Ethical issues regarding electronic information are generally concentrated around the confidentiality portion of the CIA triad. Who has access to what data is a big concern among the public, and sometimes it seems like companies are requiring more and more “unnecessary” information. The following are some of the major ethical issues regarding the storage of electronic information about individuals:
What information is being collected and stored? Does the individual clearly understand this? Sometimes, companies will import information from other sites, for example, Facebook. Does the individual understand all information that the company is collecting and then using later? Is it ethical to gain information without the user’s explicit knowledge and consent? I would say the individual has the right to know what information a company is using and storing while others might disagree.
Is the company collecting and storing the least information necessary? Oftentimes, when making a purchase online, the consumer has the option to “save credit card information for later use” or not (just check the box!). Is it ethical for a company to store credit card information without receiving specific consent from the consumer? Would it be ethical to make this an opt-out function instead of an opt-in function? Is the company gathering more information than it really needs for its product or service to be used? For example, is it really ethical for video streaming services to require gender and birthdays on profiles in order to use their service? The product is perfectly functional without that information, so why are they asking for it? I think, ethically, a company should be collecting the least amount of information necessary for the use of its products and services, but this is not what always occurs.
How is the information that is collected about an induvial used by the company? Is the company using the information for targeted marketing? Are they selling the information to other companies? Does the consumer understand what the company is doing with their information? I think it is extremely important that an individual understands how their information is being used and shared. Some would argue that any information available on a public platform is no longer considered “private” and therefore can be freely shared. However, having all the data collected in one place easily accessible to unknown individuals with unknown intentions is very different than, for example, sharing the data only with known friends on Facebook.
Another ethical consideration is who owns the information being stored? Does the originator of the information own it? Does the company now own it? Can the company use and/or edit it the information as they would like? For example, oftentimes in photo editing apps, the app creators can own the rights to the images a person uploads. Technically, the consumer probably agreed to it when they signed up for the app, but did they truly understand that? Oftentimes, those initial agreements are so long and confusing that people don’t take the time to fully read and understand them. That is the consumer’s fault, but the companies could also make them easier to read and understand for the average individual. I, personally, don’t think it is ethical for a company to be able to use information like that without the individual clearly understanding first.
Can people outside the company gain access to the stored information? How much effort is the company putting into maintaining the confidentiality of the information? Are they dedicating a reasonable amount of resources so that the information they are storing remains secure? It is impossible for a company to guard against all threats. It is understood in the cybersecurity world that a cost-benefit analysis must be made when developing a cybersecurity plan to ensure the confidentiality, integrity, and availability of information. I would say that the average person probably doesn’t understand that, but they should be made aware. If a company is cutting costs by not implementing reasonable security measures, that is definitely an ethical issue. People generally expect that their information will remain confidential, and the company should be taking sufficient measures to ensure this happens.
These are just a few of the many ethical issues regarding the storage of electronic information. In the society we live in, so much information is available online. Unfortunately, not everyone has “good” intentions regarding how this information is stored and used. Not everyone has the same code of ethics, but there are some things most people agree on. Both companies and people should be aware of the ethical issues regarding this digital information and try to implement best practices regarding these ethical issues.