Scribd
Upload
43 views

Privacy

This document discusses privacy and data protection in information technology. It covers several key topics: - The right to privacy under the US Constitution and various laws protecting personal data privacy, such as financial privacy laws and health privacy laws. - Privacy laws regulate how organizations can collect and use personal data, with provisions for issues like consent, data security, and individual rights of access. - Electronic surveillance laws govern government monitoring of communications and set standards for law enforcement to obtain warrants for wiretapping or other surveillance. - The document outlines learning objectives on privacy topics including consumer profiling, workplace monitoring, and new surveillance technologies.

Uploaded by

almulla7x
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
43 views

Privacy

This document discusses privacy and data protection in information technology. It covers several key topics: - The right to privacy under the US Constitution and various laws protecting personal data privacy, such as financial privacy laws and health privacy laws. - Privacy laws regulate how organizations can collect and use personal data, with provisions for issues like consent, data security, and individual rights of access. - Electronic surveillance laws govern government monitoring of communications and set standards for law enforcement to obtain warrants for wiretapping or other surveillance. - The document outlines learning objectives on privacy topics including consumer profiling, workplace monitoring, and new surveillance technologies.

Uploaded by

almulla7x
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

Ethics in Information

Technology
Chapter 4
Privacy
George W. Reynolds

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or
service or otherwise on a password-protected website for classroom use. 1
Learning Objectives, Part 1
• What is the right of privacy, and what is
the basis for protecting personal privacy
under the law?
• What are some of the laws that provide
protection for the privacy of personal
data, and what are some of the
associated ethical issues?
• What are the various strategies for
consumer profiling, and what are the
associated ethical issues?

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or
otherwise on a password-protected website for classroom use.
Learning Objectives, Part 2
• What is e-discovery, and how is it being
used?
• Why and how are employers
increasingly using workplace
monitoring?
• What are the capabilities of advanced
surveillance technologies, and what
ethical issues do they raise?

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or
otherwise on a password-protected website for classroom use.
Organizations Gather Personal Data to Make Better Decisions

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 4
otherwise on a password-protected website for classroom use.
Privacy Protection and the Law
• Bill of Rights: The first ten amendments to the
Constitution, which were added to provide more specific
guarantees of personal freedoms and rights
• Fourth Amendment:
• “The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches
and seizures, shall not be violated, and no Warrants shall
issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be
searched, and the persons or things to be seized.”
• Americans are protected by the Fourth Amendment when
there is a “reasonable expectation of privacy.”

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 5
otherwise on a password-protected website for classroom use.
Information Privacy

• Right of privacy: The right to be left alone


• Information privacy: The combination of
communications privacy (the ability to communicate
with others without those communications being
monitored) and data privacy (the ability to limit access
to one’s personal data by others).

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 6
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Financial Data, Part 1

• Fair Credit Reporting Act: Regulates the operations of


credit-reporting bureaus
• Right to Financial Privacy Act: Protects the records of
financial institution customers from unauthorized
scrutiny by the federal government
• Does not cover disclosures to private businesses or state
and local governments

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 7
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Financial Data, Part 2
• Gramm-Leach-Bliley Act (GLBA): Bank deregulation law
that includes three personal privacy rules:
•Financial privacy rule: Established mandatory guidelines
for the collection and disclosure of personal financial data
•Opt out: Customers can refuse to give institutions the
right to share personal data with third parties
•Opt in: Customers who do not take action to opt out
automatically opt in
•Safeguards rule: Requires financial institutions to
document a data security plan to protect personal data
•Pretexting rule: Addresses attempts by people to access
personal information without proper authority

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 8
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Financial Data, Part 3
• Fair and Accurate Credit Transactions Act: Allows
consumers to obtain a free credit report once each year
from each of the three primary consumer credit
reporting companies (Equifax, Experian, and
TransUnion)
• Consumers who suspect that they have been or may
become a victim of identity theft can place an alert on
their credit files

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 9
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Health Information
• Health Insurance Portability and Accountability Act
(HIPAA): Includes provisions designed to:
• Improve the portability and continuity of health
insurance coverage
• Reduce fraud, waste, and abuse in health insurance and
healthcare delivery
• Simplify the administration of health insurance
• American Recovery and Reinvestment Act: Includes
provisions related to electronic health records (EHRs):
• Bans the sale of health information
• Promotes the use of audit trails and encryption
• Provides rights of access for patients
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 10
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Children’s Personal Data
• Family Educational Rights and Privacy Act (FERPA): Assigns
parents rights regarding their children’s educational
records, including rights to:
• Access educational records maintained by a school
• Demand that educational records be disclosed only with
student consent
• Amend educational records
• File complaints against a school for disclosing student
records
• Children’s Online Privacy Protection Act (COPPA): Gives
parents control over the collection, use, and disclosure of
their children’s personal information over the Internet

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 11
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Electronic Surveillance—Timeline

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 12
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Electronic Surveillance, Part 1

• Title III of the Omnibus Crime Control and Safe Streets


Act: Regulates the interception of wire and oral
communications
• Also known as the Wiretap Act
• Allows state and federal law enforcement officials to use
wiretapping and electronic eavesdropping if a warrant is
issued

