Data Security

4. Ethical Considerations

What are Ethics?

Essentially, ethics is a set of moral principals that affect how individuals and organisations make decisions, live and work.

Also known as moral philosophy, ethics attempts to answer questions that centre around:-

  • People's rights and responsibilities.
  • What is 'right' and what is 'wrong'.
  • What is 'good' and what is 'bad'.
  • What is 'fair' and what is 'unfair'.

It is easy to see how asking questions like these can be applied to such topics as war, murder, theft, animal rights, abortion, capital punishment and so on. It's less easy to see how it could be applied to business, data storage and access rights.


Ethics & Data

Rules of behaviour or working to a moral code may seem to have little to do with gathering data, storing and using data. But it's exactly the area where ethics should be applied.

Most ethical questions revolve around the issue of consent or permission given by the user to the organisation to hold data about them. And if they give consent, what exactly does that give the organisation permission to gather and to do with that data.

Other areas include about how the data should be looked after, who it should be shared with and who should have access to it.

It would be easy to deny organisations permission to keep, store and use the data, but would be impossible to do. Banks wouldn't be able to keep financial accounts, on-line shopping couldn't take place, social-media would have to close down and probably the whole of the internet.

Its also good to share, communicate and engage with others. So this requires some gathering and sharing of data. Businesses can operate, social and medical progress can be made. So the ethical questions are where do you draw the line and say 'you can't do that with my data'.

Activity Ethical Questions
Collecting data

Organisations can collect massive amounts of data, either by tracking users to see where they go, or from forms that users complete online.

Many organisations collect data with the aim of improving their service to you or providing you with access to resources or services directly related to your interests. Sometimes the passing on of data to others helps them provide free services that benefit users. For example free Google mail and other Google services that are paid for by advertisers.

  • Should organisations be able to collect information without you knowing?
  • Should organisations be able to collect information anonymously i.e without letting you know who they are?
  • Do you think users should give first give consent to organisations collecting data?
  • What data should be collected? Everything they can get hold of or just a select amount?
Sharing data

Once collected, data is shared between people in the same organisation. Sometimes it is sold or passed onto other organisations.

  • Do you think that it's right that your personal and possibly sensitive information (e.g. financial or medical records) can be shared?
  • Should you be informed if your data is passed on to others?
  • Do you think that social media organisations (Facebook, Instagram, WhatsApp etc) or email providers (Google, Yahoo etc.) should pass on your messages, posts, photo's onto others like employers, colleges or even the police.

Once data is collected, there are a series of issues around who should see it and who it can be disclosed to. For example, should insurance companies be made aware of medical details before providing health insurance?

Would it be a good thing if your medical details were shared with medical research companies that could help in producing a cure?

  • Do you think that it's right that anyone can view your data?
  • Should people have the right to have their data deleted?
  • Should data subjects be allowed to view the data held about them?
Storing the data

Once collected, data has to be stored somewhere and being collected on-line from around the world, it is highly probable that the data is going to be stored in a different country from the data subject. Then the issue becomes under whose laws apply to the protection of the data subject. The laws of the country where the subject lives, or the laws of the country where the data is stored?

  • Where should it be stored - in this country or abroad and if abroad under whose laws should it be protected by?
  • How should the data be protected?
  • How long should data be stored?
  • What happens if the data is wrong or incorrect?
  • What happens if the data owners disagree with the data subject over the accuracy of the data?

Ethics, not some county close to London, is often overlooked when it comes to the web and security. They are however the 'rules' by which companies and organisations are held accountable.

Create a new page in your notebook titled Ethics and complete the following tasks.

  • Read the introduction to ethics by the BBC.
    1. What is ethics?
    2. Explain 4 different ways that ethics can be useful.
    3. Can ethics provide objectively 'true' rules?

Looking at the table above:

  1. Choose just one activity and attempt to provide your own answers to the ethical questions that arise for the activity.
  2. Justify your answers in terms of ethics.
  3. Compare your answers and if necessary recommend changes to any legal protection currently available.

This is a famous 'thought experiment' problem first proposed by the philosopher Phillipa Foot.

A runaway trolley is hurtling down some tracks. Ahead are five people unable to move, are tied to the tracks. You are standing next to a lever which if pulled will divert the train off on another track. Unfortunately, a single man is tied to the rails on this track. So, you have two options:-

  1. Let events play out by doing nothing, leaving the trolley to kill 5 people on the track.
  2. Deliberately kill one person, by pulling the lever to divert the trolley onto the other line.

You have to decide which is the most ethical choice

Would it make any difference if the single man was a doctor and the five people criminals or the single person a child and the five old age pensioners? What if the position is reversed?

  1. Visit Should you kill the fatman? to discover what you think about morality.
  2. For a more extensive ethical workout visit Moral Machine.
Trolley Problem

Can you now do?

  • Explain the meaning of the term 'ethics'.
  • Describe some of the ethical considerations of organisations when collecting, sharing, and storing data.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee