Data Security

Ethics in Practice

Ethics in the real world

The previous page described some of the ethical considerations that have to be thought about by organisations when thinking about gathering and using data from customers and internet users.

Experience has shown that organisations that don't give appropriate consideration to these questions quickly lose the users trust and business. And this is often followed by business collapse.

The remainder of this page is concerned with how repsonsible organisations resolve these ethical questions into a code of 'best practice'.

some examples of business that have collapsed.

Applied Ethics

It's important to recognise from the start that there is no one organisation that has all the answers to the ethical dilmemmas posed earlier. Different organisations have different answers and as we shall see, some of their solutions give rise to further dilemmas.

A lot of the following examples are from social media, mostly because its where users volunatarily surrender the most data about them selves. Also because the rights of the users feature a lot in the press and where the 'rights' of the individual, organisation and governement come into conflict.

1. Obtain Consent

Lots of organisations want your business and they begin by encouraging users to 'subscribe' or sign up to a service, magazine, on-line shop, social media platform etc. This is the first big stage in data collection process. On signing up, users have to confirm their email address and by clicking on a confirmation link, will be taken to the services terms and conditions (T&C) - also known as Statement of Rights and Responsibilities. (SRR).

The T&C's or SRR's are the small print or the legally binding contract that exists between yourself as the user and the organisation. They spell out exactly what they will do, what your rights are and what you are allowed and not allowed to do.

By clicking the 'I agree' button or continuing to use the service you signal that you are giving informed consent to voluntarily entering into the contract.


While ethically sound practice to get informed consent from users prior to the start of a service or subscription, it often doesn't work out that way.

  • T&C's, the small print is often very extensive. It has been estimated that workers in America would lose 76 working days each year, just reading T&C's. Nearly everyone just clicks 'I agree' without reading the fine detail, so how could the permission you provide be described as informed consent. And its'not being lazy, its matter of not having enough time.
  • T&C's use very precise legal language when laying out the legally binding agreement between themselves and the user. The precise legal meaning of the T&C's isn't always clear to a non legal professional user, so users cannot be certain exactly to what they are agreeing to.
2. Promise Confidentiality & Security

T&C's tend to start with a statement regarding the confidentiality or privacy of data. Social media sites provide a series of controls which users can decide what parts of their data they want to share, what to make public or keep within friends groups.

Some sites like WhatsApp allow users to encrypt their data to provide an extra layer of security. This means that it cannot be read by others, even its intercepted. They also promise to keep, copy or store messages on their servers so that there's no way for them to divulge the data to anyone else, even if they wanted to.


A lot of organisations and social media platforms, for example Twitter place limits on the degree of confidentiality or privacy they offer. Twitter agrees to disclose data in response to a legal or governmental request and these requests are becoming increasingly common because:-

  • The rise of 'trolling' and unacceptable social behaviour where people are abused, threatend or harassed on-line.
  • International crime and terrorism and increasingly using the internet to communicate, recruit and plan illegal acts
3. Sharing data and content

Ethical organisations will frequently highlight the extent to which they share your data with others. Most will confirm that they will not share your data with other third party organisations, but buried in the T&C's is often a clause that reserves the right to use your data for research, in order to deliver content that you might find interesting.


Search engines and social media sites provide free services paid for by advertising. Unfortunately, while free stuff is nice, being supported by advertising leads to some compromises.

  • On social media sites, almost none of the information you provide is private. Facebook and Twitter for example state that they will use all the information you provide, from your online activity, your posts, your photos, what you share, what you like and from they might infer ('guess') from your data. They will use this information for targeted or directed advertising i.e. they will place adverts from companies who supply goods and services in the areas in which you've expressed an interest on your social media page. This can skew your choice, and you may be led to buy items that are more expensive than those you might find from general research.
  • The opinions you express on line about particular brands can be used by social media sites to endorse brands or companies without your permission and without compensation. In other words Facebook can be paid for supplying your endorsment, perhaps expressed though a 'Like' but not you.
4. Montitoring, tracking & Cookies
5. Storing Data
6. Withdaw Consent

Everything has its own life cycle and most ethical organisations allow users to 'un-subscribe' or de-activate their accounts when they've stopped using the service.

Less ethical companies in the past would make it very difficult for user to leave a service by burying the opt out link in hard to find locations. This is because, they got paid according to the number of subscribers. More subscribers, mean't they could charge more money.


Normally you would expect all your personal data to be removed whenever an account was deactivated, but not so. In most social media platforms, if your posts, photos and videos have been shared by other users, then they will remain active and accessible by others subject to their own privacy settings, even after you leave. Effectively, you cease to become the owner of the content you provide, if at any time it's picked up by other users.

Content for Accordion Panel 1
Placeholder image
Content for Accordion Panel 2
Content for Accordion Panel 3

Can you now do?

  • Describe ways of how ethics can be applied in 'real life'.
  • Give practical examples of ethical best practice in organisations.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee