Skip to Main Content
Close Search Box

BDO’s Data Ethics 101 Q&A

There is increased conversation around the collection, use, storage, sharing and selling of personal data, but not all companies are adhering to their own internal policies.

Consumers and privacy activists are driving increased conversation around data ethics, demanding stricter standards around the collection, use, storage, sharing, and selling of personal data. This conversation involves the protection of individual rights, societal impact of data-related activities, and data security.

BDO’s 2023 CFO Survey found that over one quarter of Tech CFOs say they don’t always use customer data in ways that fully adhere to their company’s privacy policies. Another 29% report collecting more customer data than they need. Overcollection and a lack of defined purpose can both be indicators of poor or unethical data management practices. Taking time up front to codify data governance and management policies for the entire organization to adhere to is critical to building a thorough data ethics program, which in turn can help you win trust, protect your brand, and enhance resilience.

What is data ethics?

Data ethics addresses the ethical challenges that arise from data collection, data privacy, data sharing, data analysis, algorithmic decision-making, and the use of artificial intelligence. It denotes the legal and moral responsibilities that come with the use of customer data, and includes everything from the type of data collected to how it’s used, as well as the security in place to protect it from nefarious actors. Broadly, data ethics can be thought of as central to respecting individuals’ rights and ensuring consumer transparency when regulations are light or non-existent. Some key questions include:

  • Does your company notify consumers about their rights and provide a mechanism for them to opt-in to or opt-out of data collection and usage?
  • When using algorithms and artificial intelligence to make decisions, do you have processes to avoid discrimination and biases?

How do data ethics relate to data privacy?

Data ethics and data privacy share a symbiotic relationship, as ethical data management is a core component of a privacy program. Inadequate privacy considerations can erode consumer trust due to the often-sensitive nature of the data being retained. A data breach can be devastating for this relationship, leaving customers uncertain about where information like their social security or credit card numbers could wind up. For your company, this type of event can result in a loss of consumer trust and brand reputation, even beyond the consumers who were directly affected.

What role does self-regulation play?

While regulations establish standards and benchmarks, successful data ethics programs ultimately hinge on your company doing right by its customers. This requires setting internal controls and frameworks that – often – go beyond compliance. It is critical that tech companies not only set internal requirements but actively manage each employee’s role in upholding these requirements. Items to consider when developing controls and frameworks should include the length of time data is retained, the purpose for which it is used, and its confidentiality and integrity.

How is data legislation shaping US and global policies?

There is currently no blanket US federal standard governing how customer data is collected, used, stored, and protected. However, some individual states have passed privacy laws, but they differ in scope and strictness. To insulate themselves in this environment, companies will often adhere across the board to the strictest of these laws, which means most companies are adopting global privacy and data policies. For example, the European Union introduced the General Data Protection Regulation in 2018, and has now introduced the EU Digital Strategy, which comprises the Data Governance Act and Digital Markets Act, among others. Many US firms will begin to adhere to these laws in place of US federal legislation.

Asset Inventory

Understanding your data and applications inventory means asking pertinent questions about personal data in your possession. What kinds of data are stored? How old is the data? Who has access to different data types? Without answers to these questions, it’s impossible to know if tools like algorithms or artificial intelligence are being used in an ethical way.

Data Rights

What individual rights do your customers hold regarding their data, both according to the law and company data policy? Can you ensure that their data is accurate and complete? Do customers have access to a copy of their data, or the ability to control it?

Biased Algorithms

Algorithms and artificial intelligence are not inherently free from bias, and failure to account for algorithmic bias can be damaging in several ways. Algorithmic bias — systematic and repeatable errors in a computer system that create ‘unfair’ outcomes — can decrease the accuracy of an algorithm, reducing its usefulness and value. It can also lead to imbalanced access to services for customers, and harm trust. Knowingly or unknowingly feeding customer data to a biased algorithm that produces skewed results or inadvertently furthers existing inequities is not an ethical use of that data.

Data Governance Program Development

Data governance refers to the practice of architecting overall data management and control of data within an organization. A good data governance program involves processes, policies, standards, and frameworks that are put into place to ensure the proper collection, handling, storage, usage, and protection of data. As you build your program it is important to establish a data governance committee to help systematize these measures. Instead of remaining diffuse, responsibilities around data management and ethics can be centralized.

Tracking Technologies

Cookies are considered personal data, and technology companies continue to face debate around the types of cookies they collect from visitors who browse a website. Enforcement agencies are more focused than ever on the use of tracking technologies, requiring companies, especially as of late, to reconsider many questions about tracking and cookie collection. Useful considerations for technology companies include the reasoning behind specific sets of information being collected, whether this collection is disclosed to the website visitor, and how the information will be used. It is also important to understand the different uses of tracking technologies, including the different categories of cookies, such as required/functional, and optional cookies for marketing and analytics purposes. Remember to update cookie banners and allow users to opt-in or out of this tracking.

Data Usage Frameworks

Data usage frameworks are well-documented standards for how you will and will not use data. These standards should be clearly defined, documented, adhered to internally, and communicated directly to customers.

Data Disposal

Data disposal is the process of getting rid of old, or legacy, data in your possession. Most consumer information is not evergreen and will eventually become outdated. Maintaining a regular review cadence to weigh the potential benefits of old data against any privacy and security risks can help keep your data inventory relevant and help advance your data ethics program.

What are the benefits of an ethical data strategy?

In practicing ethical data management, you are protecting your brand, improving customer service, and cultivating consumer trust. As many as 74% of people now rank data privacy among their top values, according to a new study, and only 5% have no major concerns about how their data is used, demonstrating a high level of worry and skepticism. But this also presents an opportunity, as the grand majority of consumers also say that strong data privacy practices would have a positive impact on their perception of a company. Just as customers will remember a negative experience — an arcane procedure to unsubscribe from marketing emails, for example — they will remember when their data is treated with respect and when they are given control over that data. Well-articulated data ethics policies can also be a powerful means of bolstering employee confidence within your organization, reducing concern about how human resources data is used. Because data protection is an integral part of data ethics, shoring up these policies can also help enhance resilience, as services, products, and operations will share in the benefits of improved security.

Written  by Karen Schuler, Jeff Lawton and Hank Galligan. Copyright © 2023 BDO USA, P.C. All rights reserved.

Check out these other Business Operations articles on our website.
To learn more about our credit and collections services, contact us at 844.937.3268 today!