“There has always been an intertwined relationship between security trust and privacy just as the association between ethics and law” (Simshaw, pg.36). These terms are critical in information technology where now security provision and preservation of privacy rely on trust, and a violation of that trust constitutes a risk, a security threat, and a breach of duty, thus unethical conduct. The responsibility towards data and database privacy revolves around all forms of data such as sensitive data such as ethnic origins, political opinion, sex, and sexual orientation and data subjects such as the vulnerable and children (European, pg.3).
“Information is power, he that has access to sensitive data has power over another’s life” (Mason et al., pg.13) the vast applications of data, often personal data the growing dependence on algorithms in the analysis of this data to make way for machine learning, AI raises issue on respect of human rights and responsibility. In this day and age, the moral or ethical concerns of cyber community are in the protection of this valuable asset. Technology is sometimes rendered inadequate for the protection of personal data and information systems due to the human factor in information systems. With the aid of data ethics, more robust and effective information security can be achieved.
Therefore, in order to act ethically and diminish the concern about the trust and privacy of data, data must be protected. One way of enacting this moral obligation is through protection through “anonymization and pseudonymization” (European, pg.7). This data protection method ensures that the data cannot be liked to its source; the owner is anonymized. The second data protection method is data minimization, and this only dictates the amount of data to be collected but also the extent of processing it, processing of collected data should be minimized as much as possible. Other methods of data protection include applied cryptography, employing service providers concentrated on data protection.
As a part of data ethics, lawful frameworks can also be established with the objective of providing guiding principles to authorities to sanction their own privacy laws. Once these high-level guidelines become state or national law, then numerous jurisdictions will follow suit, taking the same information systems principles-based approach and applying them into the governance. Examples of such data ethics governing principles include; “Australia’s Privacy Act, the UK’s Data Protection Act, the Canadian Personal Information Protection and Electronic Documents Act” (Lee et al., pg. 116). All these are principles with the objective of improving ethical data practice and responsibility. The 1995 Hong Kong Act has 6 data protection statutes; the data access and rectification guideline, the openness principle, the data security principle, retention and accuracy principle, and the data collection and purpose principle. Data protection principles are not prescriptive laws but help create awareness of the underlying ethical considerations.
If appropriately formulated and adequately articulated, data and information systems protection moral code can be vital in the dissemination of standards and guidelines all over organizations and past that. This will henceforth cultivate a corporate-wide professional and ethical conduct. A moral code may be the first step towards deterring potential offensive actions resulting from the human factor in technology.
- European Commission. ,Ethics and Data Protection. (2018). Retrieved from https://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/ethics/h2020_hi_ethics-data-protection_en.pdf
- Mason, Richard O., Florence M. Mason, and Mary J. Culnan. Ethics of information management. Thousand Oaks, CA: Sage, 2005.
- Lee, Wanbil W., Wolfgang Zankl, and Henry Chang. ‘An Ethical Approach to Data Privacy Protection.’ Isaca Journal (2016).
- Simshaw, Drew T. ‘Legal Ethics, and Data Security: Our individual and collective obligation to protect Client data.’ Am. J. Trial Advoc. 38 (2014): 549.