensu.io X. HOW TO GUARANTEE COMPLIANCE The Kensu way: Data Activity Manager Monitor Automated Registry Report
www.kensu.io a. Data in the Wild b. Effects of contraints II. GOVERNANCE x. How to govern
www.kensu.io A. DATA IN THE WILD Working on data is perceived as the Wild West. • Experimentations in highly dynamic environments (e.g. notebooks) • Local copy or duplication of datasets • Creation of intermediate dumps (models, prepared datasets)
www.kensu.io B. EFFECTS OF CONTRAINTS Adding constraints (policies) to govern is a classic… So, we would have the following examples: - predefine the set of needed data - list methods to be used - create documents… maintain them Rules, laws, …
www.kensu.io B. EFFECTS OF CONTRAINTS The consequences of such constraints are: • Lack of freedom • Anonymization • what about marketing use case • what is the reliability of the process • anonymisation is actually itself a process to be listed! • poor/slow reactivity to market changes (performance drop) … might not be best
www.kensu.io X. HOW TO GOVERN For compliance reasons, we have to introduce monitoring. Monitoring data opens new governance doors: - Govern data activities with a bottom-up approach - Control vs Constrain In other terms, data governance in a data-driven fashion
www.kensu.io X. HOW TO GOVERN The Kensu way: Data Activity Manager
www.kensu.io THANKS! http://kensu.io Analytics, AI Governance Analytics Governance Perform ance Compliance Q/A Checkout Kensu Data Activity Manager

More Related Content

PDF
Data ethics for developers
byanilramnanan
 
PPTX
Privacy & Data Ethics
byErik Kokkonen
 
PDF
An ethical approach to data privacy protection
byNicha Tatsaneeyapan
 
PDF
Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Inf...
byTed Myerson
 
PDF
"Towards Value-Centric Big Data" e-SIDES Workshop - "A win-win initiative for...
bye-SIDES.eu
 
PDF
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
byIDC4EU
 
PPTX
GDPR practical info session for development
byTomppa Kuusi (formerly Järvinen)
 
PPTX
LAK16 privacy and analytics (2016)
byWolfgang Greller
 
Data ethics for developers
byanilramnanan
 
Privacy & Data Ethics
byErik Kokkonen
 
An ethical approach to data privacy protection
byNicha Tatsaneeyapan
 
Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Inf...
byTed Myerson
 
"Towards Value-Centric Big Data" e-SIDES Workshop - "A win-win initiative for...
bye-SIDES.eu
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
byIDC4EU
 
GDPR practical info session for development
byTomppa Kuusi (formerly Järvinen)
 
LAK16 privacy and analytics (2016)
byWolfgang Greller
 

What's hot

PPTX
Privacy by design for startups: legal and technology
byIshay Tentser
 
PPTX
Introduction to Information Policy
byNiamh Headon
 
PPT
Privacy and personal information
byUc Man
 
PPTX
Information Privacy
byimehreenx
 
PPTX
Cloud and Data Privacy
byMaganathin Veeraragaloo
 
PPTX
Information policy ppt
byKabir Khan
 
PDF
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
byICEGOV
 
PPTX
Information policy sunil sir
bybgshalini
 
PDF
A Dynamic Intelligent Policies Analysis Mechanism for Personal Data Processin...
byKonstantinos Demertzis
 
PPTX
Data set Legislation
byData-Set
 
PPTX
Data set Legislation
byData-Set
 
PPTX
Data set Legislation
byData-Set
 
PPTX
Data set module 4
byData-Set
 
PDF
Copy of OSTP RFI on Big Data and Privacy
byMicah Altman
 
PDF
Ensuring Effective Information Security Management Information Classification...
byijtsrd
 
PDF
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
byTrivadis
 
PDF
Open Government Data & Privacy Protection
bySylvia Ogweng
 
PPTX
Paperless Lab Academy 'legal aspects of big data analytics'
byAxon Lawyers
 
PDF
Data Privacy
bycliff_rudolph
 
Privacy by design for startups: legal and technology
byIshay Tentser
 
Introduction to Information Policy
byNiamh Headon
 
Privacy and personal information
byUc Man
 
Information Privacy
byimehreenx
 
Cloud and Data Privacy
byMaganathin Veeraragaloo
 
Information policy ppt
byKabir Khan
 
ICEGOV - Tutorial 1 - Information Policy Concepts and Principles
byICEGOV
 
Information policy sunil sir
bybgshalini
 
A Dynamic Intelligent Policies Analysis Mechanism for Personal Data Processin...
byKonstantinos Demertzis
 
