Trustworthy data management for ethical and robust AI systems

Modern industrial revolution must be built on trust, transparency and accountability, where data collection, processing and use is protected. As technology, particularly artificial intelligence (AI), integrates further with business, the need for data management goes beyond mere compliance.

Data compliance adheres to external rules and regulations governing organisations across regions and sectors. Data management is an organisation’s philosophy, practice, policies and processes managing entire data processing life cycles. Security of personal and non-personal datasets is essential to a robust compliance ethos and resilient digital governance.

Safeguarding personal data under DPDPA

Most jurisdictions recognise the privacy of personal information as a right, and 137 countries have in place or are enacting data protection laws. In India, the Digital Personal Data Protection Act, 2023 (DPDPA) requires all data fiduciaries to comply with provisions governing personal data. Before processing data, they must obtain informed, specific and explicit consent or have a narrowly defined, purpose-specific legitimate use. Fiduciaries must get verifiable parental consent to process minors’ personal data and the consent of guardians of persons with disabilities.

Mechanisms must further data subject rights, including the correction and erasure of such information. Grievance redressal is mandatory. Technical and structural measures have to be in place to protect personal datasets. Fiduciaries must enter into and enforce appropriate contracts with processors.

The Data Protection Board set up under the DPDPA may impose fines of up to USD27.75 million for violations and require notification of all breaches, material or not, to affected persons. Non-compliance may result in significant financial and reputational damage.

Sectoral rules demand robust data management

Sectoral regulations may require stricter processing and information security. For example, the Reserve Bank of India’s digital lending norms and the Securities and Exchange Board of India’s cybersecurity and cyber resilience framework contain detailed directions for data collection, processing and its safeguards and emphasise fair processing, data minimisation, purpose restrictions, storage limitation and accountability throughout the processing life cycle. Data management practices must facilitate compliance preparedness and provide for harm-reduction procedures, should data breaches occur.

Processing of non-personal data is not regulated. However, the 2022 directions of CERT-In, India’s cybersecurity watchdog, require organisations to report suspected or actual data leakage, data breach and the unauthorised access to or use of data assets within six hours, where CERT-In may direct risk mitigation.

Laws enforce robust data management. However, businesses should view data management not merely as compliance, but also as a way of building trust. Robust and transparent data management practices, with defined accountability, demonstrate businesses’ commitment to data privacy, security and accuracy. Such measures strengthen stakeholders’ trust.

Trust-driven advantage through data management

Trust, fostered by robust data management, is a key driver of growth and competitiveness. Trust reduces risk, encourages collaboration and innovation and differentiates ethical businesses from those merely compliant. Treating data management as a strategic discipline yields lasting dividends from customers, employees, partners and markets. Management of personal data demonstrates a commitment to the privacy of a business’s data principals and builds credibility. Transparent and accountable data management practices for non-personal data assure their accuracy, integrity and origin.

Artificial intelligence depends on training datasets. Hence, quality data, clear ownership markers and consistent data management practices are vital. They prevent distortion and bias. Trustworthy datasets encourage collaboration between stakeholders by proving that data is processed responsibly.

Robust data management confers a competitive edge by fostering trust, removes data silos, provides reliable insights, improves customer experiences, boosts scalability and enables future compliance. Emphasising data origin, quality, access, security, retention and deletion, and incident response is key to unlocking such benefits.

Arun Prabhu and Arya Tripathy are partners at Cyril Amarchand Mangaldas. Associates Shikhar Sharma and Dylan Sharma assisted the authors.