How the legal environment and the key IT security and privacy issue affect information management in any business environment
How the legal environment and the key IT security and privacy
issue affect information management in any business environment.
Abstract:
People have
the right to protect their personal information from prying eyes or the general
public. This right is a regarded as one
of the fundamental human rights and is known as the right to privacy. As with all rights, any one whose privacy has
been infringed can sue the offending party.
On the other hand there has to be some balance between how much
information about people is available to the general public and how much they
keep away. This
balance is needed because of the influence too much or too little available
information about people would have on how the society functions. For instance, some businesses depend on
customer information to run efficiently and it is
often necessary for them to store the information. The practice raises several issues regarding
who owns the pool of personal information gathered from people and for what
purpose it can be used. This
paper seeks to investigate or explore how the legal environment and key IT
security and privacy issues affect information management in any business environment.
Keywords:
Information Technology, United Nations
Introduction
“Privacy
can simply be defined as the state of being free from intrusion or disturbance
in one’s private life or affairs” (Dictionary.com) .
It is a fundamental human right which is protected by law in most of the
advanced countries. This is stated
clearly in the UN declaration of human rights: “No one shall be subjected to
arbitrary interference with his privacy, family, home or correspondence, nor to
attacks upon his honor and reputation. Everyone
has the right to the protection of the law against such interference or
attacks”. (The United Nations, 1948) .
While many
are aware of the importance of privacy a greater number are unaware probably
because they have not given the issue careful contemplation or they just do not
care and thus risk the dissemination of their private information to the
“wrong” individuals or group who may use that information to cause some form of
harm. However, businesses and society
sometimes need pieces of information about customers or individuals to function
properly. Absolute privacy will incline
to strangle or stagnate processes or scenarios which form essential parts of
societies. In the medical institutions
for instance, a doctor may need to obtain medical records of a patient since it
constitutes an essential piece of required information in patient diagnosis and
treatment, or members of the public may want information about an aspiring
political candidate to be available to aid in their judgments. If such essential information is unavailable,
then the process is frustrated therefore, there is need to maintain some
balance between information that people make available to the public and those
they keep from the public.
The current
advancement in information technology has provided businesses and customers
with facilities for easy transactions and purchases. These transactions often require the storage
of customer information by the business.
IT facilities can store all kinds of information ranging from credit or
debit card details to kind of item(s) purchased and thus this raises issues,
questions and concern as to what the business can do with that information. Companies claim they use information gathered
from their customers to know or gain insight into customer purchasing habits
and choice, so as to be able to provide better services or do target
advertising. (J.Efrim Boritz, 2008) . On the
other hand information about a customer
can be used to cause ‘harm’ ranging from illegal charges on credit cards or
unsolicited emails and other forms of advertisement by marketing teams that
monitor the kind of items a customer purchases.
Consequently, “private information
needs be to stored securely so data security is an important aspect, indeed a
prerequisite, of privacy protection, but privacy protection goes beyond mere
data security to encompass what and how private information is exchanged and
used to provide services”. (Williams, 2009)
Information management.
Information management is the gathering
and distribution of information about individuals or events from different
sources for some meaningful purpose. Individuals
may not have direct control over bits and pieces of information gathered about
them from different sources and an aggregation of those pieces may constitute
‘too much’ detail and, in the hands of the ‘wrong’ group can be used to cause
‘harm’.
Most of the harm caused with available information about an individual is
usually not perpetrated by the company which is the primary source but instead
by other parties with motives not within bounds of proper practice. However, the legal environment insists that
the primary source from which ‘too much’ information is unlawfully made public is
responsible for any harm inflicted on any individual as a result of their slack
in information security.
Businesses have therefore adapted, over the years, to the legal demands as
regards privacy and security of individual records by taking firm precautions.
Intentional
or unintentional disclosure of information considered private, about any
individual or group of individuals by any source can have serious consequences
under the law. Consequences include
paying for material, psychological, emotional damages and/or imprisonment of
individuals found culpable. Therefore,
information management in the business environment is done within the narrow
legal and privacy boundaries.
Security measures
In order to ensure that information management stays within
already specified information laws, information managers in the business
environment are forced to take legal and security measures essential to
guaranteeing to some degree that an individual’s private information is not
unlawfully disclosed. Malicious hackers
can break into unsecured computer networks owned by businesses to steal
customer information therefore, businesses are required to guard against
information theft with the use of specialized hardware and software such as
firewalls, anti-spyware and third party authentication sites. Furthermore, they also have to seek
permission to store or use information about customers and guarantee some
reasonable level of security.
Conclusion/summary
A balance constantly has to be maintained between legal entities
advocating for privacy, and businesses that need information for the provision
of better goods and services. We have
explored several privacy issues and concerns related to details stored by
businesses about customers and we also looked at various precautions enforced
by privacy and legal issues on information management in businesses. As technology continues to evolve, more
privacy issues will be raised and so do information policies and security
measures employed by businesses.
References
Cisco Systems. (2005). TOP FIVE SECURITY ISSUES
FOR SMALL AND MEDIUM-SIZED BUSINESSES. California: Cisco Systems.
Dictionary.com.
(n.d.). Privacy. Retrieved November 16, 2010, from Dictionary.com:
http://dictionary.reference.com/browse/privacy
J.Efrim Boritz, W. G.
(2008). Internet Privacy in E-Commerce: Framework, Review, and Opportunities
for Future Research. 41st Hawaii International Conference on System
Sciences. Hawaii: IEEE Computer Society.
The United Nations.
(1948, December 10). The Universal Declaration of Human Rights.
Retrieved November 16, 2010, from United Nations:
http://www.un.org/en/documents/udhr/index.shtml
Williams, M.-A.
(2009). Privacy Management, the law & Business Strategies: A Case for
Privacy Driven Design. International Conference on Computational Science
and Engineering (pp. 60-67). IEEE Computer society.
Comments