Data set Legislation
byData-Set
 
Data set Legislation
byData-Set
 
Data set Legislation
byData-Set
 
Data set module 4
byData-Set
 
Copy of OSTP RFI on Big Data and Privacy
byMicah Altman
 
Ensuring Effective Information Security Management Information Classification...
byijtsrd
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
byTrivadis
 
Open Government Data & Privacy Protection
bySylvia Ogweng
 
Paperless Lab Academy 'legal aspects of big data analytics'
byAxon Lawyers
 
Data Privacy
bycliff_rudolph
 

Similar to Governance compliance

PDF
The Rise of Data Ethics and Security - AIDI Webinar
byEryk Budi Pratama
 
PDF
Data science governance and GDPR
byAndy Petrella
 
PDF
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
byDr. Thiti Vacharasintopchai, ATSI-DX, CISA
 
PDF
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
bySoumodeep Nanee Kundu
 
PPTX
Of Unicorns, Yetis, and Error-Free Datasets (or what is data quality?)
byGianluca Tarasconi
 
PDF
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
byAndrew Clark
 
PDF
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
byEryk Budi Pratama
 
PPTX
FDS MODULE 10 , IT SAY IMPORTTANCE OF AI
bypr6660270
 
PDF
Gse uk-cedrinemadera-2018-shared
bycedrinemadera
 
PPTX
Data Governance Course without AI_Week 1.pptx
bylateeth1
 
PDF
Data Analytics Governance and Ethics
byHPCC Systems
 
PDF
Data science governance : what and how
byAndy Petrella
 
PPTX
Putting data science into perspective
bySravan Ankaraju
 
PDF
Big Data Expo 2015 - Data Science Innovation Privacy Considerations
byBigDataExpo
 
PPTX
week 7.pptx
byStephenGwadi
 
PPTX
Data science and pending EU privacy laws - a storm on the horizon
byDavid Stephenson, Ph.D.
 
PDF
Hivos and Responsible Data
byTom Walker
 
PDF
Ethical Priniciples for the All Data Revolution
byMelissa Moody
 
PPTX
Fuel your Data-Driven Ambitions with Data Governance
byPedro Martins
 
PDF
EPF-datagov-part1-1.pdf
bycedrinemadera
 
The Rise of Data Ethics and Security - AIDI Webinar
byEryk Budi Pratama
 
Data science governance and GDPR
byAndy Petrella
 
Data Security and Data Governance: Foundation and Case Studies - November 4, ...
byDr. Thiti Vacharasintopchai, ATSI-DX, CISA
 
Ethical Considerations in Data Analysis_ Balancing Power, Privacy, and Respon...
bySoumodeep Nanee Kundu
 
Of Unicorns, Yetis, and Error-Free Datasets (or what is data quality?)
byGianluca Tarasconi
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
byAndrew Clark
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
byEryk Budi Pratama
 
FDS MODULE 10 , IT SAY IMPORTTANCE OF AI
bypr6660270
 
Gse uk-cedrinemadera-2018-shared
bycedrinemadera
 
Data Governance Course without AI_Week 1.pptx
bylateeth1
 
Data Analytics Governance and Ethics
byHPCC Systems
 
Data science governance : what and how
byAndy Petrella
 
Putting data science into perspective
bySravan Ankaraju
 
Big Data Expo 2015 - Data Science Innovation Privacy Considerations
byBigDataExpo
 
week 7.pptx
byStephenGwadi
 
Data science and pending EU privacy laws - a storm on the horizon
byDavid Stephenson, Ph.D.
 
