BUS 221-1 p.m.
HW 3: IT and Ethics
How Ethics can Enhance Organizational Privacy
Data Breaches: A ChoicePoint and TJX Case Study
Issues around safety and protection of personal information are still topical in the U.S. Moreover, they are of significance because information privacy in IT has not only individuals, but also organizations at stake. Consumers feel vulnerable when dealing with businesses daily. The reason is that a number of organizations, unfortunately, handle consumer data recklessly and harm users in using the data. According to fair information practices, guidelines for individuals and organizations determine responsible handling of sensitive personal information. In the U.S., all organizations do not comply with fair information practices due to absence of specifically tailored laws. However, the country has developed sectoral approach to privacy control in IT (Culnan, and Williams 675). Unfortunately, due to unclearly stated requirements by laws regarding personal data, a compliance in not perfect.
The current article focuses solely on data breaches as a result of unauthorized access. It looks at ChoicePoint Inc. to investigate identity theft that occurred due to fraudulent access to personal information. This resulted from a number of failures in company’s credentialing procedures. During 2004, as much as 145,000 individuals were harmed. Also TJX Companies, Inc. suffered, in this case a systems intrusion during 2005/2006. More than 45 million consumers became affected when their payment information was stolen (Culnan, and Williams 679). Both cases clearly show a high-level of consumer vulnerability and violation of the do-no-harm principle. Also, absence of moral responsibility was evident. TJX violated industry rules about data security. This resulted in losing customers, reputation, and paying fines. Both companies suffered Federal Trade Commission Monitoring for 20 years.
Issues of Morality and Business in IT
In my opinion, consumers should be protected and they are worth being protected. First, there is a moral principle and, second, the best business practice is to make a company profitable. Today, the problem concerns both large and small companies worldwide. With hackers becoming more advanced and their tools more sophisticated, businesses struggle to maintain a reasonable security level. Cyberspace criminals are motivated only by large financial gains, entirely overlooking any moral issues. I think that no one can be safe in the digital age – and it concerns all kinds of information, from personal to credit cards. In fact, IT departments are constantly in war with numerous remote systems security attacks. Despite the patches available, some are released after an attack has been launched. Today more than ever, personal information is at high risk as soon as it falls into hands of a criminal. And since everyone can go wireless everywhere, Android mobile phone users are at risk, too.
The researchers described two real-life examples when companies and consumers became victims of fraudulent attacks. To my mind, data breaches are inevitable today. We cannot avoid them completely. However, it is possible and binding for all to prepare for them. To do so, large-scale measures could be implemented at state and organizational level, including co-funding for reliable firewall equipment and secure servers for data storage. If organizations can fully trust in their IT solutions, so customers will rely on companies for safety of their data.
Work Cited
Culnan, Mary J, and Williams Clark, Cynthia. “How ethics can enhance organizational privacy: Lessons from the ChoicePoint and TJX data breaches.” MIS Quarterly. 33.4 (2009): 673-687. Print.
