Risk Management and Design Thinking
Risk concepts continue to grow in prominence, both in understanding challenges across a wide range of disciplines and identifying solutions to address those challenges. However, to date, there have been few attempts to create concrete methodologies to harness the value of risk thinking to adapt and strengthen solutions. Conversely, the field of design thinking is built on a core framework of iterative problem definition and problem solving, developed through cycles of gathering, analyzing and conceptualizing relevant solutions within a human centered complex problem area. Design thinking, and design processes, bring a structured innovation approach to any problem through engaging with methods and tools to empathize and understand peoples lived experiences, create human-centered solutions, and de-risk failure through prototyping.
In this Initiative, the Center is collaborating with Drexel’s Westphal College of Media Arts & Design and Penn Medicine Center for Health Care Innovation from the University of Pennsylvania Health System. With a multidisciplinary team, the research combines existing approaches to risk and risk management with core design thinking principles mentioned above to provide a new hybrid methodology to address risk across a wide variety of disciplinary problem solving scenarios. By interweaving design theory and process into existing risk frameworks, our goal is to derive a novel praxis of communicating and addressing risk that can be leveraged to rethink difficult problems and create more robust and effective solutions within multiple disciplines.
Specifically, this research project within the healthcare industry explores the congruence possible within risk consideration and design thinking to synthesize a novel and workable framework that can be expanded to additional sectors and industries. Drawing on past research on applying risk to identify healthcare challenges, our research expands the use of risk by incorporating design methods such as contextual inquiry, problem identification, and rapid validation to test assumptions about challenges and potential solutions.
- D.S. Nicholas, NCIDQ, AIA, LEED GA, EDRA, Director, MS Design Research; Assistant Professor, Drexel University, Westphal, College of Media Arts and Design
- Matthew Van Der Tuyn, MA, Director of Design and Strategy, Penn Medicine Center for Health Care Innovation, University of Pennsylvania Health System
Ethics and Legal Implications of Artificial Intelligence
Systems and technologies across industries increasingly leverage Artificial Intelligence (“AI”) to improve outputs and generate next-level data. This research explores the ethical and legal issues presented by artificial intelligence and autonomous machines. Merging a multi-disciplinary approach, this research project combines the technical and legal perspectives to understand the ways in which the law can better frame the discussions in the future use and development of AI, and its impact on society and individuals.
As part of this research, the team will be co-teaching a joint course for the Drexel University, Pennoni Honors College that works with students to explore the nuances of AI, the complexity of the technology, and the impact of the law.
- Steven Weber, Professor and Department Head, Electrical and Computer Engineering, Drexel University, College of Engineering
Genetic Data and Privacy
As genetic databases grow in number and size, they are amassing huge troves of highly personal information on large numbers of people. The genetic testing that feeds information into these databases was once confined to the diagnosis and treatment of a few inherited diseases, but it is now used in a variety of clinical settings and is directly available from commercial companies for anyone interested in tracing their ancestry.
The proliferation of stored data poses substantial privacy risks. Hacking and leaks are ever-present threats, and while databases usually maintain information anonymously, tech-savvy data analysts are finding it increasingly easy to de-anonymous it. And it is not always clear who ultimately owns the data and has rights of access. For example, who can access the information in a commercial company’s database (such as those maintained by 23andMe, Inc. or Ancestry.com, LLC) if the company is acquired by or merged with another one?
Even more concerning is that the risk of disclosure extends to individuals beyond those who contribute their data. Genetic information reveals attributes of relatives, even distant ones. The Golden State Killer case in California and many subsequent criminal investigations have demonstrated the power of genetic databases to identify a data subjects’ distant relatives who have no way of knowing that information about them has been collected.
There are laws that address some of the disclosure risks surrounding genetic data, but the protections they provide are limited. In clinical settings, the Health Insurance Portability and Accountability Act (commonly known as HIPAA) limits unauthorized disclosure of medical information. but only by medical personnel and insurance companies. It does not apply to commercial database companies and others who may have access to data. In research settings, Institutional Review Boards (IRBs) oversee research that may present risks to human subjects, but their involvement is legally mandated only for research that is funded by the federal government or used to support an application for approval of a new drug. The Genetic Information Nondiscrimination Act (GINA) prohibits the use of genetic information in employment and some kinds of insurance, but its application is limited to those contexts.
