Ethical and unethical is something that may vary from person to person. One ethical problem I can think of that has been prominent in recent years is the public revelation of people and their data being sold off to companies. People were not happy that their own data was being used for a company’s personal gain. Some companies may not do it outright, but some companies may use it for targeted advertising which would in turn earn the company more money. Companies like Facebook and Google have been under fire for years for doing exactly this.

Another ethical problem I can think of is holding data for an unreasonable amount of time in a system. Once an employee or client has left a company, how long is a reasonable amount of time to keep their data in the company’s system? Companies should consider deleting data after a certain point. Not only does this help with confidentiality, but with managing a company’s storage as that kind of data builds up over time.

Yet another ethical dilemma I can think of is who can access an individual’s data? Should the person who directly manages the individual and the individual themselves be the only people to access the data? Should those above in position be able to access this data as well? They usually would not be privy to that information as they are not directly dealing with the client, on the other hand having higher moderation would prevent misuse of the individual’s data. This is important to ensure confidentiality.

The last ethical issue I can think of is how the individual’s data is used. How can it be ensured that it is not being misused? Like in the previous issue in which there are multiple people managing the data? How can we ensure the company is not mismanaging a client’s data? For example, data breaches should be announced promptly so that users can deal with it in a timely manner. For example, during the Cambridge Analytica scandal users were informed a while after it happened, and their data was used for political gains.

Ethics are important when it comes to cybersecurity. It ensures that those who entrust their data to us can have a sound mind that their data is not being used for malicious purposes.