Data Con LA 2020
Description
Data is powerful. Since the turn of the decade, companies around the world have leveraged data to accomplish amazing feats, such as facial recognition, self-driving cars, and (most importantly) recommendations on which Hulu film to stream. This is only to name a few. On the flipside, however, companies and people have also used data for destructive means. It is no longer enough for data professionals to be competent in migrating servers to the cloud, or calculating p-values, or publishing Tableau dashboards. We must also be ethical. We must use data responsibly. We must have measures in place to prevent corporate abuse of data, on both a systemic and individual level. And if the time comes, we must whistleblow to reveal corporate abuse of data. Staying silent or negligent in the face of corporate data abuse causes incalculable harm, and you may be legally liable. The innumerable costs of a corporate scandal include tarnished company reputation, crashing valuations, irate shareholders, and (most importantly) ruined customers.
This talk will cover:
*Case Study of Data-related Corporate Scandals
*Damage and Cost of Corporate Scandals
*Moral Use of Data to Prevent Corporate Scandals
*Whistleblowing as a Data Professional
*My Prior Personal Whistleblowing Experience
Speaker
Ryan Lee, Disney, Sr Data Analyst
2. Disclosures
1) I speak on behalf of myself alone.
2) My views do not represent those of my employer.
3) I have no financial stake in any software/tools discussed.
3. Contents
● Personal Intro
● Power of Data Professionals
● Data-Related Scandals
● Moral Use of Data
● Overview of Whistleblowing
● Preventing Scandals
● Followup Reading and Presentations
● Closing
4. Personal Intro
● Started and Graduated from UC Berkeley with Bachelor degree
● Heavy Statistics/Data focus throughout education and career
● Currently Senior Data Analyst @ The Walt Disney Company
○ Mainly support revenue analytics for Disney ecommerce (https://www.shopdisney.com)
○ Also support several other initiatives incl Disney Privacy, Disney Store, Disney Visa, etc
● In 2020, one new thing I learned was how to golf (kind of)
● My first time speaking at DataCon LA
○ Have spoken at various smaller data events in past
○ Excited to be here
5. Personal Intro: Why I Chose This Topic
● I could have spoken on a various items today, like ‘How to be BI Analyst’
○ That would not be good use of my time nor your time
● Things change fast in data space and no one knows where things going
○ For example Snowflake is popular in 2020, but who knows in 5 years
● One constant need exists for data professionals to be ethical
● You may leave this presentation with new perspective/understanding
● Or you may leave this presentation with your current beliefs affirmed
6. The Power of Data Professionals
● Data professionals have incredible power
○ create algorithms to push certain content
○ create models to flag/target certain individuals
○ bear influence over data privacy and data governance
● Data professionals have expansive access to sensitive info
○ customer DOB, email, phone, demographics, dependants, etc
● Data professionals are looked to advise decisions and be arbiters of truth
● This power can be used for incredible endeavors, but also to harm others
7. Recent Data-Related Corporate Scandals/Lawsuits
● Facebook x Cambridge Analytica 2018 Scandal
○ Millions of Facebook user’s data was excessively shared with Cambridge Analytica
● Panera Bread hiding 2018 data breach
○ For 8 months, Panera aware of data breach yet did not publicly disclose nor even fix
○ Millions of customers’ identifiable information was stolen (entirely preventable)
● YouTube Children Online Privacy Protection Act (COPPA) 2019 Settlement
○ YouTube collected excessive data on children without parental consent for years
○ Children are protected from having data collected without consent under COPPA
○ YouTube settled for $170M with Federal Trade Commission (FTC)
○ https://abcnews.go.com/Technology/wireStory/ap-explains-youtube-agrees-change-show
s-kids-65388352
8. Data Ethics
● To prevent scandals and protect customers, we must be moral with data
● This includes, but is not limited to:
○ Knowing your Data
○ Having proper Change Management and Peer Review
○ Having proper Access Governance
○ Having proper Incident Response
○ Vetting Company Definitions/Terminology
○ Exercising General Ethical Judgement
○ Whistleblowing If Needed
9. Data Ethics: Knowing Your Data
● Where/what are the sources of data? where/who are we sending data?
● Where are the different data environments/servers located?
● Which tables contain personal identifiable information?
● What transformations do certain data elements undergo?
● What are the data relations and replication diagrams?
● To make best decisions, we must see the whole elephant!
10. Data Ethics: Change Mgmt + Peer Review
● Does your data organization follow a change management process?
○ Document use cases of changes/development
○ Receive stakeholder sign-off for proposed initiative
○ Document changes/developments you make
○ Receive stakeholder approval post-implementation
● Does your data organization follow a peer review/QA process?
