Management Information System

Week4ITethics1.pptx

Home >Information Systems homework help >Management Information System

IT ethics

What ethical, social, and political issues are raised by information systems?

What specific principles for conduct can be used to guide ethical decisions?

Why do contemporary information systems technology and the Internet pose challenges to the protection of individual privacy and intellectual property?

How have information systems affected laws for establishing accountability, liability, and the quality of everyday life?

LEARNING OBJECTIVES

This chapter examines the ethical, social, and political issues raised by information systems. It can be useful to ask students to help you put together a list of these issues categorized into ethical, social, and political columns.

Information systems and ethics

Information systems raise new ethical questions because they create opportunities for:

Intense social change, threatening existing distributions of power, money, rights, and obligations

New kinds of crime

Ethical, Social, and Political Issues

Ask students to describe some of the ethical dilemmas that are presented by information systems and new developments in technology. Privacy is an important issue—mention the opening case again and explain that the business models of Google, Facebook, and many other sites depend on getting users to give up their personal information so it can be used to market and sell them products.

The introduction of new information technology has a ripple effect, raising new ethical, social, and political issues that must be dealt with on the individual, social, and political levels. These issues have five moral dimensions: information rights and obligations, property rights and obligations, system quality, quality of life, and accountability and control.

THE RELATIONSHIP AMONG ETHICAL, SOCIAL, POLITICAL ISSUES IN AN INFORMATION SOCIETY

Explain to students that the graphic displays the five moral dimensions listed in the caption. Consider online P2P bit torrent shared music as an example of how a new technology has ethical, social, and eventually political (legal) ramifications. If music can be ripped off, why pay any money for it? Why should anyone care about record labels or artist’s income?

Five moral dimensions of the information age:

Information rights and obligations

Property rights and obligations

Accountability and control

System quality

Quality of life

Ethical, Social, and Political Issues

Give examples of each of the five major issues. For example, an issue dealing with information rights might be, what rights do individuals possess with respect to themselves? What do they have a right to protect? An issue dealing with quality of life might be: what values should be preserved in an information- and knowledge-based society? An issue dealing with system quality might be: what standards of data and system quality should we demand to protect individual rights and the safety of society?

Key technology trends that raise ethical issues

Doubling of computer power

More organizations depend on computer systems for critical operations.

Rapidly declining data storage costs

Organizations can easily maintain detailed databases on individuals.

Networking advances and the Internet

Copying data from one location to another and accessing personal data from remote locations are much easier.

Artificial Intelligence

Greater analytical capability, risks of machine learning

Ethical, Social, and Political Issues

Which of these trends do students believe might have the most adverse consequences? Why do they feel this way? Do the positives outweigh the negatives for all four issues? Why or why not?

Advances in data analysis techniques

Profiling

Combining data from multiple sources to create dossiers of detailed information on individuals

Nonobvious relationship awareness (NORA)

Combining data from multiple sources to find obscure hidden connections that might help identify criminals or terrorists

Mobile device growth

Tracking of individual cell phones

Ethical, Social, and Political Issues

Online profiling is one of the most controversial computer-related ethical, social, and political issues today. Although it is used fairly extensively on the Internet, it is also used by insurance firms, health insurance firms, casinos, and of course national authorities around the globe for finding potential terrorists.

NORA technology can take information about people from disparate sources and find obscure, nonobvious relationships. It might discover, for example, that an applicant for a job at a casino shares a telephone number with a known criminal and issue an alert to the hiring manager.

NONOBVIOUS RELATIONSHIP AWARENESS (NORA)

Explain that NORA is used by both the government and the private sector for its profiling capabilities. Ask students to provide potential examples of NORA (other than the one mentioned in the caption) for both governmental and business purposes. One such example might be an airline identifying potential terrorists attempting to board a plane. Another might be government identifying potential terrorists by monitoring phone calls.

Basic concepts for ethical analysis

Responsibility:

Accepting the potential costs, duties, and obligations for decisions

Accountability:

Mechanisms for identifying responsible parties

Liability:

Permits individuals (and firms) to recover damages done to them

Due process:

Laws are well-known and understood, with an ability to appeal to higher authorities

Principles to Guide Ethical Decisions

Explain that information systems do not exist in a vacuum and that these concepts are instrumental in understanding the impact of systems and measuring their success. Ask students why liability and due process are such important ethical concepts? (A rough answer would be that they provide recourse to individuals negatively effected by mismanagement of information systems, providing incentive to “play by the rules”.)

