It shouldn’t come as any surprise, least of all to anyone who’s even remotely monitored the burgeoning big data ecosystem for the last couple years. The increasing quantities of data generated, the unequivocal majority of unstructured data, the growing number of external sources, and the quotidian nature of data breaches have directly led to today’s hyper-sensitive regulatory environment in which technologies designed to enlighten the enterprise—to empower and effect competitive advantage—now possess the potential to consume it.
It’s only natural that the capacity to automate the processing, production, analysis, and management of big data via cognitive computing dominated this epoch in which real-time transactions (in the cloud, via mobile technologies and e-commerce) became normative. The rapid dissemination of personally identifiable information (PII), the expansion of its definitions and inherent incongruities between regulations, were similarly logical conclusions of the same vector in which automation and decision-support were esteemed.
But when these same big data developments lead to issues of interpretability and explainability, when people or intelligent systems don’t consider why and simply rely on quantifiable algorithmic outputs with limited understanding of biases or their reasons, intervention—in the form of regulatory mandates and penalties—will also, quite naturally, arise.
Some are international in scope and jurisdiction, such as the oft discussed General Data Protection Regulation. Others are still being cultivated, like the California Consumer Privacy Act. Many are rigidly exacting in focus, such as the assortment of regulations pertaining to vertical industries like finance or healthcare.
Nearly all, however, are designed to protect and support the consumer, the data citizens whose lives and information are used to dictate, and in turn are dictated by, the regularization of big data.
The effect is a reconfiguration of how big data’s perceived, which will no longer be confined to popular conceptions of Artificial Intelligence, the Internet of Things and Blockchain, but the practicalities of their use, including:
- Interpretability and Explainability: Statistical cognitive computing models generate numerical outputs informing decisions for everything from personal finance to healthcare treatment. Correctly interpreting those numbers and understanding their derivation is increasingly difficult with complex neural networks and deep learning, which interest data scientists, regulators, and consumers “with all of these kind of black box solutions where you’re not sure exactly how the data’s being implemented,” Forrester Research Principal Analyst Brandon Purcell noted.
- PII and Privacy: Regulatory entities vary by country, industry, and state, exponentially multiplying the data classifications (such as PII) needed to satisfy them. Looker Chief Privacy and Data Ethics Officer Barbara Lawler observed there’s “data breach notification requirements across now all 50 United States.” Implicit to these regulations is a de facto shifting of ownership from organizations retaining data to the consumers whose data they possess, prioritizing privacy over accumulation.
- Automation Management: Monitoring, validating and governing cognitive statistical models that automate big data processes reinforces trust and data quality, necessitating organizations “look at the performance of those models and have the same governance on the release and changing of them as you have with the data itself,” ASG EVP of Product Management and Product Marketing David Downing said.
- Risk: With aspects of compliance, cybersecurity, data loss, user errors, perfidy, and legal concerns all comprising aspects of big data risk, it’s clear “keeping data is not always a good idea,” Hyland Marketing Principal Dennis Chepurnov acknowledged. Solutions include encryption and layered cloud approaches.
Each of these factors redefines big data’s meaning and implementation according to regulations, reflecting the emergent realization that, “We really do need to think about whether we’re creating these models in a way that treats people accurately,” Purcell noted.
Interpretability and Explainability
The issue of interpretability, and by extension, explainability, is the foremost challenge to the statistical variety of AI popular today. It’s also the most demonstrable means by which the intensified regulatory environment can constrict big data deployments, especially in verticals mandating model risk management like financial services and insurance. According to SAS Global Financial Services Marketing Manager David Wallace, the federally implemented SR 11-7 requires financial organizations “to show that they are managing and governing the use of the models, the creation of the models, [and] what data is used to feed the model.” Paradoxically, the cognitive statistical models with the greatest accuracy—involving deep learning and multifaceted, deep neural nets—are also the most difficult to explain or “to know what’s going on inside their model,” indicated Ilknur Kabul, SAS Senior Manager of Artificial Intelligence and Machine Learning Research and Development. For predictive models, interpretability denotes understanding “when the input came in, what was weighted, how was it weighted, and how did that affect the output,” SAS AI and Language Analytics Strategist Mary Beth Moore commented. Explainability is distinct in that it means “you generate more text, and more of a complex explanation,” Kabul said.
It’s possible to balance the dichotomy between transparent machine learning models and more accurate, yet opaque, advanced ones with the following interpretability and explainability measures:
- Leave One Covariate Out: This technique uses trial and error to individually preclude single variables from complex machine learning models and analyze the effect on their scores. Ideally, notable scoring differences inform the nature and importance of that variable. Nonetheless, “Machine learning tells you something, but if you don’t know the context around it, that number doesn’t mean anything,” Franz CEO Jans Aasman stated.
- Surrogate Modeling: By training a simpler model with the inputs and predictions of a complex model, data scientists analyze the importance of variables, trends, and co-efficients in the surrogate to infer how they affected the original. Local Interpretable Model-agnostic Explanations (LIME) is a surrogate model in which “you generate a regularized regression model in a local vision, you can generate it in a transformed space or an untransformed space, and you try to generate explanations using that,” Kabul said.
- Partial Dependence Plots: This approach “shows you the function of the relationship between your small number of multiples and your model prediction,” Kabul said. “So it measures all the inputs of the other model input variables, while giving you the chance to select one or two variables at a time.” By plotting these variables with visual mechanisms, modelers determine their influence on the model’s results and plot the average model prediction for each variable of a single model output.
