What about responsible tech program design?
Over the past decade, baseline requirements for building data-driven tech responsibly have shifted dramatically.
What changed?
Well, a lot. Among other things, the Cambridge Analytica scandal became a household reference; GDPR and privacy starred in dozens of mainstream news stories; and digital tools and apps infiltrated every corner of our lives.
What does this mean for organizations building data-driven tech?
For one thing, it means expectations are higher. In addition to quality and utility, people expect some degree of privacy protection, cybersecurity, and transparency as a baseline. These expectations and more are increasingly codified, and tech and data policy continues to evolve. Expectations also come in the form of consumer preferences and public opinion (here is one of my favorite recent examples).
This is why responsible tech programs are quickly becoming a must-have. As it turns out, though, these programs aren’t easy to build. They are cross-functional, multi-disciplinary, dynamic; they are technical, legal, strategic, operational, and more. And organizations have no choice but to figure it out.
What does a ‘good’ responsible tech program look like?
There is fantastic guidance and commentary on the substance – the ‘what’ – of responsible tech programs (e.g., risk frameworks, guidelines, principles). I’ve also started to see more commentary on functions, roles, activities, and best practices organizations should adopt.
But one gap I’ve been thinking about a lot over the past decade or so is guidance on designing a responsible tech program that both scales and ages well. To me, this means a program that:
Keeps up with the external landscape (laws, societal norms, etc.)
Aligns incentives across functions
Clarifies responsibility and accountability across functions
Transcends cross-functional cooperation and drives cross-functional collaboration
Has a sustainable FTE forecast (another way to look at this one: how large do you really want your, e.g., legal or compliance department to be 3 years from now?)
Includes iterative capability gap assessments and development
Recognizes people as program drivers and accordingly models the program’s teams as humans – not cogs in a system – which means leadership considerations like engagement, org design, professional development, etc. are key
Based on what I’ve seen, the last bullet seems easiest to forget (or ignore?) because it usually isn’t functionally critical. But the last bullet also tends to be the difference between an effective responsible tech team over time, versus a team constantly fighting burnout, morale, competence, and productivity battles.
With all that in mind, I’ve been brainstorming a responsible tech program maturity model, in the form of a grading scale. I’m excited to share my brainstorm soon!!
In the meantime… what do you think?
What responsible tech program models do you think are most effective? What are the pros/cons of the models you’ve seen, and what are the gaps we need to work on? Would love your thoughts!