Explore where business and technology intersect
Popular Security

Private, prudent and proactive: the ethics of data management for SMBs

February 16, 2018

Private, prudent and proactive: the ethics of data management for SMBs

Modern business is increasingly driven by data, especially customer data. It’s possible for businesses of all sizes to serve their markets better, but this makes data valuable – and valuable things need to be protected.

What are the practical ethics for small and medium businesses when it comes to data security and privacy? Legal and regulatory compliance is vital but more important is your organisation’s attitude and culture around data. Let’s take a closer look.


With the pace of data creation and capture ever-accelerating, and with technologies like artificial intelligence (AI), big data, cloud computing, social media and the internet of things (IoT) gradually become commoditised, even smaller businesses can tap their potential to become more agile and offer highly customised new services.

It’s no surprise that the market for big data analytics is predicted to reach $203 billion by 2020, while we can expect to see an estimated 20.4 billion connected ‘things’ in use by the end of 2020.

With so many interconnected devices in our lives generating and sharing data, businesses are in a unique position to leverage this raw information.


Embedded computing and big data harvest and analyse data on a massive scale, enabling businesses to tweak and improve products and services.

These IoT systems can also be used internally to maximise staff productivity: for example, tracking where employees are in a store and deploying them to where there are customers. Wearables like Fitbits may even be required as part of corporate insurance policies.

However, many of these systems collect highly personal data on users, which raises plenty of concerns. But governments are taking action; in the UK, for example, the House of Lords is conducting a review into the ethics of AI. And the European Union’s new General Data Protection Regulation (GDPR) is now in effect. Far from being a Union-only law, it broadly applies to any organisation that processes, or controls the processing of, Union citizens’ data.

And it’s got teeth, with penalties up to €20m or four per cent of global annual turnover – whichever is higher –for serious infractions.


Managing these data privacy challenges won’t be easy, but there are a few areas where SME owners can start:

  • Develop and communicate a comprehensive employee privacy policy, including what personal data is collected, why and for how long.
  • Create strict security policies including prohibition of non-approved consumer-grade cloud services and devices for work purposes.
  • Create an acceptable use policy for internet browsing at work.
  • Stay abreast of consumer privacy/data protection legislation to ensure compliance with relevant legal frameworks.
  • Always consider the ethical impact of emerging technologies and consider adopting an ethical code of practice.


According to futurists Rohit Talwar and Steve Wells, “A digital ethics code governing our use of data and technology has now become as essential as a health and safety policy.”

If done right, having such a code in place can help protect employers from potential litigation and industry fines, while improving relations with customers and employees. Most importantly, once a solid ethical framework has been established, you can really begin to tap the power of emerging technologies to drive business success.