Data ethics icon

It’s Time to Focus on Ethics in Data Governance

By Deborah Henderson

Ethical handling of data has historically been considered by the IT community to be the concern of public policy. Government, on the other hand, has assumed that the IT community was largely self-policing and the issues were …well… techy and complex. Historically, this has led to neither side fully addressing the considerations and complexities of ethical controls on data activities.

The landscape is now beginning to change and data analysts, DBAs, data scientists and other data management professionals need to take note. Internal controls in business case development and project management need to be screened with an ethical lens and backed by a corporate ethics framework. Now data governance programs are encouraged to establish acceptable parameters in-line with the corporate framework.


Without ethics considerations in a data governance program, there is increased risk on several fronts — from loss of reputation to loss of market share with possible customer boycotts, loss of shareholder value, potential regulatory compliance issues and various legal exposures.

But what does ethical handling of data require? Ethical handling of data is a corporate-wide commitment to managing data based on principles and a code of conduct that protects individuals and communities and respects data ownership.

This means that companies need to provide safeguards against the following risks:

  • Insufficient data security and privacy, exposing data to potential fraudulent transactions.
  • Lack of social impact analysis on initiatives. Decision-making can be opaque and, in certain contexts, may lead to unfair outcomes. For example, job applications may be rejected without clear explanation or automated tools might exacerbate or reproduce inequities similar to those found within the criminal justice system.
  • Uncontrolled data copying and distribution to limit risk of misuse or individual data exposure.
  • Lack of monitoring data contract compliance with vendors and partners for fair use.
  • Lack of project approach reviews with an ethical assessment for bias or weak assumptions in analytics and reporting.
  • Lack of peer review and oversight leading to misuse of statistics in big data analytics, AI, machine learning and data visualizations.
  • Use of poor quality data or data of unknown quality or source.
  • Analysis of risk for data recombination in big data analytics and data lineage. Analysis and tracing the source of data may expose individual identity, violating individual data ownership and protection.


Review and critical deliberations on analytics findings and their proposed use in business initiatives are now a new part of the checks and balances necessary for data governance ethics monitoring.

Caution needs to be taken when reviewing new understandings about the customer emotions and behaviors in marketing programs. These insights can be used in ways that influence or even manipulate the decisions customers and the general public make in unprecedented ways — from the products people buy to the news they read.

Consider “preferred customer programs” and the largely opaque but growing stratification of consumers as these created sub-communities continue to proliferate through marketing programs.

Insights can also be deployed to directly control our freedoms — where we can live, where we can go, what work we can have. Programs for limiting or channeling freedoms and choices are accepted today in various parts of the world based on cultural and political norms and legal frameworks where the corporation does business. It is not a stretch to imagine a culmination of loosely related influencing programs that over time create an anti-utopia.


But what if there is no corporate ethics framework to hang the data governance ethics framework on? The data governance program must initiate a data-centric framework based on best practices — and through its ongoing change management and communications program, seek the very necessary buy-in from senior management.

Since corporate ethical stance and follow-through are now top of mind due to high-profile data breaches, data misuse and global shifts on privacy regulation changes, senior executives are very concerned with the consequences of corporate actions. The data-focused C-suite (Chief Data Officer, Chief Information Officer, Chief Analytics Officer, et al) have significant responsibility in the framing of ethical handling of data. A data governance program should be welcomed in the proactive development of policy and operational controls. Addressing data ethics may well kick-start the larger review of general employee ethical expectations, policy, education and compliance.

Not all news is worrisome. A newly established Centre for Data Ethics and Innovation (CDEI) in the UK has launched a consultation phase seeking input from corporations, academia and individuals on the issues, advice, laws and best practices to start addressing data-driven technologies. The CDEI also notes huge gains in science and technology based on deep analytic insights and a bright future for AI in illness diagnosis and environmental impact. It aims to help assure trust in the emerging data-driven economy.

Data governance practitioners should keep watching for reference groups like CDEI to guide their corporate data ethics framework.

AI and generative AI article