- No category
Ethics and Privacy in Information Systems - Lecture 3
advertisement
BUSI 1401 Foundations of Information Systems Lecture 3 Ch03-Ethics and Privacy Arthur So, Ph.D. ArthurSo@cunet.carleton.ca . Agenda • Recap of Week2 • Assignments 1 • Ethical Issues • Privacy • Information Security • Introduction to Excel 2 Recap Ch02 1/2 • Business Process • Competitive Advantage – cost/quality/speed • Cross Functional – required multiple areas to produce a single output, like new product design • IS & Business – executing, capturing & storing transactional data, and monitoring • Business Management Strategy • • • • Reengineering (BPR) Improvement (BPI) Management (BPM) Process modeling & activity Compare the use of BPR and BPI Recap Ch02 2/2 • Business pressures • • • Market – Globalization, diversity workforce, informed customers Technology – innovation, information overload issues (data, information, and knowledge) Societal/political/legal – social responsibility, compliances, attacks, ethical and privacy issues • Porter’s model – analysis of 5 competitive forces determining product profitability 1. 2. 3. 4. 5. Industry competition (Rivalry) Threat of new entrants Threat of substitute products Bargaining power of buyers Bargaining power of suppliers • Value Chain, Primary and supportive activities in Porter • Use Porter to evaluate new/existing products or services Ethics The principles of right and wrong actions that corporations use to make choices that guide their behaviour in a social setting • What about good and bad action? • How do you address controversy? • There are many frameworks for making ethical decisions Ethics Dilemmas • Difficult choice in between two courses of action in a decision-making process • In a corporation environment: Employees make decision that would impact on the success or profitability of the corporation • Conflict of interest: Direct and indirect interests, financial and non-financial interests Ethics Artificial Intelligence (AI) Becomes a Predicted Model Extracted from https://insightsoftware.com/blog/machine-learning-vs-traditional-programming/ Ethics Algorithms Ethics Source: Six types of ethical concerns raised by algorithms (Mittelstadt et al. 2016, 4) Privacy Overview • Privacy is the power to control what other people know about you • Personal information - Collection, Disclosure, and Usage • Personal Information Protection and Electronic Documents Act (PIPEDA) – 13 April 2000 • Personal Health Information Protection Act (PHIPA) 2004 • Office of Information and Privacy Commissioner • Good Security Good Privacy • Resource: https://www.priv.gc.ca/en/privacytopics/privacy-laws-in-canada/02_05_d_15/ Privacy • The quality or state of being apart from company or observation and seclusion or freedom from unauthorized intrusion (Merriam-Webster) • Privacy: The right to be left alone and to be free of unreasonable personal intrusions • Information privacy: The right to determine when, and to what extent, information about you can be gathered and/or communicated to others Privacy • Areas of Concern • • • • • • • • • Computing & Internet Communication Intellectual Property Copyright & Patent Unauthorized Access Data Privacy & Spamming Jurisdiction – cross-border contract law File sharing Internet Censorship Healthcare Privacy • “Personal information is data about an identifiable individual (PII). It is information that on its own or combined with other pieces of data, can identify you as an individual” (OPC, 2018, para 4) • The definition differs from the Privacy Act and PIPEDA (para 5). PII examples are: •Race, national or ethnic origin, •Driver’s license number, •Age, marital status, •Medical, education, or employment history, •DNA, •Identify numbers such as the Social Insurance Number (SIN), •Views or opinions about you as an employee •Biometrics and IP Contact Address Source: OVC, 2018. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/02_05_d_15/ Privacy Principles of Privacy • • • • • • • • • • Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, and Retention Accuracy Safeguards Openness Individual Access Challenging Compliance Privacy Privacy Codes and Policies • Privacy policies (or privacy codes) are an organization’s guidelines for protecting the privacy of its customers, clients, and employees. • Methods of informed consent: • Opt-out model permits the company to collect personal information until the customer specifically requests that the data not be collected • Opt-in model prohibits an organization from collecting any personal information unless the customer specifically authorizes it. Privacy Privacy Codes and Policies • European Directive on Data Privacy (GDPR) • Canadian Standards Association (CSA) Model Code • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) • Approximately 50 countries have data-protection law Privacy Sources: Privacy Fines: GDPR Sanctions in 2021 Exceeded $1 Billion. Retrieved from https://www.databreachtoday.com/privacy-fines-gdpr-sanctions-in2021-exceeded-1-billion-a-18331?rf=2022-0122__SUB_DBT__Slot1_ART18331&mkt_tok=MDUxLVpYSS0yMzcAAAGCIX1RgyrBnzW5w1951fb2wRGEvYrZP2hYZJed8kxfmDNHiPYhLcTqmoifekOE2aq1njeotTqJgjUbsrHKBABWBzgLEdPiDFDkobjldygqHQIiSlm98w