Data Ethics: What It Is and Why It Matters in an Organization

Paul Baka
Published 04/20/2023
Share this on:

What is data ethics and why does it matter 250x250Data ethics are the guidelines that show how an organization handles data. With recent privacy scandals (think the Facebook-Cambridge Analytica scandal), users want to know how their data is collected, processed, stored, and distributed.

But that’s not all.

A study found that 97% of people are concerned that businesses may misuse their data. In other words, a company must have a data ethics framework if it’s serious about cultivating trust with its customers. Data ethics is key.

What Is Data Ethics?

We can understand data ethics better by breaking down the two concepts that make up the word. Data and ethics. Data refers to quantities, symbols, characters, statistics, or facts on which operations such as storing, processing, or transmitting are performed.

On the other hand, ethics is the field of right and wrong. It involves systemizing, defending, and recommending right and wrong in different areas of life.

Data ethics, therefore, is the systemizing, defending, or recommending of what is right or wrong when it comes to data collection, processing, storage, and data use.

In business, data ethics help you create trust with your customers, make you compliant with regulatory requirements, and ensure fair play.

4 Principles of Data Ethics

Data ethics principles are the foundations upon which data ethics frameworks are based. These principles stand as irreducible minimums when developing a data ethics framework.

1. Ownership

The user owns their data. Just as it is unethical to take someone’s property without their consent, so is taking someone’s data. Before collecting someone’s data, you have to get their consent first. Failure to seek consent is a violation of their privacy.

As a business, you need to develop ethical frameworks that outline the ethics of practices around user data. The framework should cover all facets.



Want More Tech News? Subscribe to ComputingEdge Newsletter Today!



Some of these frameworks include asking for signed written agreements or website pop-ups that ask users to agree to your website’s privacy terms and conditions.

For instance, most websites ask for consent to use cookies to track user behavior. This is an ethical decision. A good example is Google:

Cookies and the ownership of data

In your ethical inclusive framework, you should stipulate the rules around how to collect data.

These frameworks can be guided by regulatory frameworks such as (General Data Protection Regulation) GDPR, or the (California Consumer Privacy Act ) CCPA, among other regulatory statutes.

2. Transparency

Transparency should be a top priority during landscaping data ethics for your organization because it breeds trust.

You must clearly communicate why you are collecting user data and how you intend to store, process, and distribute it.

For instance, artificial intelligence and machine learning are the latest frontiers in digital technologies. Training these systems requires an enormous amount of data. If you intend to use the customer data to train these systems, you must say so for the user to be allowed to make an informed decision. Trying to deceive them into opting in is unethical and unlawful.

Let’s say you’re using a WordPress chat plugin that allows you to communicate with your website visitors. If you store conversations for subsequent personalization, you should specifically state that in your policy. Don’t store conversations which might contain critical customer data without the user’s consent. Even if they didn’t contain critical customer data, getting consent is still necessary.

privacy policy

Here’s another example. ChatGPT is an AI bot trained to interact with people as a human would. The version out at the moment is the beta version, and the input by its current users is being used to train the AI further.

So, ChatGPT informs the user of what their data input in the system is used for, how much is being stored, and for what purposes. You can see this in the screenshot of ChatGPT’s privacy policy above.

Furthermore, the privacy policy should explain the storage protocols used to protect and secure personal data safely. Although FIPS compliance can enable you to do this, you should not do the bare minimum. Aim to go above and beyond to be even more reassuring to your users.

After curating your transparent privacy policy, allow the user to opt in to the service. The choice should be left to the user entirely.

3. Ethical Usage of Data Algorithms

Ethical issues arise when using algorithms. Algorithms are trained using data, and sometimes the algorithm or the data might be biased. It is best to control as much bias as possible to ensure the objective use of user data.

Three biases will likely creep into an artificial intelligence or machine learning system. These are:

Data bias: Algorithmic systems learn from the data being input to them. The proper ethical decision to make is to ensure that the data being used is not biased. Involve a diverse data-focused team. This can help ensure the data represents the natural world in which the system is supposed to operate.

Code bias: You should not assume that the code is without bias. Double-check to ensure it controls for expected biases.

Feedback data bias: Since these systems learn from feedback data, too, you should pay attention so that the feedback does not skew the algorithm toward particular outcomes.

In business, you must try as much as possible to rid your systems of bias. Any form of bias might violate the trust customers have in your business. In addition, the bias will feed your business bad outcomes. If you use such to make business decisions, the decision will be wrong or ill-informed.

4. Intent

You should not collect data for the sake of collecting data. You should collect data with specific intent. Being intentional with data collection prevents the unnecessary collection of sensitive data.

Data that is qualified as sensitive is data that identifies the user. This includes:

  • Street address
  • Passport number
  • Bank account number
  • Birthdate
  • Phone number
  • Credit card information
  • Social Security card
  • Full name

The above data should be collected only when necessary to avoid unintended situations. The more personal data you collect from the user, the more data a hacker can have for illegal use. This is data that can be used for identity theft, for example. When an identity is stolen as a result of a data breach, a business can be held liable.

Also, after collecting the data, it should be de-identified when being used by analysts.

Intent ought to guide data collection, data storage, data processing, and data use. A business should communicate the intent to the user, too, as we discussed earlier.

Key Takeaways

Data is essential for business in the current technological age. It is based on data that business decisions are made. It is through data that a business gains a competitive edge.

But despite data being an outstanding business asset, it has to be approached ethically. It has to be collected and used responsibly, avoiding infringement on personal privacy. This then dictates that businesses develop data ethics frameworks and policies that protect the user against malicious use of their data.

To establish a viable data ethics framework, there are certain principles you should ensure are in place. These include:

Ownership: Acknowledge that data belongs to the user and you cannot use it without their consent.

Transparency: Communicate clearly with the users why you are collecting the data and how you intend to process it, store it, and use it.

Ethical usage of data algorithms: Ensure that the algorithms processing the user data are unbiased.

Intent: Be clear with why you are collecting data so that you can gather and use only the necessary data.

A business that is ethically responsible won’t just comply with data privacy regulations. It is also bound to cultivate trust with users.


Disclaimer: The author is completely responsible for the content of this article. The opinions expressed are their own and do not represent IEEE’s position nor that of the Computer Society nor its leadership.