Issues such as customer profiling, privacy and security must all be considered by businesses striving for ethical applications of big data, according to the Institute of Business Ethics.

Companies the world over are harnessing big data to draw new insights and target customers with more accuracy than ever before, but poor policies can ruin a business’s reputation and ultimately its revenue.

For this reason a new briefing from the Institute of Business Ethics (IBE) has sought to identify where the main ethical risks lie when it comes to big data and how how handling such data can be consistently aligned with corporate values and behaviour.

For example, collecting vast stores of data can help companies to effectively profile their customers, but there is little recourse for those individuals to understand or contest the information that has been gathered on them or how it has been interpreted.

There are also issues around privacy and large datasets being acquired by companies with aggressive marketing strategies, while data security is another issue that organisations must consider.

In a fast-growing and immature regulatory area, it can be difficult for businesses to determine the right approach and define responsibilities, according to the IBE.

It says that more structured forms of governance of big data are necessary in order to minimise the harm and maximise the benefits from its use, including considerations of risk and risk management.

The IBE encourages companies to articulate their own specific approach, based on their corporate values. Open dialogue and a joint effort of companies and public bodies can help promote effective action and ensure stakeholders are fully aware of the real risks that they face.

Its briefing also provides a set of questions that can help ethics practitioners liaise with their colleagues and make sure that their organisation lives up to its values when dealing with big data, including:

  • Do we know how the company uses big data and to what extent it is integrated into strategic planning?
  • Do we send a privacy notice when we collect personal data? Is it written in clear and accessible language which allows users to give a truly informed consent?
  • Does my organisation assess the risks linked to big data?
  • Does my organisation have any safeguard mechanisms in place to mitigate these risks?
  • Do we make sure that the tools to manage these risks are effective and measure outcome?
  • Do we conduct appropriate due diligence when sharing or acquiring data from third parties?