To address concerns over genetic database privacy, Professor Robert I. Field and colleagues have proposed a new regulatory approach. It would create new oversight bodies known as Data Protection Review Boards, modeled on IRBs, that would provide decentralized, expert oversight of external data sharing by commercial database companies. The proposal would empower a federal agency—either the Federal Trade Commission or a newly created privacy agency—to oversee the boards’ operations.
- Robert I. Field, J.D., M.P.H., Ph.D., Professor of Law at the Kline School of Law, Professor of Health Management and Policy at the Dornsife School of Public Health at Drexel University, and an Adjunct Senior Fellow of the University of Pennsylvania’s Leonard Davis Institute of Health Economics
- Anthony W. Orlando, M.Sc., M.P.W., Ph.D., Assistant Professor of Finance, Real Estate, and Law at the College of Business Administration at California State Polytechnic University, Pomona
- Arnold J. Rosoff, J.D., Professor Emeritus of Legal Studies and Health Care Management at The Wharton School of the University of Pennsylvania and a Senior Fellow of Penn’s Leonard Davis Institute of Health Economics
Immigration Surveillance, Technology, and Privacy
Like other areas of contemporary governance, immigration control has rapidly become an information-centered and technology-driven enterprise. At every stage of the process of migrating or traveling to, from, and within the United States, individuals are subject to collection and analysis of extensive quantities of personal information for immigration control and ancillary purposes. This information is aggregated and stored for long retention periods in networks of databases and shared among an escalating number of public and private actors with limited transparency, oversight, or accountability. The deployment of these technologies has reshaped the meanings and functions of immigration control itself—transforming and integrating a regime of immigration control, operating primarily upon noncitizens at the territorial border, into part of a more expansive regime of migration and mobility surveillance, operating without geographic bounds upon citizens and noncitizens alike. Traditional immigration law frameworks furnish neither the vocabulary to fully engage this transformation nor the mechanisms to effectively constrain these activities.
Building on previous scholarship conceptualizing and examining immigration surveillance as an emergent set of governance practices, this Initiative further examines these sweeping changes in the techniques and technologies of immigration control—their swift proliferation, enormous scale, likely entrenchment, and broader significance—across all of the many domains in which they have been implemented. The use of these technologies has routinized the collection, storage, aggregation, processing, and dissemination of detailed personal information for immigration control and secondary purposes on an unprecedented scale. The ramifications of this reconfiguration may be seen in a variety of concrete domains, including territorial border control by federal officials, interior enforcement by state and local officials, employment eligibility verification by private employers, and others. In each of these settings, automation, algorithms, and technology-based surveillance not only have contributed to tremendous growth in the number of individuals removed from the United States, but also have significantly transformed how immigration control activities are conducted, experienced, and resisted.
Collectively, these activities have accelerated the deterritorialization of the national border for migration and mobility control purposes and blurred the lines between immigration regulation and other regulatory domains. As immigration surveillance activities have proliferated and become tightly integrated, the set of boundary points at which the nation-state authorizes individuals to enter or be admitted, prevents or allows their entry or admission, or subjects them to possible expulsion has been decoupled from the territorial border and rendered “virtual”: layered, electronic, mobile, and policed by an ever-increasing number of public and private actors, largely free from the legal and practical mechanisms that have traditionally constrained immigration and border control activities.
The technologies that enable this immigration surveillance regime can, and do, bring significant benefits. However, their unimpeded expansion erodes the practical mechanisms and legal principles that have traditionally constrained aggregations of power and protected individual autonomy and fundamental rights, as similarly illustrated in discussions of electronic surveillance in other settings. Accordingly, the initiative explores the potential of stronger legal frameworks to govern and constrain immigration surveillance practices and the implementation of these technologies, in order to preserve zones in society where immigration surveillance activities do not take place and to ensure greater due process, transparency, accountability, and respect for fundamental rights when they do.
- Anil Kalhan, Professor of Law, Drexel University, Thomas R. Kline School of Law