Hivos and Responsible Data
byTom Walker
 
Ethical Priniciples for the All Data Revolution
byMelissa Moody
 
Fuel your Data-Driven Ambitions with Data Governance
byPedro Martins
 
EPF-datagov-part1-1.pdf
bycedrinemadera
 

More from Andy Petrella

PPTX
Data Observability Best Pracices
byAndy Petrella
 
PDF
Lightning fast genomics with Spark, Adam and Scala
byAndy Petrella
 
PDF
Machine Learning and GraphX
byAndy Petrella
 
PDF
Spark Summit Europe: Share and analyse genomic data at scale
byAndy Petrella
 
PDF
How to Build a Global Data Mapping
byAndy Petrella
 
PDF
Interactive notebooks
byAndy Petrella
 
PDF
Data Enthusiasts London: Scalable and Interoperable data services. Applied to...
byAndy Petrella
 
PDF
Agile data science with scala
byAndy Petrella
 
PDF
Towards a rebirth of data science (by Data Fellas)
byAndy Petrella
 
PDF
What is a distributed data science pipeline. how with apache spark and friends.
byAndy Petrella
 
PDF
Spark meetup london share and analyse genomic data at scale with spark, adam...
byAndy Petrella
 
PDF
Agile data science: Distributed, Interactive, Integrated, Semantic, Micro Ser...
byAndy Petrella
 
PPTX
Liège créative: Open Science
byAndy Petrella
 
PDF
Leveraging mesos as the ultimate distributed data science platform
byAndy Petrella
 
PDF
Distributed machine learning 101 using apache spark from a browser devoxx.b...
byAndy Petrella
 
PDF
BioBankCloud: Machine Learning on Genomics + GA4GH @ Med at Scale
byAndy Petrella
 
PDF
What is Distributed Computing, Why we use Apache Spark
byAndy Petrella
 
PDF
Scala: the unpredicted lingua franca for data science
byAndy Petrella
 
PDF
Distributed machine learning 101 using apache spark from the browser
byAndy Petrella
 
PDF
Spark devoxx2014
byAndy Petrella
 
Data Observability Best Pracices
byAndy Petrella
 
Lightning fast genomics with Spark, Adam and Scala
byAndy Petrella
 
Machine Learning and GraphX
byAndy Petrella
 
Spark Summit Europe: Share and analyse genomic data at scale
byAndy Petrella
 
How to Build a Global Data Mapping
byAndy Petrella
 
Interactive notebooks
byAndy Petrella
 
Data Enthusiasts London: Scalable and Interoperable data services. Applied to...
byAndy Petrella
 
Agile data science with scala
byAndy Petrella
 
Towards a rebirth of data science (by Data Fellas)
byAndy Petrella
 
What is a distributed data science pipeline. how with apache spark and friends.
byAndy Petrella
 
Spark meetup london share and analyse genomic data at scale with spark, adam...
byAndy Petrella
 
Agile data science: Distributed, Interactive, Integrated, Semantic, Micro Ser...
byAndy Petrella
 
Liège créative: Open Science
byAndy Petrella
 
Leveraging mesos as the ultimate distributed data science platform
byAndy Petrella
 
Distributed machine learning 101 using apache spark from a browser devoxx.b...
byAndy Petrella
 
BioBankCloud: Machine Learning on Genomics + GA4GH @ Med at Scale
byAndy Petrella
 
What is Distributed Computing, Why we use Apache Spark
byAndy Petrella
 
Scala: the unpredicted lingua franca for data science
byAndy Petrella
 
Distributed machine learning 101 using apache spark from the browser
byAndy Petrella
 
Spark devoxx2014
byAndy Petrella
 

Recently uploaded

PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Day 2 - Network Security ~ 2nd Sight Lab ~ Cloud Security Class ~ 2020
by2nd Sight Lab
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
API-First Architecture in Financial Systems
bycyy111112
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 

Governance compliance

  • 1.
  • 2.
    www.kensu.io ANDY -|- KENSU 2 AndyPetrella - Founder @ Kensu Maths MSc / Computer Science MSc 10+ years in data computing (science?) http://kensu.io Analytics, AI Governance 2 Analytics Governance Perform ance Compliance
  • 3.
    www.kensu.io a. Data Privacy b.Risk c. Ethic I. COMPLIANCE x. How to guarantee compliance
  • 4.
    www.kensu.io A. DATA PRIVACY Informationprivacy, also known as data privacy or data protection, is the relationship between the collection and dissemination of a. data,  b. technology, c. the public expectation of privacy,  d. legal  and political issues surrounding them.[1] Privacy  concerns exist wherever  personally identifiable information  or other  sensitive information  is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. https://en.wikipedia.org/wiki/Information_privacy
  • 5.
    www.kensu.io Each  controller/processor  shallmaintain a record of processing activities under its responsibility (cf. Art. 30). That record shall contain many information including: • The purposes of the processing • A description of the categories of data subjects and of the categories of personal data
 
