UNIT 9:Ethical Norms in Data Analytics

UNIT

0 Ethical Norms in Data

Analytics
Data is really important to businesses nowadays,
because of this customer’s personal data needs to

9
be protected. In this part of the module, the ethical
norms in data analytics will be discussed, among
other issues in data analytics.
This covers the corporate ethics, Freedom of
Information, and Confidentiality and Non-
Disclosure Agreement. Each topic is presented
based from the existing laws or executive order,
and at the end of the discussion, activities and
assessment are available to assess learnings.

BUSINESS ANALYTICS 1
UNIT 9:Ethical Norms in Data Analytics

ETHICAL NORMS IN DATA ANALYTICS

OBJECTIVES:
At the end of this lesson, the students will be able to:

 reflect on collecting data from customers.

 evaluate Data Privacy Act of 2012 in real life scenario.
 analyze scenario based from Freedom of Information
Executive Order
 criticize the issues of data privacy

BUSINESS ANALYTICS 2
 UNIT 9:Ethical Norms in Data Analytics

Ethical Norms in Data Analytics

We say data is the new oil in today’s generation. Data has been very important in
every business entity, because these data mean fortune for them. These data have
various sources and we don’t realize that we are one of the sources of data. We are
considered as walking repositories of data, and companies are benefiting from the
data they can collect from us.

Though the industrial revolution greatly improved our standard of living, because of
the benefits it brings to us, we must also understand the risk associated. This part of
the course discusses the ethical norms in data analytics.

Corporate Ethics

The word “Ethics” is derived from the Greek word Ethos, and defines as habit or
custom. Ethics tells us about right and wrong. Philosophers have long puzzled over
this important subject, and have many insightful things to say. In fact, there even are
multiple schools of philosophical thought on this topic.

In business, corporate ethics or business ethics can be defined as a form of applied

ethics or professional ethics that examines ethical principles and moral or ethical
problems that arise in a business environment. It may apply to all aspects of
business conduct and really important to the conduct of individuals and entire
organizations. Businesses must abide by some basic principles, these include laws
on data, i.e data privacy, property, security, accuracy, and accessibility. These will
be discussed in detail but we will have separate discussion on data privacy law.

Private Data Collection

Individuals often surrender private information for various online services. Ethical
business practice would be to protect this information, which may lead to the loss of
secrecy, anonymity, and solitude.

Moreover, data warehouses now collect and store enormous amounts of personal
and consumer transactions data. Preserving large volumes of consumer and
business information is possible for an indefinite amount of time. Erosion of privacy
can be done with these databases, cookies and spyware.

There is a viewpoint that data warehouses are meant to stand-alone and need to be
protected. However, personal information can be collected from corporate websites
and social networking sites to initiate a malicious reverse lookup. Therefore, how
public domains should use information is an ethical debate.

BUSINESS ANALYTICS 3
 UNIT 9:Ethical Norms in Data Analytics

Property Issues

The concept of property is an issue of ethical debate for a long time. Some people
argue that the internet is based around the concept of freedom of information.
However, controversy over ownership has frequently occurred when the property of
information is infringed upon.

Security Concerns

Security, in business domains, has long been an issue of ethical debate. Is it

important to protect the common good of the community or we should safeguard the
rights of the individual? There is a continual and growing dispute over the
boundaries of these two ideas. This raises the question whether making
compromises are right.

As countless people connect to the internet and the amount of personal data that is
available online goes on to increase indefinitely, there is susceptibility to identity
theft, cyber-crimes and computer hackings.

There is also an argument over ownership of the internet. People tend to ask who
has the right to regulate the internet in the interest of security. This is a very
complicated issue because huge amounts of data and countless people are
associated with the internet.

Responsibility of Accuracy

The issue of accuracy is evident. We must ask questions like, who is responsible for
the authenticity and fidelity of the information available online. Ethically, the concept
includes a debate over who can contribute content and who should be held
accountable when the content is erroneous or false. This also has a legal angle for
compensation for the injured party due to wrong information and loss of capital due
to these accuracy defects.

Accessibility, Censorship, and Filtering

The arguments that apply to offline censorship and filtering apply to online
censorship and filtering. Is it better to have free access to information or should be
protected from what is considered by a governing body as harmful, indecent or illicit.
The issue of access by minors is also a major concern.

Many companies restrict their employees' access to cyberspace by blocking some

sites, which are relevant only to personal usage and therefore destructive to
productivity. On a larger scale, governments also create large firewalls, which

BUSINESS ANALYTICS 4
 UNIT 9:Ethical Norms in Data Analytics

censor and filter access to certain information available online which is often from
foreign countries to their citizens and anyone within their borders.

Data Privacy Law

The Data Privacy Act (also known as DPA) of 2012 (Republic Act No. 10173) ('the
Act') is the first comprehensive law covering data privacy in the Philippines. It
became enforceable on 8 September 2012. The National Privacy Commission
('NPC'), which was established in early 2016, later issued the Implementing Rules
and Regulations of Republic Act No. 10173 ('IRR'), which became enforceable on 9
September 2016. The IRR provides, in greater detail, the requirements that
individuals and entities must comply with when processing personal data, as well as
the sanctions for violations of the law. The said law seeks to protect all forms of
information, be it private, personal, or sensitive. It is meant to cover both natural and
juridical persons involved in the processing of personal information.

Acts covered by the DPA

The DPA and its Implementing Rules and Regulations (IRR) apply to all acts done or
practices engaged in and outside of the Philippines if the person, either an individual
or an institution, involved in the processing of personal data is located in the
Philippines;

 The act or practice involves personal data of a Philippine citizen or

Philippine resident;
 The processing of personal data is done in the Philippines; or
 The act, practice or processing of personal data is done by an entity
with links to the Philippines, subject to international law and comity.

