Digital surveillance and technology have been brought to the forefront of public discussion during the global coronavirus pandemic. Companies and government entities have volumes of customer data at their fingertips, and the amount is only increasing. In this context, debates are ongoing as to whether it is acceptable for governments to track the location of citizens under quarantine or use mobile-phone location data to conduct contact tracing, for example. As access to customer data increases, businesses must have clear, transparent standards on how they will use that data.

Companies of all sizes should have data-protection guidelines in place, but the larger the company, the higher its exposure to data risks. Unfortunately, most organizations do not have clear rules in place on how to treat and protect customer data or how to prevent breaches. Often, this is because businesses assume the majority of data-protection responsibility resides with regulators. In other cases, companies attempted to organize a committee to create data-protection guidelines but were unsuccessful because there was no clear vision of what the program should look like or who should lead the effort outside of IT.

However, having a good policy—and enforcing it—around the ethical use of data is a competitive advantage for businesses. As customers prioritize data privacy, they will pick providers that offer full transparency about their data collection and processing. Data ethics is at the top of the CEO agenda, as negligence may result in severe consequences such as reputational loss or business shutdown. To create an effective policy, companies need a formal program to ensure standards are upheld and evaluated regularly.