Technology continues to envelop our daily lives, in business, at home, in leisure and athletics, across the globe and into space. Despite wide ranging benefits, corporate entities and individual consumers alike have begun to recognize the risks inherent in digital services.
I recently spoke at a Daniels Fund conference panel about ethics in business. A student remarked, “I have access to so much data in the workplace. How can you protect from a bad apple stealing your information?”
Ethics is the key to protecting from these types of internal threats — and it helps your company handle external threats as well.
Gartner has even named Digital Ethics and Privacy as their Number 9 trend on the Top 10 Strategic Technology Trends for 2019. They recognize this growing awareness of the value of personal information and concern among various entities and individuals over how personal and sensitive data is being consumed, processed, and shared among public and private organizations.
Gartner’s advice? Move from asking “Are we secure?” or “Are we compliant with regulations?” to asking “Are we doing the right thing?”
At Green House Data, we’ve been striving towards transparent operations, ethical practices, and protection of privacy since day one. We’re glad that others have joined us. Here’s why digital ethics are so vital, why they will continue to be a contentious issue moving forward, and how you can be a better information steward.
While your family and friends may not really know how the cloud works, they know many of their favorite internet services use it. Even if they aren’t aware of cloud computing, they definitely know about the type of information they’re sharing: with Facebook, with their banks, through email providers, and anywhere else online.
That consciousness has come to a head through highly publicized news stories about major data breaches, which seem to come on a quarterly or even monthly basis. Small breaches are even more common, but the heavy hitters like Facebook or marketing firm Exactis (which exposed 340 million records) have demonstrated that nobody is safe from having personal information exposed.
Warnings from national and local news stations and the specter of foreign hackers or even governments accessing personal data are driving public awareness. The result? Increased legislation, compliance mandates, and international regulations that companies and governments must adhere to when processing, storing, and sharing data.
To succeed in this environment, service providers who handle personal and sensitive business data must gain and maintain the trust of their customers.
Everything from your public communications to your internal values have to reflect not just secure practices but a strong moral and ethical code in order to achieve trust.
Companies must demonstrate their compliance with data security requirements, certainly. But they should also go above and beyond the requirements wherever possible. Could you add another compliance standard to your security measures, even if you don’t process the type of data or work with the organizations or countries specified in the mandate? Are you auditing yourself internally and/or with external auditors?
More and more mandates require the ability to provide or delete personal information upon request. You should implement internal systems that can retrieve and remove that information on demand across your entire environment now, before you have to. GDPR in Europe and the California Consumer Privacy Act are among these mandates. They will only become more common.
Are you gathering and publishing, internally or externally, regular risk reports and security fixes? How are you building your employee workforce? In addition to hiring specific security roles and a Director of Compliance and/or InfoSec, you should ask every employee in every department questions about ethics and security as part of your interview process. Regular training on how to securely and ethically interact with data is vital.
Building an ethical culture helps secure your data. Internal threats are as real as external threats, and in many cases are even more likely to occur.
A sense of community and a commitment to cooperation between government entities, public organizations, and private companies must persist in order to build a network of trust and an overarching security culture.
Ultimately a single group cannot secure even the data under their purview. Information moves, beyond single databases and even beyond borders. Sharing common standards and common knowledge across the entire digital chain — even down to individual consumers — will help create a collaborative culture of trust and security.
Ethical business practices are on the rise, for a multitude of reasons. Practicing transparency, community involvement, and environmental stewardship throughout your organization pays dividends beyond a sense of well-being. It helps attract strong talent. And it creates a corporate image of integrity that persists even into the realm of information security.
Simply put, if you practice what you preach in regard to “Doing the right thing,” your customers and stakeholders will believe that you are, in fact, doing the right thing. And they’ll be more likely to trust you with their most important data as a result.