Information Security Ethical Situation

Ethical Scenario

Ethics is a term used to refer to the set of rules that help in determining right and wrong behavior during moral decision making. One of the major issues in Information Technology and Information Systems is computer ethics. This is primarily because the rapid technological advancements seem to enhance the likelihood of unethical use of computer devices and information systems. As these advancements continue to occur, it is expected that the misuse and abuse of these system will continue in the future (Masrom et. al., 2010, p.26). Therefore, IT professionals are increasingly faced with the need to promote ethical use of information systems in order to enhance information security. Some of the most common examples of unethical use of information systems include identity theft, hacking, software piracy, and spam. There is need to address these unethical practices because of their potential harm to individuals and the society.

Information Security Ethical Scenario

As the owner of a high-class restaurant in New York City, I recently purchased a new customer relationship management information system that can assist in managing customer reservations. The new information system provides the restaurant with the capability of tracking the frequency of customer visits as well as their orders, size of their bills, the kinds of tips they leave for employees, where they are likely to sit in the restaurant, and whether they are difficult customers. While this customer relationship management information system helps in providing insights regarding customers, there are some ethical concerns regarding its processes, objectives, and outcomes. Some of these concerns include whether this type of information is an invasion of customers' privacy, the ethical responsibilities to safeguard the information, and whether it would be ethical to sell the information to other businesses in the area. These ethical concerns should be addressed in attempts to ensure information security and promote the effectiveness of the new customer relationship management information system.

Was Ethics Compromised?

The most important question to examine in determining whether ethics was compromised in this situation is to evaluate whether this type of information is an invasion of customer privacy. Generally, a customer relationship management information system is a system used by businesses to collect and maintain data regarding customers and all their interactions with the system. These information systems tend to differ in size and complexity depending on the nature of the business and the specific goals to be accomplished. The use of customer relationship management information system tends to generate concerns and issues regarding invasion of privacy because it helps in drawing conclusions about the behavior of a customer (O'Brien & Marakas, 2006, p.252).

The type of information collected in the new customer relationship management information system is not tantamount to an invasion of customers' privacy because ethics was not compromised. The information generally reflects the type of information collected and maintained by a customer relationship management information system. These information systems generally collect information regarding customer purchases, customer support calls, customer returns, product service and repairs, customer training, and sales activities. The information collected in the new CRM information system for the restaurant in New York City falls under these categories.

However, compromise of ethics could occur if the information is used for unethical purposes that do not promote business objectives. In essence, the information should only be used to promote and accomplish business objectives since this is the primary reason for collecting and maintaining the information.

Ethical Responsibilities to Protect the Information

One of the major ways to ensure security of the information gathered by the customer relationship management information system is to protect the information through crucial ethical responsibilities. Ethical responsibilities to protect customer information play a crucial role in such systems because of the significant challenges associated with the protection of the privacy of personal information. The management of the restaurant in New York City has legal and ethical responsibility in protecting customer information.

The legal responsibilities to protect the information originate from provision in common law as well as state and federal regulations. These regulations stipulate specific categories of personal information that should be protected and provide guidance regarding the use of such information. Moreover, these regulations provide certain safeguards for specific types of personal information. Therefore, the management should be aware of the provisions of these regulations and utilize them in developing safeguards to protect the information.

The ethical obligations to protect the information are based on confidentiality and competence as standards for reasonable measures. Every organization and business is required to act ethically in a manner that is beneficial to all its stakeholders. This process involves protection of personal information through appropriate and effective safeguards. Promoting confidentiality and competence is necessary to ensure that the firm carries out its business practices in an ethical manner.

Ethics in Selling the Information

In light of rapid technology advancements and increased use of technology in business processes, privacy has emerged as one of the major issues and topics in information security. Many organizations and businesses gather, swap, and sell personal information, which has resulted in the increased search for suitable and effective ways to protect privacy (Whitman & Mattord, 2011, p.93). It would be unethical for the restaurant in New York City to sell personal information from its CRM information system to other businesses in the area. This is primarily because selling such information would contribute to violation of privacy and confidentiality. In this case, the restaurant would violate its legal and ethical responsibility of protecting customer information and ensuring information security.