How Public Sector Information Managers Respond to Threats and Challenges

CHALLENGES AND BIBLICAL PRINCIPLES IN MANAGING INFORMATION

Today, public sector information managers are responsible for the collection, organization, maintenance, and dissemination of information by their respective government agencies and other public organizations. This role has assumed new importance and relevance in recent years as the flow of information continues to intensify. The purpose of this paper is to provide a review of the scholarly literature concerning the ethical and legal issues and challenges that are involved in this calculus in part one, followed by a discussion of technology-related threats and challenges in part two. Finally, a discussion concerning relevant biblical principles in managing information in the public sector in part three which is followed by a summary of the research and important findings in the conclusion.

Part 1: Ethical/Legal Issues and Challenges

The major ethical and legal challenges and risks for abuse that must be taken into account in the collection, management, and use of information and technologies overall—and in the public arena specifically, are multiple and each category of risk has its unique considerations. Although privacy and cybersecurity issues are ubiquitous, other challenges for public sector information managers include exercising appropriate control over information as well as determining its ownership. In addition, there are numerous legal and ethical issues involved in the proper management of public sector information (Sims et al., 2019). Although these legal issues vary by jurisdiction, they all focus on protecting the privacy of personal data from unwarranted government intrusion and ensuring its ultimate proper use and disposal, including digital versions of these data (Saldanha et al., 2022).

Likewise, the findings that emerged from a study by van Baalen (2022) identified three main ethical challenges with respect to the collection and administration of data. In this regard, van Baalen (2022) reports that, “These ethical challenges relate to (i) informed consent and confidentiality, (ii) collecting, transferring and storing sensitive data, and (iii) maintaining personal security and integrity” (p. 11). In other words, public sector information managers are charged with being good stewards of the data with which they are entrusted, and given the wide range of threats and risks that are arrayed against them, it is not surprising that breaches occur, including massively expensive ransomware attacks.

There are some steps that public sector information managers can take to help prevent unethical uses of data in general and especially in the public sector, though, including most especially ensuring that mechanisms are in place to establish accountability for data and to ensure that organizations are completely transparent about the information they collect and how it is used. In this regard, Svard (2019) emphasizes that, “Accountability and transparency are central to public administrations' operations” (p. 134). In addition, public sector information managers must remain vigilant in order to ensure that relevant laws are applied to digital environments in appropriate ways to protect the privacy of stakeholders (Saldanha et al., 2022). To help academics reflect on and mitigate these risks, the article underscores the importance of digital risk assessments (van Baalen, 2023). Against this backdrop, it is clear that modern public sector information management is confronted with a wide array of ethical and legal challenges, but there are a number of technology-related threats and challenges that are involved as well as discussed further in part two below.

Part 2: Technology-related Threats and Challenges

Although the supporting technologies that are involved can dramatically enhance the quality and efficiency of service delivery, the automation of public sector services in a digital environment introduces a number of threats and challenges to information managers (Baran et al., 2020). Further, security threats are significantly exacerbated when transforming public sector operations into a digital environment regardless of whether data is maintained in-house or through third-party providers (Giannikas et al., 2019). In fact, there are respective advantages and disadvantages to both in-house and third-party providers that must be taken into account depending on the public sector organization’s specific situation.

Likewise, in a public sector context, even the transition process to a digital environment also invariably involves numerous security risks to data (Faro et al., 2022). While the technology-related threats and challenges that confront public sector information managers will vary depending on their unique circumstances and mission, some of the most prominent include those set forth in Table 1 below.

Table 1

Technology-related threats and challenges to public sector information management

Threat/Challenge

Description

Weak security

New technology is being released every day. More times than not, new innovations have internet access but no plan for security. This presents a severe risk—each unsecured connection means vulnerability. The rapid development of technology is a testament to innovators, however, security lags severely.

Social media attacks

Public sector organizations that use social media to facilitate the delivery of their services are especially vulnerable to social media attacks. Cybercriminals constantly find new ways to take advantage of social media users and their private information. One malicious way they do this is by using emoji and emoticons to engineer users into letting their guards down

Third-party Entry

Cybercriminals prefer the path of least resistance. The Microsoft Exchange Server was victim to a massive cyberattack in March of 2021. The attack disrupted nine government agencies and 60,000 private companies.

