Delving Into the Intricacies of Responsible Data Use: A Comprehensive Deep Dive

We’re done singing hosannas for data.

Organisations already know data is critical to success. And with an estimated 181 zettabytes (ZB) set to be generated in 2025—continuing a decades-long trend of data being created at an exponential pace—companies will have even greater opportunities to derive value from data.

However, with great power comes great responsibility as the growing importance of data necessitates a renewed focus on its responsible use.

But what is responsible data use?

Defining an Abstract Concept: What Is Responsible Data Use?

It is a question worth asking because, unlike other tech-related terms, there is no one universal definition of responsible data use. You could ask different experts to define responsible data use—like we did at Data & Storage Asia (DSA)—and get completely different answers.

Sophos Field CTO Commercial John Shier views responsible data use “as a principle that organisations adopt whereby they treat that data with care and respect”—treated as if it were your own, especially if it is non-proprietary such as business partner records, personal information, and financial records. But if the data are proprietary and non-personal (e.g., chemical formulations), Shier said organisations can decide for themselves what is most appropriate.

Michael King, VP & GM, Asia Pacific and Japan, at Wasabi Technologies, has a slightly different take, defining responsible data use as “the ethical and transparent stewardship of data that respects privacy, ensures integrity, and maximises value while minimising risks”—all observed at every stage of the data lifecycle.

King’s definition closely resembles the one given by Loh Khai Peng, Vice President and Managing Director, Singapore & Southeast Asia, at Hewlett Packard Enterprise (HPE), who pointed out that responsible data use “refers to lawful, secure, and ethical data practices, from collection, storage, processing, to transfer and sharing”—and that it means “ensuring the handling of data aligns with not only legal and contractual obligations but also ethical standards regarding data privacy, security, and integrity.”

These definitions have common tangents, and based on these commonalities, we can define responsible data use as the ethical, secure, and legal handling of data to benefit from it while keeping it secured, protecting people’s privacy, maintaining customer trust, and complying with laws and mandates related to data.

Exploring Responsible Data Use Piece by Piece

Let’s break down the important dimensions of this definition.

Ethical dimension

First is the ethical aspect of responsible data use, which is meant to ensure that the privacy of individuals—the owners of sensitive personal data many companies today collect—is adequately protected and used appropriately and in morally acceptable ways. Businesses nowadays gather more personal information than ever, increasing the risk of infringing on privacy rights exponentially. Companies can avoid this by adhering to stringent privacy protection standards meant to prevent unauthorised access and the misuse of personal data.

Security dimension

The second dimension is data security, which is paramount today given the continuing rise of cyber threats. With nefarious actors constantly looking to steal or compromise often sensitive data, businesses are expected to implement robust data security measures—advanced encryption, modern threat detection, and advanced firewalls, for instance—to protect this sensitive information from falling into the wrong hands. This need for security is fundamentally an ethical obligation as well, as is the third dimension.

Legal dimension

The third dimension of responsible data use is legal and cannot be ignored. Laws and regulations, like the Personal Data Protection Act in Malaysia, the Data Privacy Act in the Philippines, and the General Data Protection Regulation (GDPR) in Europe, impose strict guidelines on how data should be collected, stored, and processed—and these need to be followed to the letter. Non-compliance can be costly as it can result in hefty fines and damage to a company’s reputation, thus highlighting the need to ensure constant compliance.

“Advancements in the digital economy have propelled and enabled more sophisticated data sharing and usage, which leads to the growing emphasis on data security, privacy, and transparency,” Glenn Gore, CEO at Affinidi, told DSA in an exclusive commentary. “For modern companies to ensure responsible data use, they should always ensure that their data collection methods adhere to regulatory laws such as the GDPR while, at the same time, be built on the foundations of transparency and consent for any and all data exchanges.”

GreaterHeat Chairman and CEO David Li agrees that transparency is crucial in any discussion about responsible data use. It is, according to Li, one of the two core principles of this important concept, the other being human-centricity.

“Transparency encompasses the entire data lifecycle, from collection to storage. It requires that all processes be compliant, legal, and open to scrutiny. Users should be fully informed about how their data will be used, with clearly defined usage scopes and robust security measures in place,” he explained. “Human-centricity emphasises that data, as a powerful technological tool, should ultimately serve and benefit humanity. Companies should approach data use from the consumer’s perspective, respecting their genuine needs and ensuring fair, unbiased decision-making.”

Responsible data use regards data not merely as a tool for profit, but as a means to bridge people and the world and create valuable experiences—balancing the potential of data-driven insights with ethical considerations to ensure that technological advancements “align with human values and societal well-being.”

The Challenges of Responsible Data Use

That’s a noble way to look at data. Unfortunately, it doesn’t make responsible data use any easier—not with some very formidable challenges getting in the way.

Securing data is obviously a gargantuan challenge, especially now that organisations have to manage vast amounts of data at a time. This can be overwhelming, so much so that 70% of business leaders in the Asia Pacific region admitted in Hitachi Vantara’s “Modern Data Infrastructure Dynamics” report they cannot detect a breach in time to protect their data.

“The explosion in data volumes and the lack of the right data management infrastructure can lead to serious security and sustainability implications for companies in Asia,” said Joe Ong, Vice President and General Manager, of ASEAN, at Hitachi Vantara. “In the next two years, most companies expect their data needs to nearly double and to be overwhelmed by the need to manage their data efficiently…”

Maintaining transparency is another big challenge. Businesses must be open about what data they collect, how it is used, and with whom it is shared to build trust with customers—and maintain it. However, achieving transparency can be difficult, especially for organisations with complex data ecosystems and multiple stakeholders.

Sometimes, companies take a very liberal approach to transparency, often resorting to ambiguities in their data privacy fine-prints and confusing users on how their data will be used. In some extreme cases, companies disregard transparency entirely, as in the case of political consulting firm Cambridge Analytica harvesting the personal data of millions of Facebook users back in 2018 without consent.

These two challenges—there are more, to be clear, but it would take another feature to discuss them all—can make responsible data use extremely difficult to observe and operationalise.

Unlocking Responsible Data Use: What You Need to Do

Now, for the elephant in the room: How can organisations use data responsibly?

Collect only what you need—nothing more, nothing less

A good start, according to Ping Identity Principal Solutions Analyst Johan Fantenberg, is to be judicious with collecting data and collect only what is needed.

“In today’s digital world, it is tempting to gather more data than actually is required to deliver a service. We should always question whether we really need a piece of data or not; if we do need it, we should only ask for it when it is required,” Fantenberg pointed out to DSA. “We also must be very clear about the purpose when we ask a user to provide their consent for collecting their data. It should not just be for compliance reasons but to give the user meaningful and practical reasons for why some data is required.”

Sophos’ Shier shared the same sentiment, noting how “organisations should only collect data that are strictly required. In the same way, “organisations should not collect any additional data in the hope that they may be useful later. Any additional data capture should be opt-in.”

Like Fantenberg, Shier advises companies to be upfront when it comes to data collection by disclosing “what data they are collecting and for what purposes, how they are protected, how they will be used, and how they might be shared” (a.k.a. consent-based data collection). All this, he emphasised, must “adhere to all laws and regulations in every jurisdiction where the organisations do business” and comply with the strictest protections “as a default”—with a mechanism for deletion in place in case certain customers request it.

HPE’s Khai Peng agreed that only the necessary personal data for business purposes must be collected, to begin with—and in compliance with applicable laws and regulations. This must also be protected through encryption and deleted from all systems and records once it is no longer needed, making sure due diligence is observed to anonymise it.

Practice self-discipline and observe external governance

For GreaterHeart’s Li, organisations must look inward to implement “a dual approach of self-discipline and external governance” to ensure responsible data use.

“Self-discipline involves proactively integrating data ethics into corporate culture and business decisions. This requires support from top management, dedicated governance departments, comprehensive ethical policies, and ongoing employee training…,” Li explained. “External governance, on the other hand, entails strict adherence to data protection regulations and cautious practices in data sharing and trading. Organisations must maintain transparency by actively disclosing their data practices and establishing efficient complaint channels for users. Prompt rectification of issues and acceptance of oversight from government, media, and consumers are crucial.”

Lean on the right technologies

Using the right technologies is also critical to what should be a multifaceted approach to safeguard data integrity, privacy, and security, according to Wasabi Technologies’ King. Central to this approach, he pointed out, is protecting the organisation’s own data, with choosing the optimal cloud provider being a good first step in this case. That’s because a reliable cloud partner can offer robust security measures such as immutable backups that serve as an impregnable shield against data loss and ransomware attacks and multi-user authentication to deter unauthorised access and data manipulation.

Modern solutions, like the Affinidi Iota Framework and HPE systems, also help, with the former facilitating consent-based data sharing while keeping individuals informed on exactly what and how their data will be used at all times—fostering trust and transparency. HPE’s systems, on the other hand, are specifically engineered for accountable data use and adhere to corporate cybersecurity policies such as the ISO 27000 family and NIST standards.

Educate and collaborate

A multipronged strategy for responsible data use doesn’t end there. King also identified two crucial factors that organisations might be overlooking: Employee education and collaboration with stakeholders.

“Employee education is equally vital. Fostering a data-centric culture where employees understand the importance of data protection and ethical handling is essential. Regular training, combined with internal audits and risk assessments, helps identify vulnerabilities and implement corrective measures,” the Wasabi executive explained. “Responsible data use also involves collaboration within the entire ecosystem, including suppliers, customers, and regulators. A shared commitment to data protection is essential for building trust and can determine the contrast between seamless business operation and a complete standstill.”

A Word for the Wise

While it seems using data responsibly is a lot of work, it actually isn’t. Not if you heed Shier’s sage advice: “If businesses treat others’ data as something that is being entrusted to them, rather than something they can take, we end up with a more deliberate and respectful environment.”

Put simply, you are not the owner of that data (unless it’s proprietary) but a caretaker of it—a custodian if you will. It isn’t the sexiest of roles, but it’s critical nonetheless as the responsible use of customers’ sensitive data, according to Fantenberg, can help greatly in fostering customer trust, avoiding legal and reputational threats, and providing “a frictionless experience that cultivates customer and stakeholder loyalty and confidence in the long run.”

Indeed, it pays to respect data, take good care of it, and use it in morally acceptable ways—even when the opposite might be easier and more convenient to do.

As King underscored to DSA, the importance of responsible data use cannot be overstated—especially with evolving technologies giving rise to new threats and challenges associated with data security and privacy. This is why organisations need to be even more proactive in updating their data protection strategies and fostering a culture of responsibility and awareness among employees—and, in turn, build trust with customers.

This trust will then form the core of long-term partnerships that will benefit both the business and its customers.