Why organizations need a data ethics strategy—and how to create one

A widespread, headline-grabbing problem often is an opportunity for savvy businesses. Case in point: personal data. Consumers are increasingly concerned that companies are amassing enormous amounts of information about their activities—online and off—and using that data in unethical ways.

Politicians worldwide are increasingly leveraging that concern to get or stay elected by backing laws that limit how companies can use personal data. Now it’s time for businesses to do more on their own—not just to head off additional, potentially heavy-handed regulations, but more so as a powerful new market differentiator.

data ethics.jpg
Green LED lights and rows of fibre optic cables are seen feeding into a computer server inside a comms room at an office in London, U.K., on Tuesday, Dec. 23, 2014. Vodafone Group Plc will ask telecommunications regulator Ofcom to guarantee that U.K. wireless carriers, which rely on BT's fiber network to transmit voice and data traffic across the country, are treated fairly when BT sets prices and connects their broadcasting towers. Photographer: Simon Dawson/Bloomberg

“Data ethics” can give companies a competitive edge, especially when their target customers value social responsibility. Apple is one example of a household name that’s already using this strategy.

“Our privacy is being attacked on multiple fronts,” CEO Tim Cook said at a June 2015 Electronic Privacy Information Center dinner. “I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. We think that's wrong. And it's not the kind of company that Apple wants to be.”

Lip Service Won’t Do

Meanwhile, something else is growing: Consumer fears that their personal data will wind up in hackers’ hands or abused commercially and politically. That’s grounded in the reality of almost daily headlines about yet another retailer, bank, utility company or ISP getting hacked or using data in an unethical way.

Consumers are increasingly fighting back in a variety of ways. Some are technological, such as choosing encrypted services, private search engines, ad blockers and other “privacy tech.” Others are grass roots, such as lobbying politicians for new protections and boycotting businesses that they perceive as playing fast and loose with customer data.

Both types of responses create problems for businesses—but they don’t have to. In fact, when that many consumers are that concerned, it’s an enormous opportunity for companies to showcase why they’re the exception to the rule. For example, by giving customers complete control over which data is collected and how it’s used, a business has another effective way to attract and retain customers.

The catch? Those businesses have to deliver on that promise. Many don’t. Ashley Madison is an example of these privacy charlatans whose brand and bottom line suffered when they didn’t follow through.

To avoid that fate—and having a law nicknamed after their company—organizations should implement a privacy-by-design philosophy. To be effective, that philosophy has to be applied organization-wide because so many departments have access to customer data. So it’s no surprise that Gartner predicts that by next year, half of business ethics violations will occur due to improper use of big data.

How to Get Started

When developing a privacy-by-design philosophy, one place to start is “Ethically Aligned Design: A Vision for Prioritizing Human Wellbeing with Artificial Intelligence and Autonomous Systems.” Created by the IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems, this free publication features a chapter—“Personal Data and Individual Access Control”—that’s a crash course in understanding the key concepts, major laws and potential options, as well as real-world examples of how organizations are turning this problem into an opportunity.

One example is IDNYC, free, government-issue ID card for all New York City residents. The program has strict limits on the amount of time physical application documents are held before destroying them and who can access the enrollment information and the ID database, including other government and security agencies. Those strategies are equally applicable to many businesses, such as banks.

The bottom line is that data ethics isn’t a fad. Twenty years ago, most organizations didn’t take environmental reporting seriously. The visionary ones saw growing consumer, investor and regulator concern about the environment and responded accordingly. Data ethics is evolving the same way. The most visionary companies are highly aware of how data ethics fits into their general social corporate responsibility framework.

They don't just pay it lip service, either. Instead, they build their entire organizations around the data ethics. Sure, there will always be lots of privacy charlatans and other bad actors, but every headline they make means a bigger, positive spotlight on their ethical rivals.

This story originally appeared in Information Management.
For reprint and licensing requests for this article, click here.
Data privacy Data privacy rules Compliance Customer data Compliance systems
MORE FROM DIGITAL INSURANCE