 etc. A. DATA PRIVACY GDPR
  • 6.
    www.kensu.io A. DATA PRIVACY Priorto collecting Californian’s personal data, businesses must disclose in their privacy policy:
 “the categories of personal information to be collected and the purposes for which the categories of personal information shall be used”
 with any additional uses requiring notice to the consumer CaCPA: California Consumer Privacy Act of 2018
  • 7.
    www.kensu.io B. RISKS Risks arepresent wherever data is used: - Managing business risks with data - Building new data business https://www.eiuperspectives.economist.com/sites/default/files/RetailBanksandBigData.pdf
  • 8.
    www.kensu.io B. RISKS - Retailworry about credit risk:
 imbalance between the sizes of classes (defaulters <<< non-defaulters) generates overly optimistic scores…
 - Commercial focus on market risk:
 VaR and variations requires important backtesting
 - Investment are concerned about operational risk:
 Just think about BCBS… govern, monitor, control! Business’ risks… risks
  • 9.
  • 10.
    www.kensu.io B. RISKS Intrinsic Loosers Recordsstolen JP Morgan Chase 76,000,000 Evernote 50,000,000 eBay 145,000,000 Target 70,000,000 LinkedIn 117,000,000 Yahoo 1,000,000,000
  • 11.
    www.kensu.io B. RISKS Intrinsic Improper Analytics Onetiny mistake can ruin the whole project. Low Data Quality Even most advanced analytics methods fail with incorrect data
  • 12.
    www.kensu.io C. ETHIC Data Ethics refersto systemising, defending, and recommending concepts of right and wrong conduct in relation to data, in particular personal data. Data ethics is different from information ethics because the focus of information ethics is more concerned with issues of intellectual property. https://en.wikipedia.org/wiki/Big_data_ethics While data ethics is more concerned with collectors and disseminators of structured or unstructured data such as data brokers — governments — large corporations.
  • 13.
    www.kensu.io C. ETHIC WAT? http://rsta.royalsocietypublishing.org/content/roypta/374/2083/20160360.full.pdf Data ethicscan be defined as the branch of ethics that studies and evaluates moral problems related to data - generation - recording - processing - dissemination - sharing and use algorithms - artificial intelligence - artificial agents - machine learning - robots (well…) practices - responsible innovation - programming - hacking - professional codes in order to formulate and support morally good solutions
  • 14.
    www.kensu.io C. ETHIC WAT? http://rsta.royalsocietypublishing.org/content/roypta/374/2083/20160360.full.pdf Data ethicscan be defined as the branch of ethics that studies and evaluates moral problems related to data - generation - recording - processing - dissemination - sharing and use algorithms - artificial intelligence - artificial agents - machine learning - robots (well…) practices - responsible innovation - programming - hacking - professional codes in order to formulate and support morally good solutions E T H I C ? E T H I C ? E T H I C ?
  • 15.
    www.kensu.io C. ETHIC WAT? The ethicsof data focuses on ethical problems posed by the collection and analysis of large datasets and on issues ranging from the use of big data in - biomedical research and social sciences - profilings - advertising - data philanthropy - open data
  • 16.
    www.kensu.io C. ETHIC WAT? The ethicsof algorithms addresses issues posed by the increasing complexity and autonomy of algorithms broadly understood, especially in the case of machine learning applications. Crucial challenges include moral responsibility and accountability of both designers and data scientists with respect to unforeseen and undesired consequences as well as missed opportunities.
  • 17.
    www.kensu.io C. ETHIC WAT? The ethicsof practices addresses the pressing questions concerning the responsibilities and liabilities of people and organizations in charge of data processes, strategies and policies, including data scientists’ work to ensure ethical practices fostering the protection of the data subject rights.
  • 18.
  • 19.
  • 20.
    www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Non-discrimination 1.Article 21 of the Charter of Fundamental Rights of the European Union 2. Article 14 of the European Convention on Human Rights 3. Articles 18-25 of the Treaty on the Functioning of the European Union.
  • 21.
  • 22.
    www.kensu.io C. ETHIC Automated decision-making https://www.miamiherald.com/news/nation-world/national/article89562297.html Discrimination…can be unintended “Ingress players, like the database volunteers, appeared to skew male, young and English-speaking, […]. 
 Though the surveys did not gather data on race or income levels, the average player spent almost $80 on the Ingress game […] suggesting access to disposable income.”
  • 23.
    www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Rightto explanation Profiling is inherently discriminatory 
 Data subjects are grouped in categories and decisions are made on this basis Plus, as said, machine learning can reify existing patterns of discrimination
 
