Skip to Main Content

Data: Data Ethics and Laws

Data Ethics: Definition

Data ethics is concerned with ethical questions, considerations, and debates around data, including the collection, management, analysis, interpretation, sharing, and use (and misuse) of data, and the impact of data on individuals and the society. 

Data Ethics: References

Data Privacy Laws

Important laws regarding data privacy and confidentiality in the United States:

Federal Policy for the Protection of Human Subjects, or the Common Rule, est. 1991, rev. 2018.

  • Influenced by the Belmont Report, written in 1979 by the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research, which outlined the basic ethical principles in research involving human subjects.
  • Governs any human subject research conducted or supported by a federal department or agency.
  • Establishes Institutional Review Boards (IRBs) as the entities that oversee the ethical treatment of human subject in research.
  • Establishes requirements and protocols for informed consent.
  • Establishes rules for protection of data confidentiality.

Health Insurance Portability and Accountability Act (HIPAA Privacy Rule)

  • Establishes national standards to protect individuals’ medical records and other personal health information (PHI).
  • Applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. 
  • Requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.
  • Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
  • Contains detailed guidelines on de-identification methods, including the expert-determination method and the Safe Harbor method.

Family Educational Rights and Privacy Act (FERPA)

  • Establishes student's right of privacy with regard to their educational records.
  • Applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

California Consumer Privacy Act (CCPA)

  • Passed by the California State Legislature and signed into law in June 2018; amendments were passed in September 2018.
  • The CCPA becomes effective on January 1, 2020.
  • The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of the following thresholds:
    • Has annual gross revenues in excess of $25 million;
    • Possesses the personal information of 50,000 or more consumers, households, or devices; or
    • Earns more than half of its annual revenue from selling consumers' personal information.
  • The intention of the CCPA is to enhance privacy rights and consumer protection for residents of California, including their right to:
    • Know what personal data is being collected about them.
    • Know whether their personal data is sold or disclosed and to whom.
    • Say no to the sale of personal data.
    • Access their personal data.
    • Request a business delete any personal information about a consumer collected from that consumer.
    • Not be discriminated against for exercising their privacy rights.

General Data Protection Regulation (GDPR)

  • The aim of the GDPR is to protect all EU citizens from data privacy breaches in today’s data-driven world. 
  • Approved by the European Union (EU) Parliament in 2016; went into application in May 2018.
  • Establishes a strict set of data protection rules for all companies and organizations operating in the EU, regardless of their physical location - and a set of data privacy rights for EU citizens.
  • Companies and organizations must educate themselves about the main elements of the GDPR and implement appropriate data rights management strategies in order to be GDPR compliant.

Data Ethics: Keep Learning

Data Science Ethics (Coursera)

This course explores the ethical and privacy implications of big data, and the broader impact of data science on modern society. You will examine the principles of fairness, accountability, and transparency as they relate to data; the need for voluntary disclosure when leveraging metadata to inform basic algorithms and/or complex artificial intelligence systems; best practices for responsible data management; as well as the significance of the Fair Information Practices Principles Act and the laws concerning the "right to be forgotten." You will tackle questions such as who owns data, how do we value privacy, how to receive informed consent and what it means to be fair.

Length: 4 weeks (self-paced).


Ethics and Law in Data Analytics (LinkedIn Learning)

With big data analytics and artificial intelligence (AI), corporations, governments, and individuals have access to powerful tools that can have real-world outcomes. This course—part of the Microsoft Professional Program offerings—explores the ethical and legal frameworks applicable to the data profession. Learn how these frameworks apply to practical problems posed by work in big data and data science, and investigate applied data methods for ethical and legal work in analytics and AI.

Length: 3 hours, 40 minutes. (Free access with Bucknell login.)


Understanding Intellectual Property (LinkedIn Learning)

The course provides a high-level overview of intellectual property (IP), including topics such as patents, trademarks, and other protections. Learn the answer to common IP questions and discover an attorney's perspective on how you can best safeguard your ideas, and avoid infringing others' rights.

Length: 1 hour, 30 minutes. (Free access with Bucknell login.)


Understanding Copyright: A Deeper Dive (LinkedIn Learning)

The course provides a deeper dive into copyright—the mechanism for protecting intellectual property that resides in a tangible form: books, songs, software, product designs, etc. Explains what constitutes copyright infringement, and how to respond when someone has infringed upon your copyright or if you receive a demand letter or cease and desist from a third party. Covers licensing, public domain, and fair use, and reviews the process for searching for and filing copyrights. 

Length: 1 hour, 12 minutes. (Free access with Bucknell login.)


AI Accountability Essential Training (LinkedIn Learning)

Artificial intelligence (AI) offers businesses the potential for a dramatic increase in functionality and profitability, but it can also spark an array of complex ethical, legal, and social challenges. This nontechnical, conceptually-oriented course explores the ethical issues posed by AI, including competing concepts of fairness and moral reasoning, as well as social concerns and safety challenges for AI, such as potential life-and-death scenarios in autonomous driving; and it concludes with recommendations on how to reap the potential of AI in an ethical and trustworthy manner.

Length: 2 hours, 20 minutes. (Free access with Bucknell login.)

Subject Librarian

Profile Photo
Carrie Pirmann
Bertrand Library
Research Help Area, Room 112
Office Hours:
Monday - Friday, 8:30 AM - 4:30 PM