Five-step ethical analysis

Identify and clearly describe the facts.

Define the conflict or dilemma and identify the higher-order values involved.

Identify the stakeholders.

Identify the options that you can reasonably take.

Identify the potential consequences of your options.

Principles to Guide Ethical Decisions

Do students believe that any aspect of ethical analysis is lacking from this process? If so, what? Can students offer a brief example of an ethical dilemma and how they would resolve it using this process? One class exercise is to work with students to identify an ethical situation they are aware of, or that may have been in the news. Then, go through the ethical analysis described in the slide to illustrate the process of analyzing an ethical situation.

Candidate ethical principles

Golden Rule

Do unto others as you would have them do unto you.

Immanuel Kant’s Categorical Imperative

If an action is not right for everyone to take, it is not right for anyone.

Descartes’ Rule of Change

If an action cannot be taken repeatedly, it is not right to take at all.

Principles to Guide Ethical Decisions

Ensure students understand the difference between the categorical imperative and the rule of change. Briefly, the difference is that the categorical imperative spans the entirety of the populace, whereas the rule of change applies to the decisions of one person over time. For example, the categorical imperative applies to an employee who tries to steal money from his employer. He shouldn’t do this, because if all employees attempted to do so, the company would fail. The rule of change applied to the same situation might run as follows: although the employee’s stealing one dollar from the company would not lead to any true problem, repeatedly stealing one dollar, or stealing a lot of dollars, would be unacceptable and ultimately lead to the destruction of the company.

Candidate ethical principles (cont.)

Utilitarian Principle

Take the action that achieves the higher or greater value.

Risk Aversion Principle

Take the action that produces the least harm or potential cost.

Ethical “No Free Lunch” Rule

Assume that virtually all tangible and intangible objects are owned by someone unless there is a specific declaration otherwise.

Principles to Guide Ethical Decisions

How does the “no free lunch” rule relate to copyrights, patents, and trademarks? (These concepts are discussed in later slides.)

Explain that the appearance of unethical behavior is as harmful as actual unethical behavior at times, so adherence to these principles are critical. In an age of “open source software” how does the principle of “no free lunch” work out? Open source software is an example of an economic good which is licensed by the creator for distribution often without charge, or even attribution. In this case, there is a “free lunch.” But it occurs because the creators of the software consent to this arrangement.

Professional codes of conduct

Promulgated by associations of professionals

Examples: AMA (American Medical Association), ABA (American Bar Association), AITP (Association of IT Professionals), ACM (Association of Computing Machinery)

Promises by professions to regulate themselves in the general interest of society

Real-world ethical dilemmas

One set of interests pitted against another

Example: right of company to maximize productivity of workers versus workers right to use Internet for short personal tasks

Principles to Guide Ethical Decisions

Other ethical dilemmas include companies trying to use new systems to reduce the size of their workforce, such as telephone companies using automated systems to reduce the need for human operators. Emphasize that in cases like these, right and wrong are not clearly defined, but instead, contrasting values are at odds with one another (companies value productivity, employees value their work).

Information rights: privacy and freedom in the Internet age

Privacy:

Claim of individuals to be left alone, free from surveillance or interference from other individuals, organizations, or state; claim to be able to control information about yourself

In the United States, privacy protected by:

First Amendment (freedom of speech)

Fourth Amendment (unreasonable search and seizure)

Additional federal statues (e.g., Privacy Act of 1974)

Challenges to Privacy and Intellectual Property

Do students believe that there are sufficient protections for privacy in law? If not, what are possible methods of developing appropriate privacy protections? Table 4-3 in the text lists a variety of other laws affecting both the government and private institutions, but few areas of the private sector are as well regulated with respect to privacy. Do an in-class poll and ask students who among them feel they can control the use of their personal information on the Internet. You should get no one raising their hand.

Fair information practices:

Set of principles governing the collection and use of information

Basis of most U.S. and European privacy laws

Based on mutuality of interest between record holder and individual

Restated and extended by FTC in 1998 to provide guidelines for protecting online privacy

Used to drive changes in privacy legislation

COPPA

Gramm-Leach-Bliley Act

HIPAA

Do-Not-Track Online Act of 2011

Challenges to Privacy and Intellectual Property

Explain what is meant by a “mutuality of interest between record holder and individual.” (Briefly, the individual wants to engage in a transaction, and the record holder needs information about the individual to support the transaction—both are interested parties in the transaction.)