 Consequences: Biased decisions are presented as the outcome of an “objective” algorithm.
  • 24.
    www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Rightto explanation Standard supervised machine learning algorithms are based on discovering reliable associations to make predictions. There is no concern for causal reasoning or “explanation”
  • 25.
    www.kensu.io C. ETHIC Automated decision-making https://arxiv.org/pdf/1606.08813.pdf Rightto explanation For Burrell in How the machine “thinks”: Understanding opacity in machine learning algorithms, there are three barriers to transparency 1. Intentional hiding of the decision procedures by corporations 2. Code sources are overly complex 3. Machine learning can reason at very high dimensions, humans’ brains don’t
  • 26.
    www.kensu.io X. HOW TOGUARANTEE COMPLIANCE a. Monitoring b. Automated Reporting
  • 27.
    www.kensu.io X. HOW TOGUARANTEE COMPLIANCE In (data) engineering, processes have improved to satisfy the need for stability, quality and compliance by introducing: 1. logging 2. testing 3. continuous deployment Monitoring
  • 28.
    www.kensu.io X. HOW TOGUARANTEE COMPLIANCE Data science projects are slightly different in nature than pure engineering projects. In that, most issues may come from the dynamicity of the experimentations and the volatility of the data. Such that, monitoring becomes key to AUTOMATED compliance! Monitoring
  • 29.
    www.kensu.io X. HOW TOGUARANTEE COMPLIANCE For data project, monitoring is about: - what/how data are used (e.g. data lineage, products, …) - what/how models are build (e.g. methods, metrics, …) - where/how data products are used (e.g. marketing, fraud, …) Monitoring
  • 30.
    www.kensu.io X. HOW TOGUARANTEE COMPLIANCE Pursuing the parallel with engineering: 
 CI/CD and Q/A are similar to our current compliance needs! Automated Reporting The automation of compliance can be approached with a set of rules to estimate the level of risks and to limit the efforts to only actionable events. Reporting is mandatory for compliance.
 Reports can be generated from the conjunction of monitored activities and established rules dictated by regulations.
  • 31.
    www.kensu.io X. HOW TOGUARANTEE COMPLIANCE The Kensu way: Data Activity Manager Monitor Automated Registry Report
  • 32.
    www.kensu.io a. Data inthe Wild b. Effects of contraints II. GOVERNANCE x. How to govern
  • 33.
    www.kensu.io A. DATA INTHE WILD Working on data is perceived as the Wild West. • Experimentations in highly dynamic environments (e.g. notebooks) • Local copy or duplication of datasets • Creation of intermediate dumps (models, prepared datasets)
  • 34.
    www.kensu.io B. EFFECTS OFCONTRAINTS Adding constraints (policies) to govern is a classic… So, we would have the following examples: - predefine the set of needed data - list methods to be used - create documents… maintain them Rules, laws, …
  • 35.
    www.kensu.io B. EFFECTS OFCONTRAINTS The consequences of such constraints are: • Lack of freedom • Anonymization • what about marketing use case • what is the reliability of the process • anonymisation is actually itself a process to be listed! • poor/slow reactivity to market changes (performance drop) … might not be best
  • 36.
    www.kensu.io X. HOW TOGOVERN For compliance reasons, we have to introduce monitoring. Monitoring data opens new governance doors: - Govern data activities with a bottom-up approach - Control vs Constrain In other terms, data governance in a data-driven fashion
  • 37.
    www.kensu.io X. HOW TOGOVERN The Kensu way: Data Activity Manager
  • 38.
    www.kensu.io THANKS! http://kensu.io Analytics, AIGovernance Analytics Governance Perform ance Compliance Q/A Checkout Kensu Data Activity Manager