Lack of Encryption

Protecting sensitive data in transit and at rest is a measure few industries have yet to embrace, despite its effectiveness. The health care industry handles extremely sensitive data and understands the gravity of losing it – which is why HIPAA compliance requires every computer to be encrypted.

Source: Adapted from Top Ten Threats to Information Security, 2022

In addition, there are some other technology-related threats and challenges confronting public sector information managers today, especially the proliferation of mobile devices such as laptop computers, smartphones and portable storage devices used by consumers as well as public sector workers (Kerigan-Kyrou, 2020). Each of these devices represents a potential vulnerability to public sector computer networks and it is vitally important for managers to ensure that appropriate security protocols. Moreover, ensuring the protection of computer networks is not a static enterprise but rather an ongoing requirement (Sung & Park, 2021).

All of the foregoing technology-related threats and challenges are further intensified by the existence of the so-called “dark web.” According to Cinque (2021), the dark web contains “Web sites that are not indexed and thus are not accessible through Web search engines” (p. 679). It is little wonder, then, that the dark web is commonly associated with the same type of criminal activities that have significant implications for the public sector such as drug and human trafficking, communications within and between terrorist organizations and intrusions of consumer privacy (Cinque, 2021).

Consequently, the dark web together with the other foregoing issues and challenges combine to pose a severe threat to individual Americans and their families, as well as their organization's use of technology and information. For example, according to Kerigan-Kyrou (2020), “Cybersecurity affects all companies and organizations, as well as everyone working within them - employees, contractors, suppliers and customers. Indeed, cybersecurity threats can undermine the economic foundations of countries by destroying the companies that comprise their business community” (p. 33).

These threats, of course, also extend to the public sector where some countries such as Myanmar have used the Internet against their own people, or by nefarious actors using online resources to defraud governmental organizations and their constituents (Kerigan-Kyrou, 2020). At present, however, there remains a dearth of timely and relevant research concerning how public sector organizations protect their technology and information. In this regard, Wirtz and Weyerer (2019) report that, “While cyberterrorism is on the rise, the operational state of cybersecurity in the public sector appears as a black box and previous literature has scarcely examined how public authorities perceive and cope with cyberattacks” (p. 1085).

Here again, though, there are some strategies available that can help strengthen cybersecurity protocols and minimize the foregoing risks in the public sector. Some strategies to strengthen cybersecurity practices for protecting information and technology assets include ensuring that strong passwords are used and changed frequently. As Vance et al. (2022) emphasize, “Weak passwords are one of the most pervasive threats in cybersecurity” (p. 1721). Other steps that can be taken to strengthen cybersecurity include implementing appropriate firewalls and providing regular training for employees concerning the use of appropriate cybersecurity methods (Pate-Cornell & Elisabeth, 2023). In addition, yet another strategy that can help protect public sector organization’s technology and information is a biblical worldview that places a high priority on those factors that promote morally excellent leadership as discussed further below

Part 3: Biblical Principles

Public sector information managers can draw on a number of biblical principles that can help inform and shape their collection, management, and ethical use of information and technologies. For instance, regarding the need for public sector respect for individual privacy, Proverbs 25:17 (ESV) makes the point that, “Let your foot be seldom in your neighbor's house, lest he have his fill of you and hate you.” Applied to governmental agencies, this proscription underscores the importance of protecting the privacy of individual citizens from unwarranted intrusions.

Likewise, a biblical perspective also stresses the need for public officials to be willing servants of the people and good stewards of the taxpayer resources with which they have been entrusted. For example, 1 Peter 5:1-4 (ESV) states in part that, “So I exhort you, shepherd the flock of God that is among you, exercising oversight, not under compulsion, but willingly, as God would have you; not for shameful gain, but eagerly; not domineering over those in your charge, but being examples to the flock.” Similarly, 1 Corinthians 4:2 (ESV) clearly states that “it is required of stewards that they be found trustworthy.”

Given the frailties of the human condition, it is reasonable to suggest that even the most well-intentioned and principled public servants will fail to live up to the relevant biblical principles concerning the collection, management, and ethical use of information and technologies. Mistakes will inevitably be made, and some of them may be serious security breaches. Nevertheless, the foregoing general strategies provide a useful framework in which to prevent the misuse or abuse of information and to ensure the wise use of information and technology for the benefits of the entire body politic.