When we think of assets, tangible items such as cash, gold and properties typically come to mind. Even with intangibles, the common choices would be shares, IP and software, write Anita Basi, Alex Ha Kyung Kim and Bella Phillips, associates at law firm Pinsent Masons LLP, for The Stack.
The phrase “data is the new oil” has been used exhaustively by industry experts for the past decade, but are businesses giving their data as much attention and importance as a valuable and strategic asset?
Artificial intelligence (AI) is an important focus area for forward thinking businesses. It is now firmly in the spotlight in particular with news around ChatGPT, other generative AI and the UK Government’s AI White Paper signalling its intention to continue investment in AI innovation, research and development. Businesses are investing in the development and use of AI technology. Yet, although AI technology is fuelled and trained by assimilation of data, data remains an asset that many businesses underutilise and underestimate its value.
There is no time like the present for businesses to shift mindsets, identify the sources of valuable data in their organisations, and consider how to maximise the value of that data to transform their business functions and customer experiences and to identify opportunities for its commercialisation.
Data as an asset: The different stages of businesses and their data strategy
Developers of machine learning tools (the main form of AI in use today) use inputs (“training data”) to train their tools to complete tasks and make decisions (e.g. voice, text and image recognition). The potential applications of these systems are only as effective as the quality of the data with which such tools are trained. It is vital that developers and users of AI tools consider what rights might exist in the datasets proposed to be used to train or continue the learning of the AI tools, and how they may be protected, before using them as inputs in machine learning projects.
Becoming a data-focused business
The more valuable data that a business generates, the more options that become available to commercialise the data in ways that will create competitive advantage, streamline internal processes, and improve customer offerings. Establishing a data-focused culture within the business is vital to make use of those opportunities. A business can be data rich, but have a low level of data maturity if it does not have processes to identify, capture, and protect this data. Understanding the business’ data maturity is key to determining its approach and strategy.
In any data strategy it is essential to determine what data can be shared with or without permission, and what data can never be shared (e.g. valuable trade secrets); who owns or has rights in the data; its source; and any licensing terms and use and/or confidentiality restrictions that apply. Records should be made of financial, human and technical resources invested in collating the data and any databases created as a result. If external developers are involved, it is key to consider terms in place with such developers including who has rights in the data and databases and liability if something goes wrong.
See also: Former TSB CIO first to be fined under senior managers regime
Employees should be trained in the identification, capture and protection of valuable data. Training for individuals in their day to day roles is as important as it is for those who whose role it is to process valuable data, such as data scientists.
Given the significant contribution that data can make, businesses should re-assess the robustness of their security measures currently in place (wider use of encryption perhaps?) and continue to do so on a regular basis. What may be considered appropriate today may be outdated by tomorrow given the pace of technological change nowadays.
Once a business understands its rights in and responsibilities for its data, it must also take account of these in its contracts with partners, customers and suppliers.
How can a business use and commercialise valuable data?
One way to utilise the value of data is through data analytics, analysing raw data to identify patterns and draw conclusions, and to increase the value (and identify potential uses) of individual data sets. Data analytics may also shape research and development strategies, build marketing campaigns, develop customer relationships, build digital products and technologies and competitive positions in the market. If the results – and/or the tool used to conduct the analysis - is valuable enough, a business could monetise this by licensing it out to third parties for a fee.
A key challenge is how to share and exploit data without risking loss of control. Most technology suppliers will want to use their customers’ data for their own commercial uses, and many customers might be prepared to agree to this, so long as any developments and improvements relate to the products and services that they are receiving. When contracting with suppliers, it is important to balance the need to innovate and create with what might go wrong, and agree appropriate limitations on how suppliers can use data they have derived through the use of the business’ datasets, along with the business’ dataset itself.
Where collaborating with other businesses, one possible solution to maintaining control over data could be to establish a data trust, a legal structure that provides independent stewardship of data for an agreed purpose. Access to and use of data within a data trust is governed by an agreed set of overarching rules, supported by contracts or codes of conduct.
What about GDPR?
If the relevant data falls within the category of personal data (i.e. information that identifies or can identify an individual), then the data protection laws apply to the way the business uses the data. Discussing the potential data protection compliance issues around the use of data, especially within the context of AI, is a topic in itself. Businesses should look to achieve compliance around the strategic use of their data from the outset (or just as early as possible). Trying to retrofit data protection compliance after the strategy has been executed can be very tricky and may lead to a situation where historical data has to be taken out of the equation altogether because using it would be non-compliant. This is mainly because the purpose for which the data was originally collected may be significantly different to the way the data is going to be used under the new “data-as-an-asset” strategy, so different that using the historical data would mean breaching the data protection laws. Becoming the subject of regulatory enforcement action by the ICO (the UK data protection regulator) can result in paying fines, being ordered to stop processing personal data and incurring reputational damage as a result of the enforcement action being made public.
Conclusions
The recognition of the value of data and its commercialisation within and outside of AI and other digital tools is a very fast developing area. Recognition of its value is resulting in some tension between the hunger to process large quantities of data at speed to develop stronger AI tools and greater business efficiencies, and rights owners seeking just rewards for the use of their data. The position is evolving in the development of bespoke contracts, issues coming before the courts for decision and potential changes to our legal frameworks.