Back to all blog posts
Privacy by Design
Apr 20, 2020
I’ll bet anything that your eyes just glazed over when you read the title of this blog. Mine did too, until I thought about it a bit. Nevertheless, I offer the following disclaimer, just to err on the side of caution:
DISCLAIMER: DO NOT OPERATE A MOTOR VEHICLE OR HEAVY MACHINERY AFTER READING THIS BLOG ARTICLE. NEITHER THE AUTHOR NOR AIRD & BERLIS LLP WILL BE LIABLE FOR ANY ACCIDENTS, LOSSES, DAMAGES, INJURIES OR COSTS, INCLUDING LEGAL COSTS, ARISING FROM THE PERUSAL HEREOF.
Good. That’s out of the way.
First, I have to confess that I don’t know anything about ethics as an academic subject. I’m sure that will be a relief to you. I do know that a person who pontificates about ethics is not an ‘esthetician.’ I learned that the hard way from the mani-pedi lady at the mall who made it very clear that she doesn’t want to be associated with riff-raff like philosophers. I learn something new every day.
What Are Digital Ethics?
Ethics generally are all about how we treat one another, relate to one another and resolve conflicts with one another. They are different from morals, which can vary from society to society. Ethics go deeper, to the universal human level. Digital ethics, therefore, are about how we treat one another, as human beings, online. An ethical person in an online environment will have fundamental respect for the autonomy and dignity of others who are online and will guard their rights as energetically as she guards her own.
I feel like a digitally ethical person is one who has successfully blended personal ethics, professional ethics and business ethics in an online environment and respects the rights of others in that environment because that’s what it is to be a righteous human on the Internet.
How Does Software Make a Difference?
There must be a thing called “Ethics by Design.” If there isn’t, then we need to invent the idea. (Wait. I just invented the idea. Good for me.)
Just like “Privacy by Design” (which is Dr. Ann Cavoukian’s idea about how privacy should be the “default” setting in every technology – see https://www.ryerson.ca/pbdce/about/ann-cavoukian/ to learn more), “Ethics by Design” would be the designing of software and systems to make them ethical by default. Certainly that would also include having software and systems automatically privacy compliant right out of the box. But it would include, in addition, functionality that enhances and supports respect for others and would actively prevent unethical use – e.g., content would be true and correct and not misleading.
I’m just a lawyer; so I don’t know how to do that, but “Ethics by Design” certainly sounds very cool and is a laudable goal. I challenge somebody out there who has made it this far in this blog (and good for you, by the way!) to carry this ball further.
What are the Practicalities of Digital Ethics?
It’s not hard to come up with a basic list of doable digital ethics. The concept has to include at least the following:
- Through the use of encryption (in fact, it might even include automatically “salting” and tokenizing certain personal information and sensitive business information at a certain point) to keep data safe and secure
- Through locking out non-essential readers, so that only people with a “need to know” for the purposes of their jobs would have access to confidential information or personal information
- Through enforcing data destruction policies rigorously, so that confidential information isn’t kept for any longer than it should be kept or is reasonably needed for the purposes everyone intended
- Making sure that the system and the data it holds and processes are as secure as possible from the influence of both bad actors and boneheads, and from modification, having due regard to the sensitivity of the data
- Making sure that security is aligned perfectly with the applicable security policy
- Making sure that the operators of the system and its software are adequately trained on their use
- Making sure that employees and contractors know the policies and are bound to observe them
- Making sure that the policies are enforced by appropriate employer action
Examples of the focus of training would be to drive home to system users how to recognize and avoid ‘phishing’ scams. Additionally, training would be refreshed at least annually so that employees are aware of the latest scams to avoid and are updated on any changes to applicable rules, policies and procedures. The training would also include reminders on avoiding data breaches and clearly reminding employees that the dignity of others implies the strict avoidance of snooping and gossip and the misuse of others’ confidential information.
- Respect for the Integrity and Rights of Others
Improper Use of Track Changes
Has it ever happened to you that you open a Word document and discover a whole bunch of Track Changes and other metadata that are embarrassing to both you and the sender of the document? It has happened to me. It is unfortunately possible to learn a lot about the thinking of the “other side” by reviewing the Track Changes. (By the way, in the case I am thinking of, I had to inform the sender of the problem, deep-six the document and back out of the negotiations. I hated that.)
So maybe an “Ethics by Design” system would warn the reader that there are Track Changes in the documents, and give the reader a chance to NOT see them, if Track Changes were not expected.
If you are a lawyer, you’ve probably heard that “conduct unbecoming a barrister or solicitor” is not a good thing. It means personal or business conduct that tends to bring discredit on the legal profession. One of the examples given in the Ontario lawyers’ Code of Professional Conduct is:
… taking improper advantage of the youth, inexperience, lack of education, unsophistication, ill health, or unbusinesslike habits of another….
I would argue that taking unfair advantage of a Track Changes mistake made by another lawyer is “conduct unbecoming.” I betcha I’m right about that.
