Week 13

kgf_rocky_bhai

Chapter13.pptx

Home >Information Systems homework help >Week 13

Managing and Using Information Systems: A Strategic Approach – Sixth Edition

Keri Pearlson, Carol Saunders, and Dennis Galletta

Chapter 13 Privacy and Ethical Considerations in Managing Information

Three Breaches: TJX, Target, Home Depot

TJX Co: largest security breach of its computer system in the history of retailing: 90 million customer records were stolen

Target: 40 million; Home Depot: 56 million

All had to decide between notifying their customers immediately, or waiting the 45 days allowed by the jurisdictions.

Outcomes

Target:

Stock fell 9% a few days after disclosure

Profits fell 46% in the following quarter

TJX:

Stock fell 8%

Cybersecurity Bill, 18 Dec, 2014

Supports R&D to develop best practices

Supports education in the area

Prepares the workforce

Federal agencies need a cybersecurity plan:

Guarantee individual privacy, verify software and hardware, address insider threats

Determine the origin of messages

Protect cloud information and data transmission

Normative Theories of Business Ethics

Managers must assess initiatives from an ethical point of view

Most managers are not trained in ethics, philosophy, and moral reasoning

Difficult to determine or discuss social norms

Three theories of business ethics are useful for assessing an initiative

Figure 12.1 Three normative theories of business ethics.

Theory	Definition	Metrics
Stockholder	Maximize stockholder wealth in legal and non-fraudulent manners.	Will this action maximize stockholder value? Can goals be accomplished without compromising company standards and without breaking laws?
Stakeholder	Maximize benefits to all stakeholders while weighing costs to competing interests.	Does the proposed action maximize collective benefits to the company? Does this action treat one of the corporate stakeholders unfairly?
Social contract	Create value for society in a manner that is just and nondiscriminatory.	Does this action create a “net” benefit for society? Does the proposed action discriminate against any group in particular, and is its implementation socially just?

Stockholder Theory

Stockholders advance capital to corporate managers who act as agents in advancing their ends.

Managers are bound to the interests of the shareholders (maximize shareholder value).

Manager’s duties:

Bound to employ legal, non-fraudulent means.

Must take long view of shareholder interest.

Stakeholder Theory

Stakeholders are:

Any group that vitally affects corporate survival and success.

Any group whose interests the corporation vitally affects.

Management must balance the rights of all stakeholders without impinging upon the rights of any one particular stakeholder

Social Contract Theory

Corporations are expected to create more value to society that it consumes.

Social contract:

1. Social welfare – corporations must produce greater benefits than their associated costs.

2. Justice – corporations must pursue profits legally, without fraud or deception, and avoid actions that harm society.

The Three Normative Theories

How do they apply to TJX, Target, Home Depot?

What are the advantages of notifying customers early?

What are the advantages of waiting as long as legally permitted?

What are the advantages of finding a way to avoid notifying customers?

Each firm has to balance needs that are apparent in reference to the three normative theories

Notifying customers early would benefit society the most, perhaps helping contain the damage quickly, minimizing it.

Waiting would enable the company to investigate more thoroughly, and help find the criminals to avoid the next breach by the same individuals. Also, waiting would enable the company to participate in further growth and gain more sales.

Avoiding notification of customers completely would prevent a decrease in sales or stock prices.

Big Data

Can guess income from zip code

Therefore, can identify targets from zip codes

Should you pass up the opportunity to alert potential customers of your products?

If not, your competitors will get there first!

Interesting Outcomes

Pregnant daughter – Target knew and accidentally alerted her dad. How?

Buying habits were shared by other pregnant women:

Unscented soap

Cotton balls

Vitamins

How did Target reveal this to the dad?

Target sent her some ads for diapers and maternity clothes

New Study in Science

Take a file from a credit card agency, with disguised credit card numbers: 1.1 million records

90% of the identities can be found by connecting three things

Information easily found on Instagram, Facebook, FourSquare

Ethical Tensions with Governments

UAE tried to require RIM to disclose confidential information for national security

Sony Pictures had a project ruined by North Korean threats

Google’s features are restricted in China

Mason’s areas of managerial concern “PAPA”

Area	Critical Questions
Privacy	What information must a person reveal about one’s self to others? What information should others be able to access about you – with or without your permission? What safeguards exist for your protection?
Accuracy	Who is responsible for the reliability and accuracy of information? Who will be accountable for errors?
Property	Who owns information? Who owns the channels of distribution, and how should they be regulated?
Accessibility	What information does a person or an organization have a right to obtain, under what conditions, and with what safeguards?

Privacy

The right to be left alone

Possessing and using the “best” information helps an organization win

High priority: Keeping it safe and secure

Regulations cover the authorized collection, disclosure and use of personal information

But is it clear enough?

Privacy Paradox

Convenience vs privacy

Make it harder for criminals to steal information, it will be less convenient for genuine users

15,000 customers in 15 countries:

Overall, 51% said they wouldn’t trade off privacy for convenience; 27% said they would.

India: 40% wouldn’t; 48% would

Germany: 70% wouldn’t; 12% would

What about Actual Behavior?

Teens repeatedly demonstrate a lack of concern about privacy

Often they regret their decisions

70% of recruiters have rejected candidates for postings they found online

But only 20% strengthened their privacy settings when Facebook began allowing it

Privacy is valued more in Europe than in the US

Software or Site Terms of Service

Ignored widely, often due to length and legal language

Pen Pal’s Terms of Service are longer than Hamlet

Fewer than 2% read the terms

A UK site included selling a person’s immortal soul and thousands accepted it.

Can access only the cookie it created!

So what’s the concern?

Easy. Have a third party place content on your page

Widespread practice: DoubleClick has content on thousands of sites

But back to convenience: Without cookies, you could not have a “shopping cart”

Accuracy

Controls are needed to ensure accuracy

Data entry errors must be controlled and managed carefully

Data must also be kept up to date

Removing data after needed or when legally mandated is not easy

Bank of America Example

What did Bank of America do to the couple near Christmas?

Just from checking out refinancing rates, appearance of risk rose

B of A admitted error but neglected to report this to credit agencies

Property

Mass quantities of data are stored

Who owns the data?

Who has rights to it?

Who owns the images that are posted in cyberspace? Photographer? Subject? Facebook?

Proper ownership implies legal rights but duties too

Accessibility

Access to systems and their data is paramount

Users must be able to access this data from any location (if legal and it can be properly secured)

Major issue – how to create and maintain access to information for society at large

This access needs to be limited to those who have a right to see and use it (to limit identity theft).

Also, adequate security measures must be in place on their business partners’ end.

What Should a Manager Do?

Create a culture of responsibility

Post policies

Implement governance processes for information control

Avoid decoupling responsibility

i.e., make Managers responsible for their decisions that lead to privacy problems

Green Computing

The digital economy uses 10% of the world’s energy

In 2007, the 5 largest search companies used 2.4 gigawatts.

Hoover Dam only generates 2.0

Since then it has reduced thanks to “green” efforts in data centers

Virtualization

Relocation for more natural cooling

e.g., Google in Finland

Triple Bottom Line Impact

TBL (3BL)

People: Being socially responsible

Planet: Saving the environment

Profit: Saving money

Managing and Using Information Systems: A Strategic Approach – Sixth Edition

Keri Pearlson, Carol Saunders, and Dennis Galletta