Data Security is an Ethics Issue and a Compliance Issue

Data Security Is an Ethics Issue

Most businesses don’t conceptualize their commitment to data security as an ethical one. Companies generally think of their data defense efforts as a shield against extortion, manipulation, and corporate espionage. And these are all critical aspects of the data security issue. However, much of the data companies store these days might also contain important personal information gathered from customers and employees. It is in this arena that data protection becomes an issue of ethics. Fortunately, tending to corporate interests–often helps build defenses for individual privacy interests.

Examples of new ethical issues in the area of data storage and manipulation are fast crowding the front pages of major newspapers worldwide. Massive organizations like Sony, Facebook, and Apple have all come under intense scrutiny for corporate policies that did not seem to sufficiently protect user data, or privacy.

For the technologically uninitiated, imagine a bank that operates an open-air vault. It would be difficult to trust an organization tasked with protecting its customers’ money when that organization seems so determined to keep that money in big, unprotected, piles. It contradicts the very business the bank was founded to pursue!

Increasingly, corporations are having to become information repositories–data banks, essentially–and many are unprepared for this new but necessary role.  Companies that don’t institute rigorous data security programs are much like the hypothetical, open-air, bank; and their chances of maintaining good long-term customer relations (and avoiding extensive legal troubles) is just as imaginary as the business in the hypothetical above.

In short, if a company is using protected information with the consent of its customers to further its business interests, that company must also protect that information when it’s holding on to it.

Data Security is a Compliance Issue

On May 25, 2018, the European Union is set to institute the most sweeping data-privacy regulations ever instituted by a regulatory body. Likewise, recent hearings in Washington, D.C., that involved several high-profile leaders in the online data gathering business suggest similar changes may be expected in the world’s second largest data market. As these new regulations come online, businesses should already be familiar with those pre-existing state, local, federal, and international rules governing data security as it effects their business, as well as undertaking active efforts to research and prepare industry specific protocols to deal with the new, and often far more complex, regulations that are currently being passed and proposed.

A good, pre-existing, example of how data security is also a compliance issue might be HIPAA. Also known as the Health Insurance Portability and Accountability Act, HIPAA is an American law that requires (among other things) that businesses in the health sector must protect their patients from accidental disclosures of private health-related personal information. When a business fails to follow this regulation–when they accidentally or intentionally disclose patient information–that business could be subject to significant fines and penalties. Ultimately, ensuring data is private, secure, and used only for its intended purposes is more than an ethics or compliance issue, it’s an issue of being a responsible corporate citizen–and it’s an issue of turning profits and engaging with the market effectively, too.