Digital transformation provides charities of all sizes with tremendous opportunities to do good. It holds out the promise of vastly better service provision, more effective fundraising, and much improved communication with constituents – to name just a few of the benefits.

But as well as considering what your charity can do with the digital data you collect about donors and service users, it’s also vital that you also think about what you ought – and ought not – to do with it.

This, in a nutshell, is what digital ethics is all about. It’s important because it can help ensure that the use of your charity’s constituents’ data benefits them. Failure to have a strong code of digital ethics means you run the risk of exploiting your constituents and their data. This can erode trust in your charity and, in the end, nullify any of the benefits that digital transformation can bring.

So how can your charity make a start in formulating its own code of digital ethics? One very effective way is to think about digital ethics in relation to some key basic principles. Here are five of the most important ones that your charity may like to consider.

Respect data ownership

Just because you can access data about your constituents, that doesn’t mean that it belongs to you. You could even argue that collecting data about them without their knowledge or consent is tantamount to stealing their data, and no one would ever argue that stealing is ethical!

It’s important to get consent from your constituents before you start collecting their personal data. In practice there are many different ways to do this including asking visitors to your charity’s web site to give permission by ticking a box, or by asking them to agree to your terms and conditions.

Remember, though, that it is important constituents are aware that they are providing consent. If this is hidden deep in a list of terms and conditions then this is not true consent, and therefore not ethical

Be transparent about your intentions

Constituents can’t give you informed consent to use their personal data if you don’t tell them why you want to collect it, and what you intend to do with it. That means that you have an ethical duty to be plain and transparent about your intentions.

If you plan to use the data in ways that you are reluctant to reveal, because you suspect your constituents would withhold their consent, then this should be a red flag. The planned use may be legal or valuable to you, but it probably isn’t ethical.

Keep data safe

Laws such as the UK GDPR require you to store the personal data that you collect securely, but in addition to being a legal requirement it’s also an ethical imperative. That’s because if constituents entrust you with their data and give you permission to use it for your stated purposes then there is an implicit moral obligation to keep it safe from cyber criminals and data thieves.

Failure to keep the data you are storing safe can lead to a catastrophic loss of trust in your charity, and once lost trust can be very difficult to earn back.

One of the most effective ways to keep data safe is to encrypt it before it is stored. Another way to mitigate the risk of a data breach is to anonymise the data by removing anything that is personally identifiable, so that the information that you store can’t be attributed to any particular person.

Maintain your constituents’ privacy

When constituents provide consent for you to store and use their personal data, the chances are that they don’t want that data to be publicly available, or even widely disseminated within your organisation.

In terms of ethics, this places an obligation on your charity to ensure that the only people who can access personal data are the people in your organisation that really need it. It should not be something that can easily be seen by anyone working in your charity, or by third parties such as contractors or partner organisations.

Clearly this also means that constituents data should not be passed on or sold to other organisations – even if it has been anonymised. The only exception to this is if consent for this has previously been obtained. As a rule of thumb, it is probably unethical to do anything with constituents’ data that they wouldn’t expect you to do with it.

Question your intent

One final ethical question that your charity needs to consider before collecting any piece of personal information is whether you can justify – morally – its intended use.

Specifically, is your intent that that the data is used for good? If that’s the case then there is no ethical problem. But if you intend to use the data for any other purpose – for example to raise funds at another charity’s expense, or simply to make life easier for yourself – then it is probably not ethical to collect and use the data in question in this way.

If you are satisfied that your intent is good then it’s also important to question whether all the data you want to collect is relevant. In general you should only collect and store data that you need to help ensure that your constituents’ data privacy and security are not compromised.

The bottom line is that if you don’t need data then it’s unethical to collect or store it.