Ethics in Information Technology Chapter 4 Privacy PDF
Document Details
Uploaded by LowRiskBlack
2019
George W. Reynolds
Tags
Summary
This document is a chapter on privacy in the field of information technology ethics. It outlines learning objectives, different laws and regulations, and associated ethical issues related to various technological applications, including electronic surveillance, consumer profiling, and e-discovery.
Full Transcript
Ethics in Information Technology Chapter 4 Privacy George W. Reynolds © 2019 Cengage. All R...
Ethics in Information Technology Chapter 4 Privacy George W. Reynolds © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 1 Learning Objectives, Part 1 What is the right of privacy, and what is the basis for protecting personal privacy under the law? What are some of the laws that provide protection for the privacy of personal data, and what are some of the associated ethical issues? What are the various strategies for consumer profiling, and what are the associated ethical issues? © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Learning Objectives, Part 2 What is e-discovery, and how is it being used? Why and how are employers increasingly using workplace monitoring? What are the capabilities of advanced surveillance technologies, and what ethical issues do they raise? © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Organizations Gather Personal Data to Make Better Decisions © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 4 otherwise on a password-protected website for classroom use. Privacy Protection and the Law Bill of Rights: The first ten amendments to the Constitution, which were added to provide more specific guarantees of personal freedoms and rights Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Americans are protected by the Fourth Amendment when there is a “reasonable expectation of privacy.” © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 5 otherwise on a password-protected website for classroom use. Information Privacy Right of privacy: The right to be left alone Information privacy: The combination of communications privacy (the ability to communicate with others without those communications being monitored) and data privacy (the ability to limit access to one’s personal data by others). © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 6 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Financial Data, Part 1 Fair Credit Reporting Act: Regulates the operations of credit-reporting bureaus Right to Financial Privacy Act: Protects the records of financial institution customers from unauthorized scrutiny by the federal government Does not cover disclosures to private businesses or state and local governments © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 7 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Financial Data, Part 2 Gramm-Leach-Bliley Act (GLBA): Bank deregulation law that includes three personal privacy rules: Financial privacy rule: Established mandatory guidelines for the collection and disclosure of personal financial data Opt out: Customers can refuse to give institutions the right to share personal data with third parties Opt in: Customers who do not take action to opt out automatically opt in Safeguards rule: Requires financial institutions to document a data security plan to protect personal data Pretexting rule: Addresses attempts by people to access personal information without proper authority © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 8 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Financial Data, Part 3 Fair and Accurate Credit Transactions Act: Allows consumers to obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion) Consumers who suspect that they have been or may become a victim of identity theft can place an alert on their credit files © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 9 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Health Information Health Insurance Portability and Accountability Act (HIPAA): Includes provisions designed to: Improve the portability and continuity of health insurance coverage Reduce fraud, waste, and abuse in health insurance and healthcare delivery Simplify the administration of health insurance American Recovery and Reinvestment Act: Includes provisions related to electronic health records (EHRs): Bans the sale of health information Promotes the use of audit trails and encryption Provides rights of access for patients © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 10 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Children’s Personal Data Family Educational Rights and Privacy Act (FERPA): Assigns parents rights regarding their children’s educational records, including rights to: Access educational records maintained by a school Demand that educational records be disclosed only with student consent Amend educational records File complaints against a school for disclosing student records Children’s Online Privacy Protection Act (COPPA): Gives parents control over the collection, use, and disclosure of their children’s personal information over the Internet © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 11 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance—Timeline © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 12 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 1 Title III of the Omnibus Crime Control and Safe Streets Act: Regulates the interception of wire and oral communications Also known as the Wiretap Act Allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping if a warrant is issued © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 13 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 2 Foreign Intelligence Surveillance Act (FISA): Describes procedures for electronic surveillance and collection of foreign intelligence information in communications between foreign powers and their agents Allows surveillance, without court order, within the U.S. for up to a year unless the surveillance will acquire the contents of any communication to which a U.S. citizen, permanent resident, or company is a party Requires the government to obtain an individualized court order before it can intentionally target a U.S. person anywhere in the world © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 14 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 3 FISA Court: A court established by FISA that meets in secret to hear applications for orders approving electronic surveillance anywhere within the U.S. Between 2001 and 2015: -More than 25,000 applications were submitted to the FISA court -Only 12 of those were rejected © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 15 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 4 Executive order: An official document used by the U.S. president to manage the operations of the federal government Subject to judicial review, and may be struck down if determined to be unsupported by statute or the Constitution Executive Order 12333: Identifies the various U.S. governmental intelligence-gathering agencies, and defines what information can be collected, retained, and disseminated by these agencies © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 16 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 5 Electronic Communications Privacy Act (ECPA): Law passed as an amendment to Title III of the Omnibus Crime Control and Safe Streets Act; deals with three main issues: Protection of communications while in transfer from sender to receiver Protection of communications