Data Ethics: How can businesses use data ethically?

Learn how data ethics are defined, what are data ethics principles, and how businesses of all sizes can implement those principles.

Summary:

• Data ethics is the rules and principles that guide how organizations use data. This includes gathering, storing, and using it (including to share with others).
• Data ethics principles include legality, transparency, accountability, and respect.
• In business, these are important because they help to prevent discrimination and bias, maintain public trust, and promote social responsibility.
• Small, medium, and global businesses can implement these principles by using appropriate data and cybersecurity protocols. This includes disclosing when data is being collected and how it will be used. Medium and global businesses can build teams to manage the storage and use of data.

What is Data Ethics?

Data ethics is defined as the rules and principles that guide how organizations and businesses gather, store, and use data. The goal of data ethics is to protect data and preserve the trust of customers, patients, users, clients, employees, and partners. Ultimately, data ethics are principles that ensure data security and protect information and privacy.

Business leaders agree that data is essential for businesses of all sizes in the private sector, schools, healthcare systems, and governmental entities. Furthermore, businesses are gathering exponentially more data each year. As our reliance on data increases, the need for data ethics increases too.

Data ethics principles

The principles of data ethics are the rules that guide the execution of data ethics in different organizations. There is no set standard for these principles, rather, these are guidelines that aim to preserve human rights in digital spaces. The Chief Data Officer (CDO) of the US Federal Government describes key tenets of data ethics as helping data users to make ethical decisions and promote accountability when using data. Here are fundamental principles that organizations can use as building blocks for their policies.

• Legality. Businesses and organizations should follow legal statutes, regulations, professional practices, and ethical standards. At the minimum, organizations should follow existing laws and regulations that guide the collection, retention, and use of data. Beyond that, different sectors may have different professional or ethical standards for data. Following these guidelines is the first step to enacting data ethics.
• Transparency. Transparency involves communicating what data will be gathered, how it will be stored, and how it will be used (or with whom it will be shared). Transparency may involve developing Terms and Conditions pages and ensuring that users read those and consent to their terms.
• Accountability. Accountability refers to the idea that any individual or organization gathering, storing, managing, using, or sharing data must be aware of its stakeholders. This includes not just corporate stakeholders, but the individuals from whom data is collected. The entity that holds that data can behave responsibly by following these guidelines:
  • Carefully handle confidential or controlled information
  • Uphold data use agreements
  • Collect only the most important data
  • Inform individuals and organizations of potential uses of their data
  • Allow public access or contestability of the data or analyses
• Respect: Respect can refer to respect for the public, individuals, and communities where data is being gathered or used. This should consider the needs of different populations and local contexts so that the data can be used in beneficial ways for those communities. Furthermore, Data.gov highlights that respect for privacy and confidentiality of data helps to uphold the human rights and freedoms of data subjects.

Why are Data Ethics Important?

Beyond the legal and regulatory impacts of data ethics, they are important because they help to translate the human rights of privacy, freedom, and the right to self-determination into digital spaces. As data is collected from individuals and stored by third-party businesses or entities, those individuals lose their power to control whether and how that data is shared. By adopting these principles, organizations can guide how that data is governed and used.

Beyond protecting information, it is important for other reasons:

• Preventing discrimination and bias: When not handled carefully, data and the analyses and algorithms that extract meaning from that data can perpetuate and amplify biases. Data ethics can shed light on the potential biases within data. This can prevent biased information from perpetuating discrimination in the real world. An example of this is biased data on home lending (which historically has excluded Black Americans) being used to evaluate potential homebuyers.
• Maintaining public trust: Ethical handling of data and disclosing and being held accountable when data is not handled ethically, can help preserve public trust and sentiment in organizations. Conversely, unethical data practices, poor transparency, and lack of accountability can erode public trust.
• Promoting social responsibility and public good: Above all, data ethics highlight that companies and organizations are responsible for how they gather and use data. Ultimately, data should be used to better our communities, rather than using data for private gain or to the detriment of public good.

<strong>Data Ethics in Business

Businesses may confuse “legal” with “ethical”. As noted earlier, laws, regulations, and professional practices can guide an organization. Following the letter of the law is important. However, laws may not address all the issues that arise when gathering, storing, and using data. Companies of all sizes can rely on legal counsel for guidance in these matters. Still, they should strive to develop comprehensive policies that address the spirit of data ethics and enact those principles.

How can businesses implement data ethics principles?

Businesses may face different challenges and opportunities related to data ethics depending on their size and resources. Additionally, individual practitioners within organizations, such as product managers, may have varying visibility and responsibility regarding how data is collected, stored, shared, and used.

Businesses can and should use data ethics principles to guide their data practices and understand their implications for product development, market expansion, and growth.

Best practices for small businesses

Even small businesses can establish transparency and consent policies. Consent policies disclose what data is collected, why, and how it will be used. All businesses, regardless of size, should obtain consent when collecting and using data, and limit data collection to only data that is necessary for the business. Limiting data collection minimizes risk and helps to simplify data management. Additionally, small businesses should be aware of and comply with data protection and privacy laws that apply to their business and clients. Minimally, all businesses should implement basic data security practices. These include using secure passwords, encrypting data, and limiting access to customer data.

Best practices for medium-sized businesses

As businesses grow, their needs for data security grow too. Enacting enhanced security measures and regularly training employees in data security and ethics. Furthermore, growing companies should adopt and adhere to a data ethics policy, which should detail policies related to the business’s specific industry, operations, and goals. Finally, growing businesses may consider adding roles focused exclusively on data such as a Chief Data Officer, to oversee compliance with the data ethics policy.

Best practices for global businesses

When entering global marketplaces, businesses have the added responsibility to use data wisely. Establishing a comprehensive data governance framework and complying with international data protection laws is essential for data security and compliance. Implementing advanced cybersecurity infrastructure, enhancing data and cybersecurity training, and expanding data team roles can help. Finally, engaging with key stakeholders on the importance of data ethics, and staying informed of changes and trends in (such ethical uses of AI) is essential to keeping data policies relevant and effective.

Real-World Business Examples

In recent years, Apple built its brand around its commitment to user privacy. Apple enacted policies to minimize data collection. Specifically, Apple devices let users choose when and how their data is being shared with third-party developers. Apple’s privacy policy highlights demonstrates how a global company can enact data ethics principles of transparency and privacy.

In the mid-2010s, Amazon developed and implemented an AI-based hiring tool to evaluate candidate resumes for software jobs. The AI had been trained on a dataset of past hiring data, where women were under-represented. Therefore, Amazon’s AI learned to exclude women’s resumes from the pool of qualified candidates. The hiring tool was scrapped in 2018.

Even small businesses can enact data ethics principles easily. For example, a small retailer might collect customer information like names, emails, and phone numbers for marketing. That retailer should disclose that the data is being collected and how it will be used. Beyond that, the retailer should take appropriate steps to protect that data once it is stored and adhere to regulations on marketing (such as the EU’s GDPR or California’s CCPA).

There are just three examples of how data ethics principles can be upheld and executed in business.

Want to learn more about data ethics in business? Check out this Data Chats podcast episode featuring Kirsten Martin on the ethical use of data in organizations. Kirsten Martin is a professor of IT, Analytics, and Operations in the Mendoza College of Business at the University of Notre Dame, and author of Ethics of Data and Analytics: Concepts and Cases.