Guidelines for
Ethical Data Use
Introduction
As digital marketing continues to evolve, there is a growing demand for communication that feels personal, relevant, and timely. During Gonzaga’s transition to a Salesforce Customer Relationship Management (CRM) system, it is especially important to use data in ways that are not only effective but also ethical. Because the University is rooted in Jesuit values, we strive to act with integrity, respect the dignity of each person, and promote the common good. These principles must guide how we collect, interpret, and apply data.
These guidelines offer practical support for marketing professionals on how to use constituent data responsibly. The goal is to promote communication strategies that are informed by data while also protecting privacy and fostering trust.
CRM systems provide valuable information, such as demographic details and records of past interactions like donations or event attendance. However, creating responsively personalized experiences often involves collecting behavioral data, such as how individuals interact with websites or emails.
Using this type of data can lead to more strategic decisions, but it also raises important questions about transparency, consent, and fairness. These guidelines are designed to help ensure that communication practices respect people’s boundaries, promote equity, and mitigate risks related to data misuse or loss of trust. They are informed by the principles of ethical data governance, which emphasizes collecting, storing, and using data in ways that protect individual privacy and honor the trust placed in the University.
Data Quality
Maintaining high data quality is essential for ethical, personalized communication. One key approach is implementing a data minimization policy, which helps ensure that only the data necessary for a specific communication purpose is collected, stored, and used.
According to General Protection Regulation (GDPR), the European Union’s data protection law, data minimization is a core principle of data protection. It is intended to prevent organizations from collecting or retaining more personal data than is needed to fulfill a clearly defined purpose (Room et al., 2021). Following this principle supports not only compliance, but also the organization’s commitment to transparency, trust, and responsible stewardship of constituent information.
Best Practices
Use subscriber send list data only once and solely for its intended purpose. It decreases the risk of audience frustration—especially when using technology that does not clearly indicate whether individuals who have unsubscribed are successfully blocked from receiving further communication. If such systems are used without safeguards, it becomes difficult to ensure that constituent preferences are respected, which can undermine credibility and damage relationships.
Adopt a limited data retention policy (Miller, 2024). In practice, this involves setting a clear timeframe for how long static audience send lists are stored in the organization’s digital systems. Regularly reviewing and purging outdated data supports better decision-making and minimizes unnecessary risk.
Data Literacy
High data quality depends not only on the systems in place, but also on the people who use them. A key factor is data literacy. For communication teams, building strong data literacy skills is essential for collaborating with data and IT professionals and for ensuring that data is used responsibly.
When teams lack shared understanding, the risk of using inaccurate or irrelevant data increases (Morrow, 2021), which can lead to misaligned messaging and damaged trust with constituents. Strengthening data literacy is a long-term strategy that requires ongoing learning and support. However, there are immediate steps communication professionals can take to improve data quality and audience targeting.
For example, when requesting audience send lists, teams should include suppression parameters in addition to inclusion criteria. This helps ensure that unintended recipients, such as outdated personas or unsubscribed individuals, are excluded from outreach. These practices help prevent off-target messaging and support a more respectful and efficient use of data.
This further reinforces the importance of a well-developed communication strategy that is informed by ethical data practices and designed to ensure each message is relevant, timely, and aligned with the audience’s preferences.
Data Control
As communication strategies become more data-informed, it is essential to maintain transparency and support audience autonomy. A long-term strategy should include tools that give individuals greater control over their engagement. Two key features that support this goal are a self-service subscription center and preference-based automation.
These tools allow constituents to manage the type, frequency, and format of communication they receive. By offering choice, they demonstrate how ethical principles such as respect for individual privacy and informed consent can be put into practice. They also help organizations scale meaningful, two-way communication without overstepping audience boundaries.
From the subscriber’s perspective, a lack of clear controls can increase perceptions of privacy risk and contribute to a loss of trust (Strauß, 2017). When people feel they no longer have control over their personal information, it undermines the relationship between organization and audience. Prioritizing data control not only builds trust but also strengthens the foundation for more effective and respectful communication.
Ethical data use is not just a compliance issue; it is also a core part of building trust and delivering meaningful communication. As the Communications team adopts new CRM tools and data-informed strategies, these guidelines are here to support a thoughtful, responsible approach. By focusing on data quality, strengthening internal data literacy, and giving audiences clear choices about how their information is used, you help create communication that is both effective and respectful.
Grounded in Jesuit values, this approach puts people first. It ensures that the messages are not only relevant, but also delivered with care, transparency, and integrity.
References
Miller, Katherine. (2024, March 18). Privacy in an AI era: How do we protect our personal information? Stanford University Human-Centered Artificial Intelligence. https://hai.stanford.edu/news/privacy-ai-era-how-do-we-protect-our-personal-information
Morrow, J. (2021). Be data literate: The data literacy skills everyone needs to succeed. KoganPage.
Room, S., Maher., O’Brien, N., Panagiotopoulos, A., Nahid, S., Hall, R., Thuraisingam, T., Drury-Smith, J., & Davis, S. (2021). Data protection and compliance (2nd ed.). BCS Learning & Development Limited.
Strauß, S. (2017). Privacy Analysis–Privacy Impact Assessment. In S.O. Hansson (Ed.), The ethics of technology: Methods and approaches. Rowman & Littlefield International.