Ethical data: the next stage of employee awareness and customer security?

Every single organisation, whether they like it or not, has become or is on the way to becoming increasingly reliant on data to drive their business decisions. In fact, this report from IDC (International Data Corporation) states that 83% of CEOs want their organisations to be more data driven!

By 2025, we will see an estimated 463 exabytes of data produced every single day. To put this into context, in 2015, the average number of exabytes produced each day was only 3!

As a result, data handling, management and the ethical considerations therein have become a hot topic for DPOs and Information Security professionals.

A recent KPMG survey cited in TechTarget revealed:

• 97% of consumers believe that data privacy is important.
• 87% of consumers believe that data privacy should be a human right.
• And 54% of consumers do not trust companies to use their data ethically.

Not only do organisations have to contend with swaths of customer data, they also must pay attention to the handling of employee data, which can often be sensitive and personal.

This is where the principle and practice of ethical data management comes into consideration and has boomed in popularity over the last few years.

Ethical data management has had a positive influence when implemented in employee data security management. This is because employees begin to protect an organisation’s data as if it were their own due to the trust and mutual respect built through ethical data management.

87% of consumers believe that data privacy should be a human right

What is ethical data management?

Ethical data management, in relation to the cyber security field, refers to the responsible and ethical collection, storage, processing, and use of data. Ethical data management ensures that data is collected and used in a manner that respects privacy and confidentiality, as well as legal and ethical obligations.

The importance of ethical data management by an organisation cannot be overlooked. There is a level of trust between employer and employee that must be upheld and respected for security and privacy reasons. Otherwise, if an employee trusts their company to protect their personal information, and they fail to do so … the organisation could face dire consequences.

Companies must implement robust ethical data management to protect employee data and customer data. This includes using solid encryption, two-factor authentication (2FA), limiting the number of people who have access to sensitive data via a verification process.

83% of CEOs want their organisations to be more data driven!

What are the key principles of ethical data management?

There are a few key principles when it comes to the ethical handling and management of data. They include:

• Privacy and confidentiality: Organisations must take steps to protect the privacy and confidentiality of any data they collect. This includes implementing security measures to prevent unauthorised and malicious access to data. This also means limiting access to data to only those who need it, after an authentication/ID verification stage. According to a McKinsey report, 40% of customers stopped doing business with a company that was not protective of data.
• Transparency: Organisations must be transparent and clear about the data they collect, how it is used, and who has access to it. This means informing individuals about the types of data being collected, what you intend to do with the data, and the steps organisation is taking to ensure said data is not stolen or sold. According to this report, 87% of respondents said that the amount of personal data required by a company was important in their decision-making process.
• Informed consent: Security leaders must obtain informed consent from individuals before collecting and using their data. This means informing individuals about the purpose of your data collection and giving them the choice to opt out of data collection or opt into data collection.
• Fairness: One of the biggest fears of employees and indeed customers, is that organisations will use the data they collect to divide groups into brackets and individuals, thus leading to a form of targeted discrimination. As a result, organisations must ensure that the data they collect and use is fair and does not result in discrimination or harm to individuals or groups.
• Responsibility: Once a company dives into the murky waters of data collection and management, they assume full responsibility for the health and status of said data. As a result, organisations must implement appropriate security measures and respond strongly and swiftly to data breaches or other incidents that may compromise data security.

Ethical data management is a quintessential component of any effective cyber security framework. It helps ensure that any collected data is used in a manner that respects individual privacy and, very importantly, stands up to legal and ethical scrutiny.

40% of customers stopped doing business with a company that was not protective of data

Why do employers need ethical data management?

Compliance, reputation and risk management.

These are principles that make up the very fabric of a strong security culture as well as a successful organisation. Ethical data management is a sure-fire and considered way of ensuring you are always handling both customer and employee data with the respect they want to see … thus upholding your reputation and trust both externally and internally.

