Data Security

5. Ethics in Practice

Ethics in the real world

The previous page described some of the ethical considerations that have to be thought about by organisations when thinking about gathering and using data from customers and internet users.

Experience has shown that organisations that don't give appropriate consideration to these questions quickly lose the users trust and business. And this can be followed by business collapse.

The remainder of this page is concerned with how responsible organisations resolve these ethical questions into a code of 'best practice'.

Applied Ethics

It's important to recognise from the start that there is no one organisation that has all the answers to the ethical dilemmas posed earlier. Different organisations have different answers and as we shall see, some of their solutions give rise to further dilemmas.

A lot of the following examples are from social media, mostly because its where users voluntarily surrender the most data about them selves. Also because the rights of the users feature a lot in the press and where the 'rights' of the individual, organisation and government come into conflict.

1. Obtain Consent

Lots of organisations want your business and they begin by encouraging users to 'subscribe' or sign up to a service, magazine, on-line shop, social media platform etc. This is the first big stage in data collection process. On signing up, users have to confirm their email address and by clicking on a confirmation link, will be taken to the services terms and conditions (T&C) - also known as Statement of Rights and Responsibilities. (SRR).

The T&C's or SRR's are the small print or the legally binding contract that exists between yourself as the user and the organisation. They spell out exactly what they will do, what your rights are and what you are allowed and not allowed to do.

By clicking the 'I agree' button or continuing to use the service you signal that you are giving informed consent to voluntarily entering into the contract.


While ethically sound practice to get informed consent from users prior to the start of a service or subscription, it often doesn't work out that way.

  • T&C's, the small print is often very extensive. It has been estimated that workers in America would lose 76 working days each year, just reading T&C's. Nearly everyone just clicks 'I agree' without reading the fine detail, so how could the permission you provide be described as informed consent. And its 'not being lazy, its matter of not having enough time.
  • T&C's use very precise legal language when laying out the legally binding agreement between themselves and the user. The precise legal meaning of the T&C's isn't always clear to a non legal professional user, so users cannot be certain exactly to what they are agreeing to.
2. Promise Confidentiality & Security

T&C's tend to start with a statement regarding the confidentiality or privacy of data. Social media sites provide a series of controls which users can decide what parts of their data they want to share, what to make public or keep within friends groups.

Some sites like WhatsApp allow users to encrypt their data to provide an extra layer of security. This means that it cannot be read by others, even its intercepted. They also promise to keep, copy or store messages on their servers so that there's no way for them to divulge the data to anyone else, even if they wanted to.


A lot of organisations and social media platforms, for example Twitter place limits on the degree of confidentiality or privacy they offer. Twitter agrees to disclose data in response to a legal or governmental request and these requests are becoming increasingly common because:-

  • The rise of 'trolling' and unacceptable social behaviour where people are abused, threatened or harassed on-line.
  • International crime and terrorism and increasingly using the internet to communicate, recruit and plan illegal acts
3. Sharing data and content

Ethical organisations will frequently highlight the extent to which they share your data with others. Most will confirm that they will not share your data with other third party organisations, but buried in the T&C's is often a clause that reserves the right to use your data for research, in order to deliver content that you might find interesting.


Search engines and social media sites provide free services paid for by advertising. Unfortunately, while free stuff is nice, being supported by advertising leads to some compromises.

  • On social media sites, almost none of the information you provide is private. Facebook and Twitter for example state that they will use all the information you provide, from your online activity, your posts, your photos, what you share, what you like and from they might infer ('guess') from your data. They will use this information for targeted or directed advertising i.e. they will place adverts from companies who supply goods and services in the areas in which you've expressed an interest on your social media page. This can skew your choice, and you may be led to buy items that are more expensive than those you might find from general research.
  • The opinions you express on line about particular brands can be used by social media sites to endorse brands or companies without your permission and without compensation. In other words Facebook can be paid for supplying your endorsement, perhaps expressed though a 'Like' but not you.
4. Monitoring, tracking & Cookies

Cookies are unique pieces of information generated by a Web server and stored in the user's computer. They become part of the HTML information being passed to and fro between the users computer and the web server.

Their purpose is to enable web applications to respond to you as an individual. This is achieved by gathering and remembering information about your preferences so that the web application can tailor its operation to your needs, likes and dislikes.

Through the use of cookies web developers can create better web applications that are more personal, easier to use and richer in their degree of interactivity.

For example, a cookies can be used to remember your name, the colours and fonts and layouts that you prefer to see. Also with cookies 'virtual carts' can be created to keep track of what you are buying in on-line shopping sites.


Cookies have their advantages, but their presence on your computer raises some ethical issues. Generally they revolve around achieving a balance between privacy and customised web experience.

