This paper examines computer ethics and information security through a practical scenario involving a restaurant's newly adopted customer relationship management (CRM) system. The paper evaluates whether collecting detailed customer behavioral data constitutes a privacy invasion, outlines the legal and ethical responsibilities organizations have to protect such information, and argues that selling personal customer data to third parties is unethical. It also identifies positive outcomes — such as improved customer insight and profitability — alongside negative consequences, including potential legal liability. Drawing on established principles of confidentiality, competence, and regulatory compliance, the paper concludes that ethical information security practices are essential for any business leveraging technology to manage customer relationships.
The paper applies scenario-based ethical analysis, a method commonly used in information systems and applied ethics scholarship. Rather than discussing ethics in the abstract, the author anchors each claim to a specific situation and tests ethical principles against it, a technique supported by Masrom et al.'s (2010) scenario approach methodology.
The paper opens with a brief definition of ethics and the problem of computer ethics in IT. It then introduces the restaurant CRM scenario before moving through three core ethical questions: privacy invasion, protective responsibilities, and data selling. A consequences section weighs outcomes before a short conclusion synthesizes the findings and offers a practical recommendation. This five-part structure moves from problem identification through analysis to resolution.
Ethics is a term used to refer to the set of rules that help in determining right and wrong behavior during moral decision making. One of the major issues in Information Technology and Information Systems is computer ethics. This is primarily because rapid technological advancements seem to enhance the likelihood of unethical use of computer devices and information systems. As these advancements continue to occur, it is expected that the misuse and abuse of these systems will continue in the future (Masrom et al., 2010, p. 26). Therefore, IT professionals are increasingly faced with the need to promote ethical use of information systems in order to enhance information security.
Some of the most common examples of unethical use of information systems include identity theft, hacking, software piracy, and spam. There is a need to address these unethical practices because of their potential harm to individuals and society.
As the owner of a high-class restaurant in New York City, a new customer relationship management (CRM) information system was recently purchased to assist in managing customer reservations. The new information system provides the restaurant with the capability of tracking the frequency of customer visits as well as their orders, the size of their bills, the kinds of tips they leave for employees, where they are likely to sit in the restaurant, and whether they are difficult customers. While this CRM system helps in providing insights regarding customers, there are some ethical concerns regarding its processes, objectives, and outcomes. These concerns include whether this type of information constitutes an invasion of customers' privacy, what ethical responsibilities exist to safeguard the information, and whether it would be ethical to sell the information to other businesses in the area.
The most important question in determining whether ethics was compromised is whether this type of information constitutes an invasion of customer privacy. Generally, a CRM information system is used by businesses to collect and maintain data regarding customers and all their interactions with the system. These information systems tend to differ in size and complexity depending on the nature of the business and the specific goals to be accomplished. The use of CRM information systems tends to generate concerns about invasion of privacy because they help in drawing conclusions about the behavior of a customer (O'Brien & Marakas, 2006, p. 252).
The type of information collected in the new CRM information system is not tantamount to an invasion of customers' privacy because ethics was not compromised. The information generally reflects the type of data collected and maintained by any standard CRM system. These systems typically collect information regarding customer purchases, customer support calls, customer returns, product service and repairs, customer training, and sales activities. The information collected in the new CRM system for the restaurant falls under these categories.
However, a compromise of ethics could occur if the information is used for unethical purposes that do not promote legitimate business objectives. In essence, the information should only be used to accomplish business objectives, since this is the primary reason for collecting and maintaining it.
One of the major ways to ensure the security of information gathered by a CRM system is to uphold crucial ethical responsibilities in protecting that information. Ethical responsibilities to protect customer information play a vital role in such systems because of the significant challenges associated with safeguarding the privacy of personal data. The management of the restaurant has both legal and ethical responsibilities in protecting customer information.
The legal responsibilities to protect the information originate from provisions in common law as well as state and federal regulations. These regulations stipulate specific categories of personal information that must be protected and provide guidance regarding the use of such information. Moreover, they establish certain safeguards for specific types of personal information. Therefore, management should be aware of the provisions of these regulations and use them to develop appropriate safeguards.
The ethical obligations to protect the information are based on confidentiality and competence as standards for reasonable measures. Every organization and business is required to act ethically in a manner that is beneficial to all its stakeholders. This process involves protecting personal information through appropriate and effective safeguards. Promoting confidentiality and competence is necessary to ensure that the firm carries out its business practices in an ethical manner.
This scenario illustrates some of the ethical challenges associated with information security, particularly when technology is used in business processes. These challenges originate from the type of information collected, the responsibilities involved in protecting that information, and the need to maintain confidentiality. The restaurant can avoid these challenges by drawing on legal provisions to develop appropriate safeguards that ensure information security and uphold the trust of its customers.
Masrom, M., Ismail, Z., Hussein, R., & Mohamed, N. (2010). An ethical assessment of computer ethics using scenario approach. International Journal of Electronic Commerce Studies, 1(1), 25–36.
O'Brien, J., & Marakas, G. M. (2006). Management information systems with MISource 2007. McGraw-Hill Irwin.
Whitman, M., & Mattord, H. (2011). Legal, ethical, and professional issues in information security. In Principles of information security (4th ed., Chapter 3, pp. 89–116). Cengage.
Always verify citation format against your institution’s current style guide requirements.