○ ‘Production-level’ results validated or acknowledged by peers
○ Regression testing and hypercare and retrospectives
11. Data Ethics: Access Governance
● How is it determined who gets read/write access to data environments?
● Is there formal a Access Governance request process and platform?
● Are user groups regularly reviewed for access permissions?
● Are their limits to who can query sensitive data?
● Are their limits to who can write to source data systems?
● Take PII out of reporting layers where it is not needed
12. Data Ethics: Incident Response
● Are there formal protocol and processes in place for data incidents?
○ Database backup failures
○ Database load delays
○ Data breaches
● For past incidents, was the proper protocol being followed?
○ If not, then what is preventing protocol from being followed?
● Are there regular ‘war games’ to validate incident protocol and processes?
○ Database failovers etc
13. Data Ethics: Definitions Signoff
● Receive stakeholder sign-off and consensuses on company definitions
● Maintain consistent terminology and methodology
● Maintain company definition dictionary
● ‘Yelp’ Case Study:
○ Yelp is a tech platform that enables users to review local businesses
○ Yelp recently released a feature flagging businesses for potentially racist activity
○ https://abc7.com/business/yelp-adds-alerts-for-businesses-accused-of-racism/6889051/
○ Some concepts Yelp must/should define using data include:
■ How are racism and racist businesses defined?
■ Do single employee acts represent the entire branch? The entire franchise?
■ At what point can a racist business become not-racist?
14. Data Ethics: Exercise Ethical Judgement
● Share knowledge with coworkers
● Do not hide or manipulate information from coworkers
● Listen to coworkers’ data concerns
● Data can shape stories, but don’t pre-fabricate your stories
○ You can use bias ‘evidence’ to back nearly anything if you wanted
● End of day, don’t do anything you wouldn’t want done to yourself
15. Data Ethics: Whistleblowing
● Even if you use data ethically, you may encounter others’ corporate abuse
● You may need to whistleblow against others’ corporate abuse
● Whistleblowing may be only option to stop abuse and save customers
● Why whistleblow?
○ It’s hard, but it’s the right thing to do.
○ If you were able to prevent something but did not, you are legally liable and may face:
■ Fines,
■ Bans,
■ Reputational Damage,
■ Prison (worst case)
16. What is Whistleblowing?
● Per National Whistleblower Center:
○ “A whistleblower is one who reports waste, fraud, abuse, corruption, or dangerous activity
to someone who is in a position to rectify the wrongdoing. The individual discloses
information on wrongdoings that otherwise would not be known”
○ https://www.whistleblowers.org/what-is-a-whistleblower/
● Who can be a whistleblower? Anyone, even you!
● There are whistleblower protections against retaliation in most cases
17. How to Whistleblow in America
● Determine the type of complaint
○ embezzlement, waste dumping, financing terrorism etc
● Document your support and arguments
● Find the appropriate governing body
○ EPA, SEC, FDIC etc
○ For banks you can use this tool: https://www.ffiec.gov/consumercenter/default.aspx
● Write and submit complaint
● If needed notify law enforcement and/or retain services of a lawyer
18. My High School Whistleblower Story
● I whistleblew on myself
● I won a CRF LA County Legal Essay Competition
○ however technically did not complete required pre-competition tasks
○ felt guilty about it
● I admitted to administrators that I won without having followed policies
● Administrators were so confused when I admitted
● I told administrators I would come back to win the next year
● Actually I ended up winning the next TWO years
○ Funny how things turn out sometimes
19. My Corporate Whistleblowing Story
● At a prior employer, I was directed to manipulate data and hide info
○ This did NOT happen at Disney
● But as Risk Data Analyst, my work guided company’s regulatory efforts
● My role was to be arbiter of truth, so my work should have been honest
● First I complied with unethical directions
○ Later I attempted to reason over this unethical work
○ Attempts to reason led to manager retaliations
○ Eventually I had to resign to protect my wellbeing and safety
● I currently have an open, belated whistleblower case against misconduct
20. Avoid Whistleblowing by Preventing Scandals
● Important to whistleblow, but better to prevent scandals in first place
● Scandals are not fires, earthquakes, or natural disasters/acts of God
● Scandals are perpetuated by humans alone and are entirely preventable
○ Not only preventable at highest levels of company management
○ But also preventable at every level of the company, yours included
○ Can be prevented in variety of ways, which we will discuss in following slides
21. Preventing Scandals: Awareness of Regulations
● General awareness of regulations (specific to data and otherwise):
○ CCPA
○ VPPA
○ GDPR
○ SOX IT
○ COPPA
○ etc
● General exposure to risk/regulatory engagements
○ Recommend data professionals participate in one every few years or so
○ Examples: performing UAT for data migrations; providing db specs for SOX IT audit
