Balancing Innovation with Accountability in a Data-Driven World

1. What do you think about the relationship between technology and ethics?

Every technological advancement creates two things simultaneously: opportunity and responsibility. In my view, technology and ethics are not competing priorities; they are complementary forces that enable sustainable innovation.

Technology helps organizations improve efficiency, create new business models, and deliver better customer experience. However, without ethical principles, those same innovations can create risks relating to privacy, fairness, security, and trust. Throughout my career, I have observed that organizations focusing only on innovation may achieve short-term success, but organizations that balance innovation with ethical responsibility are the ones that achieve long-term sustainability. Ethics acts as a compass that guides technology toward outcomes that benefit both businesses and society.

Today, technology influences how decisions are made, how personal information is handled, and even how opportunities are distributed. Therefore, discussions about technology must also include accountability, transparency, fairness, and human values. The future belongs not only to organizations that innovate quickly, but to those that innovate responsibly.

2. Why is personal data so important in this discussion?

Personally Identifiable Information (PII) is directly connected to an individual’s identity, privacy, safety, and dignity. What may appear to be simple information such as a phone number, email address, or home address can reveal significant details about a person when combined with other data.

Sensitive information (sensitive PII), such as medical records, financial details, or biometric information, requires even greater protection. If such information is exposed through a cyber incident, it can result in financial loss, discrimination, reputational damage, or other forms of harm.

When people share information with an organization, they are placing trust in that organization. Companies therefore have a responsibility to be transparent about what data they collect, why they collect it, and how it will be used. Personal data protection is not merely a technical obligation; it is a commitment to ethical conduct and customer confidence.

3. How should organizations treat privacy and human rights when using AI?

Organizations should view privacy and human rights as foundational principles rather than compliance requirements.

In the age of Artificial Intelligence, decisions are increasingly influenced by algorithms trained on large volumes of data. If that data contains bias, inaccuracies, or gaps, the resulting decisions may unintentionally discriminate against individuals or groups.

AI systems should therefore be explainable, auditable, and subject to appropriate human oversight. Critical decisions relating to employment, healthcare, finance, education, or public services should never rely solely on automated outcomes without human review.

Organizations should establish AI governance frameworks that clearly define accountability, monitor risks, and ensure compliance with legal and ethical standards. Beyond compliance, businesses must recognize that privacy is a fundamental human right. Individuals should maintain control over how their personal information is collected, processed, stored, and shared.

4. From your experience, what are the most common legal and ethical risks companies face today?

While data breaches remain one of the most significant risks, today's organizations face a much broader risk landscape.

Cybersecurity threats continue to evolve through ransomware attacks, phishing campaigns, insider threats, and supply-chain vulnerabilities. Organizations are also exposed through third-party vendors that may not maintain equivalent security standards.Another growing concern is excessive data collection. Organizations sometimes gather information simply because technology allows it rather than because it serves a legitimate business purpose. This increases both compliance obligations and risk exposure.

AI-related risks, including algorithmic bias, lack of transparency, and misuse of personal information, are also becoming increasingly important. Ultimately, the greatest risks are often not technical; they arise from weak governance, inadequate awareness, and poor decision-making.

5. How should companies prioritize personal data protection when building security systems?

When discussing data protection, I often use a simple framework: People, Process, and Technology. Organizations frequently invest in security technologies such as encryption, access controls, authentication mechanisms, and monitoring platforms. These controls are important, but technology alone cannot guarantee security.

Employees must understand their responsibilities and recognize potential threats. A single successful phishing attack can bypass sophisticated technical controls if awareness is lacking.

Organizations should adopt both Security by Design and Privacy by Design principles, embedding protection mechanisms into business processes from the outset rather than adding them later. Sustainable security is achieved when technology, governance, and culture work together.

6. How can businesses balance data-driven decision-making with privacy?

Data-driven decision-making is essential for modern organizations because it enables better planning, improved customer experiences, and operational efficiency. However, data usage must be balanced with privacy obligations.“Purpose limitation” is a key principle. If data is collected for one specific purpose, it should not be repurposed without proper justification and consent. Transparency is equally important, ensuring individuals understand how their information is being used.

Organizations should also apply data minimization practices by collecting only the information necessary to achieve a legitimate objective. Responsible data governance allows businesses to leverage analytics while protecting individual rights and maintaining stakeholder confidence.

7. What challenges exist in enforcing data protection laws?

One of the most significant challenges is the pace of technological change. Emerging technologies such as Artificial Intelligence, cloud computing, IoT, and cross-border data ecosystems evolve much faster than regulatory frameworks.

Organizations increasingly operate across multiple jurisdictions, creating complex compliance obligations. A single transaction may involve data stored in one country, processed in another, and accessed from several different locations around the world.

Sri Lanka already has important legislation, including the Personal Data Protection Act No. 9 of 2022, Computer Crimes Act No. 24 of 2007, Electronic Transactions Act No. 19 of 2006, and Intellectual Property Act No. 36 of 2003. However, success depends not only on legislation but also on organizational maturity, regulatory awareness, and a culture of accountability.

8. What role does leadership play in privacy, accountability, and transparency?

Leadership plays a decisive role in determining whether privacy and ethics become organizational values or merely compliance obligations.

Culture is shaped from the top. When leaders consistently demonstrate commitment to privacy, transparency, and accountability, employees are more likely to embed those values into their daily work.

Effective leaders allocate resources for governance, risk management, awareness programs, privacy impact assessments, and continuous monitoring. They ensure privacy and security considerations are included during strategic planning and project design rather than after implementation.

Ultimately, leadership is responsible for balancing innovation, compliance, customer expectations, and business objectives. Organizations that achieve this balance are better positioned to build sustainable trust and long-term success.

9. Have you experienced incidents that changed your perspective?

One lesson I have learned throughout my career is that trust can take years to build and only moments to lose.

I have observed situations where customers shared information with a trusted organization and then unexpectedly received communications from unrelated parties. Regardless of the root cause, customers immediately questioned how their information had been handled.

Experiences like these reinforced an important principle for me: privacy is not purely a technical challenge. It is equally about governance, accountability, process discipline, and ethical behaviour. Even simple operational failures can have significant consequences for customer confidence and organizational reputation.

10. What advice would you give to Gen Z students pursuing technology careers?

My advice to Gen Z is simple: embrace technology but never stop thinking independently.Artificial Intelligence will continue to transform how we learn, work, and solve problems. Use it as a powerful tool, but do not allow it to replace your curiosity, critical thinking, creativity, or judgement.

Develop both technical and human skills. Technical knowledge may open doors, but qualities such as integrity, communication, adaptability, empathy, and ethical decision-making will determine how far you progress.

I believe cybersecurity, privacy, digital governance, and responsible AI will become some of the most important disciplines of the coming decade. Learn technology deeply, stay curious, think critically, and never lose the human values that give technology its true purpose.