The worldwide interconnected objects, called Internet of Things (IoTs), have been increasingly growing in the last several years. Different social media platforms and devices are continuously generating data about individuals and facilitate the technological and the social convergence of their Internet-based data and services with globalized users. These social and device-related IoTs create rooms for data breaches as such platforms provide ability to collect private and sensitive data. We assert that data breaches are fundamentally failures of access control - most users are too busy or technically ill-equipped to understand access control policy expressions and decisions. We argue that this is symptomatic of globalised societies structured by the conditions of algorithmic modernity; an era in which our data is increasingly interdependent on, and enmeshed with, ever more complex systems and processes that are vulnerable to attack. Ethically managing data breaches is now too complex for current access control systems, such as Role-Based Access Control (RBAC) and Context-Aware Access Control (CAAC). These systems do not provide an explicit mechanism to engage in decision making processes, about who should have access to what data and when, that are involved in data breaches. We argue that a policy ontology will contribute towards the development of Ethical CAAC better suited to attributing accountability for data breaches in the context of algorithmic modernity. We interrogate our proposed Ethical CAAC as a theoretical construct with implications for future policy ontology models and data breach countermeasures. An experimental study on the performance of the proposed framework is carried out with respect to a more generic CAAC framework.