• Compliance: Implementing ethical data management practices can help an organisation comply with official laws and regulations related to data privacy, such as the General Data Protection Regulation (GDPR) in the EU or the California Consumer Privacy Act (CCPA) in the US.
• Reputation: Organisations that handle data ethically are more likely to earn the trust of their customers, employees, and stakeholders. This can help build a positive reputation and enhance brand image. According to Cognizant’s ‘The Business of Trust’ report, trust has become the new battleground for digital success. Cognizant concludes: “To win, organisations need to master the fundamentals of data ethics. Companies that earn consumer trust will be better suited to weather the inevitable – and yes, they are inevitable – data and policy breaches.” This report reveals that 53% of consumers only make online purchases after making sure a company has a reputation for protecting its customers’ data.
• Risk management: Ethical data management practices can help mitigate the risk of data breaches should they occur. According to a study by IBM, the average cost of a data breach in 2022 was $4.35 million, up 13% from 2020. Keep in mind that this cost includes not only financial losses but also damage to a company's reputation and trustworthiness. Cyber attacks and other security incidents that can lead to financial losses, legal liabilities, and reputational damage can be mitigated via ethical data management. How? Often ethical data management practices involve data segmentation, secondary back-ups, and security measures such as 2FA or data segmentation – these will all help mitigate the ramifications of a cyber data breach.

Implementing ethical data management practices benefits employers promoting legal compliance, building trust and reputation, and mitigating risk.

53% of consumers only make online purchases after making sure a company has a reputation for protecting its customers’ data

Why do employees and customers want ethical data management?

Human beings, in general, have become far more savvy to the way their data and online behaviours are being collected, stored, managed, and used. Employees have also become more aware of their data privacy rights and are expecting their employers to take concrete steps to protect their data.

In a survey conducted by Varonis, 70% of employees said that they were concerned about the security of their personal data, and 60% said they would consider leaving their current job if they felt their employer was not taking data privacy seriously. Data management is a massive decision-maker for employees!

Employees want ethical data management for three reasons: trust, privacy, and security.

• Trust: Employees want to be able to trust their employer to handle their personal and sensitive data with care and respect. When organisations are transparent and open with the way they handle employee data, the feeling is reciprocated. And if organisations implement ethical data management practices, employees are even more likely to trust them. Ethical data management can help fight back against a worrying downward trend for global trust levels – the latest Trust Barometer from Edelman shows global trust levels at an all-time low in a variety of industries, countries, and professions.
• Privacy: Employees have a right to privacy, and they want to know that their personal information is being used only for legitimate purposes and not being shared or sold to third parties without their consent. An individual is used to their data being tracked by social media platforms and different web services, but this is not something they expect from their employer or the company they are buying from. This report reveals that 71% of individuals would stop doing business with a company if they were giving away sensitive data without permission.
• Security: Employees want to know that their data is secure and protected from unauthorised access, theft, or hacking. Employers who prioritise data security demonstrate a commitment to protecting their employees' sensitive information and guess what that encourages? A similar care and attention given to the organisation’s data by your employees.

Overall, ethical data management practices help to create a culture of trust, transparency, and accountability in the workplace, which can lead to increased employee satisfaction and retention.

60% of employees say they would consider leaving their job if they felt their employer was not taking data privacy seriously

Ethical data management is simply a must do!

Only 23% of organisations actively mitigate data privacy risks across their entire workforce!

As Tim Cook, CEO of Apple, put it, "Privacy is a human right. It should be protected in every corner of the earth." Some may say that Cook’s words are hollow and ironic considering Apple’s data collection and management practices, but the sentiment of the Apple CEO’s words should not be lost.

When we use ethical data management to empower our employees to view an organisation’s data as highly as their own personal data, they are more likely to care and account for said data. By changing the fundamental way data is viewed, we improve trust, privacy, and security on both sides!

Ethical data management can not only help prevent breaches happening in the first place, but also dampens shockwaves in the case a breach cannot be prevented. For example, a report by Ponemon Institute found that companies that used solid encryption in their data security practices saved an average of $360,000 in the event of a data breach.

In conclusion, ethical data management practices are critical in ensuring the security and privacy of employee data, which in turn has a cumulative positive effect on the levels of trust, accountability, and satisfaction in the workplace.

If you would like more information about how The Security Company can help your organisation and deliver data protection and privacy training  ... or how we can run a behavioural research survey to pinpoint gaps in your security culture ... or how we can improve your employee induction process, please contact  Jenny Mandley.