Privacy Data Breaches Major violations in Canada: • Laboratory testing firm LifeLabs (Oct 2019) – 8.6 M customers’ sensitive information exposed • Desjardins Group financial cooperative (June 2019) – 4.2 M members’ internal data compromised by an employee • IKEA Internal data breach (May 2022) – some customers’ personal information appeared in a generic search made by an IKEA employee. Canadian privacy law: • In 2020, Canada followed GDPR privacy regulation by proposing fines of up to 5% of the company’s global revenues or $25 M (by Innovation Minister Navdeep Bains) Sources: Ljunggren, D. 2020. Canada promises big fines for companies. Retrieved from https://financialpost.com/pmn/business-pmn/canada-promises-big-fines-forcompanies-that-breach-new-privacy-law Privacy Privacy Offices: • Federal: Privy Council Office https://www.canada.ca/en/privycouncil.html • Provincial: Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/ • Carleton University Privacy Office: https://carleton.ca/privacy/ Intellectual Property Copyright Protection in Canada Lifetime of the author until the remainder of the calendar year Additional of 50 years after the death of the author A guide of Copyright in Canada: https://www.ic.gc.ca/eic/site/cipointernetinternetopic.nsf/eng/h_wr02281.html Introduction to Information Systems Rainer, Prince, Sanchez-Rodriguez, Splettstoesser Hogeterp, Ebrahimi Fifth Canadian Edition Chapter 3 Ethics and Privacy Copyright ©2021 John Wiley & Sons Canada, Ltd. Learning Objectives • • Describe ethics, its three fundamental tenets, and the four categories of ethical issues related to information technology Discuss at least one potential threat to the privacy of the data in each of three places that store personal data Copyright ©2021 John Wiley & Sons Canada, Ltd. 21 Chapter Outline 1. Ethical Issues 2. Privacy Copyright ©2021 John Wiley & Sons Canada, Ltd. 22 Opening Case: The Huge Scope of Privacy Issues: All Data Are Accessible Think about: • How privacy issues could affect your data • How the organizations profiled could have prevented the privacy breaches discussed Copyright ©2021 John Wiley & Sons Canada, Ltd. 23 3.1 Ethical Issues • Ethics: o • • • The principles of right and wrong that individuals use to make choices that guide their behavior Ethical Frameworks Ethics in the Corporate Environment Ethics and IT Copyright ©2021 John Wiley & Sons Canada, Ltd. 24 Ethical Frameworks (aka “standards”) • Widely used standards o o o o o • Utilitarian approach Rights approach Fairness approach Common good approach Deontology approach Combine standards to create approaches for ethical decision making Copyright ©2021 John Wiley & Sons Canada, Ltd. 25 Traditional Approach for Resolving Ethical Issues (left column TABLE 3.1) 1. 2. 3. 4. Recognize an ethical issue Get the facts Evaluate alternative actions Make a decision and test it Copyright ©2021 John Wiley & Sons Canada, Ltd. 26 Giving Voice to Values (GVV) Approach (right column TABLE 3.1) 1. 2. 3. 4. Identify an ethical issue Purpose and choice – Personal and Professional choice Stakeholder analysis – Affected ethical issues Powerful responses – Identify your audience & relevant responses 5. Scripting and coaching Copyright ©2021 John Wiley & Sons Canada, Ltd. 27 Ethics in the Corporate Environment • • Code of ethics Fundamental tenets of ethics: o o o • Responsibility Accountability Liability What is unethical is not necessarily illegal Copyright ©2021 John Wiley & Sons Canada, Ltd. 28 IT’s About Business 3.1: Google Links Online Search Data and Offline Purchase Data Consider: • What are the different sources that can be used to integrate and analyze spending data? • How can online use of this data for advertising result in privacy invasion? Copyright ©2021 John Wiley & Sons Canada, Ltd. 29 Ethics and Information Technology • Four general categories of ethical issues related to IT: 1. 2. 3. 4. Privacy Accuracy Property Accessibility Copyright ©2021 John Wiley & Sons Canada, Ltd. 30 IT’s About Business 3.2: Quizlet Consider: • Data available online is subject to varying levels of copyright protection. How do you use it? • What resources do you use for studying and where does it come from? Copyright ©2021 John Wiley & Sons Canada, Ltd. 31 3.2 Privacy • • • • • • Introduction Electronic Surveillance Personal Information in Databases Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites Privacy Codes and Policies International Aspects of Privacy Copyright ©2021 John Wiley & Sons Canada, Ltd. 32 Privacy Introduction (1 of 3) • Privacy: o • The right to be left alone and to be free of unreasonable personal intrusions Information privacy: o The right to determine when, and to what extent, information about you can be gathered and/or communicated to others Copyright ©2021 John Wiley & Sons Canada, Ltd. 33 Privacy Introduction (2 of 3) • Court decisions in many countries have followed two general rules: 1. The right of privacy is not absolute, and privacy must be balanced against the needs of society 2. The public’s right to know supersedes the individual’s right of privacy • Finding a balance between transparency and privacy requires careful consideration of ethical