Why Data Ethics Should Be at the Heart of Every Security Strategy

Data ethics is a system of practices and beliefs that shapes the way information is collected, stored, and used. It's an increasingly important consideration in a world where every little action a person takes produces a digital footprint of some kind.

When you visit a website or make a purchase, you're leaving behind digital breadcrumbs—personal, sometimes identifiable information that is now under the stewardship of a stranger.

Unfortunately, these strangers, sometimes taking the shape of Fortune 500 companies like Marriott, Yahoo, Facebook, etc., do not do their due diligence where your information is concerned.

In the next few headings, we'll take a look at why data ethics are more important than ever, and how we as a society should be prioritizing them.

A Cautionary Tale

23andMe was, in 2023, involved in an infamously splashy case of data mismanagement. The company was forced to admit to its nearly 7 million users that a data breach had compromised data of the most sensitive kind: ancestry information, chromosomal haplogroups, family tree uploads, and so on.

Not only was the information very personal, but there were ethically charged aspects of the breach. People of Jewish and Chinese ancestry found themselves on curated lists on dark web forums.

The issue was not handled extremely well, either. The organization first blamed users for poor passwords and other personal habits.

Eventually, the situation dissolved into a class-action lawsuit, which cost the organization considerable funds and also brought to light the importance of the issue itself.

People put out incredibly sensitive work information. They trust that it's being handled responsibly. Is that really the case? Naturally, no business sets out to misuse information, but it's something that can happen relatively easily under the wrong circumstances.

Overview: What's the Risk?

On the one hand, data is everywhere, and it exists in an often exposed—or at least poorly understood—environment that we call the cloud.

What does this mean for you, though, if a Russian teenager has information on a pair of pajama pants that you purchased from a random e-commerce store?

The pants are kind of the least of it.

Through online transactions, you provide lots and lots of information. The actual items themselves are rarely what cybercriminals are interested in.

How about your name, address, email address, and credit card information? With these data points, more and worse things can occur—and it’s not only your name, address, and email address.

Hospitals, clinics, and urgent cares all possess even more sensitive information—things that can genuinely impact your life, including your Social Security number.

Healthcare records are targeted actively by bad actors. They’re commonly sold on the dark web, making them a hot-ticket item for hackers all over the world.

Businesses Need Good, Ethically Sourced Data

Security benefits organizations as well. There's an obvious general liability angle that, of course, impacts organizations.

Data breaches can cost literally millions of dollars and interfere with efficiency for months or even years, depending on the size of the breach and the size of the business itself.

Data ethics also influence the quality of information that businesses are able to access. For truly impactful insights, companies need to ensure that the information they review is unbiased, accurate, and actually reliable—actually geared towards providing the insights that they are looking for. This can only happen through an ethically and strategically managed data pipeline.

The Role of Cybersecurity in Ethical Data Management

So how does cybersecurity pair with data management? For one thing, businesses are legally and ethically required to handle personal information responsibly when they collect it from customers.

It certainly includes an obligation to protect the information through world-class cybersecurity skills. The same way you wouldn't store a friend's family jewelry in an unlocked home, a business should not and cannot handle customer data within an insecure system.

There's also an obligation to manage information fairly and responsibly from an internal perspective.

Organizations need to think actively about how they are using customer information and if that use aligns with what the consumers expect or signed on for.

• Ethical data management can involve encryption. Data encryption both makes misuse harder and limits accessibility, making it easier to monitor how, when, and why information is being used.
• Incident response. If something does happen to an individual's data, how is it handled? Businesses have an obligation to communicate breaches to customers promptly and in a way that allows them to take action when necessary.
• Compliance. There are also regulatory compliance considerations that need to be taken into account. The healthcare industry is particularly subject to regulatory guidelines that specify in great detail how information can be handled and shared.

It’s important to remember that ethical data management is an iterative process. Businesses should constantly review how they handle and protect consumer information to ensure that their practices are as current and as effective as possible.

Cybersecurity Careers

Maybe unsurprisingly, there are many jobs designed around helping businesses manage data and generally optimize their cybersecurity.

The analysts review organizational practices from the top down to ensure organizational alignment and to identify potential gaps and risks.

Overall, hackers take an offensive approach to data security, actively attempting to penetrate systems as a way of pinpointing risk.

Data scientists, meanwhile, do not necessarily develop security systems, but they do understand how to process, interpret, and store information in a way that is as safe and effective as possible.

Data scientists will often work side by side with security professionals to ensure the highest possible level of quality.

Conclusion

Digital technology provides a level of convenience never before experienced on our planet. There are higher levels of risk than any of us are used to, but there are also careers designed specifically around protecting people from those risks.

Breaches will happen, but from them, new professional standards are developed, expectations evolve, and data and cybersecurity professionals get a little bit better at their jobs. If you want to protect people's information and enjoy a rewarding career path in the bargain, consider a job in the rich and rewarding worlds of cybersecurity or data management.