When storing electronic information about an individual there is a need to consider the ethical issues of doing such a thing. We need consider the fact that such information could be misused by the person storing the personal information, or stolen by a hacker due to lack of any security, who takes responsibility for the loss of any personal data, and ensuring that the individual’s personal information will not be given to a third party without their consent.

When an individual is asked to give up personal information about themselves it falls to the organization receiving it to properly store it. However, if the person receiving the personal information takes the data and misuses it, then the organization responsible for the employee would be at fault for not properly preventing employees from misusing personal information. Ideally an organization would follow the the NIST guidelines in regards to best the practices for handling data systems. In doing so they would establish who should be responsible for handling the data entry of personal information and what level of access they have to such information. It is an organization’s ethical duty to not be negligent when ensuring that the employees they hire can be trusted by the clients who use their services.

Another ethical issue that arises when storing personal data is ensuring that the data is properly protected. If an organization has little to no protection against cyberthreats, then they are endangering the individuals who have given them their personal information. An organization that ignores its responsibility to ensure the personal information is confidential is ignoring the ethical duty of properly protecting their clients from those who would attempt to steal the personal data. Stored information should always be confidential and have integrity when being managed throughout any system. Part of ensuring the confidentiality and integrity of personal data is also making sure to address known vulnerabilities that can be resolved when found.

Another major ethical issue when storing personal data is who takes responsibility for the loss of any personal data. Should there be a data breach, then who would take responsibility for the loss of any personal information? Does it fall to single employee within the organization or does it fall on the organization as a whole? Ethically speaking, it should be the responsibility of an entire organization to ensure that should there be a loss of any personal information, then any individuals affected by the loss would be compensated as necessary depending on the situation. No individual should feel that they are at risk of losing any personal information with no one to take responsibility and give a sense of assurance that the situation will be rectified.

Lastly, another ethical issue to consider is an organization giving personal data to a third party without the consent of the individual involved. This can be seen as a relevant issue today as there is a large push for companies to be transparent in their handling of personal information. For this reason, when accessing an app or webpage that needs an individual to enter personal information, the webpage or app will immediately proceed to ask for permission to use your personal information for “advertisements” and usage reports. It would be considered unethical if an organization began to use an individuals personal information without properly notifying them.