FTC FIP principles:

Notice/awareness (core principle)

Web sites must disclose practices before collecting data.

Choice/consent (core principle)

Consumers must be able to choose how information is used for secondary purposes.

Access/participation

Consumers must be able to review and contest accuracy of personal data.

Challenges to Privacy and Intellectual Property

Do students believe that the Web sites they visit actually disclose their data collection and utilization practices? Is it difficult to find where?

FTC FIP principles (cont.)

Security

Data collectors must take steps to ensure accuracy, security of personal data.

Enforcement

Must be mechanism to enforce FIP principles.

Challenges to Privacy and Intellectual Property

These five Fair Information Practices provide the foundation for all privacy legislation in the United States, and much of Europe. You might go to a popular Web site, find its privacy policy, and see how well the site conforms to the principles above. Chances are good that the Web site you choose will have several statements in their policies which permit them to do anything they want with personal information. Also, do a search on “FTC privacy” and go to one of the reports listed. A search on “FTC behavioral targeting” also produces many fine reports on the topic.

European Directive on Data Protection:

Companies must inform people information is collected and disclose how it is stored and used.

Requires informed consent of customer.

EU member nations cannot transfer personal data to countries without similar privacy protection.

U.S. businesses use safe harbor framework to work with EU personal data.

Stricter enforcements under consideration:

Right of access

Right to be forgotten

Challenges to Privacy and Intellectual Property

EU protections of privacy are far more powerful than the United States because they require informed consent before a firm can do anything with personal information besides support the transaction at hand. In Europe, there is no junk postal mail for instance because advertising firms are prohibited from using personal information obtained from third parties, and without the consent of the individual.

Internet challenges to privacy:

Identify browser and track visits to site

Super cookies (Flash cookies)

Web beacons (Web bugs)

Tiny graphics embedded in e-mails and Web pages

Monitor who is reading e-mail message or visiting site

Spyware

Surreptitiously installed on user’s computer

May transmit user’s keystrokes or display unwanted ads

Google services and behavioral targeting

Challenges to Privacy and Intellectual Property

What are students attitudes toward these technologies? Emphasize that cookies can be useful at trusted sites, but perhaps invasive at others. Have students had any experience with spyware or Web bugs on their own computers? How would they know they are being tracked?

Cookies are written by a Web site on a visitor’s hard drive. When the visitor returns to that Web site, the Web server requests the ID number from the cookie and uses it to access the data stored by that server on that visitor. The Web site can then use these data to display personalized information.

Figure 4-3

HOW COOKIES IDENTIFY WEB VISITORS

Ask students to pinpoint where potential privacy invasions might occur in the process shown above. Students may suggest that no real privacy violation is occurring in the figure, which is a legitimate point of view. If so, ask them how they might feel about a Web site they did not trust engaging in the displayed process.

The United States allows businesses to gather transaction information and use this for other marketing purposes.

Opt-out vs. opt-in model

Online industry promotes self-regulation over privacy legislation.

However, extent of responsibility taken varies:

Complex/ambiguous privacy statements

Opt-out models selected over opt-in

Online “seals” of privacy principles

Challenges to Privacy and Intellectual Property

Do students believe that businesses should be pressed to provide more comprehensive privacy protections online? Explain that businesses prefer the looser regulation, but that individuals may not. Also emphasize that most individuals do not take the proper steps to ensure their own privacy in any case. Most people do not know how to protect their privacy online. Does that mean that privacy is unimportant or that people don’t care?

Technical solutions

E-mail encryption

Anonymity tools

Anti-spyware tools

Browser features

“Private” browsing

“Do not track” options

Overall, few technical solutions

Challenges to Privacy and Intellectual Property

Property rights: Intellectual property

Intellectual property: intangible property of any kind created by individuals or corporations

Three main ways that intellectual property is protected:

Trade secret: intellectual work or product belonging to business, not in the public domain

Patents: grants creator of invention an exclusive monopoly on ideas behind invention for 20 years

Challenges to Privacy and Intellectual Property

Do students believe that the property rights guaranteed by trade secrets, copyrights, and patents are strong enough to avoid the theft of intellectual property online? Give an example of a trade secret (the formula for Coke; a method of doing business or business process). Give an example of a copyright (which could include the copyright of a photo or newspaper article). And give an example of a patent (such as Amazon's One Click shopping as a business process patent, or Kodak‘’s claim to have a patent on digital still cameras with digital displays for a viewfinder).

