7. Embed data use responsibly

How to implement principle 7 of the Data Ethics Framework for the public sector.

Policy decisions informed by data can have significant social impact.

Put appropriate long-term processes in place to monitor policies developed using data analysis. This applies to both traditional regression and more advanced techniques like machine learning.

For any data use you need to determine:

  • the implementation plan, including ongoing agile iteration of your live service
  • sustainable and ongoing evaluation methods
  • the method for feedback into the data model, including when it’s necessary to retrain using newly collected data

This applies to both one-off projects and ongoing operationalised models, i.e. models which are used in running of government internal or public facing services.

Making policy with data

Monitoring and evaluating policies is an established process in government. The HM Treasury Magenta Book gives guidance on evaluation.

You should follow the ROAMEF (rationale, objectives, appraisal, monitoring, evaluation, feedback) cycle for policy development and tailor it to fit data projects. Depending on your intended data use and objective, data science could strengthen each stage of the classic ROAMEF cycle as detailed in Chapter 7 of the Magenta Book.

Long-term collaboration across disciplines (practitioners, service design, policy and operational staff) should ensure this cycle is managed appropriately and all potential factors impacting the model or insight are considered.

Designing or delivering services with data

Make sure you iterate and improve frequently, to meet point 5 of the Digital Service Standard. This means your process can be changed in response to policy changes or other factors.

Ensuring appropriate knowledge and support when deploying to non-specialists

To make sure data science is embedded responsibly, develop a plan to manage appropriate use of an operationalised model by non-specialists.

Operational or service staff must have sufficient knowledge or training to understand how to use a new system including a full interpretation of outputs. You must provide them with sufficient support to avoid the misuse of models. They must have an easy way to report any suspected erroneous behaviour. The development team must make sure all of this information is provided.

How the efficacy of the model will be monitored once deployed

You should be confident that your model won’t fail after being operationalised. To ensure this, development teams must advise on ongoing evaluation of models once deployed.

Any model may produce undesirable results under unusual conditions. Use the Futures Toolkit methods to consider potential risks and disruptions which could alter the performance of your model.

Who will be responsible for ongoing maintenance

HM Treasury’s Aqua Book recommends that most models have a Senior Responsible Officer (SRO). Models are likely to be handed from a technical team to a responsible policy or service delivery team. There should be ongoing communication between teams to manage the use of the model.

When to retrain or redesign a predictive model

When thinking about how regularly a model should be reviewed, consider:

  • how quickly the model or service affected by your work will scale
  • the likely impact of your model on citizens

Your model will have been trained on historic data. Once the model is deployed, it is reasonable to expect it to change how a service or policy is delivered. This will lead to new outcomes and new data, different from the historic data the model was developed with.

Factors external to the policy may also change the data gathered over time. Policy and practitioner teams should work together to identify:

  • which factors outside the policy are most likely to have an impact
  • how often models will need to be retrained to account for this or redesigned based on the impact

Monitoring personalisation or tailored service delivery

One potential opportunity of machine learning is tailoring services for individuals or groups to make them more effective (called personalisation). This may also fall under profiling (GDPR Article 22) and you will therefore need a lawful basis to do so.

If fewer choices are presented as a result of personalisation, monitor your model continuously to make sure it’s still personalising effectively without negative consequences. You should also be prepared to be transparent about this process as it is essential you can explain clearly how any algorithm is personalising information.

Algorithms in decision making

Under Article 22 of the GDPR you can only use solely automated processes to make decisions with legal or similarly significant effect about an individual if you:

  • have a specific lawful basis to do so
  • follow the data protection safeguards laid out in Article 22 of the GDPR and section 14 of the DPA 2018

When considering the role of algorithms in decision making, it’s important to not only consider a final decision but any potential automated decisions which played an important role in forming the final decision-making process.

Read the Article 29 Working Party guidance on automated individual decision making and profiling for more information.

Published 13 June 2018
Last updated 4 July 2018 + show all updates
  1. Data protection links updated.
  2. First published.