This paper examines the legal and ethical obligations businesses face when collecting and storing personal consumer information. It surveys relevant U.S. federal privacy laws governing financial, health, educational, and driving records, and outlines the conditions under which such data may be shared. The paper then applies the classic information security triad — confidentiality, integrity, and availability — to explain how organizations must safeguard electronically stored data. It argues that compliance with federal law, combined with adherence to industry-wide ethical expectations, is essential for maintaining consumer trust and organizational viability in the modern information age.
The paper demonstrates the technique of applying a standard professional framework (the CIA triad) as an organizational scaffold. Rather than listing disconnected facts about data privacy, the writer uses confidentiality, integrity, and availability as sequential analytical lenses, ensuring each paragraph has a clear conceptual focus and that the argument builds cumulatively toward a unified conclusion.
The paper opens with a broad rationale for data privacy, then narrows to specific U.S. federal laws before systematically addressing each element of the CIA triad across three dedicated sections. A brief conclusion synthesizes the legal and ethical dimensions. This funnel structure — broad context → legal framework → technical/ethical framework → synthesis — is well-suited to short policy-oriented essays at the undergraduate level.
The protection of personal information is of utmost importance in today's age of computers. Vast amounts of private data — from Social Security numbers to health information to income records — are stored digitally, making it crucial that companies protect this information from those who would access it illegally and for nefarious purposes. In the wrong hands, sensitive information can be used to steal a person's identity, ruin their credit, blackmail them, and more. There is no shortage of criminals who would eagerly exploit such opportunities.
Today's businesses must therefore be extremely careful about protecting personal data. Not only are there laws governing the protection of private consumer information, but there is also a moral and ethical obligation to do so. Any company that fails in this responsibility may quickly find itself the subject of damaging publicity that could put it out of business. People do not want to do business with companies that fail to protect their personal information. Businesses that store personal data must navigate the laws concerning its collection and storage, while also ensuring the confidentiality, integrity, and availability of that information to those who have a genuine and legitimate need for it.
Any company that collects sensitive private information on its customers should be aware that there are federal laws in the United States governing the collection and dissemination of information pertaining to driving records, educational records, financial records, and health records. Some records may only be disclosed to government agencies, while others can be shared with other companies — but only with the consent of the person to whom those records belong. Each individual must be given the option to opt out of having their information shared.
When it comes to financial institutions and organizations that maintain medical records, consumers must also receive a copy of the privacy policy of the organizations holding their records, and must agree to those policies or take their business elsewhere. If consumers choose not to agree with the stated privacy policies, the businesses may not maintain any records on those individuals (McNab, 2004). Familiarity with these federal privacy regulations is an essential baseline for any organization operating in these sectors.
Beyond federal law, there are also industry-wide expectations and moral and ethical obligations concerning the privacy and protection of personal information stored electronically. These expectations and obligations center on the confidentiality, integrity, and availability of consumer records.
Confidentiality is one of the most important considerations in managing electronically stored records. Consumers expect that their personal records will be kept confidential and protected against unauthorized access. Confidentiality means that the disclosure of someone's private information to unauthorized persons or computer systems is prevented. A breach of confidentiality occurs whenever an unauthorized person or computer system gains access to private information, regardless of the method used. This could involve another system intercepting a credit card number during what was supposed to be a secure transaction, or an employee disclosing a person's confidential information over the phone to someone not authorized to receive it. However it occurs, confidentiality breaches are serious and must be addressed immediately to prevent recurrence (Allen, 2001). Organizations seeking guidance on best practices can consult frameworks such as those maintained by the National Institute of Standards and Technology.
These are all important considerations for today's companies. Most businesses that deal with consumers maintain some sort of database of information on those consumers. How sensitive that data is depends on the type of business, and what the business may do with that data — and who is permitted to access it — depends on the applicable industry standards and federal law regarding information privacy.
You’re 62% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.