Data is extensively available. Countless devices collect and track highly valuable information. The information is also commonly sensitive, highly personal, or proprietary information. It involves personal information, intellectual property, and other unique attributes. There is a strict mandate for a technology practice that balances the dialectics of privacy requirements with the benefits of using data for insights to improve business operations, advance research, and more. This is where data ethics comes into play.
This guide defines data ethics, discusses the importance and principles of data ethics, and explores examples of ethical use of data.
What is data ethics?
Data ethics describes the rules, principles, and moral obligations companies should follow when gathering, using, and storing data. Data ethics also pertains to assessing how data use affects individuals. Data ethics is relevant to anyone who generates or uses data, encompassing nearly every human being. However, ethical data use is significant to analysts, data scientists, IT professionals, and digital marketers.
Why is data ethics important?
Data ethics is important because it creates a framework for using, sharing, and storing data. It also sheds light on more significant philosophical questions, like how companies and individuals can be safe from unethical data practices without limiting full participation in society and marketplaces. Data ethics considers the morality of technologies like AI and ML, and the data that powers them. It is crucial for preparing future generations for success.
Data ethics is also important because the unethical use of data is rampant and harmful. Just this year alone, there have already been many high-profile data breaches of many different hacks. Data breaches cost millions of dollars to contain and manage, interfere with daily business operations, and require the redirection of extensive resources. They also cause companies to lose customers' or employees' trust, particularly when malicious actors gain access to personal information like names, emails, phone numbers, pins, and birthdays and use it for their unlawful gain. Another significant issue with data breaches is that they are rarely singular occurrences. One data breach can easily lead to another, particularly when systems are connected.
So, what principles do companies need to follow to protect valuable data?
Principles of Data Ethics
Data ethics is a rich and unfolding topic. Several notable entities have created laws or guidelines around data privacy, and they are as follows:
The General Data Protection Regulation (GDPR), established by the European Data Protection Regulation, is an important human rights and privacy law pertaining to ethical data use. It describes the rules for protecting personal data that belongs to humans and outlines standards for the free movement of personal data. The GDPR lists seven principles of data protection:
- Lawfulness, Fairness, and Transparency - Personal data use must follow legal guidelines. Entities using personal data must be transparent and act in the individuals' best interests.
- Purpose and Limitation - Personal data may only be used for the intended purpose.
- Data Minimisation - Entities may only gather and store the exact amount of data required.
- Accuracy - Entities that use personal data must take reasonable measures to ensure data accuracy.
- Storage Limitations - Personal data that is no longer needed or in use must not be stored.
- Integrity and Confidentiality - The personal data should only be accessible to those who are processing it.
- Accountability - The data processor is accountable to the GDPR.
The California Consumer Privacy Act (CCPA) outlines consumers' control over the data the companies collect. The privacy rights granted to consumers include:
- Consumers have the right to know what personal data a business collects and how the data is used and shared.
- Consumers have the right to delete personal data collected, with some exceptions.
- Consumers have the right to opt out of transmitting or selling personal data.
- Consumers cannot be discriminated against for exercising their CCPA rights.
- Consumers have the right to correct inaccurate personal data that a business collects.
- Consumers have the right to limit the use and transmission of sensitive personal data.
The Organization for Economic Cooperation and Development (OECD), an intergovernmental organization with 38 member countries, outlines ten principles for data ethics in the public sector:
- Practice integrity in data management.
- Be aware and observe trustworthy data access, sharing, and usage.
- Consider data ethics when making governmental, organization, and public-sector decisions.
- Monitor and control data inputs, particularly those for training AI systems, and apply a risk-based approach to decision automation.
- Be specific about the purpose of personal data use.
- Define clear boundaries for data access, sharing, and usage.
- Communicate with clarity, inclusivity, and openness.
- Publish open-source code and data.
- Increase control over data for individuals and collectives.
- Practice accountability and proactively manage risks.
Harvard Business School
According to the Harvard Business School, five principles of data ethics for business include the following:
- An individual owns their data, and taking data without the owner's consent is unethical.
- Data owners have the right to know how their data is collected, stored, and used.
- Even if an owner gives an entity permission to gather, store, and use personal data, the privacy of personally identifiable information must still be maintained.
- The intention for collecting, storing, and using data must be for the betterment of the data owners.
- Malicious intent is unethical. Only gather the minimum amount of data needed to fulfill the objectives.
- Even with good intentions, the impact of data collection, use, and storage can lead to adverse outcomes.
- Businesses should monitor data analysis for unlawful disparate effects and take corrective action if any issues arise.