Accountability, liability, control

Computer-related liability problems

If software fails, who is responsible?

If seen as part of machine that injures or harms, software producer and operator may be liable.

If seen as similar to book, difficult to hold author/publisher responsible.

What should liability be if software seen as service? Would this be similar to telephone systems not being liable for transmitted messages?

Information Systems, Laws, and Quality of Life

Using the example from the text, who do students consider to be the liable party for the incident involving Bank of America customers whose paychecks were denied due to an operating error at the bank’s computer center? Is it the designers of the systems at the center? Is there no liability involved? Explain that it is difficult to ascribe liability to software developers for the same reason that it is difficult to ascribe a publisher liability for the effects of a book.

System quality: Data quality and system errors

What is an acceptable, technologically feasible level of system quality?

Flawless software is economically unfeasible.

Three principal sources of poor system performance:

Software bugs, errors

Hardware or facility failures

Poor input data quality (most common source of business system failure)

Information Systems, Laws, and Quality of Life

Do students have any opinion about when software is “good enough?” Does it depend on the particular product? For example, distinguish between software used by air traffic controllers and software used for word processing. Do students believe that there are different levels of acceptable quality for these products?

Quality of life: Equity, access, boundaries

Negative social consequences of systems

Balancing power: although computing power decentralizing, key decision making remains centralized

Rapidity of change: businesses may not have enough time to respond to global competition

Maintaining boundaries: computing, Internet use lengthens work-day, infringes on family, personal time

Dependence and vulnerability: public and private organizations ever more dependent on computer systems

Information Systems, Laws, and Quality of Life

Ask students whether they have witnessed any of these negative consequences first hand. It's likely that they know someone who has become dependent on their computer to some extent or have even experienced something similar first hand. Which of the above consequences do students feel is the most alarming?

Computer crime and abuse

Computer crime: commission of illegal acts through use of computer or against a computer system—computer may be object or instrument of crime

Computer abuse: unethical acts, not illegal

Spam: high costs for businesses in dealing with spam

Employment:

Reengineering work resulting in lost jobs

Equity and access—the digital divide:

Certain ethnic and income groups in the United States less likely to have computers or Internet access

Information Systems, Laws, and Quality of Life

Ask students what experience they have had with spam. A notable statistic is that spam accounts for more than 75% of all e-mail traffic and is relatively unlikely to decrease, because it is so difficult to regulate and so cheap to send.

Do students believe that the end result of continuing advances in information technology will be rising unemployment and a small number of elite corporate professionals? Students may enjoy debating this idea, which is somewhat far-fetched, but conceptually stimulating. There is some evidence that today’s manufacturing technology (including robots and computer controlled machines) is displacing factory jobs.

Eu general data protection regulation

What is the GDPR?

Stands for EU General Data Protection Regulation.

The most important change in data privacy regulation decided by EU.

Approved by the EU Parliament and all member states.

Enforcement date: 25 May 2018*

Affects all European citizens, over the age of 16. Minors need parental authorization for their data to be processed

The EU GDPR substitutes the previous Data Protection Directive 95/46/EC with the purpose of:

Uniquely arrange the data privacy laws for all EU Countries

Better defending the data privacy of all EU citizens

Authorizing and empowering all EU citizens data privacy

Reorganizing the approach of EU Organizations, in relation to data privacy, across Europe.

By this date ( May 25 2018), all the organizations, in the EU members countries, will have to be in line with the new regulations and respect them.

The non-compliance organizations will face high fines.

