You cannot separate technology and its uses and still be ethically and socially responsible. As a professional, you must explore how the technology you create will be used. Ethics are standards of conduct that are agreed upon by cultures and organizations. Supreme Court Justice Potter Stewart defines ethics as knowing the difference between what you have a right to do and what is right to do. It is important that IS professionals act according to the highest ethical standards or else face increased governmental intervention.
Often, when professionals in the data industry are asked what they think of their ethical obligation concerning databases and data mining, their response is that they are obligated to follow the letter of the law. Of course, they must adhere to the law. But ethics are oftentimes more restrictive than what is called for by the law. Sadly, there are a number of IS professionals who either lack an awareness of what their companies actually do with data, or purposely come to the conclusion that it is not their business. They are enablers in the sense that they solve management's problems. What management does with that data is not their concern.
Are there guidelines or an ethical code to help database experts as they grapple with ethical dilemmas? Should there be such guidelines? Many people in the IS arena say no. They argue it is not their place to decide how data is used, but rather up to others in the organization to make that determination. But what is the ethical obligation of an IS professional who, through whatever means, finds out that the data that he or she has been asked to gather or "mine" is going to be used in a manner that they believe is unethical. The answer to that question, of course, has to be addressed individually, based on one's own ethical standards. But as data mining becomes more commonplace and as companies push for even greater profits and marketshare, IS professionals will increasingly encounter ethical dilemmas.
Article 31 of The Direct Marketing Association's Guidelines for Ethical Business Practice states that "Marketers should be sensitive to the issue of consumer privacy and should only collect, combine, rent, sell, exchange, or use marketing data. Marketing data should be used only for marketing purposes" (DMA Ethical Guidelines, 2002). Essentially, what is of the utmost importance to consumers is that information collected for one purpose should not be analyzed for an unrelated secondary purpose unless it is clearly compatible with the original purpose. Michael Turner, executive director of the Information Services Executive Council, a New York-based affiliate of the Direct Marketing Association, states, "For instance, detailed consumer information lets apparel retailers market their products to consumers with more precision. But if privacy rules impose restrictions and barriers to data collection, those limitations could increase the prices consumers pay when they buy from catalog or online apparel retailers by 3.5% to 11%" (Thibodeau, 2001, p. 36). Obviously, if retailers cannot target their advertising, then their only option is to mass advertise, which drives up costs.
Technological advances make it possible to track in great detail what a person does in his or her personal life. With this profile of personal details comes a substantial ethical obligation to safeguard this data from disclosure to unauthorized individuals. Ignoring any legal ramifications, the ethical responsibility is firmly placed on IS professionals and businesses whether they like it or not. Otherwise, they risk lawsuits and harm individuals in the process.
Figure 1 demonstrates the iterative nature of how business practices create ethical dilemmas that harm individuals who assert pressure on society to create laws and regulations that change business practices. In following the outer loop of the diagram starting at the top-left, what often happens is that organizations, through some unethical activity, ultimately harm one or more individuals. In addition to gathering data about purchases, businesses oftentimes share information with others who are required to process the order. For example, payment credit card clearinghouses and package delivery companies must be informed of the order, where to pick it up, who to deliver it to, and sometimes the contents of the shipment as well. These third party providers also must adhere to the highest ethical standards, but sometimes, based on this shared data, these third parties attempt to sell goods and services directly to individuals (consumers) or sell the data to others. Following the top-right-hand side of Figure 1, individuals who are negatively impacted by this experience create an awareness of the problem in society and help build pressure within society for lawmakers to address the issue. As illustrated by the bottom part of Figure 1, society creates pressure on the government and lawmakers to create laws and regulations; if enough pressure is placed upon the government and lawmakers, laws and regulations are created (illustrated at the left-hand side). These laws and regulations, in turn, place restrictions and penalties on organizations, and the cycle continues. Like all cycles, sometimes laws and regulations go too far in one direction or another, whether we are talking about being too restrictive for businesses or too lax in terms of protecting consumers. The situation where businesses are placed under too many restrictions ultimately harms consumers through, for example, inflated marketing costs.
The inner square deals with social and ethical implications that are presented. Organizations are concerned with the question of "How do we gather data?" without posing problems for individuals with respect to their right to privacy. Individuals are concerned with the question of "How do we protect our privacy?" while still maintaining national security and consuming customized goods and services? Sadly, many consumers have become accustomed or, more accurately, resigned to the fact that businesses gather personal information about them, often surreptitiously. With enough individuals concerned about privacy, society is concerned with the question of "How do we ensure data is used in a socially responsible manner?"
Lawmakers and the government must then be charged with the task of answering the question of "How do we enforce these laws and regulations?" Oftentimes, laws and regulations are created by society not to protect the individual, but rather to protect society itself. Consider what would happen if such laws and regulations did not exist. In that case, consumers might stop giving information (at least accurate information) if they were concerned about privacy. Then, information about purchasing behavior and all other aspects of society would become limited and unavailable to those who need to make decisions. So, although laws and regulations are often in response to abuses perpetrated by organizations on individuals, in reality, society is acting in its own self-interest. Those who make laws and regulations understand the importance, in this case, of information in our economy. Even privacy advocates concede there are benefits to society when personal data is shared. Privacy advocates do not argue that consumer information should not be shared, but rather that consumers themselves should be given the option of how much information is shared and with whom.
Businesses are correct when they complain that much of the regulatory initiatives are driven by unusual cases of misuse of information. However, society is predisposed to believe the worst. These stories of misuse only confirm its pre-existing fears. Therefore, businesses must be sensitive to how the public perceives their business practices, which include data mining. In an attempt to elevate data privacy to the level of importance that it should have within an organization, some organizations have created a management position known as the chief privacy officer, who attempts to limit liabilities or issues surrounding data collection, data storage, and data mining.
This cycle is best illustrated with an example. Suppose, based on your participation in a chat room or mailing list or your surfing behavior, someone deduces that either you or someone close to you has a terminal illness. First, what if you wanted this information to remain private? Second, how could such information be used in an unethical manner? Maybe you would start receiving solicitations for donation from organizations that are seeking cures for this illness. Even worse, what if you began to receive offers for cures that, at best, have questionable chances of success? Data-mining and profiling techniques that allow companies to identify their best customers could just as easily be used by unscrupulous businesses to zero in on vulnerable customers the elderly, the poor, the sick, and the unsophisticated offering them inferior or predatory deals ("Selling is getting personal," 2000). Luckily for the public, data-mining abuses have been rarely reported so far. "Canadian Banking Ombudsman Michael Lauber reports that of 175 formal complaints he has handled in 3 1/2 years in office, not one has involved a breach of privacy associated with data warehousing or data mining" ("In praise of privacy," 2000, p. 18).
Social, legal, and ethical implications of data mining are very intertwined. Next, we examine data mining from a social perspective by using examples to highlight the benefits and drawbacks of data mining and their social implications.