- Individual Conditional Expectation: ICE plots are similar to partial dependence plots but offer detailed drilldowns of variables and “help us to find the interactions and interesting [facets] of the dataset,” Kabul mentioned. With ICE, modelers replicate the observation they’re seeking to explain with each unique variable, score it, and plot those results.
Interpretability and explainability are horizontal concerns, limiting the use of deep learning in certain verticals like healthcare, according to Aasman. Still, “if you’re highly regulated and transparency’s important, just pick a different algorithm,” Moore advised.
PII and Privacy
Privacy complications for big data stem not only from the tide of regulations, but also from the divers classifications compliance involves. Although PII’s the most ubiquitous, other classifications include Payment Card Information, Federal Tax Information, classifications for the National Institute of Standards and Technology’s various regulations, and vertical classifications like Protected Health Information. Oftentimes, satisfying classifications for one regulation doesn’t do so for others (such as PII for GDPR and for Arizona’s or California’s standards, for example). EWSolutions President and CEO David Marco observed classifications “may not even be at a data element level; it can be at a group level” in which certain data combinations subjects them to regulatory requirements not applicable to the individual datum. Worse, global organizations “operate across multiple [regulatory] jurisdictions and are not dealing with one regulation, but tons of different regulations,” ASG Chief Product Officer Swamy Viswanathan said.
The object of this unprecedented regulatory pressure is unambiguously trust—which is bifurcated to reflect ethics for consumers and pragmatism for organizations. “You can’t [overlook] the complications for the questions of ethics and transparency,” MassMutual Data Analyst Emad Taliep remarked. “Especially when you’re talking about something that explores the intersection of the policy we issued somebody based on health factors and…deciding how much the premium is.” Considering regulations and personal data in this regard fosters consumer trust in organizations. Conversely, the basis for complying with regulations and facilitating consumer trust is trusting one’s data for accurate classifications, tagging and cataloging for compliance. Looker CEO Frank Bien said, “We have to make that data reliable…we have to make sure that there’s some curation on top of it, that the data makes sense, the metrics are common; that it’s not a Tower of Babel.”
Managing big data for classifications and compliance frequently involves automated, as opposed to autonomous, systems. Astute change management from manual to automated processes necessitates “validating” them, or “even seeing if they need to be validated,” Hyland Technical Trainer 3 Robert Gratz explained. The requisite monitoring and governance of automated systems (and their models) increases data quality and accuracy. Common automation methods and validation approaches include:
- Unsupervised Learning: According to Viswanathan, certain algorithms for this type of machine learning “look for patterns, and then when they find a pattern signature they finds likes,” or data adhering to that pattern. Such algorithms are instrumental in automating classifications for regulatory compliance and augmenting Natural Language Processing.
- Model Governance: Although model governance is fairly broad and incorporates numerous approaches to ensuring quality model outputs, one of the most granular is to implement testing into models themselves. Looker Senior Product Manager Sondra Orozco described an approach “to bring unit tests into your model, to make sure that every change you make to your model continues to produce correct results.”
- Rules-Based Systems: The addition of rules and rules-based systems controls some machine learning automation, and descends from the multi-step reasoning, knowledge base AI side “that tries to assimilate human behavior by looking at the internal steps: the steps people take when they solve complicated tasks,” Aasman revealed. Rules can assist with supervised learning for categorization purposes, and are excellent for compliance because “some things have to be absolutes; they cannot be probabilistic,” Viswanatham said.
- Human-in-the-Loop: The entire notion of automation validation and monitoring automated processes revolves around the human-in-the-loop tenet, in which people supervise various cognitive computing processes for quality assurance. “Anytime there’s a space where accountability would come into play, that’s absolutely the place where a human would have to come in,” Moore posited.
Aside from regulations, big data risk include a seemingly interminable array of factors related to cybersecurity, e-discovery, data loss, underwriting, corruption, inept users, failure, chain of custody, and more. According to Chepurnov, that risk is codified according to technology and people, the latter of whom may “assume that IT and the security department are taking care of information security,” and shirk their responsibility for enterprise risk mitigation. The most arduous aspect of managing risk for big data is understanding—and documenting workflows that identify—“where does this data go, and how is it controlled and what vendors might be touching it”, ventured Looker Chief Security Officer Ryan Gurney. Breach and cybersecurity concerns are substantially decreased via the layered approach of cloud based paradigms (widely deployed for backups, too), especially when supplemented with forms of encryption, tokenization, masking, anonymization or pseudonymization.
Toeing the Line
The big data landscape is being inexorably molded by regulations, risk management, privacy, and transparency, which are so prevalent partially due to statistical AI zeal and what some consider an inordinate valuation of correlation. “Correlation is not causation,” Aasman cautioned. “There has to be a new trend to figure out why something happened, which is explainability.” As big data influences society more than ever, these postmodern restrictions raise poignant questions. “There’s benefits where people have a lot of data and can make better decisions, bring better services to people, and then there’s lines that shouldn’t be crossed,” Bien reflected.
Escalating regulations and legislation are delineating them now.
The post Caution: How Regulatory Pressure and Explainability Are Reshaping Big Data as You Know It appeared first on Work 2.0™.