  • Cookies can be used to track everywhere a user goes. They are the equivalent of a stranger following you about everywhere you go.
  • Cookies can be used to store websites that have never been visited by the user. Mostly these have been placed there by companies that sell advertising space which allow them to target advertising at you based on an common interests revealed by visiting the website.
  • A website that 'knows you' through their cookie placed on your computer could exchange the data with other companies, so they already 'know you' even if you are visiting their website for the first time.
  • Cookies can become persistent. The 'persistent cookies' can last for years, even if your ISP changes or the browser is upgraded.
5. Storing Data

To many, capturing data, analysing data in the hope of gaining a competitive advantage over competitors or providing a better customer or user experience is the one of the essential purposes of the internet and use of digital technology.

Files that contain personal or data that can be used to identify individuals come under the terms of the Data Protection Act 1988. Essential they revolve around three areas.

  • How data will be stored.
  • Who will have access to the data.
  • How will users access the data.

Capturing data implies data storage and analysis suggests accessing and sharing the data and this is where important issues have to be resolved.

  • How and where will the data be stored? Data has to be kept secure and safe but a balance has to be maintained. It has to remain accessible or no one can use it. And on what medium will data be stored? On paper, disk or removable device? Will it be available on equipment with WiFi, Blue-tooth or USB capabilities? And if so, what precautions are taken to guard confidentiality.
  • Who will have access to the data? Issues here surround not only people within an organisation but also with other organisations with which data shared. For example is it right that insurance companies should be allowed to access your medical information? Should loan companies be permitted access to your financial information before deciding to lend money?
  • How will users access the data? Although related to who accesses the data, issues here revolve around how they access the data. Will it be available on or off line? If on-line what steps are taken to guard confidentiality? How will access be controlled and who decides who has access? Will data be passed to other countries and how can it's security be guaranteed in these other countries?
6. Withdraw Consent

Everything has its own life cycle and most ethical organisations allow users to 'un-subscribe' or de-activate their accounts when they've stopped using the service.

Less ethical companies in the past would make it very difficult for user to leave a service by burying the opt out link in hard to find locations. This is because, they got paid according to the number of subscribers. More subscribers, meant they could charge more money.


Normally you would expect all your personal data to be removed whenever an account was deactivated, but not so. In most social media platforms, if your posts, photos and videos have been shared by other users, then they will remain active and accessible by others subject to their own privacy settings, even after you leave. Effectively, you cease to become the owner of the content you provide, if at any time it's picked up by other users.

  1. Create a page in your notebook Applied Ethics
  2. Click the link Fraud; to discover what fraud is. Copy the definition and paste it into the page.
  3. Find out how a Ponzi Scheme works. And explain how it works in your notebook.
  4. Read the statement opposite and explain in your notebook whether you think its ethical to leave users to make their own decisions and mistakes, or whether you think they should be protected from others. Make sure you give at least 3 reasons for your viewpoint.

The internet is rich with fraudulent scams aimed at separating money from the unwary. Many promise get rich quick schemes like Bernie Madoff's Ponzi scheme.

Some people believe it's a case of buyer beware and victims have to take responsibility for their mistakes. In other words, it's the victims fault, they should have known better, because if you can get way with it, why not?

Others argue that innocents should be protected from unethical practices and show that even very clever and well informed people can become victims of Scammers.

Many successful large and small companies make contributions to charity or invest in their local communities. Bill Gates from Microsoft is becoming increasingly famous for giving away his enormous fortune.

Apple Inc is an extremely successful company well known for its trendy, style led, electronic goodies popular with design specialists and people who consider themselves cool. But is Apple an ethical company?

  1. Read the post on Apple's Appalling Ethics.
  2. The post above was written in 2012. Do further research to see if the situation has changed. Ethical Consumer is a good place to start.
  3. Explain in your notebook whether you consider Apple to be ethical. Should Apple become more ethical? Do you think it matters.?
  4. Would Apple's business ethics affect your buying decisions?
Ethical Apple?
Suicide nets being fitted at Apple's Supplier Foxxconn in China to prevent people killing themselves through stress and pressure of work.

Firefox an open source internet browser (a very good one) produced and distributed by Mozilla. Find out more about Mozilla by checking out the following links.

  1. Overview of what Mozilla is about.
  2. The Mission of Mozilla
  3. Read The Mozilla Manifesto..
  4. Under a heading An Ethical Company in your notebook. Explain why you think Mozilla might be considered an ethical company? Is it different to Apple and if so in what way?
  5. Do you think that being an ethical company makes a difference? Would you like to work for them? Would you like to support them? Would you be more likely to use their products than others?

Can you now do?

  • Describe ways of how ethics can be applied in 'real life'.
  • Give practical examples of ethical best practice in organisations.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee