Epistles, Ethics and Algorithms

This article revisits themes first explored in 2021 “Epistles, Enquiries and Ethics”, now reframed in light of rapid advances in data science and artificial intelligence. It also draws on insights from the “From Code to Consequence” panel discussion, which examined the ethical, practical, and governance challenges of AI in modern organisations.

When I began my career in the NHS in the early 1990s, useful data felt rare and fragile. Most information lived in paper forms, departmental silos, and the heads of experienced colleagues. Routine statistical returns arrived slowly and were often incomplete, which meant that clinical directors and managers leaned heavily on professional intuition, and the views of those who had done the job before. Small qualitative studies occasionally carried disproportionate weight because they were the only evidence available, even when the sampling frames were narrow and the findings could not be generalised. Decisions were taken, services were designed, and policies were justified on the best information to hand, but the truth is that the evidence base was thin and patchy.

Fast forward to today, and the pendulum has swung dramatically. We now live in a completely different landscape. Information flows continuously from primary care, secondary care, mental health, and community services, and these are only the public sector streams. Consumer technology adds another layer, with phones and wearables generating minute by minute health metrics, while retail, finance, housing, and education systems record behaviour at scale. The technical environment has also evolved. Data arrives in real time, often in unstructured formats, blended from multiple platforms, and processed by analytics that can run overnight or in seconds. The problem has shifted from scarcity to overabundance. It is not difficult to find data, but it is difficult to select signal from noise, to align denominators across sources, to understand where linkage creates new bias, and to ensure that a metric that looks precise is not simply measuring a convenient proxy.

The problem has shifted from scarcity to overabundance. It is not difficult to find data, but it is difficult to select signal from noise, to align denominators across sources, to understand where linkage creates new bias, and to ensure that a metric that looks precise is not simply measuring a convenient proxy

Unfortunately, a great deal of the data that surrounds us is now questionable. The internet has become a free for all in which incentives often reward attention rather than accuracy. Content farms, influence campaigns, and automated posting tools create vast volumes of material that look credible but are neither verified nor verifiable. And AI systems have not improved this situation. Many models are trained on large crawls that mix high quality sources with low quality copy, scraped without clear provenance and with little transparency about what was included or excluded. A new problem has emerged as well. Models are increasingly trained on datasets that contain outputs from other models. This creates a recursive loop in which synthetic content feeds back into the training pipeline. The result is a gradual loss of diversity, the repetition of artefacts, and a deterioration in factual reliability. In practical terms, the signal to noise ratio declines, while confidence in what we read and analyse is eroded.

The move from too little information to too much brings an ethical responsibility that is easy to underestimate. When data was scarce, poor decisions often traced back to a lack of evidence. Today, poor decisions often trace back to weak curation, inappropriate combination, or overconfidence in patterns that only exist because of the way data was collected and prepared. The complexity of the modern evidence base, and the speed at which analyses can be produced, create the risk of plausible but misleading results. Analysts face new pressures, such as the expectation of instant answers and dashboards that demand constant refresh. Leaders face new choices, such as whether to act on what a model implies when the cost of being wrong falls on people who are not in the room.

Analysts face new pressures, such as the expectation of instant answers and dashboards that demand constant refresh. Leaders face new choices, such as whether to act on what a model implies when the cost of being wrong falls on people who are not in the room.

For years, many organisations treated legality as the boundary of good practice. If a use of data complied with the relevant law, then it was treated as acceptable. There were only a few of us that suggested that legality was not enough. And experience has shown how fragile that “legality” assumption is. A lawful approach can still be manipulative, discriminatory, or corrosive to public trust. The practical ethics of data require more than a checkbox for compliance. They require clarity about the purpose of the work, proportionality in the methods used, and honesty about uncertainty. They also require attention to power. Data projects frequently transfer risks to the most vulnerable, while benefits accrue to institutions or commercial partners. A purely legal view struggles to capture these asymmetries.

St Paul’s reminder to the church at Corinth still helps us think clearly about this.

“I have the right to do anything,” you say, but not everything is beneficial. “I have the right to do anything,” but not everything is constructive.

The point is not theological hair splitting. The point is that permission does not settle the question of wisdom. There are many lawful things that are unwise, unkind, or unsafe.

This principle matters in analytics and it matters even more in AI. Just because a dataset can be linked does not mean the linkage is justified. Just because a model can predict who might miss an appointment does not mean the prediction should trigger penalties. The question that decides whether a project is responsible is not simply what we are allowed to do, but whether the action is beneficial to the people affected and whether the risks are understood, minimised, and monitored.

The question that decides whether a project is responsible is not simply what we are allowed to do, but whether the action is beneficial to the people affected and whether the risks are understood, minimised, and monitored.

Since 2021, AI has moved from proof of concept pilots into the day to day tools of work. Large language models draft notes, summarise meetings, and answer routine questions. Predictive models sort referrals, flag patients at higher risk, and optimise appointment scheduling. Computer vision reads scans with growing accuracy, and recommendation engines shape what we see and buy. It is tempting to treat these systems as intelligent partners. In reality, they are statistical machines that estimate likely continuations, classify patterns, and interpolate from examples. They operate on probability rather than certainty. This is not a criticism. It is a description that should inform how we use them. Probabilistic tools need calibration, challenge, and context, or they produce confident answers to the wrong question.

The same capabilities that make AI useful can make it dangerous. A model that is slightly biased at the start can amplify that bias when it operates at scale. An error that a person would spot in a small sample can pass unnoticed when outputs are auto generated and consumed at speed. An architecture that is difficult to interpret can obscure where the harm begins. Governance that is added at the end tends to be superficial. It creates the illusion of control without the substance. The responsible approach is to anticipate failure modes early. Ask what will happen if the data shifts, if a subgroup is under represented, if the model is used outside the setting where it was validated, or if it is retrained on synthetic content that reflects its own previous output. As one panelist on the "From Code to Consequence" panel put it:

“The responsibility doesn’t rest with the AI. It rests with the people who build, deploy, and use it.”

Regulation is beginning to catch up. The EU AI Act provides risk based categories and requires higher scrutiny where systems affect people’s rights, safety, or life chances. Other jurisdictions are publishing standards, guidance, and procurement rules that stress transparency and human oversight. These developments matter because they set minimum expectations for documentation, testing, and accountability. They do not remove the need for judgment. Even the best rule set cannot anticipate every context. An organisation that aims to be trustworthy will treat regulation as the floor, and then go further by making sure the people who deploy AI understand the limits of the tools and the consequences of misuse

A strong theme from "From Code to Consequence" was the need for AI literacy. Data literacy remains essential, but many leadership teams now also need to understand what training data means, how models are evaluated, and why provenance matters. They should know the difference between accuracy and calibration, between performance on a benchmark and performance in their own environment, and between an impressive demo and a reliable service. Without this shared understanding, governance frameworks become paper shields. They look tidy, yet they fail when a real incident occurs because no one knows where the model came from, who owns it, or how to switch it off safely.

Without this shared understanding, governance frameworks become paper shields. They look tidy, yet they fail when a real incident occurs because no one knows where the model came from, who owns it, or how to switch it off safely.

Good governance is not a single policy. It is a series of habits that run through the lifecycle of a system. The questions that follow are a practical way to operationalise these habits. Each deserves a written answer, a named owner, and periodic review.

1. Purpose. What problem are we trying to solve, and who asked for the solution? Clarify the decision that will be informed or automated. Describe the benefit to service users or citizens, and explain how the benefit will be measured in the real world rather than in a test set.

2. Provenance. Where does the data come from, and who collected it? List the sources, note the sampling frame, and record known gaps. Identify whether any part of the training corpus is synthetic, whether it contains outputs from other models, and whether that creates a risk of circularity or degradation.

3. Permissions. What is the legal basis for use, and what is the ethical basis? Distinguish between consent, public interest, and contractual necessity. Make clear what was told to the data subjects, and whether the proposed use is within a reasonable reading of that notice.

4. People. Who is accountable for outcomes, and who is responsible for maintenance? Name the product owner, the data steward, and the clinical or operational sponsor. Specify who will review outputs, how often, and with what authority to intervene.

5. Proportionality. What is the worst that could happen if the system makes an error? Describe concrete failure modes, the scale of potential harm, and the safeguards that reduce likelihood or impact. Balance the promised benefit against the risk, and state the threshold at which you would pause or withdraw the system.

6. Preparedness. Do we have the skills to interpret and challenge the results? Set out the training plan, the supervision structure, and the tools required to audit performance. Confirm that there is time in people’s roles for reflection and review, not only for delivery.

These are not academic exercises. They are practical safeguards against harm; whether that harm is a misdiagnosis, a discriminatory loan decision, or a breach of public trust.

One conclusion from the panel was unambiguous. AI should assist decision making, not replace it. Human judgment belongs in the loop, or at the very least on the loop with real authority to halt or modify actions. This matters because automation bias is real. People tend to over trust system output, especially when it is delivered in a polished interface or when it arrives at speed during a busy clinic or a pressured operational shift. Building effective human oversight requires thoughtful design. Present uncertainty clearly. Provide explanations that are faithful to the model. Make it easy to contest an output and to record why a different course was chosen.

People tend to over trust system output, especially when it is delivered in a polished interface or when it arrives at speed during a busy clinic or a pressured operational shift.

“No AI system should be empowered to act without human oversight. The moment we remove that check, we surrender control of consequences we cannot predict.”

This is not a call to fear AI. It is a call to use it wisely; to see it as a tool, not a substitute for thought. The organisations that thrive in the AI era will be those that combine technological capability with ethical clarity.

Human oversight also requires culture. People must know that they are expected to question results and that they will be supported when they do. Leaders should model the behaviour by asking to see the evidence, by inviting dissent, and by rewarding teams that pause a system to investigate a concern. Clear lines of responsibility matter. If everyone is responsible, then no one is accountable. Assign the role of final arbiter to a named person or committee, and ensure that the process for escalation is fast, fair, and documented.

In 2021 I argued that data ethics should be as integral to an analyst’s toolkit as statistical techniques. In 2025 that argument must be extended. AI ethics now needs to be a core competence for analysts, data scientists, product managers, clinical leaders, and executives. It belongs in training plans, job descriptions, and performance objectives. It should influence procurement, so that vendors provide documentation, clear service boundaries, and evidence of safety. It should influence organisational design, so that governance is embedded in the work rather than appended as a last step.

The question that should guide us is not only what is possible. The better question is what is beneficial, for whom, at what cost, and with what safeguards.

The question that should guide us is not only what is possible. The better question is what is beneficial, for whom, at what cost, and with what safeguards. The more powerful our tools become, the more important the discipline of restraint becomes. Responsible innovation is not the enemy of progress. It is the condition that allows progress to endure, because it builds trust that survives the first error, the first incident, and the first difficult headline.

For readers who wish to delve deeper, the From Code to Consequence discussion offers practical insights into governance, accountability, and bias, as well as concrete examples of how to create guardrails that support innovation without abandoning caution. It reinforces a simple message. Use AI with care, with clarity of purpose, and with people firmly at the centre of decisions.