Saturday, December 7, 2019

Protecting Confidentiality of Personal Data

Question: Discuss about the Protecting Confidentiality of Personal Data. Answer: Introduction: While conducting a weekly meeting, our ICT manager (say Harry) reassigned one of my colleagues (say Steve), using an assignment list. Unfortunately, the list captured his confidential information including date of birth, government identification number, social security number and bank account details. This information was obtained through the companys open network accessed through the enterprise management system. Furthermore, to Steves perception, everything was normal as he thought the management had access to his confidential information including bank account details. The manager compromised Steves confidential information by accessing it through the open network. Although Harry may have accessed the information accidently, he should have never disclosed it in the meeting. Moreover, given the current state of affairs, the company should implement procedures to prevent similar incidences in the future. For instance, only the relevant information (identification) should be available to the management. Moreover, financial information should be disclosed on a need to know basis and only to the finance department (Sampson Makela, 2014). The ethical and non-ethical issues Privacy - the manager accessed Steves confidential information which should have been protected and only disclosed to the relevant parties i.e. Steve. Since there are no laws prohibiting access of information through open networks, the manager should have exercised his ethical duty to avail the relevant data without the confidential information. Security- Since the management has access to the employees confidential information, their security is at risk because the information can fall to the wrong parties after gaining access to the management system (Gunarto, 2011). Two parties are directly affected, they are Steve and Harry. Steves confidential information was presented to the masses, this places him under threat which is a serious security violation. Therefore, in this scenario, Steve is the victim of the incidence. Harry, on the other hand, is responsible for exposing Steves confidential data and therefore is responsible for the outcomes. Legally, there are no stipulations prohibiting Harry from accessing Steves information, however, his moral values should have stopped him from accessing the information. This outcome is common today where people access sensitive information just because they can (CMOD, 2008). Ethical issues and implications Privacy. The legal framework always seems to trail technological innovation, today there are no laws that explicitly define employees information, including data like employee addresses, photos, social security numbers and dates of birth. However, such information should have clear cut guidelines including the very sensitive financial information. Failure to observe such policies or laws should lead severe consequences such as legal prosecution. Security Everyone has a right to feel safe and more importantly a right to protect their assets such as confidential information. These rights cannot be limited to a chosen few within the higher hierarchy of an organisation. Organisations like the one identified above should have proper measures to safeguard their systems What can be done? Containment is the answer to the current situation where the company should implement measures to prevent further damages from the data exposure. Furthermore, the organisation should implement appropriate measures to avoid a recurrence in the future. Ethically, the management should adhere to proper moral values where they should serve as an extra layer of security in case the existing systems lack the necessary security infrastructure to protect the employees information (Deakin, 2015). Confidential information should be stored on secure servers that are only accessed by a few with the right authorization and authentication. Through this technique the organization will account for the data including those who access it. Secondly, the organization should review its existing service agreements, particularly those that deal with the employees and the vendors of the management system. Moreover, reviews can also be done on the internal practices to monitor the flow of operational activities. The organization could also implement a comprehensive privacy policy that identifies individuals based on their duties and access levels. Furthermore, the organization should stop using employees social security numbers as an identification mechanism and instead use company generated numbers to identify its members. Conduct regular training on the importance of information security and privacy. Conduct regular audits to determine the company legal/policy compliance. Finally, develop a response plan in an event of a security breach such as the one identified above. Best option - and why Proper measures should be put in place to safeguard employees information, this could be done using authorization procedures where the staff would have access to the relevant data based on their responsibilities. An IT manager should not have access to financial information, instead, that access should be limited to the finance department and also on a need to know basis. Furthermore, the organisation data should not be taken offsite but again limited to in-house activities. This option will limit access to the relevant parties (authorised) therefore lowering the cases of privacy violation and other ethical dilemmas. References CMOD. (2008). Protecting the confidentiality of Personal Data. Retrieved 16 March, 2017, from: https://www.dataprotection.ie/documents/guidance/GuidanceFinance.pdf Deakin. (2015). Digital literacy. Retrieved 16 March, 2017, from: https://www.deakin.edu.au/__data/assets/pdf_file/0017/38006/digital-literacy.pdf Gunarto. H. (2011). Ethical Issues in Cyberspace and IT Society. Ritsumeikan Asia Pacific University. Retrieved 16 March, 2017, from: https://www.apu.ac.jp/~gunarto/it1.pdf Sampson. J Makela. J. (2014). Ethical Issues Associated with Information and Communication Technology in Counselling and Guidance. Florida State University Libraries. Retrieved 16 March, 2017, from: https://diginole.lib.fsu.edu/islandora/object/fsu:210480/datastream/PDF/view

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.