22. Preventing Scandals: Regulatory Trainings
● Educate your workforce on policies and regulations
● Most public companies have mandatory compliance training
● Encourage your DRs and peers to take this training seriously
○ Finish modules by due date and encourage discussions on training takeaways
○ No antagonism and no excuses for truancy
● Enforce penalties for training truancy and policy violations
23. Preventing Scandals: Diversity
● Prominent buzzword this year
● Not going to preach on social implications or obligations
● But diversity does add value to risk-mitigation and consumer protection
○ Diverse teams enable organizations to make fairer decisions/products for customers
○ Diversity does not mean you hire 1 gay male on your team to fulfill arbitrary quota
○ It means being open to different perspectives/viewpoints, and hearing those voices out
■ Supreme Court Justices Ginsburg and O’Connor are prime examples
24. Preventing Scandals: Peer Learning + Mentorship
● Engage in peer learning events/programs
○ Internal Lunch Learning Sessions, Speaker Series, Newsletters etc
○ Formal peer learning Programs
■ LeadersAtlas (https://www.leadersatlas.com/)
○ Peer learning enables you to understand how your work affects others
○ Peer learning exposes you to new concepts and new internal knowledge
● Find company mentors (data or otherwise)
○ Shashi Kiran was my first data mentor (https://www.linkedin.com/in/kiranshashi)
■ teaches amazing analytics classes at Santa Clara University
25. Preventing Scandals: Strict Employee Standards
● Have rigorous new hire standards
○ Just because one completes 8-week data science certificate doesn’t mean they qualified
○ Companies need to truly assess candidate background, knowledge, value system, etc
● Hold current employees to rigorous standards
○ Per CEO Reed Hastings, Netflix measures employee value by productivity
■ Netflix attracts, retains, and promotes ONLY productive employees
■ https://www.cnbc.com/2020/09/09/netflix-co-ceo-reed-hastings-focus-on-employees
-you-would-fight-to-keep.html
○ Netflix has great system that has worked incredible thus far
○ We can adopt this system for ethical standards too
■ Measure employee value by ethical productivity
■ Champion employees who are ethically productive
■ Be comfortable with terminating unethical employees
26. Preventing Scandals: Internal Support
● Implement internal fraud/malpractice hotline
● Educate employees what to do and who to contact with their concerns
● Have formal infrastructure to handle employee concerns
○ Formal protocol prevents concerns from being swept away
○ Make sure employees aren’t physically/emotionally threatened for raising concerns
● Staff regulatory engagements with qualified leaders
○ Utilize consulting firms for augmentation of knowledge/experience as needed
■ Accenture https://www.accenture.com ; CNM LLP https://cnmllp.com
27. Preventing Scandals: Risk Management Tools
● Difficult to manually raise and track company regulatory deficiencies
○ JIRA is fine, but that is not objective of JIRA or other PM tools
● Highly recommended every company utilise risk management tool
● Personal recommendation is AuditBoard
○ AuditBoard fully designed to manage internal controls and compliance
○ Please let me know if you would like referral
○ https://www.auditboard.com/
28. Preventing Scandals: The Little Things Add Up
● Be a customer of your company
○ Consume the fruits of your labor
○ See downstream effects and recognize what can go wrong from a user-perspective
● Familiarize yourself with best data practices
○ Attend conferences, webinars, networking happy hours (and normal happy hours)
● Build relationships with your Legal, Compliance, and Audit teams
○ Legal, Compliance, Audit should be your partners not your predators
○ Data + Technology depts should hold Legal, Compliance, Audit accountable too
○ Cynthia Cooper partially credits her work to her relationships with WorldCom Tech team
29. Followup Readings and Presentations
● Cynthia Cooper book on WorldCom scandal (example of whistleblowing)
○ https://www.amazon.com/Extraordinary-Circumstances-Journey-Corporate-Whistleblower
/dp/0470443316
● Daphne Cheung presentation at DataCon LA on 10/25/20
○ I recommend attending my friend Daphne’s session ‘Data Science and Intersectionality’
○ Learn to both recognize misrepresentations and mitigate biases in data itself
○ If you thought my session was good, that’s only because you haven’t seen Daphne’s yet
○ If you disliked my session, Daphne’s will make your DataCon LA experience worthwhile
30. Closing
● The 21st Century has made many things easier
○ Cars drive themselves while you take a voice call on your waterproof smart watch
● But 21st Century also introduced new ways to harm the public
○ These threats touch various parts of the data industry
● You do have the power to prevent an Enron-level moment
● Let’s build a better and safer corporate world, for all of us
31. Thank You!
● Enjoy the rest of the conference
● Invitation to connect: https://www.linkedin.com/in/rl-disney/
● Please reach out if you have any questions or want to discuss
● Hope to see you again at a future conference