Part 5: Corporate Responsibility and Data Ethics in Practice
"In the end, it is not enough to know the right thing. You have to do the right thing." — A paraphrase of Aristotle, frequently quoted in business ethics
Part 4 mapped the rules. Part 5 asks a harder question: How do organizations actually do data ethics?
Regulations set the floor. Compliance ensures you don't fall below it. But the most consequential data decisions happen in the space between legal obligation and ethical aspiration — in the meetings where a product team debates whether to collect a new data type, in the moments when an engineer notices that a model performs differently for different populations, in the crisis when a breach forces an organization to choose between transparency and self-protection.
Part 5 brings data governance from the regulatory framework into the organizational reality:
Chapter 26: Building a Data Ethics Program examines what it takes to move from an ethics statement on a website to a genuine program with structure, authority, and accountability — and the risk of "ethics washing" when the commitment is performative.
Chapter 27: Data Stewardship and the Chief Data Officer follows the evolution of the CDO role from IT administrator to strategic leader and explores the organizational architecture of data governance. This chapter includes Python code for a DataLineageTracker.
Chapter 28: Privacy Impact Assessments and Ethical Reviews provides practical tools for evaluating data projects before they launch — PIAs, DPIAs, algorithmic impact assessments — with a template walkthrough you can apply in your own work.
Chapter 29: Responsible AI Development introduces the documentation and testing practices that responsible AI requires: model cards, datasheets for datasets, red-teaming, and monitoring for drift. This chapter includes Python code for a ModelCard dataclass.
Chapter 30: When Things Go Wrong confronts the inevitable: what happens when a data breach occurs, a model fails, or a crisis erupts? This chapter examines breach response, crisis communication, and the ethical obligations that extend beyond legal requirements.
Ray Zhao Takes Center Stage
Part 5 features Ray Zhao, the Chief Data Officer at NovaCorp, in his most prominent role. Ray is the sympathetic voice of corporate data governance — not a villain or a hero, but a professional trying to do the right thing within organizational constraints. His experiences illustrate both the possibilities and the frustrations of building data ethics programs in real institutions.
For VitraMed, Part 5 is about maturity. The company builds a formal ethics program, hires its first Data Protection Officer, and seeks Ray Zhao's advice on governance design. But the part ends with a crisis: a data breach that tests everything the company has built.
For Mira, this part is the most personally challenging. She must reconcile her growing ethical awareness with her loyalty to her father's company — and confront the possibility that VitraMed's good intentions are not sufficient protection against systemic risks.
By the end of Part 5, you will have practical tools for building, evaluating, and improving data ethics programs — and a clear-eyed understanding of the gap between aspiration and execution. Part 6 broadens the lens to society at large.