This paper discusses the legal, moral, and ethical obligations of companies that maintain sensitive information on their customers in electronic format to protect that information. The laws and expectations regarding protection of information are discussed. Also, the ways in which information can be protected are examined, and these can serve as a model for all businesses that maintain electronic information on their customers.
Legal Environment and Impact on Organization
The protection of personal information is of utmost importance in today's age of computers. So much private information about individuals is kept on computers, from Social Security numbers to health information to income information and more, that it is crucial that companies protect this information from those who would access it illegally and for nefarious purposes. In the wrong hands, this sensitive information can be used to steal a person's identity, ruin their credit, blackmail them, and more. And there are plenty of criminals out there who would love to do just that. Therefore, today's businesses have to be extremely careful about protecting such information. Not only are there laws governing the protection of private consumer information, there is also a moral and ethical obligation to do so, and any company that does not will soon find itself on the receiving end of some bad publicity that could put it out of business. People do not want to do business with companies that do not protect their personal information. Today's businesses that store personal information have to navigate the laws concerning the collection and storage of that information, as well as ensure the confidentiality, integrity, and availability of that information to those who have a genuine and legitimate need for it.
First of all, any company that collects private information on its customers that is of a sensitive nature should be aware that there are federal laws in the United States concerning the collection and dissemination of that information where it pertains to driving records, educational records, financial records, and health records. Some records are only able to be given to government agencies, while others can be shared with other companies, but only with the consent of the person to whom those records belong. Each person must be given the choice to opt out of having their information shared. When it comes to financial institutions and places that maintain medical records, consumers must also be given a copy of the privacy policy of the organizations that will be maintaining their records, and have to agree to the privacy policies, or take their business elsewhere. If consumers opt to take their business elsewhere and do not agree with the privacy policies, the businesses may not maintain any records on those people (McNab 2004).
These are federal laws regarding the privacy of personal information kept on computers. There are also industry-wide expectations and moral and ethical obligations concerning the privacy and protection of personal information kept electronically. These expectations and obligations concern the confidentiality, integrity, and availability of consumer records. Confidentiality is one of the most important things regarding electronically stored records. Consumers have an expectation that their personal records will be kept confidential and protected against unauthorized access. Confidentiality means disclosure of someone's private information to unauthorized people or computer information systems is prevented. Breach of confidentiality occurs whenever an unauthorized person or computer system is able to access a person's private information, through whatever means. This could be something like another computer picking up someone's credit card number during what was supposed to be a secure transaction, or an employee of a company giving out a person's confidential information over the phone to someone who is not authorized to receive it. However it happens, confidentiality breaches are serious, and must be addressed immediately so they do not happen again (Allen 2001).
Integrity of information assures that information can not be modified without such modification being detected. Most information management systems have some sort of protocol in place for protecting the integrity of information. The greatest danger to the integrity of information occurs when it is in transit from one computer to another. This is the perfect time for hackers to access the information and modify it without being detected. A secure information management system ensures that this is unlikely to happen and that any modifications can be detected easily in most cases, usually as soon as they occur, and the breach mended. The most secure businesses ensure than any breach of integrity is a highly remote possibility, unlikely to occur at all.
Finally, availability of information is also important. The information being stored must be secure, but it must also be accessible when it is needed. Security protocols used to protect the information must be functioning correctly, but so must the communication channels (passwords and encryption and such) used to gain access to it. The information systems that store the information must be protected from power outages, system upgrade interruptions, and hardware malfunctions, as well, so that the information, while not easily accessible to those who are not authorized to receive it, is still accessible at all times to authorized people when it is needed. There should never be a time when information is needed and it is not able to be easily retrieved by someone with the proper authorizations (Layton 2007).
You’re 86% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.