The internet of things has allowed companies to collect more—and different types of—data about their customers. At the same time, regulation is developing more slowly than the technology. That leaves it up to the company to determine the ethics surrounding insights gleaned from mobile phones, travel passes, thermostats, and other devices.
If a company's conduct in dealing with Big Data is perceived as less than ethical, its reputation can be damaged, as can customer relationships and, in the long run, its revenues.
Among the key ethical issues in data collection is the right to privacy, which allows people to limit who has access to their personal information. Individuals should have meaningful control over how a corporation gathers data from them, and how it uses and shares those data, according to the Institute of Business Ethics, which issued Business Ethics and Big Data, a briefing that urges companies to articulate their own approach, consistently aligning values and behavior.
The IBE briefing recommends companies consider six questions when attempting to strike a balance between using data to improve performance and customer service and honoring their commitment to protect stakeholders' privacy:
• How does the organization use Big Data, and to what extent is it integrated into strategic planning? Clearly identifying the purpose for which data will be used helps to identify critical issues that may arise. How does that particular use benefit the customer or wider public? For data use to benefit your organization and its stakeholders, it has to be accurate and trustworthy. How do you ensure the quality and veracity of your data?
• Does the organization send a privacy notice when personal data are collected? Is it written in clear and accessible language that allows users to give truly informed consent? For example, social media platforms ask users to agree to terms and conditions when they register. However, research shows this does not necessarily correlate to informed consent as many users do not read through lengthy, complicated documents, but simply sign them to quickly open their accounts.
• Does the organization assess the risks linked to the specific type of data the organization uses? Identifying any potential negative effect that the use of data might pose to particular groups, and what might happen if the data became public, is one way of increasing awareness of the damage a potential data breach would cause. In some cases, a privacy impact assessment may be advisable. The risk of misuse of the company's information by employees should not be underestimated.
• Does the organization have safeguards to mitigate these risks? Communicating the established preventive measures to bolster data security is an effective way to promote trust. These might include controls on data access and harsh penalties for its misuse.
• Does the organization make sure that the tools to manage these risks are effective and measure outcomes? Audit has a key role to play in helping companies deal with these issues.
• Does the organization conduct appropriate due diligence when sharing or acquiring data from third parties? When buying information from third parties, due-diligence procedures must apply as they would to other purchases. Do the suppliers uphold similar ethical standards and guarantee the accountability and transparency of these practices?
The original version of this article, "6 Ethical Questions About Big Data," by Samantha White, is available at cgma.org.
CGMA Magazine is published in conjunction with the Chartered Global Management Accountant designation, which was created through a partnership between the AICPA and CIMA. The magazine offers news and feature articles focused on elevating and emphasizing management accounting issues.