Storing information about individuals, particularly information that can be used to identify that person, (PII) comes with a set of risks by the individual and responsibilities by the entity storing them.
One issue is the matter of intent. What is the intent of the entity storing the information? While the user is trusting the entity with their information they have a certain expectation for what it will be used for. Another issue is one of ownership. This is something that should be stated very clearly and immediately before any information is given. Most users expect that the data they submit belongs to them and that the entity will hold it for them and keep it safe. This is often not the case. A third issue is one of inappropriate use. A user can sign over their information on the agreed upon basis that it will be used for market research, but the entity may do other things with it, such as selling it to a third party for the purpose of psychological profiling.
One final issue ties into the previous issues, that being, freedom from unauthorized access. An individual authorizes use of their data, and should have the right and ability to control or change that access.
These ethical concerns imply a certain degree of risk. While any part of the internet can be theoretically accessed from anywhere in the world, different countries face differing degrees of risk.

Take a country like the UK. They are a major source of petroleum production and export with the operations in the bearing sea while a country like Chad does not. Therefore, the risk to operations interruption is higher for companies operating in the UK. A different risk would be data manipulation and how the risk differs based on how the system is ran. Taiwan for example is at at a higher risk for market manipulation by third parties due to it’s public facing nature and differing regulation than with a country like the PRC which is largely controlled by it’s government and thus is at less risk of external manipulation.

Either way, across the world, anywhere with a public facing information system is at some kind of risk, and the ethical concerns with how that risk is managed is an ever present issue.

Works Cited:
-https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/an-ethical-approach-to-data-privacy-protection
-https://digitalprivacy.ieee.org/publications/topics/ethical-issues-related-to-data-privacy-and-security-why-we-must-balance-ethical-and-legal-requirements-in-the-connected-world