Business Intelligence (or BI) has now become an integral part of an organisation’s operations due to the rapid advances in big data, artificial intelligence and machine learning. Organisations can now combine their existing data assets with other data sets, and carry out in-depth analytics using sophisticated tools, to make precise, timely and well-informed decisions. Consistent with the increasingly digital global economy, this BI revolution is very much driven by vast amounts of data that are being generated and processed.
However, with data, there can be too much of a good thing and the overzealous collection of data can result in organisations taking on additional risks and liabilities which comes in the form of data protection compliance and cyber risks but increasingly also the ethical considerations around using BI.
Personal Data – Patchwork of Laws
Most of the data that is fed into BI consists of personal data, which is data that identifies an individual. The collection and use of personal data is regulated by data protection laws or similar laws relating to privacy.
In recent years, there have been more of such laws being introduced globally, such as the EU General Data Protection Regulations (GDPR). This is against the backdrop of growing consumer awareness of their data rights and recent high-profile data breaches. In APAC, we have seen several countries recently introduce national data protection laws and also more stringent enforcement of existing data protection laws. However, the new data protection laws that have been introduced are often not aligned across APAC resulting in a patchwork of varying requirements. What this means is that organisations seeking to deploy BI initiatives across APAC must also contend with this patchwork of laws which can have an impact on the use case for BI.
Cybersecurity – Companies under Attack
As organisations collect and process increasing amounts of data to power BI, they become an attractive target for cyber-attackers looking to obtain or benefit from the data. Governments have responded to this trend by passing cybersecurity laws, which often come with strict data security measures and hefty fines. Recent high-profile cyber-attacks have resulted in a growing expectation amongst customers for organisations to invest in robust cybersecurity measures to prevent their data from being compromised. But this has come at an additional cost. There is also the risk of reputational damage from a cyber-attack which would impact consumer trust and shareholder value.
Ethical Considerations – Reputational Risk
Organisations will also need to consider the impact of ethical guidelines on a BI initiative as there is a growing number of ethical guidelines being put forward by governments, such as the Report on Artificial Intelligence by the UK’s House of Lords and the Discussion Paper on Artificial Intelligence and Personal Data published by the Singapore data protection regulator. Although many of these ethical guidelines are largely non-binding, organisations face a reputational risk should they be found not to comply with such guidelines.
In summary, whilst BI presents great opportunities for organisations, these need to be considered against the costs of ensuring an organisation’s compliance with the laws and regulations governing the collection and use of data which powers BI and also the reputational impact it may have on the organisation.