GDPR Timeline

EU Adopted Data Protection Directive 95/46/EC

1st proposal for updating EU data privacy regulations

Parliament approved 1st version of new regulation

Regulation went to its final stage, called the “Trilogue”

Parliament & Council reach agreement with official signing in January 2016

Officially takes effect in 20 days after published in the EU official Journal

After 2 year grace period, GDPR is now enforceable

20 years

Data Protection Directive 95/46/EC was approved and came effective on the 24th of October 1995

** During the Trilogue timeline ( from June 24, 2015 till December 15, 2015) a series of meeting have been held for setting up the drafting of the new Data Regulation ( chapters, specific régimes, remedies, labilities, sanctions, cooperation and consistency, delegations and Implementing Acts, final provisions)

*** April 8, 2016: the GDPR is formally adopted by the EU Council

April 16, 2016: the GDPR formally adopted by the EU Parliament

October 1995

January 2012

March 2014

June 2015

December 2015

May 2016

May 2018

GDPR Key Changes

Data Subject Rights:

Mandatory breach notification

Extended rights to access data

Right to data erasure

Data portability

Privacy by design as a legal requirement

Data Protection Officers

Under the GDPR, breach notification will become mandatory in all member states, this must be done within 72 hours of first having become aware of the breach.

It is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose

This change is a dramatic shift to data transparency and empowerment of data subjects.

3. The right to be forgotten entitles the data subject to have the data controller erase his/her personal data

The conditions for erasure include the data no longer being relevant to original purposes for processing

4. The right for a data subject to receive the personal data concerning them and transmit that data to another controller.

5. Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR

Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process

6. Currently, controllers are required to notify their data processing activities with local DPAs

Under GDPR it will not be necessary to submit notifications to each local DPA of data processing activities, instead, there will be internal record keeping requirements.

What does this mean for companies?

All companies

Moving from Opt-out to Opt-in

Automated Marketing Hit

Data Protection Officers

must comply on how they process, gather and store data from EU nationals. - No matter if the company is based in the EU or abroad.

--Brexit – no consumer protection like in EU and highly unlikely that GDPR compliance rules will be part of the exit negotiation

DPO – Organizations with more than 250 people. only for organizations that are public authorities (i.e. maintenance of public infrastructure), engaged in large scale systematic data monitoring, processes large volumes of PII

- - - - Under the GDPR, data controllers will be expected to report any and all possible data breaches to the relevant EU authorities within 72 hours of detection.

Automated Marketing: Profiling is an automated process that uses data to make predictions about behavior, preferences and interests. it isn’t tracking consumers that’s the problem, it’s the decision-making aspect – the big shift is that consumers now have the right to know the consequences of the decisions being made for/about them. They also have the right to challenge the decision or opt-out of the service.

What does this mean for you?

Right to Access

Right to be Forgotten

Data Portability

Breach Notifications

Consent

People-based marketing only works with data. The more data use is focused on the recipient’s best interests, the more welcome marketing efforts are.

We have the right to get detailed information about where our data is being processed and specifically for what purpose our personal information may be used for.

Company controllers must erase our personal data “without undue delay” if our data is no longer needed or if you simply object to them having our information.

We have the right to request and receive any of your personal data in a commonly used and “machine-readable” format.

If a breach has occurred the controller has 72 hours to inform us of the breach. Companies will have to have a documented notification plan in place that ensures we are notified within 72 hours of a breach instead of being notified weeks or even months later.

Included in this increase of disclosures are the identity of the controller, the purpose of collecting and using your data, and identifying any and all recipients of your data. Must be in PLAIN ENGLISH

EU vs US Privacy Laws

Because most EU member states aren’t as polarized as the US

EU laws respect private and family life… US allows big business’s to monetize consumer behavior and habits

In US this also varies state by state

4. EU enforcement carried out by 1 authority, equally for all 28 member states…

4. US enforcement is carried out by several different government organizations- Federal Communications Commission & Health Insurance Portability & Accountability Act

5. Due to the nature of EU rights, fewer privacy organizations exist- European Digital Rights and European Privacy Association

5. Numerous privacy organizations exist to provide legal framework, which ensures digital privacy to Americans- American Civil Liberties Union & Electronic Frontier Foundation

6. Right to be forgotten- meaning that search results can be removed if they are irrelevant or inadequate

Less turnover with administration changes

Enforcement carried out by one authority

Laws change with administration

Laws carried out by several agencies (FCC, HIPAA, etc.)

Allow citizens to delete data

More comprehensive & geared towards consumers

Individuals have little ownership over their data

Messy combination of public & private regulation and legislation

Only a few privacy organizations exists

Citizens have the "right to be forgotten”

Numerous organizations provide legal framework

Companies can keep data indefinitely