“Digital trust is a necessity in a world where digital technologies support and mediate virtually all economic transactions, social connections and institutions,” said Earning Digital Trust: Decision-Making for Trustworthy Technologies, a report published by the World Economic Forum (WEF) in November of 2022. The report defined digital trust as “the expectation by individuals that digital technologies and services –- and the organizations providing them –- will protect all stakeholders’ interests and uphold societal expectations and values.”
But, the report noted that “trust is significantly eroding on a global scale. In order to reverse this trend, leaders and organizations creating and implementing new technologies and digital services must make decisions that are worthy of trust.” To address this challenge, the WEF launched the Digital Trust Initiative in 2021. The Initiative convened an interdisciplinary group of over 60 experts and leaders in privacy, cybersecurity, law, technology ethics, and other fields. The group was asked to establish a consensus among key stakeholders on the meaning of digital trust, as well as to come up with measurable steps to make better, more trustworthy decisions regarding new technologies and digital services.
Digital Trust Framework
The Digital Trust initiative aims to shed light on a key question: How can leaders make better, more trustworthy decisions regarding technology? To help address this question, the report introduced the digital trust framework, a decision-making guide for leaders based on three shared goals or values: security and reliability; accountability and oversight; and inclusive, ethical, and responsible use. The framework explains how each of these three goals supports decision-making that earns the trust of the organizations’ stakeholders. Let me discuss each of the goals.
Security and reliability: “An organization’s technology and data are well-protected against internal and external attacks, manipulations and interruptions while operating as designed according to a clearly defined set of parameters."
For much of history, the protection of our identities and data has been based on face-to-face interactions and on physical documents and processes. But, the transition to a technology-based digital economy requires radically different protection systems. In a world that’s increasingly governed by digital transactions and data, our existing methods for managing security, privacy, and reliability have proved inadequate. Data breaches, large-scale fraud, and identity theft have become more common. In addition, a significant portion of the world’s population lacks the credentials needed to participate in the digital economy.
“As the world has become more digital, reliable functionality, connectivity, and protection against harm (e.g. protection of personal or proprietary information) have become fundamentally important to the continued functioning of businesses, entire economies and many social interactions. Technology users expect digital services and products to meet their expectations and to protect the data they entrust to the service or product (and thus the provider of the service or product). … The reliability of digital services and products is thus deeply intertwined with the trust that individuals put in them and the provider of the services and products.”
Accountability and oversight: “Responsibilities for trustworthiness are well-defined and clearly assigned to specific stakeholders, teams or functions along with provisions for addressing where those responsibilities fail to be satisfied. Further, means are in place to ensure that rules, standards, processes and practices are followed and performed as required. … Good accountability and oversight also ensure that harms experienced by end users, citizens and consumers can be effectively remediated.”
Inclusive, ethical and responsible use: “An organization designs, builds and operates its technology and data as a steward for all people, society at large, the natural environment and other stakeholders, with the overall intent to ensure broad access and use resulting in ethically responsible outcomes. This goal also means the organization works to prevent and mitigate exclusionary practices or other harms. … By committing to inclusive, ethical and responsible technology uses, organizations build trust by meeting citizens’ and consumers’ expectations while abstaining from harmful uses.”
Dimensions of Digital Trust
The digital trust framework defines eight dimensions against which the trustworthiness of digital technologies can be evaluated: cybersecurity, safety, transparency, interoperability, auditability, redressability, fairness and privacy. These dimensions play an important role in the trust relationship between an individual and an organization. Let me summarize each of these dimensions.
- Cybersecurity is focused on the security of digital systems – including underlying data, technologies and processes. “Effective cybersecurity mitigates the risk of unauthorized access and damage to digital processes and systems, ensuring resiliency. It also ensures the confidentiality, integrity and availability of data and systems.”
- Safety encompasses efforts to prevent harm (e.g. emotional, physical, psychological) to people or society from technology uses and data processing. “Safety is a core aspect of the social norms and goals that digital trust is designed to uphold and protect.”
- Transparency requires honesty and clarity around digital operations and uses. “Enabling visibility into an organization’s digital processes reduces the information asymmetry between an organization and its stakeholders.”
- Interoperability is the ability of information systems to connect and exchange information for mutual use without undue burden or restriction. “Interoperability enables many individuals and organizations to collaborate on and improve technology.”
- Redressability represents the possibility of obtaining recourse where individuals, groups or entities have been negatively affected by technological processes, systems or data uses.“Designing avenues for recourse and having processes and culture to provide redress builds trust by maximizing agency,” and “demonstrates an organization’s respect for the individual and their interests, needs and expectations.”
- Auditability is the ability for both an organization and third parties to review and confirm the activities and results of technology, data processing and governance processes. “Auditability serves as a check on an organization’s commitments and signals the intent of an organization to follow through on those commitments.”
- Fairness requires that an organization’s technology and data processing be aware of the potential for disparate impact and aim to achieve just and equitable outcomes for all stakeholders, given the relevant circumstances and expectations. “Defining what is fair in a given scenario is ultimately a subjective decision. It requires balancing questions of equity, equality, consistency and many others.”
- Privacy, for individuals, is the expectation of control over or confidentiality of their personal or personally identifiable information. “Privacy serves as a requirement to respect individuals’ rights regarding their personal information and a check on organizational momentum towards processing personal data autonomously and without restriction.”
Digital Trust Roadmap
In addition, the framework includes a roadmap to help align the actions of decision-makers with the individual and societal expectations that will earn their digital trust. The roadmap consists of four steps: commit and lead, plan and design, build and integrate, and monitor and sustain. Let me summarize each of these steps.
Commit and lead. A commitment to digital trust must include all the disparate functions and stakeholders of an organization. A digital trust proposal must articulate a clear strategy and vision, as well as a compelling and thorough business case that carefully explains the benefits of embracing digital trust to the organization’s strategy, reputation, and core values. To succeed, the proposal must be supported and endorsed by the organization’s highest levels of leadership, including the CEO, senior executives and board members.
Plans and design. The organization must make its case by identifying the current-state of its digital trust capabilities, including an assessment of its gaps against the framework’s requirements. Such a digital trust gap assessment should specify the tasks, resources, and expertise required to improve the current capabilities.
Build and integrate. Building digital trust capabilities requires specific actions in three key areas:
- people: identify the necessary leadership and behavioral changes, workforce skills, and communications and training strategy;
- process: establish the required new policies, practices, procedures, and information management; and
- technology: build the necessary tools to enable the adoption, management and success of the organization’s digital trust program.
Monitor and sustain. Even after the successful implementation of a digital trust program, efforts will still be required to ensure its continued effectiveness, especially as digital trust transitions into a business- as-usual organizational component.
“By cultivating digital trust, leaders will ensure that the benefits of digital technologies are more widespread and available to a wider segment of the globe than ever before,” said the WEF report in conclusion. “In the end, earning digital trust is a responsibility shared by companies, governments, civil society and all individuals. The digital trust framework begins the work of meeting that responsibility.”
Comments