Needed by 12/12
Requirements:
Instructions: Respond to the discussion topic post below.
· Responses must be substantial (several paragraphs each) Responses should have proper support with at least 1 different source as applicable.
Discussion Topic Covered:
The amount of data companies can obtain and store about customers has grown substantially over time. Based on your readings and peer reviewed articles, what controls do you think should be put in place related to customer data storage and use? Should different types of organizations be required to implement stronger controls or should all organizations, regardless of the industry, have the same set of controls for data storage?
Respond to this post:
Frequently, in our environments, we hear about identity theft, cloned credit or debit cards, hacked bank accounts. In the worst case, we have experienced it firsthand. Our phones are also continuously bombarded with calls or emails from telemarketers or sellers of products or services, and all this derived from data breaches in online stores, banks, government sites, and even in our places of employment, to whom we once provided our data and believed would be safe with them.
Data losses have been going on for a long time, and the reason is that the level of security on data has been almost generally inadequate. There has also been some irresponsibility on the part of those who handle the data, taking the attribution of marketing our information, without considering our right to privacy, and without thinking about the consequences derived from such careless handling.
As flaws in data storage and protection practices have increased, consumers have lowered their confidence, which has negatively impacted their purchasing decisions. For this reason, those companies that have proven to be more careful in storing and safeguarding data are those that have managed to maintain and increase their customers.
A wide range of high-profile data loss incidents has cost organizations millions of dollars in direct and indirect costs and resulted in tremendous damage to performance, brands, and reputations. The vast majority of data loss incidents resulted from the actions of internal users and trusted third parties, and most have been unintentional. As the financial services industry is responsible for preventing its customers’ data from loss or theft, getting data protection wrong can introduce commercial, reputation, regulatory, and legal penalties. This becomes more difficult as the criminal sees the high value of personal information for identity theft, fraud, and espionage, which motivates them to steal data from individuals and the organization. (Mohd, et al., 2019)
It is common for customer records to be stolen by employees prior to leaving and joining a competitor firm. In the company that I currently work with, they have had to deal with this type of problem many times. Employees with access to patient data have collected this information and sold it or transferred it to competing medical centers, causing financial damage to the company. Based on this situation, the company’s lawyers prepared confidentiality and non-competition agreement that all employees must sign, to mitigate these data thefts somewhat.
Information leaders should, together with their marketing and legal departments, develop a code of conduct for big data analytics. This code of conduct should contain the list of principles that describe what the company finds appropriate and inappropriate, a process that describes the ethical checks and balances when conducting big data analytics, legal implications, whether the intended use of the data matches how it is actually being used, and if the organization would be comfortable if the results of it became public. Ethical guidelines require regular attention and reinforcement. (Buytendijk, et al., 2013)
Big Data has opened up new access to business-critical data. Organizations need to keep pace with resulting security concerns and bring Big Data under a sound identity and access management umbrella. (Lewis, 2015). The industry needs a data solution that is secure and private by default, even in memory, even in search results, even when aggregated, even when shared between different applications. (Wong, 2020)
References:
Buytendijk, F., & Heiser, J. (2013). Confronting the privacy and ethical risks of Big Data. FT.Com, https://www.proquest.com/trade-journals/confronting-privacy-ethical-risks-big-data/docview/1444673164/se-2?accountid=35796
Lewis, J. (2015). Information Privacy & Big Data. SC Magazine, 26(2), 17. https://www.proquest.com/trade-journals/information-privacy-amp-big-data/docview/1659751318/se-2?accountid=35796
Mohd, A., Nawawi, A., & Ahmad S. (2019). Customer data security and theft: a Malaysian organization’s experience. Information and Computer Security, 27(1), 81-100. http://dx.doi.org/10.1108/ICS-04-2018-0043
Wong, C. (2020, November 2). Privacy for Big Data: Monster or Myth. https://www.forbes.com/sites/forbestechcouncil/2020/11/02/privacy-for-big-data-monster-or-myth/?sh=6e8e51554e68