Why you need a code of ethics (and how to build one that sticks)

Most companies aren't run by mustache-twirling villains who abuse customer data for the thrill of it. In practice, they take incrementally more unethical steps, lured by the siren song of profits. Can a digital code of ethics stop the creep?

executive being tempted by the devil

The tech industry isn't a bunch of scrappy underdogs anymore. In the wake of numerous data lapses and incidents of personal data being monetized in ways users never expected, consumer trust is dropping—according to a recent survey from Selligent, 75 percent of consumers are worried about brands tracking their browsing behavior. And it's not just customers: unethical behavior is causing tech talent to balk at working at certain companies, and some employees are refusing to work on projects they deem morally dubious.

It's become more urgent than ever for organizations to establish a code of ethics, laying down strict guidelines to circumscribe potentially dubious actions. But drawing up a set of guidelines is only half the battle: you need to give an ethics policy teeth, or it'll be cast aside as soon as breaking the rules can give the company—or some division or employee—a momentary advantage. "This comes down to the top team owning and embracing the policy," says Alexander Lowry, who directs the ethics-focused Financial Analysis program at Gordon College.  "They need to live it and embody it. That example is essential."

Importance of a code of ethics

Most of us probably think of ourselves as ethical people. But within organizations built to maximize profits, many seemingly inevitably drift towards more dubious behavior, especially when it comes to user personal data. "More companies than not are collecting data just for the sake of collecting data, without having any reason as to why or what to do with it," says Philip Jones, a GDPR regulatory compliance expert at Capgemini. "Although this is an expensive and unethical approach, most businesses don’t think twice about it. I view this approach as one of the highest risks to companies today, because they have no clue where, how long, or how accurate much of their private data is on consumers."

This is the sort of organizational ethical drift that can arise in the absence of clear ethical guidelines—and it's the sort of drift that laws like the GDPR, the EU's stringent new framework for how companies must handle customer data, are meant to counter. And the temptation is certainly there to simply use such regulations as a de facto ethics policy. "The GDPR and laws like it make the process of creating a digital ethics policy much easier than it once was," says Ian McClarty, President and CEO of PhoenixNAP.  "Anything and everything that an organization does with personal data obtained from an individual must come with the explicit consent of that data owner. It’s very hard to subvert digital ethics when one’s ability to use personal data is curtailed in such a draconian fashion."

But companies cannot simply outsource their ethics codes to regulators and think that hewing to the letter of the law will keep their reputations intact. "New possibilities emerge so fast," says Mads Hennelund, a consultant at Nextwork, "that companies will be forced by market competition to apply new technologies before any regulator has been able to grasp them and impose meaningful rules or standards." He also notes that, if different silos within a company are left to their own devices and subject to their own particular forms of regulation and technology adoption, "the organization as a whole becomes ethically fragmented, consisting of multiple ethically autonomous departments."

And creating an ethics policy has definite business benefits. "It's advantageous for brands to put consumer data privacy at the forefront of their data strategies," says Gladys Kong, CEO of UberMedia. "Brands have a responsibility to be clear on knowing what data they have access to and what permission levels they've been granted by consumers. As long as companies are respectful of that principle, there is no 'gray area' in a data strategy—it’s clear to both company and user how data is gathered and handled."

Building a digital ethics policy

If you're going to build your own ethics code, how are you going to go about it? Nextwork's Hennelund, offers a framework for doing so, based on five ethical themes.

To continue reading this article register now

Download CIO's Winter 2021 digital issue: Supercharging IT innovation