Why You Need a Data Ethics Policy

Straddling the line between data collector/analyst and privacy advocate can be difficult at times. Some might imagine data gathering and privacy to be contradictory terms, arguing that a data collector benefits from more data while a privacy advocate aims to shut off this flow of data. The reality is that data gathering in itself is not the problem - but rather the lack of an ethics policy is.

It's precisely for this reason that all companies should ensure that they have a data ethics policy in place - if not now, then soon. It's becoming increasingly easy to gather and analyse vast volumes of data, which in turn presents a great deal of opportunities for us as a society, not only to help solve a variety of global problems, but to make our lives easier. On the other hand, if left unchecked, this powerful tool can be abused and lead to a breakdown of trust. If we are all therefore to benefit as businesses and individuals in this data revolution, we must have a data ethics policy that respects the following best practices:

As a Business:

• Be transparent: People don't want to find out after the fact that you have been gathering data on them. What are you collecting? How are you collecting it? Why are you collecting it? Who - in or outside the company - has access to this data? How are they using it? How long do you (or they) intend to hold on to this data? Don't bury this information in the middle of a 10,000 word terms and conditions statement either.

• Be pro-active: Just because some people don't care about their privacy today, doesn't mean that they won't care about it tomorrow.

• Be cautious of third party involvement and ensure that they abide by your strict data ethics policies. Have checks in place that reassure you of their practices.

• Always allow people the easy option to opt-out, but also give them a very good reason to opt-in (improved service, special offers, guarantee of data privacy, etc.)

• Give people the easy option to be forgotten - If people are no longer involved with your company, then they should be able to ask that you remove any and all identifiable data that you hold on them.

• Treat all user data as confidential, including within your own company. Not only is this good security practice, but it also ensures that data is accessed only by those with a need to see it. Also consider whether anonymising that data would still allow it to serve its purpose.

• Have simple and straightforward procedures in place to show people exactly what data you hold about them.

• Ensure that all your data personnel understand the differences between acceptable and unacceptable data gathering practices. You should have clear red lines in place to remove any doubts. If you mine the web, then do it responsibly and avoid placing excessive loads on other people's web servers.

As an Individual

• Distinguish between the public and private web - Think about what you're comfortable sharing. Treat the public web (public websites, forums, tweets etc.) like any other public setting - don't expect any privacy there. On the other hand, you have every right to expect the private web (emails, private messages/calls etc.) to be fully private. If anyone but you is mining the latter, then you should explore alternatives.

• Realise when you're on other people's property. Just as you would expect to have your image recorded on CCTV cameras when visiting a shop, you should also expect by default that a company will try and record your data once you visit their website or use their services.

• Use the right tools: It's a fact of life that there will always be a few bad apples in every group. You shouldn't have to use a script blocker to stop 20 different trackers on a website, but if a particular unscrupulous company is ignoring your web browser's 'Do Not Track' settings, then by all means go ahead and use those tools.

• Assume nothing, the onus is on you to keep anything that you want private to remain private. If in doubt, either keep it off the web or use encryption.

• Nothing is ever completely free: How much privacy and personal data are you willing to trade in order to receive a free service?

We are still in the relatively early stages of a rapidly evolving data revolution where such issues will increasingly have to be addressed. When technology progresses at this rapid a rate, there will seldom be continually relevant guidelines and best practices for businesses and individuals to follow. As such, it's up to us to take the initiative and ensure that our approach to data will be one that makes it used as an ethical tool for good, rather than harm.

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.