In this data-hungry world, high-profile breaches continue to make headlines. As global corporations and technology giants continue to collect enormous amounts of personal information, legislators and consumers are starting to ask pointed questions about business ethics.
Even when companies aren’t directly profiting from sharing their users’ personal information, they often fail to protect what they have. Consumers have begun to realize that what they read, who they engage with, what they buy — and even the pictures they share online — are all data monetized.
The critical question: Do the businesses who profit from the use of this personal data have integrity? If not, what needs to change to achieve ethical business practices?
How to Define Business Ethics in a Digital World
In general, ethics is a gray area. As different entities emerge — and the players evolve — ideas about right and wrong shift. Therefore, the goal for businesses must be to find a starting point, explained Jason Tan, CEO and co-founder of machine learning company Sift Science, to SecurityIntelligence.
“Each business needs to define for itself a clear North Star of what is right and what is wrong,” Tan said. “That doesn’t have to get into the nitty-gritty of what is right and wrong — but establish a baseline of what they want for a cultural mindset so that everyone is guided by the principle of doing the right thing as much as possible.”
Unfortunately, the “right thing” is often unclear. Since the General Data Protection Regulation (GDPR) went into effect, consumers’ inboxes have been flooded with emails updating them about privacy policy changes.
There’s a greater issue, however: Even when it comes to privacy policy and terms of service agreements, “users enter into legal agreements that are often difficult or impossible for the everyday person to understand,” Tan said.
While that’s not unethical, per se, it does err on the side of what is not right for the users.
“We think of business ethics as the set of values that a company uses to make decisions with an eye to all of its different stakeholder groups — employees, customers, value chain partners, investors, the communities in which it operates — and the impact the decision might have upon them,” said Erica Salmon Byrne, executive vice president at the Ethisphere Institute, to SecurityIntelligence.
Navigate Changes in Technology With a Moral Compass
Rapid changes in technology have impacted the speed with which businesses need to react, especially since the effects of their decisions have an increasingly global reach. Ethical companies know who they are and what matters to them. Therefore, in times of crisis, they can rely on this moral compass to direct their responses.
To be an ethical company, organizations must recognize risks in the actions of their employees and the behaviors of the company itself. Examples include how they work with personal data, other company information or trade secrets.
Businesses can mandate ethics with a moral compass that won’t compromise the personal information used to make business-critical decisions by clearly conveying what their expectations are and why they matter.
“Provide context to show how those expectations pertain to the area the employee is working in, provide trustworthy avenues to raise concerns and monitor and follow-up where possible,” Byrne said. “… but at the end of the day, your controls are only as good as your people.”
Find True North
Another step toward moral practice: Draft a more ethical version of your user agreements that are clear, transparent and accessible. This strategy will help your users understand the rights they are transferring — which is a whole branch of communication that hasn’t been developed.
“The norm for users is to never even look at the terms of service,” Tan said. “As a society, we want instant gratification quickly and effectively — so it is on the businesses to be thinking about how to make all this legalese more accessible to the everyday person to help them clearly understand what is happening.”
All of these ideas are lofty — but mean little unless they are put to action. While some technology giants continue to seek redemption for their reported misuse of personal data, many companies pride themselves on their business ethics. As governments continue to respond to heightened concerns about protecting privacy, there will likely be more regulations that attempt to legislate the ethical behavior of businesses.
Byrne warned that in the midst of trying to comply with regulations, it’s often easy to forget what those regulations are trying to achieve.
“If the company has clear values, ties their policies and procedures to those values, takes the time to engage employees on the values and expectations and offers avenues to ask questions that employees feel secure in using, it will go a very long way towards mitigating the risk of improperly using or protecting data and lots of other risks too,” Byrne said.
Download the 2018 Cost of a Data Breach Study from Ponemon Institute