There are many industries that have completely transformed from the use of data. If we take, for example, the revolution taking place internationally in the financial sector, with Open Finance, it seems crazy to doubt the value of using data in economics and innovation.
That said, it is necessary to draw attention to the “abusive” consumption of data, as it is possible to notice that, in the midst of this “enchantment” with information, many business areas end up developing a kind of “data-dependence”. Thus, it is worth for organizations to assess whether this phenomenon, under the pretext of producing greater and better results, has not caused:
- Regulatory risks: can arise from the unrestrained use of data, especially those of a personal nature. Globally, there is a growing trend towards regulation of personal data processing activities carried out by private and public organizations. In Brazil, last year, Law No. 13.709/2018, better known as the General Data Protection Law (LGPD) entered into force. In August, this law was “enhanced” with the possibility of the National Data Protection Authority applying penalties to processing agents who do not respect the rules, which can range from fines and orders to delete data or stop activities, among others . In addition, the pandemic has given rise to a flurry of security incidents involving data, so retaining more data than needed means attracting greater risk to the business. And with that, we join the next threat.
- Reputational risks: in parallel with regulation, there is an increase in individual concern with privacy and data protection. Thus, more than mere compliance with the law or regulation, data care becomes essential as a value and market differential. Failure to convey confidence in this plan can lead to the marginalization of the business, either as a result of the behavior of consumers, directly, or of other organizations that deal responsibly with the matter and start to reject risky situations. Therefore, how responsible it is in relation to the topic is a relevant part of an organization’s reputation. In this sense, studies show that companies victims of incidents signal a significant drop in the value of their shares, and every day there is a new story, which appears on the covers of newspapers, of a reputational crisis as a result of controversies involving the use of data.
- Unnecessary costs: the rush “for gold” (for data) hides operational risks as well, even though the cost of storing information is quite affordable today. There are a number of cases in which the business area acquires data, without further reflection, often duplicating services contracted by other areas, causing an unnecessary increase in costs. Sometimes, even due to dependence, areas can make a poor judgment about the real need or usefulness of the data they acquired and end up falling into the error of thinking that “it is always better to have than to give up”.
- Fall of the innovative impulse: a final counterpoint to the “data-driven” culture is the fact that relying exclusively on data analysis (momentary factual situations), in addition to containing the risk of making false correlations and predictions, can cause a a certain laziness on the part of business operators and thus slowing down the use of creativity and critical thinking — essential components of innovation. In this context, despite its undeniable value, data can end up becoming a crutch and, thus, gradually diminish the organization’s capacity for innovation.
It is not intended here to discourage the use of data that, as we have seen, is essential for the advances we want in the economy and in our lives. However, it is necessary to preach the use of balanced data and aligned with values of justice, ethics and dignity, including in favor of the business, to avoid the dangers mentioned above.
You know how it is: they say that, in excess, even water is bad…
Paulo Vidigal, columnist of TechWorld, is a partner at Prado Vidigal, specialized in Digital Law, Privacy and Data Protection, certified by the International Association of Privacy Professionals (CIPP/E), postgraduate in an MBA in Electronic Law from Escola Paulista de Direito, with an extension in Privacy and Data Protection from Mackenzie Presbyterian University and in Privacy by Design from Ryerson University.