Language and Tone
Someone said, “A kindly tongue is the lodestone of the human heart.” That’s always been true. I feel strongly that digital ethics implies that our online communications will be polite, respectful, honest and honourable, and expressed in a manner that is primarily moderate and aligned with the matter under discussion – no matter which side of the discussion you are on.
So, as a matter of digital ethics, we have to express ourselves in our online communications without belittling anyone (of course, including the reader) and in a manner that the public would like to be able to expect of lawyers. That means no bullying, no threats, no intimidation and no bad language. It doesn’t mean “don’t disagree,” but it means disagree in an agreeable manner. We can do this people. Seriously.
Forwarding and Reply to All
For crying out loud, let’s all think before hitting “Reply to All” or, worse, forwarding an email that could turn out to be embarrassing for someone. The rule, “Do as you would be did by” is probably wise counsel. (Besides, if you forward something that is embarrassing to a third party, someone somewhere is going to think that you are a moron. They will be right.) So, when in doubt, don’t reply and especially don’t reply to all.
Don’t do this. Don’t try to pull a fast one. Lawyers don’t do that stuff. Nobody should do that stuff. What would your mother say? Tell the truth or don’t say anything.
Fake news is probably part of Deceptive Communications, but it has been come so de rigueur on the Internet that it needs its own category. Don’t spread fake news, especially deliberately. It’s illegal, immoral and fattening and causes ticonderoga of the fetlock. So avoid it.
Stealing the Work of Others
It’s great to learn other people’s views. I did that when thinking about this blog. But don’t just copy their stuff and pretend that it’s your own. Not only is it copyright infringement, but it’s not the way nice people behave. Plagiarizing is bad digital ethics. If you copy someone’s words or ideas, cite them. It’s the right thing to do.
5. Use of Social Media
The Seven Deadly Sins of social media are:
- Shameless crossposting. The trick here is to apologize for doing it but go ahead and do it anyway. That changes it from a “deadly” sin into a lesser sin. Think carefully about your crossposting so that you get the right exposure for your ideas without annoying people who read multiple social media apps.
- Brazen Touting. See, what I’m doing here is actually touting, but I’m doing it in a way that fools you into thinking that I know what I’m talking about. (I don’t. See the beginning of this blog, where I literally say, “First, I have to confess that I don’t know anything….” See what I did there?) The right way to tout yourself is not to brag. Just deliver value and let people judge for themselves. Being useful is the best form of promotion.
- Shaming other people into touting you. I’m not comfortable with this. In fact, I’m not comfortable with asking other people to say how great I am. This is the result of too much Calvinism, I’m sure. In LinkedIn, it’s possible to ask people to either answer simple questions about your skill set or even to get them to write a referral, which gets published right in the app. Be gentle; don’t nag. If people are willing to write a referral, great – if not, leave them alone. They probably don’t like you anyway.
- Googling your clients. Please remember that Google is not The Infallible Source of All Wisdom. If you want to Google your clients, go ahead, but for gosh sakes don’t rely on it without checking. Lawyers have the obligation to identify and know their clients. Google is not the way to do that. If you find derogatory information about your client through an Internet search, discuss it with the client.
- Friending your clients on Facebook. Never do this. First, your friends on Facebook are not your friends. Look, if you don’t have any friends outside Facebook, then you have no friends. Your problem is beyond the scope of this blog. If you friend your client on Facebook, what do you do when s/he robs a bank (besides ask for a bigger retainer), sues you, sues someone you like, gossips against you? You’re stuck: you have no choice but to unfriend your client. This is not recommended by the marketing people. Just saying.
- Using social media as a cheap way to advertise and promote your business. This is actually okay if you do it right. Just don’t make it look cheap. Make sure your branding is correct and consistent and make sure that you deliver value, not just brag. Get some help from social media experts who know what they’re doing. (I can tout some for you if you like – ha!)
- Public shaming. Never, never, never do this. It’s the social media equivalent of gossiping and back-biting. It is like the Salem witch-hunts, but it really burns people publicly and for a lot longer than actual fire. Want to make an enemy for life? Shame others. But don’t be surprised when they get even.
Those are the Seven Deadly Sins (at least, my list; you might have others), but there are many others that deserve (dis)honourable mention. Here are just a few:
- Doxxing people: the practice of Googling people you don’t like and then mixing that information with fake news (or letting others do that) for the purpose of outing them in some way. Not nice.
- Identifying people in a social media photo without their consent: they may not like the photo or the circumstances of its being taken and posted. It could be very embarrassing for them. Let them do their own identification. Mind your own business.
- Posting photos of kids: don’t do this. There’s too much weirdness out there. Besides, kids are people, and you need to have consent before you can post their photos. They can’t give you consent. They are too young. Walk away.
6. Things to Do
- Create, publish and post a digital ethics policy
- Train staff in digital ethics, and enforce the training
- Think about the ethical ramifications of every online initiative
- Do the right thing, which is to say, don’t be a digital scumbag
Please get in touch with me if you want me to write more about this subject or if you disagree with anything I have written.