Across our various R&D and advisory projects this year, the Open Data Institute (ODI) has been interested in better understanding sustainable and trustworthy data access. Our work has had a major focus on the concept of data institutions, but these twin needs of sustainability and trust are fundamental to any data access model. Without trust, data users will not access data that could otherwise further their goals; and without financial sustainability, that access eventually dries up.

This is especially true in the regulated sectors of banking, accountancy, legal and insurance (sometimes whimsically referred to as the BALI sectors) where data is very sensitive, and regulation and compliance are very strong. In these data ecosystems, we see that data flows are restrained both internally and externally due to the needs of legal compliance and fears of breaching regulation. Although we agree with the need for strict data protection and industry regulation, we are keen to explore ethical innovations in this space that would allow for a more dynamic ecosystem without reducing security and privacy or increasing harm.

RegulAItion and the AIR Platform

One organisation doing this is RegulAItion, a startup aiming to increase access to data and information in a secure and ethical way, with whom the ODI has been working to better understand data access in regulated markets. To accomplish these ends, RegulAItion developed the AIR Platform with the ambition to share data securely with automated and repeatable data governance mechanisms while remaining compliant with data privacy and security standards. Subsequently, Innovate UK awarded RegulAItion a grant that has allowed it to work with the ODI to test the market desire for the platform, alongside its ethical development.

RegulAItion and ODI have been collaboratively designing a research plan over the last couple of months. This research phase will engage with organisations across the BALI sectors to understand their key needs, barriers and ethical concerns regarding secure, privacy-preserving data access. We will also test if ‘data access’ is even needed, or if ‘insight access’, such as that enabled by federated learning, is just as useful to the market.

Besides the ODI, a handful of other organisations have joined the project as ‘soft collaborators’ that will be designing their own use cases based on their data access needs. These collaborators are: the regulator Financial Conduct Authority (FCA), banking and financial services provider Deutsche Bank, the accountancy firm Wilson Wright, multinational law firm Ashurst LLP and the open source risk modelling organisation, Oasis Loss Modeling Framework

Our research and preliminary findings

We have been testing our research questions among the ‘soft collaborators’ and other friendly organisations concerned with sustainable and trustworthy data access in the BALI sectors. Some of our preliminary findings include:

  • In order to test and implement new data innovations, organisations use a variety of anonymisation techniques on testing and modelling data, with synthetic data being popular across the board.
  • Organisations in these heavily regulated sectors tend towards a one-size-fits-all data access approach based on the strictest privacy and security requirements in the organisation. However, stakeholders believe that varying data access policies based on sensitivity of the data and privacy requirements could improve efficiency in data innovation internally and externally.
  • Data tends to be relatively siloed even within organisations, stifling the ability to drive business decisions beyond basic reporting. Adding to this, gaps in data skills and other capabilities, such as cloud proficiency, means that adoption of new processes to break down these siloes is slow.
  • Proof points in more digitally savvy parts of the business, such as in Business Services departments, are being used by other functions of the business to make the case for more investment in digital skills and processes.
  • Organisations use a variety of different terms – such as data sharing, data access, data transfer and more – and they rarely use them consistently. Broadly speaking, data sharing is perceived as something done externally and involves data leaving a boundary, whereas data access is more internal and data is seen as not moving.

At the end of this project, we will be openly publishing a report on our market research featuring our insights into the needs, barriers and opportunities for data access and sharing across the BALI sectors.

We have also been setting the foundation for an analysis into the data ethics of the AIR Platform by introducing the topic to RegulAItion. Our workshop in the new year will use both our Data Ethics Canvas and Consequence Scanning for product development. This workshop will surface the potential ethical concerns in developing different use cases for the platform, and help plan mitigations to avoid developing harmful features.

From January, we will be engaging in further interviews and workshops to gather a variety of views across the industry. If you are in the banking, accountancy, legal, and insurance sectors, and especially if you are a small and medium-sized enterprise, we invite you to take part in the second phase of research.

If you are interested in this project and our wider research on sustainable data access please get in touch by emailing [email protected].