We Need Data Ethics Now

ART02x - edited feature imageWhat are the ethics of collecting, managing, and analyzing data? Have we given sufficient thought to that question? Is it going to come to regulations enforced by government and industry consortiums to make businesses think about data ethics with the goal of truly treating data ethically?

Those are some loaded questions that are worth considering, don’t you think? But before we go any further, we need to answer the question “What is ethics?”

Well, the simple dictionary definition of “ethics” is: the moral principles that govern a person’s behavior or the conducting of an activity. More formally, ethics is a branch of philosophy that involves systematizing, defending, and recommending concepts of right and wrong conduct.

So, ethics involves morality and proper behavior. This is interesting and leaves a lot open to subjective interpretation. Nevertheless, there are certain truisms that we can apply to a code of data ethics for our organizations.

For example, let’s first focus on ethical data collection. How do we determine what data can be ethically collected and maintained? How about starting by not collecting any data without first obtaining approval. Of course, that begs the question, approval from whom? The obvious answer is the data’s owner but establishing ownership of data is not always simple (as we discussed in this column last month).

Let’s also keep in mind that there are many different types of people out there, not just the tech-savvy. It is not uncommon for folks to know that their data is being collected by the websites they use, but then they are shocked at how the data is used. We, collectively, must do more to promote skepticism and due diligence for all consumers. In other words, embrace the truism: “Don’t believe everything you see or read on the web (or anywhere).” Research it to verify or dispute it.

And, combining data from multiple sources, even with permission, can cause issues if it exposes anything that the owner prefers to be private. But this causes us to veer away from the collection of data and into the usage of data. How would an organization even try to obtain approval to use data (all of which was permissibly collected) in a new manner by combining it together with machine learning algorithms?

For the most part, today we rely on organizations to self-regulate when it comes to data ethics. We cannot trust corporations to self-regulate when there is money to be made. Ethics has a way of being ignored, or not even considered, when there is cash to be made.

Sure, there are regulations like GDPR, HIPAA, and PCI that dictate how certain data (usually PII, or personally identifiable information) is to be treated. But we absolutely need more laws and regulations concerning data ethics. But do we really trust government and industry bodies to create data ethics laws? There have been some governmental successes, notably GDPR (passed in the EU), but much more is needed.

Perhaps an IT industry “data ethics” board could be created so that industry and government help to fund and empower. This should go further than just establishing data “collection” best practices but should work to create guidance and policies for all data ethics issues. This data ethics board should focus not data ethics issues globally, and with global buy-in. Of course, that makes it a difficult proposition because when do all the governments and businesses across the world agree on anything?

Nevertheless, I propose that creating a Worldwide Data Ethics Council is something we greatly need. The council would focus on debating, crafting, and proposing clearer regulations that dictate what is—and is not—ethical in terms of data collection, retention, and usage. Furthermore, it would communicate the message of being skeptical of everything and using caution before sharing anything with anyone. The council could also work on forms of data ethics education for schools and universities, as well as educate the press and government officials. I mean, let’s face it, after watching those U.S. Congressional hearings with Mark Zuckerberg, I don’t think any techies believe that government officials are prepared for the Information Age.

As good world citizens we can individually work to ensure that each of us treats another person’s data the way you would want your data to be treated (a golden data rule?). But when corporate policy collides with personal ethics, making appropriate decisions can be difficult.

So, to sum up, data ethics is sorely missing from today’s modern, data-driven business culture and we need to do more to remedy that situation. Until then, be skeptical. And if you share data on a platform that you do not pay for, you should have no expectation of privacy or exclusive ownership of what you share.


Share this post

Craig Mullins

Craig Mullins

Craig S. Mullins is a data management strategist and principal consultant for Mullins Consulting, Inc. He has three decades of experience in the field of database management, including working with DB2 for z/OS since Version 1. Craig is also an IBM Information Champion and is the author of two books: DB2 Developer’s Guide and Database Administration:The Complete Guide to Practices and Procedures. You can contact Craig via his website.

scroll to top