Mid-Atlantic Privacy: Ethics are your True North
Note: This post is part of a series on the Mid-Atlantic Privacy Compass. Over the following weeks, Commissioner White will explore each of its Compass Points in greater detail.
Ethical behaviour should always be an organisation’s true north. An organisation’s ethics inform their sense of corporate responsibility and must be valued as much as profitability.
Organisations should develop Deliberate Ethics, a process for considering and formalising ethics within their operations through both an ethical framework and the mechanisms to implement it, such as ethics review processes and advisory boards.
Particularly, organisations working in advanced technology that move more quickly than laws and regulations must recognize their responsibility to engage in ethics-by-design and demonstrate their accountability.
North has always had a point of primacy on the compass rose, and there's no better concept to place in this honoured spot than Ethics. Ethical behaviour should always be an organisation's true north, the central focus from which all other ideas radiate. Many of the privacy decisions that an organisation makes are ultimately a matter of ethics, as they consider what may be the right thing to do, how to meet promises they have made, and what the expectations may be of the individual subject of the data.
We are starting to see more organisations, management bodies, and industry groups recognise that we have created an imbalanced society by placing quarterly returns and shareholder profits above all other considerations. Short-term mind-sets lead to irresponsible exploitation of individuals or common property. If organisations are to be more than merely financially successful, are to become socially successful forces for good in our communities, they must place a higher value upon ethical behaviour.
Many organisations support corporate responsibility efforts, which can fall under many headings. It could be charitable giving of time or money, responsible treatment of natural resources and the environment, or consideration of how data and technology can be used for the public good. I applaud these efforts but maintain that our support for ethics must go further: we must consider maintaining ethical standards to be at least as important as making a profit.
Ethical behaviour will not happen by accident or in an ad hoc manner, which is why I am proposing the idea of Deliberate Ethics. If you'll pardon the wordplay, organisations must be deliberate in choosing to embrace ethics, and they must deliberate carefully on the goals and mechanisms they choose. The manner in which Deliberate Ethics is executed may vary from organisation to organisation, but what should be consistent is the presence of an identified process for thinking through and weighing these issues.
As with other organisational policies and procedures, ethics must be formalised and documented so that expectations are clear and the ethics process may be examined. Ethical review processes and advisory boards are two mechanisms that forward-thinking organisations have implemented recently. Whatever the mechanism an organisation chooses, it must be empowered with a voice and authority to effect change. The privacy principle of Accountability provides considerations for documenting and demonstrating due diligence in this regard, among others.
Organisations working in advanced technology or using data or technology in innovative ways must recognise that they have a special responsibility. They will often be moving more quickly than the laws which regulate their behaviour, so ensuring Deliberate Ethics is especially important. With the glory of blazing a new trail comes the responsibility for personal and societal impacts.
By putting into effect ethics-by-design processes, ensuring their ability to demonstrate accountability, and documenting the steps they took to behave properly, organisations can maintain the trust of the public and stakeholder groups--and never lose sight of their true north.
Alexander McD White
To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.