Ethics in privacy and security

November 9, 2020

A graphic of an orange gradient background.

Protecting data privacy is complex. Each time your business collects someone’s personal information, you’re taking on several responsibilities: trust, security, legal, and – above all– an ethical responsibility to that individual. 

What makes this especially complex is the fact that these responsibilities intertwine. Privacy preservation and security provisions rely on trust. Violating these privacy provisions results in a risk to threatened security and the breaking of laws. Law provides a base structure for businesses and Ethics can help a business fill in the gaps in making various decisions. 

Register for the webinar: Introducing OneTrust Ethics for Whistleblowing: Creating a Modern-Day, Trusted Environment  

In simpler terms, think of it this way: When data privacy is breached, you lose trust. You then run the risk of facing legal liability and losing security. And it shows a violation of ethical principles. End result? Bad news for your business. 

To avoid going down this tangled-up road, it’s extremely important to build your business’s privacy and security framework around an ethical foundation. 

The importance of ethics in privacy and security 

There’s a good side and a bad side to data collection.  

The good includes benefits such as a more transparent marketplace, quicker communication, better informed consumers, and fairer trade practices. The downsides of data, however, are that you’re entrusting people (your employees, vendors, etc.) to make ethical decisions with the data you collect. This is the exact reason information protection is a top priority for governments and companies around the globe. 

81% of executives agree as the business value of data grows, the risks companies face from improper handling of data are growing exponentially. Just a few of these risks include:

  • The chance of experiencing data breaches and falling victim to cyber crimes 
  • Losing trust and credibility from current and future customers
  • The loss of private data and company money
  • Facing legal implications 

These risks aren’t worth taking. The solution lies in building a framework that encourages best practices when handling sensitive data. 

Four best practices for embedding ethics into your privacy and security practices 

How companies handle data from collection, aggregation, sharing to monetization, storage and disposal, can have massive impacts on the companies’ risk exposure. Building out a culture that promotes best practices can not only lessen the risk factor but build a brand of trust and innovation among the eyes of your customers. 

To build ethical decision making into the culture of your company, utilize these four best practices: 

1. Build a taxonomy for data privacy 

Having a taxonomy provides clarity to all parties involved in the exchange of data within your company and its vendors. As digital marketplaces expand and internal and external threats are identified within organizations, more and more legal regulations are coming to play. It is possible that a future regulation could require companies to have a policy focused on ethical considerations as a strategy for managing risk. Get ahead of the game and start building out your taxonomy.

2. Develop a code of ethics

In order to build a company foundation that values ethics in data privacy, you must set the tone in your company culture. In developing a code of ethics, you’ll train employees on the precursors, policies, and procedures that ensure that digital trust is established across the organization.When creating the code of ethics for your business, consider the following:

  • Respect the people behind the data
  • Understand the downstream use of datasets 
  • Think about the consequences of utilizing data and analytical tools based on how your company has used them in the past 
  • Meet privacy and security safeguards with clear privacy and security expectations 
  • The law is the minimum bar. Try to stay ahead of it. 
  • Try to avoid collecting data your business doesn’t need
  • Design practices that incorporate transparency, accountability, and auditability 
  • Governance practices should be known by all employees with routine reviews and training

3. Collecting and sharing data best practices

When collecting data, it’s more important than ever to get informed consent. As data gets passed around a business and trickles down the data supply chain, it gets further and further from the original context by which the user originally provided consent. Set guidelines around data disclosure, data manipulation and data consumption for both data at rest and data in motion to avoid potential harm.

Additionally, set guidelines about how your organization shares personal data. Strong ethical and risk mitigation practices help to prevent the sharing of data without the consent of the user or with any parties who have not been granted access.

4. Invest in ethical technology

New risks and challenges in the digital economy extend to various types of automations powered by digital insights. While knowing someone’s zip code might enable your business to do more targeted marketing, it’s important to consider how your algorithms are considering this input, and how your customers might react to this method of marketing. When building automation into your process, ensure there’s careful foresight and planning. 

Trust is the goal  

Your company’s entire reputation can lie in how you handle the data you collect. As ethical data use concerns continue to grow, consumers demand trust from the businesses that they frequent. This means it’s more important than ever for your business to have a transparent, ethical, and automated process to manage data privacy and security.  

Begin taking steps now to reduce your exposure to digital disk, and you will reap the rewards of trust from stakeholders, increased profits from loyal customers, and prolonged success in a digital world. 

Ready to get started? Try OneTrust Ethics and Compliance Software. It provides a central platform to automate and manage your ethics and compliance program requirements and promote an ethical culture. Request a demo today.

You may also like


Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

November 09, 2023

Learn more


Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more


Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more