When you tell a secret to a friend, you normally don’t want your friend to tell that secret to anyone else. Depending on what the secret is, someone’s reputation or even physical safety can be threatened, if your friend doesn’t keep the secret. The same goes when you give your personal data to a company or a state.
So what exactly is Seluxit doing about data ethics? Seluxit has taken the initiative to employ a PhD student in the field of philosophy with a specialization in ethics, and is writing a collection of principles of data ethics.
These principles have general application but stem from questions that arise in our daily work. The principles will serve to guide the decisions we make in our work. The principles, which can be browsed here on our website, are being published in a series.
Simply put, security is about protecting data from unauthorized access, use, alteration or deletion. Different measures can be taken in order to make sure that data is secure. For instance, you can physically locate the data somewhere safe, you can encrypt the data so that the data are completely incomprehensible without the correct translation key, and so on.
Security is important for several reasons. One reason is that it helps protect people’s privacy. If customers give their personal data to a company, it is normally with the expectation that the company protects the data. If the data in question are very personal, a security breach can lead to an immense invasion of privacy.
Security is not only an important feature of privacy protection, it is also important for avoiding blackmailing, financial fraud, espionage, and so on.
Smith owns and uses a wearable fitness tracker, which collects data about Smith’s activity level, heart rate, sleep patterns, location, etc. Unfortunately, the manufacturer who collects all the data has very poor data security. One day, a hacker named Jones gains access to all of Smith’s data. Jones can see that Smith’s heart rate normally goes up for 30 minutes every tuesday night at the same location. Jones makes a quick Google search to see who lives at that location. It turns out that it is one of Smith’s colleagues. Jones now uses this information to blackmail Smith. He wants $10.000, or he will reveal to Smith’s wife, children and friends that Smith is having an affair with the colleague.
Smith owns a robotic vacuum cleaner, which is connected to the internet. As it moves around in Smith’s house, it collects data about when it is used, where it is used, etc. After having vacuumed Smith’s house for a few months, the manufacturer of the vacuum cleaner has a detailed map of Smith’s house, and they know when Smith is usually not home. Unfortunately, the manufacturer of the vacuum cleaner also has very poor data security, so Jones is able to get access to Smith’s vacuum data. He sells this data to a group of burglars, who breaks into Smith home the next day when he is not home.
Any company or state who collects data, especially personal data, should make sure they have a sufficient level of security. For a company, the consequences of a data breach can be devastating, since it can completely undermine customers’ trust in the company. This is of course bad for the company. But as the examples above have demonstrated, security breaches can also have outright harmful consequences for the data subjects.
Make Sure that Data Is Secure.