Many companies/organizations store an extensive quantity of private information that has the potential to create various ethical issues through the intentional or unintentional misuse of that information. Two significant types of private information that are of great concern are Personal Identifiable Information (PII) and Protected Health Information. Organizations have a variety of reasons for storing this data, whether it is employee or customer data. Personal Identifiable Information contains information that is relevant to a specific individual such as their SSN number, birthday, address, phone number, etc… This information is sensitive, as it can be utilized to engage in identity theft. Protected Health Information is protected in accordance with the Health Insurance Portability and Accountability Act (HIPPA), which regulates how this data is collected, stored, and transmitted. Additional private information that is collected and stored is financial information and personal behavior information. Behavior information can identify where you are located and things you are interested in.

There are several ethical issues that must be considered when storing private information about individuals. First and foremost, this information has value as it provides critical data that can be used to exploit an individual for financial gain. As a result, this information must be protected. One ethical issue that must be considered is ensuring proper use and purpose. As this information has value, many organizations collect this information in order to sell it to third parties, unknown to the individuals. This provides the financial gain, and the potential for further financial gain for those consumers of that information. Another ethical issue that must be considered is the collection of this information, also often unknown to the user. Many companies install “cookies” on your computer when they access various websites. These cookies then help keep track of any activity. Whereas this may be for viable reasons, many times, it is just to track your activity in order to collect and exploit information about the consumer. Another ethical issue organizations must consider is appropriately investing their infrastructure and information security. If an organization is storing personal data, it is their responsibility to properly invest and institute the appropriate controls to protect that information. Maintaining current hardware and software infrastructure an deploying security updates and patches come with a cost, but are critical to protecting data. An ethical issue that arises from loss of this information is associated with public notification of this loss of information. Companies know that loss of personal data will have probable negative financial impacts and loss of reputation, so they will control how the public is notified, sometimes delaying public notification in order to protect the organization.