When it comes to digitally storing the personal information of individual users, those in charge have a moral , and often a legal, obligation to treat and handle this data ethically. Ethical data handling is far from a single threaded issue. Some of the issues that are particularly deserving of greater scrutiny include data sourcing, the intended use of the data, data protection, as well as data privacy (Segalla and Rouzies).

To better understand the concerns regarding data sourcing let us examine the controversy surrounding the facial recognition service of Clearview AI. Without getting prior consent, the company used scraped images of people off of social media to compile into a database of nearly 30 million pictures (Farrell). Access to the facial recognition database was then sold to both law enforcement agencies as well as private consumers. In an interview with the BBC, a representative of the Miami Police Department was quoted as using the facial recognition “for every type of crime,” and they are far from the only precinct doing so. Facial recognition in general has problem correctly identifying people with dark skin complexions, which could lead to false positives, and when used in criminal investigations that could mean wrongful arrests. The actions of the company landed them in legal trouble with countries such as France, Italy, The United Kingdom, Australia, as well as several states and cities within The United States (Farrell). Does thing sound like a database people would have consented to be a part of had they been asked? This goes to show, when discussing data storage, just because one can doesn’t mean they should.

The next concern is an extension of the first. Not only should people be aware of if, when, and how their data is being collected, but they should also be made aware of why. When signing up for service it is not uncommon to give up information such as your name, phone number, email, and even home address for retail sites. As a user you understand this info is needed to create your account, communicate with the service, and receive products through the mail. You understand the purpose and consent to this. What user may not realize is this data is often sold to third party entities for marketing purposes (Segalla and Rouzies). If consumers were aware of this hidden purpose upfront it could change want information they are comfortable giving up. A real world example to highlight the important of purpose in data collection comes from a French banking firm. The firm ran a trial of actively monitoring email communications to predict future cases of workplace harassment. While a noble intention, and early trials showed some promise, the project was ended after data collection concerns were raised (Segalla and Rouzies). The original purpose of the data, being emails in this case, was understood to be for work-related communications. Though this purpose changed once it was being used as a tool to mark employees as potential harassers. It is important that the purpose of data is understood upfront, and that continued informed consent is maintained as the purpose changes and develops.

Once ethical data sourcing and purpose informed consent it achieved it is vital than an organization takes the steps needed to protect this data. The examples of major breaches caused by incompetence and preventable errors is numerous. The Equifax data breach was caused by an expired digital certificate (Nohe). The English telecommunications company, Virgin Media, suffered a breach due to an configuration error that was present for ten months (Segalla and Rouzies). The banking giant JPMorgan made a breach possible due to a zero-day vulnerability in their web applications (Trend Micro). It organizations are going to need and use data then they have an obligation to protect it thoroughly. Not only do they owe it to their customers, but to their employees and stockholders as well, as the aftermath of these breaches can be very high cost in the way of fines, lawsuits, and beefing up security.

A final major concern of data collection is privacy. This often goes hand in hand with protection. The notion is that the data shouldn’t be able to be traced back to an identifiable individual, at least without their consent. Methods of reaching anonymization include summarizing the data, making approximations, slightly shifting the data by adding an miniscule value across the board (Segalla and Rouzies). Some data collecting organizations are willing to lack in this area because the more specified the data then the more valuable it is. In an experiment researchers were able to identity people out of a dataset with just their area code, birth date, and gender (Segalla and Rouzies). IP mapping is a method of linking an IP address to a geographical location, and is used for finding nearby products/services, but if this data was breached and not properly anonymized it could lead to disastrous results. Without proper data privacy, people can be victim to doxing, harassment, etc.

While data collection is a necessary process for many services and products to function, is it vital that this data is handled ethically and professionally.

Works Cited

Farrell, James. “Despite Backlash, US Police Are Still Using Clearview Ai Face Recognition Software.” SiliconANGLE, 28 Mar. 2023, siliconangle.com/2023/03/28/despite-backlash-us-cops-still-using-clearview-ai-face-recognition-software/#:~:text=Then%20in%202022%2C%20after%20the,including%20law%20enforcement%20in%20Illinois. Accessed 27 Jan. 2024.

“JP Morgan Breach Affects Millions, Shows the Need for Secure Web Apps.” JP Morgan Breach Affects Millions, Shows the Need for Secure Web Apps – Noticias de Seguridad – Trend Micro ES, www.trendmicro.com/vinfo/es/security/news/cyber-attacks/jp-morgan-breach-affects-millions-shows-need-for-secure-web-apps?_ga=2.240898499.1353170936.1533524651-1953566395.1528105704#:~:text=Upon%20closer%20scrutiny%2C%20the%20breach,in%20the%20affected%20websites%20then. Accessed 27 Jan. 2024.

Nohe, Patrick. “The Equifax Data Breach Went Undetected for 76 Days Because of an Expired Certificate.” Hashed Out by The SSL StoreTM, 26 Aug. 2020, www.thesslstore.com/blog/the-equifax-data-breach-went-undetected-for-76-days-because-of-an-expired-certificate/. Accessed 27 Jan. 2024.

Segalla, Michael, and Dominique Rouzies. “The Ethics of Managing People’s Data.” Harvard Business Review, 13 June 2023, hbr.org/2023/07/the-ethics-of-managing-peoples-data#:~:text=Most%20problems%20arise%20from%20(1,how%20it’s%20prepared%20for%20use. Accessed 27 Jan. 2024.