Introduction to Implicative Data
Ask the Expert ft. Emmi Bane and Carl Mathis
Synopsis:
New methods of data processing create new ways of looking at existing information, yielding new insights and connections, and new potentials for harm. These potentials attach new risks to previously benign or deidentified data, and new obligations for organizations that handle these data. Traditional data taxonomies do not adequately identify or address these risks, and therefore create significant gaps in governance programs. This narrow scope can obscure risks arising from non‑identifying data that nonetheless shapes decisions, outcomes, or inferences about individuals or groups, leading to privacy, ethical, security, and regulatory blind spots.
Implicative data is a term used to describe data whose downstream use or inferential potential produces consequences for individuals or groups independent of formal identifiability. Implicative data may not identify individuals directly or indirectly, but can impact perceptions, decisions, or outcomes related to them—often through aggregation, metadata, inference, or contextual analysis. Implicative data emerges from incidental data, derived insights, patterns, and contextual clues, and becomes especially salient in AI systems.
Problem Statement:
Conventional privacy frameworks focus on personal data defined through direct and indirect identifiers. This narrow scope can obscure risks arising from non‑identifying data that nonetheless shapes decisions, outcomes, or inferences about individuals or groups, leading to privacy, ethical, security, and regulatory blind spots. Adopting the implicatice data lens allows organizations to close the gaps created by these artificial categories, and to create a forward thinking privacy program that anticipates practical risks.
Discussion Themes:
This talk will provide an overview of Implicative data with examples and use cases, explore the risks and governance implications of the current standard, and provide a review of the implicative data framework. This talk will enable participants to:
Identify implicative data in real systems and use cases
Assess privacy, ethical, and security risks beyond traditional “personal data” categories
Apply the Implicative data framework and context‑aware governance principles to future proof data governance programs
Related Privacy Enhancing Technologies (PETs):
Anonymization
Data minimization
Contextual privacy
Pre-Discussion Resources:
Guest Experts: Emmi Bane and Carl Mathis
Emmi Bane, MPH and CIPP-US, Principal Data Ethicist in Emerging Technologies, HP Privacy Innovation and Assurance Center of Excellence
Emmi is a data ethicist and privacy sociologist whose work explores the ethical, legal, and social dimensions of data ecosystems, emerging technologies, and Public Health. She serves as Principal for Data Ethics and Emerging Technologies at HP, where she leads privacy and ethics review for the company’s AI/ML sandbox program, focusing on sensitive data, consent, and technology’s social impacts. Emmi is also a Senior Fellow in Ethics and AI at the World Privacy Forum, where her research centers on consent frameworks, complex data ecosystems, and the implications of AI for health data and societal wellbeing. Her academic background includes a Master of Public Health in Public Health Genetics from the University of Washington and undergraduate degrees in Sociology, Psychology, and Micro‑Molecular Biology from Portland State University.
Carl Mathis, PhD, Principal Privacy Architect, HP Privacy Innovation and Assurance Center of Excellence
Carl began his career programming in machine language and Basic during graduate studies. Over time, he transitioned to designing, building, and managing networks, and from there to building enterprise WAN/LAN technologies. With 25 years of experience in network and application security, he has spent the last decade focusing on the architectural and technical aspects of privacy. His professional journey includes working for global enterprises spanning diverse sectors including financial, retail, legal, and manufacturing. Currently, he is a Privacy Architect at HP, collaborating with a talented team to drive privacy technology innovation forward in areas like AI and privacy-enhancing technologies.
Moderator: Tiffany Soomdat
Tiffany Soomdat helps organizations navigate complex data protection landscapes and build scalable, business-aligned privacy and governance programs that do more than check compliance boxes. Her work sits at the intersection of digital responsibility, data governance, and emerging technology, with a focus on supporting more responsible and sustainable business practices in an increasingly digital economy. She is a trusted advisor who helps companies operate effectively amid evolving privacy and regulatory expectations, while building trust with customers and stakeholders in the digital age. Tiffany is particularly interested in how digital systems shape trust, autonomy, and long-term value creation, including the role of privacy, AI governance, and data stewardship in building more resilient and accountable organizations. Master of Studies in Law (MSL) in Corporate Compliance. Certified in CIPP/US and OneTrust.