What is the ethical issue?
The amount of personal information available and the different ways in which it is collected has expanded exponentially in recent decades. Connected devices, from cars to smartwatches, which generally assist people in their daily lives, use the internet to transmit, collect and analyse data.
The EU’s General Data Protection Regulation (GDPR), introduced in 2018, has created a challenge for organisations to apply ethical values to data capture, and be transparent and responsible when doing so. GDPR has sought to give control back to individuals over how organisations use their personal data, and has encouraged transparency so that organisations demonstrate the value of exchanging data.
Although companies have greater access to data, there is also a responsibility to use it responsibly.
The 'data trust deficit', where public trust in the appropriate use of their data by companies is lower than trust generally, has potential to negatively affect the reputation of companies or whole industries, such as the scale of technology and data use.
Data privacy breaches may be complex, and organisations may face an ethical dilemma as to how and when to disclose. On the one hand, organisations may want to be open and transparent; on the other hand, they may fear losing customers or investors.
A summary of good practice
Organisations must balance the consent, collection and use of data to improve performance and services, with a commitment to respect the privacy of stakeholders.
Organisations also need to have appropriate security measures in place to ensure personal data is protected from destruction, loss, alteration, unauthorised disclosure or access. Customers and other stakeholders need to be assured that the information they provide is safe and confidentially stored.
- In the wake of significant data breaches, organisations must ensure they have measures in place to report openly and transparently what they are doing to ensure that the personal data of all stakeholders is protected. If there has been a breach, the organisation must consider carefully its obligations to its stakeholders with regards to disclosure.