principles, legal norms, societal expectations, and the specific context in which privacy rights and public interests intersect Copyright ©2021 John Wiley & Sons Canada, Ltd. 34 Privacy Introduction (3 of 3) • • Digital dossiers are created using profiling Data aggregators include: o o o LexisNexis Acxiom Statistics Canada Copyright ©2021 John Wiley & Sons Canada, Ltd. 35 Electronic Surveillance (1 of 2) • • • Using technology to monitor individuals as they go about their daily routines Surveillance is conducted by employers, governments, and other institutions Examples: o Surveillance cameras in airports, subways, banks, and other public venues Copyright ©2021 John Wiley & Sons Canada, Ltd. 36 Electronic Surveillance (2 of 2) • • • • Inexpensive digital sensors are found in laptop webcams, video game sensors, smartphone cameras, utility meters, passports, and identification cards Smartphones create geotags Google and Microsoft street view images Drones Copyright ©2021 John Wiley & Sons Canada, Ltd. 37 IT’s About Business 3.3: Licence Plate Readers Consider: • How else could licence plate and driver’s licence data be used? • Is this a possible invasion of privacy when combined with geographic positioning data? Copyright ©2021 John Wiley & Sons Canada, Ltd. 38 Personal Information in Databases (1 of 3) • Personal data locations and record keepers o o o o o o o Credit reporting agencies Banks and financial institutions Utility companies Employers Hospitals Schools Government agencies (Canada Revenue Agency, province, municipality) Copyright ©2021 John Wiley & Sons Canada, Ltd. 39 Personal Information in Databases (2 of 3) • Major concerns about information you provide record keepers o o o o o Do you know where the records are? Are the records accurate? Can you change inaccurate data? How long will it take to make a change? Under what circumstances will personal data be released? Copyright ©2021 John Wiley & Sons Canada, Ltd. 40 Personal Information in Databases (3 of 3) • Major concerns about information you provide record keepers o o o How are the data used? To whom are the data given or sold? How secure are the data against access by unauthorized people? Copyright ©2021 John Wiley & Sons Canada, Ltd. 41 IT’s About Business 3.4: India’s Aadhaar System Consider: • How would you feel if your province implemented a fingerprint identification system? • Do you use biometric (fingerprint) identification with your smartphone or computer? Why or why not? Copyright ©2021 John Wiley & Sons Canada, Ltd. 42 Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites • • • Free speech versus privacy on the Internet Derogatory information can influence hiring decisions Little to no recourse for victims Copyright ©2021 John Wiley & Sons Canada, Ltd. 43 Privacy Codes and Policies (1 of 2) • • • An organization’s guidelines for protecting the privacy of its customers, clients, and employees Methods of informed consent: o Opt-out model o Opt-in model Platform for Privacy Preferences (P3P) o A protocol that automatically communicates privacy policies between a website and its visitors Copyright ©2021 John Wiley & Sons Canada, Ltd. 44 Privacy Codes and Policies (2 of 2) • • • European Directive on Data Privacy (GDPR) Canadian Standards Association (CSA) Model Code Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) Copyright ©2021 John Wiley & Sons Canada, Ltd. 45 TABLE 3.3 Privacy Policy Guidelines: A Sampler • Presents three sample sections: 1. 2. 3. • data collection data accuracy data confidentiality Guidelines such as those in Table 3.3 help to: o o o o Codify requirements for employees Provide a standard set of procedures Protect organizations from litigation Can be used as a measurement tool if disciplinary action is required Copyright ©2021 John Wiley & Sons Canada, Ltd. 46 IT’s About Business 3.5: Facebook and the Cambridge Analytica Data Scandal Consider: • Whether all personally identifiable data is confidential • Whether you would be concerned if all of your Facebook data was made available to Facebook app developers Copyright ©2021 John Wiley & Sons Canada, Ltd. 47 International Aspects of Privacy • • The global nature of the Internet complicates data privacy Approximately 50 countries have data-protection laws o o Inconsistent standards from country to country Transborder data flow Copyright ©2021 John Wiley & Sons Canada, Ltd. 48 Closing Case: Accessing Patient Data through Electronic Medical Records Think about: • Examples of your recent private medical data and where it is stored • How much of your medical data do your medical caregivers have access to? Copyright ©2021 John Wiley & Sons Canada, Ltd. 49 Copyright Copyright © 2021 John Wiley & Sons Canada, Ltd. or the author. All rights reserved. Students and instructors who are authorized users of this course are permitted to download these materials and use them in connection with the course. No part of these materials should be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse this material is available at http://www.wiley.com/go/permissions. Copyright ©2021 John Wiley & Sons Canada, Ltd. 50
0
advertisement
Related documents
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users