Innovation is a constant state of being for a business in the modern world. They often employ advanced data analytics to stay ahead of the curve as it can reveal areas of operations where costs can be optimised, and new growth opportunities can be found.

Data powers AI models to create predictions, suggestions, and decisions by learning from that data. However, there are several challenges that are keeping businesses from embracing data analytics and AI and data privacy is one of the crucial ones.

Challenges to Data Privacy

AI promises to revolutionize our lives but it also comes with many privacy challenges.

Data breaches are the biggest challenge to data privacy. Worse, they’ve become more common than ever. In 2022, the global average cost of data breach was $4.35 million. That doesn’t include the US where the average cost was as high as $9.44 million. The more data AI systems use, the more attractive they become to potential attackers. Ensuring data security is a constant challenge, and breaches can lead to severe privacy violations.

AI algorithms perpetuate and amplify biases present in the data they are trained on, leading to discriminatory or unfair outcomes. Even after anonymising data, it may still be possible to re-identify it by cross referencing it with other data sets.

Regulators are trying to catch up with the fast-paced development in AI and they often pose challenges to data privacy. This, in turn, can lead to privacy violations during global data transfer as different countries have varying data protection laws.

Data shared with AI systems might be passed on to third parties, raising concerns about data handling beyond the original purpose. An increase in use of AI in Edge devices is leading to unintended exposure of sensitive data.

Ultimately, given the complexity of AI systems, obtaining meaningful consent from users is challenging.

Balancing privacy and security with innovation

At Infosys, to overcome the challenge of maintaining data privacy over security, we follow the ‘Responsible by Design’ framework, which considers the five dimensions of people and planet, economic context, data and input, AI model, and task and output. Before beginning an AI project, we collect information against each of these dimensions and map them against the tenets of ethical AI, such as fairness, transparency, accountability, privacy, and security, and compute the “risk score” for the project. If the risk category for all the tenets, including data privacy, is acceptable, the project is initiated. In other cases, we recommend risk mitigation steps, or the project is rejected if there is no scope for improvement.

We recommend the following seven principles to safeguard personal information of individuals and ensuring that their data is collected, processed, and used in a responsible and ethical manner.

Informed Consent: Obtaining informed consent from users and allowing them to easily manage their data using generative AI tools empowers individuals to protect their privacy.

Data Minimization: Organizations should limit the collection and retention of personal data to the minimum necessary for the AI system's specific purpose to minimize the risk of unauthorized access or misuse.

Anonymization and Pseudonymization: Personal data should be anonymized or pseudonymized whenever possible to protect individual identities while still enabling meaningful analysis for AI applications.

Transparency: AI systems should be transparent about their data usage and processing methods. Individuals should have the right to know how and why decisions are made based on their data. Companies should conduct regular auditing for bias and discrimination, and design AI systems that adhere to ethical principles.

Accountability and Governance: Organizations using AI should establish clear accountability for data privacy and ensure compliance with relevant data protection regulations. Companies must implement anomaly detection and automation processes which can configure alerts to notify the security authorities. They should also conduct vulnerability assessments to test the company’s cyber security.

Data Security: Strong security measures must be implemented to protect data from breaches, unauthorized access, and other forms of cyber threats. Safeguards (such as data anonymization, access controls, and encryption) to protect personal data in a secure and privacy-compliant manner can limit control over and lessen the usage of data for nefarious purposes.

Fairness and Bias Mitigation: AI systems should be designed and trained to avoid biased outcomes that may disproportionately impact certain individuals or groups.

Innovation at the cost of privacy and security is bad business practice. Companies must find the right balance between experimenting new ideas and meeting regulatory requirements. This is important from an ethical point of view also. Companies must innovate to stay in the market, but at the same time ensure customers trust in them are kept intact, when they share any personal/sensitive information with them.

• Photo by Arthur Mazi on Unsplash