Privacy and Legal Issues to Consider for a Database System

Private and Legal Issues in Database

Privacy and legal issues to consider for a database system

An essential component in the success of managing database is that management should be concerned with ethical and legal issues associated with both the creation and use of those data in the databases. The use of the database technology provides access to all kind of information about customers, employees, and subjects. However, it has often become easier for people to obtain data about a subject with the click of a mouse. As a result, most of the security measures that have been implemented to protect confidential data are worthless. In some companies, getting access to a database has become easier when employees who want or need to make changes to their own personal file, such as adding a dependent or listing a new phone number or address. Some other employees, however, argue that this type of information should not be readily available and feel their private lives are not being protected sufficiently (Adams, 1992). According to some employees one of the concerns remain about the kinds of data that are stored in the databases.

For example, should a company be able to access medical, alcoholic, and private information of its employees. There are several steps that IT department can take to protect the privacy of data from databases: It can instruct all users how to securely use and handle the data, and software, teach employees to the effectiveness of the passwords, ensure the importance of backup copies, data files, and printouts as it could contain private data, ensure that all software and mainframe applications include an audit trail to record the history of changes made in the data, and make use of edit controls (such as passwords) to limit employees' access to data files and data fields. It is a prime concern for IT department to decide who gets access to what kinds of data (Pasqualetto, 1994). The laws regarding access to personnel records can vary significantly from state to state, so it is critical that managers familiarize themselves with the individual state laws within which they work. As Hartstein (1992) argues that about 18 states in the U.S. have passed legislation pertaining to access of personnel records. However, these data are accessed for the purposes of deciding employee's qualifications for promotion, termination, or disciplinary action. Also, there are several issues about the use of the incorrect information about an individual. Individuals should have access to information about themselves, and law allows an employee to challenge alleged incorrect information in the file. With the rise of the Internet, the security, privacy and ethical issues have become much more prominent. In complex cases, storage on a remote computer, accessible to all parties from anywhere, simplifies the use of accessing private data from a wireless modem. The increasing use of the Internet makes it easier for individuals to scan and tracks of credit cards data trail consisting of purchase amount, purchase type, date, and time. Data are collected when one pays through the checks. The use of supermarket discount cards creates a comprehensive database of everything one buys. One leaves a significant data trail when one surfs the Internet and visit websites. When one subscribes to a magazine, sign up for a book or music club, join a professional association, fill out a warranty card, give money to charities, donate to a political candidate, invest in mutual funds, when one makes and makes a telephone call, all of these transactions, one leaves a data trail that is stored in a computer. Although the contents all of these many databases are yet not combined, but we are rapidly heading that direction. Database developers are attempting to create a profiling system that detects traveler anomalies in order to prevent terrorists from boarding.

The ethical and privacy issues are stakes because databases can contain errors and data compiled from disparate sources and from differing contexts can lead the user to arrive at the wrong conclusions (Moulton, 1986).

Beyond that some information brokers provide their databases for a fee on Internet websites. Therefore, legal and privacy issues have become so common that more employers are conducting background checks on their employees without their permission. The problem that is occurring is that a significant percent of background checks are retrieving information that is either incorrect or misleading.

In the past, one could access the public records by traveling to the courthouse or to the government office. In recent years, however, a growing number of government agencies and court systems have made these records available on the Internet databases. It might be considered useful that the public can access government records easily via the Internet. But these open records can create havoc from the hands of miscreants, if they can access other related information from the databases. Many of the individuals, when gain the access from electronic public records, use these data for secondary purposes. The solution for IT is not to prohibit public records altogether from the Internet, but records should be selectively used so that public cannot gain access to the confidential information.

IT department can, instead, use some bogus data records to check the break-in in the databases (DeGeorge, 1986).

Though many of the financial institutions such as credit card companies, banks, insurance companies, and brokerage firms may share their respective databases with one another, but IT department should make sure that they follow the law, as they cannot sell customer data to third parties without providing an opt-out notice to their customers (Moulton, 1986). Since some financial institutions have more than 2,000 affiliates, their marketing profiles become money-managing machines. Most individuals consider their medical information to be among the most sensitive of any information about them. But in reality, one's medical information is an open book from medical providers, to insurance companies, to self-insured employers, to laboratories, and to payment companies, medical transcriptions, pharmacies and pharmacy benefits systems, government regulators, and more. Therefore, our main concerns for IT department becomes who is responsible for the authenticity and accuracy of information and who has the authority to make changes and who is accountable for errors in information and who should be held responsible if data are inaccurate and they cause harms to the third party.