How the legal environment and the key IT security and privacy issue affect information management in any business environment.
People have the right to protect their personal information from prying eyes or the general public. This right is a regarded as one of the fundamental human rights and is known as the right to privacy. As with all rights, any one whose privacy has been infringed can sue the offending party. On the other hand there has to be some balance between how much information about people is available to the general public and how much they keep away. This balance is needed because of the influence too much or too little available information about people would have on how the society functions. For instance, some businesses depend on customer information to run efficiently and it is often necessary for them to store the information. The practice raises several issues regarding who owns the pool of personal information gathered from people and for what purpose it can be used. This paper seeks to investigate or explore how the legal environment and key IT security and privacy issues affect information management in any business environment.
Keywords: Information Technology, United Nations
“Privacy can simply be defined as the state of being free from intrusion or disturbance in one’s private life or affairs”
It is a fundamental human right which is protected by law in most of the
advanced countries. This is stated
clearly in the UN declaration of human rights: “No one shall be subjected to
arbitrary interference with his privacy, family, home or correspondence, nor to
attacks upon his honor and reputation. Everyone
has the right to the protection of the law against such interference or
attacks”. (The United Nations, 1948).
While many are aware of the importance of privacy a greater number are unaware probably because they have not given the issue careful contemplation or they just do not care and thus risk the dissemination of their private information to the “wrong” individuals or group who may use that information to cause some form of harm. However, businesses and society sometimes need pieces of information about customers or individuals to function properly. Absolute privacy will incline to strangle or stagnate processes or scenarios which form essential parts of societies. In the medical institutions for instance, a doctor may need to obtain medical records of a patient since it constitutes an essential piece of required information in patient diagnosis and treatment, or members of the public may want information about an aspiring political candidate to be available to aid in their judgments. If such essential information is unavailable, then the process is frustrated therefore, there is need to maintain some balance between information that people make available to the public and those they keep from the public.
The current advancement in information technology has provided businesses and customers with facilities for easy transactions and purchases. These transactions often require the storage of customer information by the business. IT facilities can store all kinds of information ranging from credit or debit card details to kind of item(s) purchased and thus this raises issues, questions and concern as to what the business can do with that information. Companies claim they use information gathered from their customers to know or gain insight into customer purchasing habits and choice, so as to be able to provide better services or do target advertising.
(J.Efrim Boritz, 2008). On the
other hand information about a customer
can be used to cause ‘harm’ ranging from illegal charges on credit cards or
unsolicited emails and other forms of advertisement by marketing teams that
monitor the kind of items a customer purchases.
Consequently, “private information
needs be to stored securely so data security is an important aspect, indeed a
prerequisite, of privacy protection, but privacy protection goes beyond mere
data security to encompass what and how private information is exchanged and
used to provide services”. (Williams, 2009)
Information management is the gathering and distribution of information about individuals or events from different sources for some meaningful purpose. Individuals may not have direct control over bits and pieces of information gathered about them from different sources and an aggregation of those pieces may constitute ‘too much’ detail and, in the hands of the ‘wrong’ group can be used to cause ‘harm’.
Most of the harm caused with available information about an individual is usually not perpetrated by the company which is the primary source but instead by other parties with motives not within bounds of proper practice. However, the legal environment insists that the primary source from which ‘too much’ information is unlawfully made public is responsible for any harm inflicted on any individual as a result of their slack in information security.
Businesses have therefore adapted, over the years, to the legal demands as regards privacy and security of individual records by taking firm precautions.
Intentional or unintentional disclosure of information considered private, about any individual or group of individuals by any source can have serious consequences under the law. Consequences include paying for material, psychological, emotional damages and/or imprisonment of individuals found culpable. Therefore, information management in the business environment is done within the narrow legal and privacy boundaries.
In order to ensure that information management stays within already specified information laws, information managers in the business environment are forced to take legal and security measures essential to guaranteeing to some degree that an individual’s private information is not unlawfully disclosed. Malicious hackers can break into unsecured computer networks owned by businesses to steal customer information therefore, businesses are required to guard against information theft with the use of specialized hardware and software such as firewalls, anti-spyware and third party authentication sites. Furthermore, they also have to seek permission to store or use information about customers and guarantee some reasonable level of security.
A balance constantly has to be maintained between legal entities advocating for privacy, and businesses that need information for the provision of better goods and services. We have explored several privacy issues and concerns related to details stored by businesses about customers and we also looked at various precautions enforced by privacy and legal issues on information management in businesses. As technology continues to evolve, more privacy issues will be raised and so do information policies and security measures employed by businesses.
Cisco Systems. (2005). TOP FIVE SECURITY ISSUES FOR SMALL AND MEDIUM-SIZED BUSINESSES. California: Cisco Systems.
Dictionary.com. (n.d.). Privacy. Retrieved November 16, 2010, from Dictionary.com: http://dictionary.reference.com/browse/privacy
J.Efrim Boritz, W. G. (2008). Internet Privacy in E-Commerce: Framework, Review, and Opportunities for Future Research. 41st Hawaii International Conference on System Sciences. Hawaii: IEEE Computer Society.
The United Nations. (1948, December 10). The Universal Declaration of Human Rights. Retrieved November 16, 2010, from United Nations: http://www.un.org/en/documents/udhr/index.shtml
Williams, M.-A. (2009). Privacy Management, the law & Business Strategies: A Case for Privacy Driven Design. International Conference on Computational Science and Engineering (pp. 60-67). IEEE Computer society.