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 13
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Electronic Surveillance, Part 2
• Foreign Intelligence Surveillance Act (FISA): Describes
procedures for electronic surveillance and collection of
foreign intelligence information in communications
between foreign powers and their agents
• Allows surveillance, without court order, within the U.S. for up
to a year unless the surveillance will acquire the contents of
any communication to which a U.S. citizen, permanent
resident, or company is a party
• Requires the government to obtain an individualized court
order before it can intentionally target a U.S. person
anywhere in the world

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 14
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Electronic Surveillance, Part 3

• FISA Court: A court established by FISA that meets in


secret to hear applications for orders approving
electronic surveillance anywhere within the U.S.
• Between 2001 and 2015:
-More than 25,000 applications were submitted to the
FISA court
-Only 12 of those were rejected

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 15
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Electronic Surveillance, Part 4

• Electronic Communications Privacy Act (ECPA): Law


passed as an amendment to Title III of the Omnibus
Crime Control and Safe Streets Act; deals with three
main issues:
• Protection of communications while in transfer from sender
to receiver
• Protection of communications held in electronic storage
• Prohibition of devices from recording dialing, routing,
addressing, and signaling information without a search
warrant

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 16
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Fair Information Practices, Part 1

• Fair information practices: A set of guidelines that


govern the collection and use of personal data
• Transborder data flow: The flow of personal data
across national boundaries
• Fair information practices form the underlying basis for
many national laws addressing data privacy and data
protection issues

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 17
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Fair Information Practices, Part 2
• Organisation for Economic Co-operation and Development
(OECD): International organization that sets policies and
produces agreements on topics for which multilateral
consensus is required
• OECD fair information practices guidelines are composed
of eight principles:
-Collection limitation
-Data quality
-Purpose specification
-Use limitation
-Security safeguards
-Openness principle
-Individual participation
-Accountability
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 18
otherwise on a password-protected website for classroom use.
Privacy Laws, Applications, and Court Rulings:
Access to Government Records
• Freedom of Information Act (FOIA): Grants citizens the
right to access certain information and records of
federal, state, and local governments upon request
• Two basic requirements for a FOIA request:
-The request must not require wide-ranging, unreasonable, or
burdensome searches for records
-The request must be made according to procedural regulations
published in the Federal Register
• Privacy Act: Sets rules for the collection, use, and
dissemination of personal data kept by federal agencies
• Prohibits U.S. government agencies from concealing the
existence of any personal data record-keeping system
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 19
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Consumer Profiling, Part 1
• Information about web surfers can be obtained through
the use of:
• Voluntary methods: Website registrations, survey, contests,
and social media
• Cookies: Text files that can be downloaded to the hard
drives of users who visit a website, so that the website is
able to identify visitors on subsequent visits
• Tracking software: Allows a website to analyze browsing
habits and deduce personal interests and preferences

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 20
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Consumer Profiling, Part 2
• Criticisms of consumer profiling:
• Personal data may be gathered and sold to other
companies without the permission of consumers who
provide the data
• Risk of a data breach: The unintended release of sensitive
data or the access of sensitive data (e.g., credit card
numbers or Social Security numbers) by unauthorized
individuals
• Risk of identity theft: The theft of personal information,
which is then used without the owner’s permission—often
to commit fraud or other crimes

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 21
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Electronic Discovery
• Electronic discovery (e-discovery): The collection,
preparation, review, and production of electronically
stored information for use in criminal and civil actions
• Electronically stored information (ESI): Any form of
digital information stored on any form of electronic
storage device
• Predictive coding: A process that couples human
guidance with computer-driven concept searching in
order to “train” document review software to recognize
relevant documents

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 22
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Workplace Monitoring
• Cyberloafing: Using the Internet for purposes unrelated to
work, such as posting to Facebook, sending personal
emails or texts, or shopping online
• Private employers may legally monitor employees’ use of
any employer-provided mobile phone or computing device
• The Fourth Amendment does not limit how a private
employer treats its employees
• State privacy statutes tend to favor employers over
employees

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 23
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Advanced Surveillance Technology, Part 1

• Camera surveillance
• Used in major cities around the world to deter crime and
terrorist activities
• Criticism: Such scrutiny is a violation of civil liberties and
the cost of the equipment and people required to monitor
the video feeds is excessive

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 24
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Advanced Surveillance Technology, Part 2
• Vehicle event data recorder (EDR): A device that records
vehicle and occupant data for a few seconds before,
during, and after any vehicle crash severe enough to
deploy the vehicle’s air bags
• Purposes:
-To capture and record data to make changes to improve vehicle
performance
-For use in a court of law to determine what happened during a
vehicle accident

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 25
otherwise on a password-protected website for classroom use.
Key Privacy and Anonymity Issues:
Advanced Surveillance Technology, Part 3

• Stalking app: Software that can be loaded onto a cell


phone or smartphone
• Performs location tracking, records calls, views text
messages sent or received, and records the URLs of any
website visited on the phone
• Illegal to install the software on a phone without the
permission of the phone owner

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 26
otherwise on a password-protected website for classroom use.
Summary, Part 1
• What is the right of privacy, and what is the basis for
protecting personal privacy under the law?
• Right of privacy: “The right to be left alone”
• Information privacy: Communications privacy (the ability to
communicate with others without those communications
being monitored) and data privacy (the ability to limit access
to one’s personal data)
• The needs of those who use information must be balanced
against the rights and desires of the people whose
information is being used
• Without a reasonable expectation of privacy, there is no
privacy right to protect.