held in electronic storage Prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 17 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 6 National Security Letter (NSL): Issued by the FBI director to an ISP; requires the ISP to provide various data and records about a service subscriber. Compels holders of your personal records to turn them over to the government Not subject to judicial review or oversight NSL gag provision: Prohibits NSL recipients from revealing that the government has requested an individual’s records Pen register: A device that records electronic impulses to identify the numbers dialed for outgoing calls Trap and trace: A device that records the originating number of incoming calls for a particular phone number © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 18 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 7 Communications Assistance for Law Enforcement Act (CALEA): Required the telecommunications industry to build tools into its products for use by federal investigators, after obtaining a court order, to intercept communications USA PATRIOT Act: Gave sweeping new powers to both domestic law enforcement and U.S. international intelligence agencies Increased their ability to search telephone, email, medical, financial, and other records Passed five weeks after the terrorist attacks of September 11, 2001 © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 19 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 8 Foreign Intelligence Surveillance Act Amendments Act (2004) Authorized intelligence gathering on individuals not affiliated with any known terrorist organization (so-called lone wolves) Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 Granted NSA expanded authority to collect (without court- approved warrants) international communications as they flow through U.S. telecom network equipment and facilities © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 20 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 9 PATRIOT Sunsets Extension Act of 2011: Law that granted a four-year extension of roving wiretaps and searches of business records; also extended authorized intelligence gathering on “lone wolves” USA Freedom Act: Law passed following revelations by Edward Snowden (a former government contractor who leaked classified information) of secret NSA surveillance programs Terminated NSA’s bulk collection of telephone metadata Telecommunications providers are now required to hold that data and respond to NSA queries © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 21 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 1 Fair information practices: A set of guidelines that govern the collection and use of personal data Transborder data flow: The flow of personal data across national boundaries Fair information practices form the underlying basis for many national laws addressing data privacy and data protection issues © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 22 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 2 Organisation for Economic Co-operation and Development (OECD): International organization that sets policies and produces agreements on topics for which multilateral consensus is required OECD fair information practices guidelines are composed of eight principles: -Collection limitation -Data quality -Purpose specification -Use limitation -Security safeguards -Openness principle -Individual participation -Accountability © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 23 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 3 European Union Data Protection Directive: Ensures that data transferred to non-European Union countries is protected Only U.S. companies certified as meeting certain “safe harbor” principles were allowed to process and store data of European consumers and companies. European–United States Privacy Shield Data Transfer Program Guidelines Replaced the Safe Harbor agreement between the U.S. and EU, which was declared invalid by the European Court of Justice Places stronger obligations on U.S. companies to protect the personal data of EU citizens and requires stronger enforcement by U.S. agencies © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 24 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 4 General Data Protection Regulation (GDPR): An EU regulation passed in 2016; designed to strengthen data protection for individuals within the EU Organizations anywhere in the world that collect, store, or transfer personal data of EU citizens must ensure their systems and procedures are compliant © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 25 otherwise on a password-protected website for classroom use. Privacy Laws, Applications, and Court Rulings: Access to Government Records Freedom of Information Act (FOIA): Grants citizens the right to access certain information and records of federal, state, and local governments upon request Two basic requirements for a FOIA request: -The request must not require wide-ranging, unreasonable, or burdensome searches for records -The request must be made according to procedural regulations published in the Federal Register Privacy Act: Sets rules for the collection, use, and dissemination of personal data kept by federal agencies Prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 26 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Consumer Profiling, Part 1 Information about web surfers can be obtained through the use of: Voluntary methods: Website registrations, survey, contests, and social media Cookies: Text files that can be downloaded to the hard drives of users who visit a website, so that the website is able to identify visitors on subsequent visits Tracking software: Allows a website to analyze browsing habits and deduce personal interests and preferences © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 27 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Consumer Profiling, Part 2 Criticisms of consumer profiling: Personal data may be gathered and sold to other companies without the permission of consumers who provide the data Risk of a data breach: The unintended release of sensitive data or the access of sensitive data (e.g., credit card numbers or Social Security numbers) by unauthorized individuals Risk of identity theft: The theft of personal information, which is then used without the owner’s permission—often to commit fraud or other crimes © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 28 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Electronic Discovery Electronic discovery (e-discovery): The collection, preparation, review, and production of electronically stored information for use in criminal and civil actions Electronically stored information (ESI): Any form of digital information stored on any form of electronic storage device Predictive coding: A process that couples human guidance with computer-driven concept searching in order to “train” document review software to recognize relevant documents © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 29 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Workplace Monitoring Cyberloafing: Using the Internet for purposes unrelated to work, such as posting to Facebook, sending personal emails or texts, or shopping online Private employers may legally monitor employees’ use of any employer-provided mobile phone or computing device The Fourth Amendment does not limit how a private employer treats its employees State privacy statutes tend to favor employers over employees © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 30 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Advanced Surveillance Technology, Part 1 Camera surveillance Used in major cities around the world to deter crime and terrorist activities Criticism: Such scrutiny is a violation of civil liberties and the cost of the equipment and people required to monitor the video feeds is excessive © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 31 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Advanced Surveillance Technology, Part 2 Vehicle event data recorder (EDR): A device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash severe enough to deploy the vehicle’s air bags Purposes: -To capture and record data to make changes to improve vehicle performance -For use in a court of law to determine what happened during a vehicle accident © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 32 otherwise on a password-protected website for classroom use. Key Privacy and Anonymity Issues: Advanced Surveillance Technology, Part 3 Stalking app: Software that can be loaded onto a cell phone or smartphone Performs location tracking, records calls, views text messages sent or received, and records the URLs of any website visited on the phone Illegal to install the software on a phone without the permission of the phone owner © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 33 otherwise on a password-protected website for classroom use. Summary, Part 1 What is the right of privacy, and what is the basis for protecting personal privacy under the law? Right of privacy: “The right to be left alone” Information privacy: Communications privacy (the ability to communicate with others without those communications being monitored) and data privacy (the ability to limit access to one’s personal data) The needs of those who use information must be balanced against the rights and desires of the people whose information is being used Without a reasonable expectation of privacy, there is no privacy right to protect. © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 34 otherwise on a password-protected website for classroom use. Summary, Part 2 What are some of the laws that provide protection for the privacy of personal data, and what are some of the associated ethical issues? Few laws provide privacy protection from private industry. There is no single, overarching national data privacy policy in the U.S. A range of laws, executive orders, and court rulings govern the privacy of personal data. © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 35 otherwise on a password-protected website for classroom use. Summary, Part 3 The Fair Credit Reporting Act The Right to Financial Privacy Act Gramm-Leach-Bliley Act (GLBA) Fair and Accurate Credit Transaction Act Health Insurance Portability and American Recovery and Reinvestment Accountability Act (HIPAA) Act EHR provisions Family Educational Rights and Privacy Children’s Online Privacy Protection Act Act (FERPA) (COPPA) Title III of the Omnibus Crime Control Foreign Intelligence Surveillance Act and Safe Streets Act (the Wiretap Act) Executive Order 12333 Electronic Communications Privacy Act (ECPA) Communications Assistance for Law USA PATRIOT Act Enforcement Act (CALEA) Foreign Intelligence Surveillance Act Foreign Intelligence Surveillance Act Amendments Acts of 2004 Amendments Acts of 2008 USA Freedom Act PATRIOT Sunsets Extension Act © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 36 otherwise on a password-protected website for classroom use. Summary, Part 4 What are some of the laws that provide protection for the privacy of personal data, and what are some of the associated ethical issues? Fair information practices: Govern the collection and use of personal data OECD’s fair information practices: Held up as the model for organizations to adopt for the ethical treatment of consumer data The EU Data Protection Directive: Requires member countries to ensure data transferred to non-EU countries is protected The European–U.S. Privacy Shield Data Transfer Program Guidelines: A stopgap measure that allows businesses to transfer personal data about EU citizens to the U.S. © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 37 otherwise on a password-protected website for classroom use. Summary, Part 5 What are some of the laws that provide protection for the privacy of personal data, and what are some of the associated ethical issues? The General Data Protection Regulation (GDPR): Takes effect in May 2018 and addresses the export of personal data outside the EU The Freedom of Information Act (FOIA): Grants citizens the right to access certain information and records of the federal, state, and local governments upon request The Privacy Act: Prohibits U.S. government agencies from concealing the existence of any personal data record- keeping system © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 38 otherwise on a password-protected website for classroom use. Summary, Part 6 What are the various strategies for consumer profiling, and what are the associated ethical issues? Companies use different methods to collect personal data about visitors to their websites, including using cookies and tracking software. Companies that cannot protect or do not respect customer information have lost business and have become defendants in class actions stemming from privacy violations. Data breach: The unintended release of sensitive data or the access of sensitive data by unauthorized individuals -Some states have passed data breach notifications laws requiring companies to quickly notify affected customers. © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 39 otherwise on a password-protected website for classroom use. Summary, Part 7 What is e-discovery, and how is it being used? E-discovery: The collection, preparation, review, and production of electronically stored information for use in criminal and civil actions Predictive coding: Couples human intelligence with computer-driven concept searching in order to “train” document review software to recognize relevant documents © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 40 otherwise on a password-protected website for classroom use. Summary, Part 8 Why and how are employers increasingly using workplace monitoring? Many organizations have developed IT usage policies to protect against employee abuses that reduce worker productivity and expose employers to harassment lawsuits. About 80 percent of U.S. firms record and review employee communications and activities on the job, including phone calls, email, web surfing, and computer files. The use of fitness trackers in the workplace has opened up potential new legal and ethical issues. © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 41 otherwise on a password-protected website for classroom use. Summary, Part 9 What are the capabilities of advanced surveillance technologies, and what ethical issues do they raise? Surveillance cameras are used in major cities around the world to deter crime and terrorist activities. A vehicle event data recorder (EDR): Records data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle’s air bags -Many people are unaware that most cars now come equipped with an EDR and that the data from this device may be used as evidence in court. Stalking apps can be downloaded onto a person’s cell phone; it is illegal to do so without the permission of the phone’s owner. © 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 42 otherwise on a password-protected website for classroom use.