Data Ethics 101 Q&A

Consumers and privacy activists are driving increased conversation around data ethics, demanding stricter standards around the collection, use, storage, sharing, and selling of personal data. This conversation involves the protection of individual rights, societal impact of data-related activities, and data security.

BDO’s 2023 CFO Survey found that over one quarter of Tech CFOs say they don’t always use customer data in ways that fully adhere to their company’s privacy policies. Another 29% report collecting more customer data than they need. Overcollection and a lack of defined purpose can both be indicators of poor or unethical data management practices. Taking time up front to codify data governance and management policies for the entire organization to adhere to is critical to building a thorough data ethics program, which in turn can help you win trust, protect your brand, and enhance resilience.

What is data ethics?

Data ethics addresses the ethical challenges that arise from data collection, data privacy, data sharing, data analysis, algorithmic decision-making, and the use of artificial intelligence. It denotes the legal and moral responsibilities that come with the use of customer data, and includes everything from the type of data collected to how it’s used, as well as the security in place to protect it from nefarious actors. Broadly, data ethics can be thought of as central to respecting individuals’ rights and ensuring consumer transparency when regulations are light or non-existent. Some key questions include:

• Does your company notify consumers about their rights and provide a mechanism for them to opt-in to or opt-out of data collection and usage?
• When using algorithms and artificial intelligence to make decisions, do you have processes to avoid discrimination and biases?

How do data ethics relate to data privacy?

Data ethics and data privacy share a symbiotic relationship, as ethical data management is a core component of a privacy program. Inadequate privacy considerations can erode consumer trust due to the often-sensitive nature of the data being retained. A data breach can be devastating for this relationship, leaving customers uncertain about where information like their social security or credit card numbers could wind up. For your company, this type of event can result in a loss of consumer trust and brand reputation, even beyond the consumers who were directly affected.

What role does self-regulation play?

While regulations establish standards and benchmarks, successful data ethics programs ultimately hinge on your company doing right by its customers. This requires setting internal controls and frameworks that – often – go beyond compliance. It is critical that tech companies not only set internal requirements but actively manage each employee’s role in upholding these requirements. Items to consider when developing controls and frameworks should include the length of time data is retained, the purpose for which it is used, and its confidentiality and integrity.

How is data legislation shaping US and global policies?

There is currently no blanket US federal standard governing how customer data is collected, used, stored, and protected. However, some individual states have passed privacy laws, but they differ in scope and strictness. To insulate themselves in this environment, companies will often adhere across the board to the strictest of these laws, which means most companies are adopting global privacy and data policies. For example, the European Union introduced the General Data Protection Regulation in 2018, and has now introduced the EU Digital Strategy, which comprises the Data Governance Act and Digital Markets Act, among others. Many US firms will begin to adhere to these laws in place of US federal legislation.

What are some key concepts to consider when looking to enhance data ethics practices?

What are the benefits of an ethical data strategy?

In practicing ethical data management, you are protecting your brand, improving customer service, and cultivating consumer trust. As many as 74% of people now rank data privacy among their top values, according to a new study, and only 5% have no major concerns about how their data is used, demonstrating a high level of worry and skepticism. But this also presents an opportunity, as the grand majority of consumers also say that strong data privacy practices would have a positive impact on their perception of a company. Just as customers will remember a negative experience — an arcane procedure to unsubscribe from marketing emails, for example — they will remember when their data is treated with respect and when they are given control over that data. Well-articulated data ethics policies can also be a powerful means of bolstering employee confidence within your organization, reducing concern about how human resources data is used. Because data protection is an integral part of data ethics, shoring up these policies can also help enhance resilience, as services, products, and operations will share in the benefits of improved security.

What help exists to assist technology companies with data governance best practices?

BDO, as a knowledgeable third party, can help companies adopt a Privacy-by-Design approach to business, where data ethics is not an afterthought but a primary function of technology and data use. BDO’s professionals can assist in establishing a data governance strategy that covers the full life cycle of personal data — from collection to disposal.

BDO can help you ensure that data is collected, managed, used, and stored in an ethical manner that is in line with today’s standards and consumers’ rapidly evolving expectations.