When it comes to any kind of e-business, the lifeblood, the success, or failure rides on data. Big tech has changed the way we use data, and with e-commerce projected to grow, data ethics becomes a serious topic of conversation. In this article, we will be exploring ethical issues in e-commerce and how our organizations can change the way we handle people’s data.
Ethics can be a tricky conversation. Ethics in the nascent tech industry, is still unraveling. No one really has the right answer but the consequences of unethical behavior have really been felt.
When it comes to e-commerce data, the Personally Identifiable Information (PII) does not differ greatly from the regular types of PII that are gathered in other businesses. The PII that e-commerce businesses will typically collect is:
- Phone numbers (some will)
- Credit Card Information
Out of all the data objects mentioned above, the credit card information is incredibly lucrative for would-be attackers. Attackers can skim the credit card information from unsecured business websites and commit fraud on other e-commerce websites, or in your own organization.
This is bad news for the entire e-commerce ecosystem – let alone the reputational and financial damage facing the business. Ethical handling of customer data can benefit not only the security practice in your own organization, but protect the overall e-commerce industry.
The methods of secure and ethical data handling are a function of the storing and processing of PII. The storing is simply where you store the data and what your store (the type of data your organization keeps). The processing comes down to what you do with the data technically (logins, payment processing), and more importantly how you use it (the ethics).
Ethical Issues In E-Commerce
Broadly speaking the ethical issues that manifest in e-commerce business is in the storage and processing of data. Fundamentally it comes down to how much you store and the way you use it. In the coming sections, we will expand on these two concepts and see how ethical issues might arise.
Ethical Data Storage
Data storage can be done securely, and the cybersecurity community has learned to do this well, but what about ethically?
Ethical data storage is another ball game, and an organization can securely store data but also unethically.
Data lakes are the organization’s equivalent of a hoarder’s closet. It’s when an organization keeps completely unnecessary data in a single storage location, with the intention of it “being useful” one day.
This is simply not true, data lakes can be a liability. They can slow down the information system, they can be difficult to keep track of (in one case a data storage unit wasn’t discovered for 5 years after an acquisition), and most importantly they are unethical data storage. Why?
Keeping PII of individuals that is unnecessary for the processing of the business is illegal, according to regulations like the General Data Protection Regulation (GDPR). If the organization keeps unnecessary data of individuals, under the GDPR it is a privacy concern and also subject to fines.
Even if your organization does not process the data of EU data subjects, the fact that it has been written into EU law should give you an idea of the ethical issues surrounding it.
Unfortunately, many big tech companies continue this practice and maintain huge data sets on individuals. This is a serious privacy concern as larger organizations tend to misuse this data in favor of profit driven business models. A profit driven business model is not inherently a bad thing, in fact, it is the purpose of many businesses, but when the model trumps humanitarian issues it becomes a problem which is what we see with big tech and privacy.
This factor is also compounded by the fact that it jeopardizes the privacy of its very customers and even if it is a profit driven business model, fundamentally all businesses are formed to help its customers or fix their problems not to create new ones.
Ethical Data Processing
The processing of data involves the conversion of raw data into something usable. In the e-commerce context, data processing takes the raw inputs by customers, such as delivery address, name, and credit card information, and converts it into a purchase of a product, as an example.
But in the broader context, e-commerce platforms may collect emails for marketing purposes or to relay information to customers. All applications of data processing within the e-commerce industry can be liable to privacy concerns which we will cover in the coming sections.
When we think of spam in the cybersecurity context, it could mean that attackers could be sending bogus emails with clickable links that have viruses or malware loaded on to them. In ethical data processing, spam could be unnecessary communication with the customers.
Many e-commerce organizations will gather client emails with the intention of keeping track of orders made or if the client needs to get in contact with customer service. When asking for the client’s email address, businesses will often give the option to opt-in to the email subscriber list.
The subscriber will then receive emails with marketing offers or keeping them up to date with changes within the business, etc.
This is a form of email data processing and the business should do its best to not “spam” clients with an inordinate amount of emails. There is a balance to be struck between good marketing and respecting the individuals inbox.
Only communicate what is necessary and not for a quick buck. The business will also see fast declines in email subscribers if they are viewed to be “spammy”, as they are essentially misusing client data.
The overall ethical issues facing e-commerce industries surround data privacy. Leaks, breaches, and misuse are the primary ways that individuals’ privacy is infringed upon. Protecting people’s data is what the ethics of data should be about, there are methods in which e-commerce can both maintain security, work with the client’s privacy needs, and be profitable at the same time.
Regulation can do so much, but it is up to the cyber community at large to enact the change it wants to see. The use of PII for profit is not illegal but is the central topic of debate when it comes to data ethics. Big tech has reached levels of data gathering that, without a serious push from the community, governments, and businesses, it is unlikely to change as the business model works too well.
SMEs are in a unique position where organizational growth has not come to a level where profit drives misuse of PII. It then becomes our responsibility to shape our digital lives and create an environment where ethical use of data, whether in e-commerce or otherwise, becomes the driving factor.
We have reached a stage where ethical issues in e-commerce, and the tech industry at large, can no longer be ignored. There is not one particular culprit or bad actor, but rather a systemic issue in the monetization of PII.
Because the profit driven model in the tech industry is heavily intertwined with the data collection and processing of individuals, organizations, governments, and individuals must come together to diagnose the problem and to work through a solution together.
RSI Security, as a leading cybersecurity representative, takes ethical issues in e-commerce and data seriously. We work extensively with interest groups, government, and businesses to not only protect your critical infrastructure but ensure it is done correctly for both your business and its customers.
Book a free consultation today and assess the cyber health of your organization!