The ethical handling of data has always been the aim of data protection watchdogs and officials. Companies and organisations have the responsibility to handle data securely under the Data Protection Act (DPA), but there is a growing term of ‘ethically handling data’.
And this kind of data handling can be seen to make a difference.
Ethical data handling
The difference with ethical data handling and normal data handling goes beyond privacy. It can be dependent on whether customers are aware of how their data will be used, and how it will be protected from third parties; for example those pesky phishing emails.
Customers are generating and giving out exceptional volumes of data in all private, public and healthcare industries all the time. The chief privacy officer at Adobe Systems, MeMe Jacobs Rasmussen, highlights that companies should:
“…say what you do, do what you say, and don’t surprise the user.”
There is an expectation for companies to abide by this. But it’s not always easy to achieve, because transparency – as simple as it may seem – can be complicated.
“No surprises”
In a privacy policy, the general rule is to remain as clear as possible for the principle of “no surprises”. This is where the customer shouldn’t be surprised by where their data is being stored, or how it’s being used. The data should be used for its stated purpose. But we know that isn’t always the case. In this ever changing digital world, companies and organisations must do their best to handle their customers’ data ethically and with integrity, no matter how difficult or inconvenient it may be for them.
Data protection officials
It’s not only the organisations’ responsibility to ensure the ethical handling of data – data protection bodies and human rights officials must also do the same. Exceptions in European human rights law have arguably limited data protection and any ethical handling of data. This is because EU human rights law presents a test of “necessity and proportionality in a democratic society”. This effectively means that companies and organisations may be allowed to handle or process data if it’s necessary and appropriate to do so; a test which is obviously very subjective. The knock on effect of this is that it could allow companies to escape the responsibility of ethically handling data. But it can all be a matter of perspective…
Competitive edge
For those organisations upholding their moral responsibility, it gives them a competitive edge over other companies in the industry. I say this because customers appreciate transparency and honesty.
In a survey reported in the Deloitte University Press, 51% of customers said they’d be forgiving of a company that experienced a breach as long as they quickly addressed the issue. By being open and transparent about how a breach or the unauthorised handling of data occurred, companies can keep the trust of their customers. For companies that aren’t transparent or taking the responsibility to alert their customers, this can have a damaging effect for their company’s reputation. So, the moral of the story is keep your customers in the know and you may not have to worry about their loyalty!
Basic framework
Some organisations may find it useful to follow a basic framework for ethical data handling:
- A clear model of ethics and principles
- Building ethical data-handling practice on existing regulatory policies.
- Ethics in how the organisation operates
This can allow them to take up the moral responsibility and gain a competitive edge over other companies that don’t follow or have in place an ethical data handling framework.
In the event of a breach, the ICO may not impose such a huge fine as the company can be seen to be doing something to protect their customers’ data. This can give a competitive advantage for companies who use ethical frameworks.
A parting statement…
Organisations have a responsibility to secure their customers’ personal details. Over time, there is a growth of a moral responsibility to ethically handle personal data. This means that companies must do more to ensure the security of the data, and in doing so, they must be transparent and honest, unlike many of the organisations who suffer data breaches.
By implementing a framework for ethical data handling, this also gives companies a competitive advantage over those who don’t have a framework in place. In short, data protection is important, but ethical data protection is possibly becoming the new kid on the block.