“Personal data” refers to all types of personal information.

“Processing” is any operation/s performed upon personal data. These operations

include, but are not limited to the collection, recording, organization, storage,
updating or modification, retrieval, consultation, use, consolidation, blocking,
erasure, or destruction of data.

Implementer of the DPA

The National Privacy Commission (NPC) is in charge of administering and

implementing the DPA. It is also tasked to monitor and ensure compliance of the

BUSINESS ANALYTICS 5
 UNIT 9:Ethical Norms in Data Analytics

Philippines with international standards for personal data protection. The major
functions of the NPC are as follows:

Rule making.
1. Advisory. The NPC is the advisory body on matters related to personal data
protection.
2. Public education. – The NPC shall launch initiatives to educate the public
about data privacy, data protection and fair information rights and
responsibilities.
3. Compliance and monitoring. – The body has compliance and monitoring
functions to ensure personal information controllers comply with the law. It is
also tasked to manage the registration of personal data processing systems.
4. Complaints and investigations.
5. Enforcement.

“Personal information controller” is an individual or institution, or any other body who

controls the processing of personal data, or instructs another to process personal
data on its behalf.

Complying with the Data Privacy Act

Companies through its personal information controller, should comply with the
following in accordance with the law:

 Registration of data processing systems (DPS). An individual or

institution employing fewer than 250 employees need not register
unless its data processing operations:
 involves sensitive personal information of at least 1,000
individuals; likely to pose a risk to the rights and freedoms of
data subjects; or the processing is not occasional.
 Appointment of a Data Protection Officer in charge of ensuring
compliance with the DPA;
 Creation of a data breach response team that will immediately address
security incidents or personal data breach;
 Adoption of data protection policies that provide for data security
measures and security incident management;
 Annual report of the summary of documented security incidents and
personal data breaches; and
 Compliance with other requirements as may be provided by the NPC.

The Implementing Rules and Regulations of the Data Privacy Act of 2012 can
be read in full in this link https://www.privacy.gov.ph/implementing-rules-regulations-
data-privacy-act-2012/

Freedom of Information

Freedom of Information (FoI) is a right enshrined in our fundamental law. It refers to

the right of the people to information on matters of public concern. It is the right of
BUSINESS ANALYTICS 6
 UNIT 9:Ethical Norms in Data Analytics

every citizen to access official records, documents and papers pertaining to official
acts, transactions or decisions, as well as to government research data used as
basis for policy development (Sec. 7, Art. III, 1987 Constitution). This includes the
public’s right to know the public officials’ and employees’ assets, liabilities, net worth
and financial and business interests.

The Freedom of Information (FOI) Program is the Government’s response to the call
for transparency and full public disclosure of information. FOI is a government
mechanism, which allows Filipino citizens to request any information about
government transactions and operations, provided that it shall not put into jeopardy –
privacy and matters of national security. The FOI mechanism for the Executive
Branch is enabled via Executive Order No. 2, series of 2016.

Executive Order (EO) No. 2, s. 2016 is the enabling order for FOI. EO 2
operationalizes in the Executive Branch the People’s Constitutional right to
information. EO 2 also provides the State policies to full public disclosure and
transparency in the public service. EO No. 2 is an important enabling mechanism to
promote transparency in the government's administrative process. Through FOI,
citizens are empowered to make a formal request to get information held by the
government, barring certain sensitive and important data related to the nation's
security. FOI complements continuing proactive information disclosure efforts where
agencies are duty-bound to publish information in the spirit of openness and
transparency.

FOI is an integral element of President Rodrigo Roa Duterte’s Good Governance

Plan aligned to reforms and initiatives that pursue greater transparency,
accountability, and citizen participation in governance. EO 2 was signed by the
President on July 23, 2016.

The full version of Executive Order No. 2, s. 2016 can be viewed on this link
https://www.officialgazette.gov.ph/2016/07/23/executive-order-no-02-s-2016/.

Confidentiality and Non-disclosure Agreement

A Confidentiality Agreement (or Non-Disclosure Agreement) is a legal document

created between two parties that wish to share confidential information between
them, while legally forbidding either party to disclose the information to any other
person or entity. Types of confidential information that may be applicable are such
things as inventions, trade secrets, new products or manufacturing processes, or any
other trade secret items or data. The Agreement may be one-sided (designed to
prevent one of the parties from disclosing the information) or mutual (whereby both
parties cannot disclose any confidential information received from the other party).

Confidentiality Agreements are frequently used between companies that are

considering doing business with each other and need to understand each other's
processes or data to evaluate and create a business agreement. They are also used
in employer-employee relationships, where employees need to have access to
confidential information in the course of their employment, but the employer wants to
BUSINESS ANALYTICS 7
 UNIT 9:Ethical Norms in Data Analytics

ensure that the employee does not use or disclose this information for any other
purpose. Occasionally, disclosure of the fact that a Non-Disclosure Agreement even
exists is forbidden by the agreement.

These agreements perform several important functions:

1. Defining exactly what information cannot be disclosed
2. Protect sensitive information from being disclosed
3. Prevent forfeiture of patent rights, which in some cases occur automatically
once a public disclosure is made
Some common items included in a Confidentiality Agreement include:
 The complete names and contact information of the parties,
 A complete description of what information is confidential (this list is often
long),
 Any cases in which restrictions on disclosure are not applicable (for example,
if one party heard about the secret information already from a different source,
or if the information or materials are generally available to the public),
 The duration of the confidentiality,
 Obligations regarding proper use of the information, and
 Circumstances where disclosure is permitted (e.g. to the police or in court).

BUSINESS ANALYTICS 8
UNIT 9:Ethical Norms in Data Analytics

BUSINESS ANALYTICS 9