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 27
otherwise on a password-protected website for classroom use.
Summary, Part 2
• What are some of the laws that provide protection for
the privacy of personal data, and what are some of the
associated ethical issues?
• Few laws provide privacy protection from private industry.
• There is no single, overarching national data privacy policy in
the U.S.
• A range of laws, executive orders, and court rulings govern
the privacy of personal data.

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 28
otherwise on a password-protected website for classroom use.
Summary, Part 3
The Fair Credit Reporting Act The Right to Financial Privacy Act
Gramm-Leach-Bliley Act (GLBA) Fair and Accurate Credit Transaction Act
Health Insurance Portability and American Recovery and Reinvestment
Accountability Act (HIPAA) Act EHR provisions
Family Educational Rights and Privacy Children’s Online Privacy Protection Act
Act (FERPA) (COPPA)
Title III of the Omnibus Crime Control Foreign Intelligence Surveillance Act
and Safe Streets Act (the Wiretap Act)
Executive Order 12333 Electronic Communications Privacy Act
(ECPA)
Communications Assistance for Law USA PATRIOT Act
Enforcement Act (CALEA)
Foreign Intelligence Surveillance Act Foreign Intelligence Surveillance Act
Amendments Acts of 2004 Amendments Acts of 2008
USA Freedom Act PATRIOT Sunsets Extension Act

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 29
otherwise on a password-protected website for classroom use.
Summary, Part 4
• What are some of the laws that provide protection for the
privacy of personal data, and what are some of the
associated ethical issues?
• Fair information practices: Govern the collection and use of
personal data
• OECD’s fair information practices: Held up as the model for
organizations to adopt for the ethical treatment of
consumer data
• The EU Data Protection Directive: Requires member
countries to ensure data transferred to non-EU countries
is protected
• The European–U.S. Privacy Shield Data Transfer Program
Guidelines: A stopgap measure that allows businesses to
transfer personal data about EU citizens to the U.S.
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 30
otherwise on a password-protected website for classroom use.
Summary, Part 5
• What are some of the laws that provide protection for
the privacy of personal data, and what are some of the
associated ethical issues?
• The General Data Protection Regulation (GDPR): Takes effect
in May 2018 and addresses the export of personal data
outside the EU
• The Freedom of Information Act (FOIA): Grants citizens the
right to access certain information and records of the
federal, state, and local governments upon request
• The Privacy Act: Prohibits U.S. government agencies from
concealing the existence of any personal data record-
keeping system

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 31
otherwise on a password-protected website for classroom use.
Summary, Part 6
• What are the various strategies for consumer profiling,
and what are the associated ethical issues?
• Companies use different methods to collect personal data
about visitors to their websites, including using cookies and
tracking software.
• Companies that cannot protect or do not respect customer
information have lost business and have become defendants
in class actions stemming from privacy violations.
• Data breach: The unintended release of sensitive data or
the access of sensitive data by unauthorized individuals
-Some states have passed data breach notifications laws
requiring companies to quickly notify affected customers.

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 32
otherwise on a password-protected website for classroom use.
Summary, Part 7
• What is e-discovery, and how is it being used?
• E-discovery: The collection, preparation, review, and
production of electronically stored information for use in
criminal and civil actions
• Predictive coding: Couples human intelligence with
computer-driven concept searching in order to “train”
document review software to recognize relevant documents

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 33
otherwise on a password-protected website for classroom use.
Summary, Part 8
• Why and how are employers increasingly using
workplace monitoring?
• Many organizations have developed IT usage policies to
protect against employee abuses that reduce worker
productivity and expose employers to harassment lawsuits.
• About 80 percent of U.S. firms record and review employee
communications and activities on the job, including phone
calls, email, web surfing, and computer files.
• The use of fitness trackers in the workplace has opened up
potential new legal and ethical issues.

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 34
otherwise on a password-protected website for classroom use.
Summary, Part 9
• What are the capabilities of advanced surveillance
technologies, and what ethical issues do they raise?
• Surveillance cameras are used in major cities around the
world to deter crime and terrorist activities.
• A vehicle event data recorder (EDR): Records data for
a few seconds before, during, and after any vehicle crash
that is severe enough to deploy the vehicle’s air bags
-Many people are unaware that most cars now come equipped
with an EDR and that the data from this device may be used as
evidence in court.
• Stalking apps can be downloaded onto a person’s cell phone;
it is illegal to do so without the permission of the phone’s
owner.
© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or 35
otherwise on a password-protected website for classroom use.

You might also like