Cybersecurity and Data Protection
Description
The company only collects the minimal data required for its legitimate commercial purposes and is committed to the protection of employee, customer, supplier, and other data. Through policies, procedures, culture, and decision-making, the company and its representatives ensure the prevention of data misuse or unauthorised use. The company respects data sovereignty and maintains and follows clear policies regarding data ownership and data use authorisation, particularly for data about the company’s social and environmental context. The company has robust and safe Records and Data Management systems and practices. The company actively considers the ethical implications of machine learning, when relevant.
Share this Subissue on:LinkedIn
Resources
Artificial Intelligence and Machine Learning
Ethics guidelines for trustworthy AI
The High-Level Expert Group on AI has created ethics guidelines to promote trusworthy artificial intelligence (AI). According to the guidelines, trustworthy AI should be lawful, respecting all applicable laws and regulations; ethical, respecting all ethical principles and values; and robust, from both a technical and social environmental perspective. This guidance introduces seven key requirements that AI systems should meet in order to be deemed trustworthy and highlights assessment criteria to verify these requirements are being met. This is an importance resource for senior leaders, technology experts, and sustainability change agents of any large organisation that is considering developing and/or implementing AI into their operations. The High-Level Expert Group on AI was set up by the European Commission, the principles and recommendations of their guidance are applicable to every business regardless of industry or geography.
OECD AI Principles
These principles promote use of AI that is innovative, trustworthy, and respectful of human rights and democratic values. They consist of five value-based principles: inclusive growth, sustainable development and well-being; human-centred values and fairness; transparency and explainability; robustness, security, and safety; and accountability. This resource also includes key recommendations for policy-makers. These principles will be useful to anyone involved in procuring or implementing AI technologies, as well as for leaders who want to build a better understanding of ethical principles and practices.
Discriminating Systems: Gender, Race, and Power in AI
This report from AI Now Institute can help you understand the diversity crises in the AI industry and the risk of bias it creates for those using AI tools. The report explains how AI tools suffer from systemic (gender and racial) bias, and quantifies the large and stagnant workforce diversity imbalance in the field of AI. It explains how this lack of diversity creates biased AI systems that negatively impact under-represented groups. It also explains the lack of progress made by existing efforts to address the issue, and provides recommendations for taking a new approach. This report will be most useful to IT, sustainability, and HR teams, or anyone implementing or developing AI tools.
AI & The Future of Work: What Every MBA Needs to Know
This primer provides a helpful high-level summary of artificial intelligence that will benefit executives, board members, and other business leaders. It explains the concept and types of AI, as well as their impact on workers; highlights the risks of data bias and insecurity, privacy concerns, and regulatory risks; and examines the opportunities, such as those related to workforce training and collaborative machine-human applications.
Artificial Intelligence: A More Intelligent Future
This executive brief from Project Breakthrough can help you better understand the potential of AI technology to address sustainability challenges. It provides a succinct overview of AI and examples of how it can be used; outlines AI’s potential positive impacts and how they link the SDGs as well as the potential negative impacts; and highlights how AI’s automation and analytical power may enhance business model sustainability. These insights will be particularly beneficial to senior leaders and to sustainability professionals that want priming materials for executives and boards.
Other Resources
Global Data Privacy and Cybersecurity Handbook
This comprehensive resource can help you to navigate the global landscape of data protection, privacy and cybersecurity laws, regulations, and guidance. Updated annually, this handbook provides detailed overviews of a broad range of topics, and allows for sophisticated comparisons of jurisdictions. This resource will be of particular use to information technology and security professionals and legal teams.
Data Privacy Handbook: A starter guide to data privacy compliance
This concise resource from PwC can help you to become better acquainted with data privacy and to get started on improving your data privacy practices. It explains why data privacy is important, highlights key concepts and principles of data privacy, and unpacks a ten-step framework for creating an effective data privacy programme. This is a good primer for change agents, leaders, and compliance and legal professionals.
Securing the Modern Economy: Transforming Cybersecurity Through Sustainability
This paper from Public Knowledge can show you why cybersecurity should be treated as a sustainability issue. It begins by offering a broad definition of cybersecurity and its role in protecting trust in - and security of - digital infrastructure, including the internet. It then highlights how cybersecurity faces challenges that are parallel to the sustainability field, such as short-termism, tradeoffs, and a lack of resilience. The paper recommends that organisations draw on sustainability management practices to help address these cybersecurity challenges, and outlines the broader implications of cybersecurity for national security and the digital infrastructure that today’s economies rely on. This resource would be helpful for both IT leaders and sustainability professionals.
ISAO 300-1: Introduction to Information Sharing
This guide from ISAO Standards Organisation can help you understand how to address cybersecurity risks through information sharing, including both ad hoc and structured activities. This guide presents a conceptual framework for joining or forming a formalised Information Sharing and Analysis Organization (ISAO) with other organisations in your sector. It explains information sharing concepts, the types of cybersecurity information you may want to share, how to facilitate information sharing, as privacy and security concerns. The resource will be most useful to IT professionals or others responsible for managing cybersecurity risks.
Framework for Improving Critical Infrastructure Cybersecurity
This framework from the National Institute of Standards and Technology (NIST) can help you better manage cybersecurity risks. It provides a common language and systematic methodology for managing this risk, and features a three-component framework. The “Framework Core” unpacks five pillars of a holistic cybersecurity program (Identify, Protect, Detect, Respond, and Recover); the “Implementation Tiers” help you to prioritise your cybersecurity program activities, as per your goals, risk appetite, and budget; and the “Profiles” section helps you to identify areas to improve.
To see how other organisations have implemented the framework, see the “Success Stories” page.
7 Pressing Cybersecurity Questions Boards Need to Ask
This article can help you to assess your board's understanding of cybersecurity, raise awareness on the issue, and prioritise action. The article highlights five key things directors need to know about cybersecurity, as well as seven questions you can ask to make sure your board understands how cybersecurity is being managed.