Ethics for the Information Age

Michael J. Quinn
 Chapter 5:
Privacy

Ethics for the Information Age

Forth Edition

by
Michael J. Quinn
 Defining Privacy
• Privacy related to notion of access
• Access
– Physical proximity to a person
– Knowledge about a person
• Edmund Byrne: Privacy is a “zone of
inaccessibility”
• Edward Bloustein: Privacy violations are an
affront to human dignity

1-3

5-3
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Harms of Privacy

• Cover for illegal or immoral activities

• Burden on the nuclear family
– To care for all its members
• Hidden dysfunctional families
– We don’t know about pain caused by family
violence because of privacy.
• Ignored people on society’s fringes
– Poor, mentally ill people.

1-4

5-4
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Benefits of Privacy
• Individual growth (maturity)
• Individual responsibility
• Freedom to be yourself
• Intellectual and spiritual growth
– Shut out the rest of the world to focus our
thoughts without interruption.
• Development of loving, trusting, caring,
intimate relationships
– Close relationships
1-5

5-5
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Is There a Natural Right to Privacy?

• Morton Levine: Property rights (Home) →

Privacy rights
– I own my home, no body should interfere
• Privacy is a prudential right

1-6

5-6
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Disclosing Information
• Public record: information for public access
– Ex: birth certificates
• Public information: information revealed to an
organization that has right to share it
– Ex: Telephone directory
• Personal information: undisclosed information
– Ex: religion, wealth
• Types of disclosures
– Voluntary :
– Involuntary : body and luggage search at airport
– Statutory : Record of arrests and convicted persons
• Cameras on streets
1-7

5-7
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 1-8

1-8
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Who stores data about you?

1-9

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 SPEED
OF
INFORMATION

1-10

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 Which is more valuable?

Data Money

1-11

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

What is the Data Privacy Act of 2012?
• SECTION 1. Short Title. – This Act shall be known as the “Data Privacy Act
of 2012”.

• Republic Act 10173, the Data Privacy Act of 2012

AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN
INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT
AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL
PRIVACY COMMISSION, AND FOR OTHER PURPOSES

• The National Privacy Commission (NPC) is a body that is mandated to

administer and implement this law. The functions of the NPC include:
– rule-making,
– advisory,
– public education,
– compliance and monitoring,
– investigations and complaints,
– and enforcement.

1-12

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 KEY ROLES IN THE DATA PRIVACY ACT

• Data Subjects
– Refers to an individual whose, sensitive personal, or privileged information is processed personal

• Personal Information Controller (PIC)

– Controls the processing of personal data, or instructs another to process personal data on its behalf.

• Personal Information Processor (PIP)

– Organization or individual whom a personal information controller may outsource or instruct the processing of personal
data pertaining to a data subject

• Data Protection Officer (DPO)

– Responsible for the overall management of compliance to DPA

• National Privacy Commission

– Independent body mandated to administer and implement the DPA of 2012, and to monitor and ensure compliance of the
country with international standards set for personal data protection

1-13

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 1-14

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 Rights of the Data Subject

• Right to be informed - IRR, Section 34.a

• Right to object - IRR, Section 34.b
• Right to access - IRR, Section 34.c
• Right to data portability - IRR, Section 36
• Right to correct (rectification) - IRR, Section 34.d
• Right to erasure or blocking - IRR, Section 34.e
• Right to file a complaint - IRR, Section 34.a.2
• Right to damages - IRR, Section 34.f
• Transmissibility of Rights - IRR, Section 35
1-15

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 CLASSIFICATION OF PERSONAL DATA

Personal Information:
Personal information refers to any
information whether recorded in a material
form or not, from which the identity of an
individual is apparent or can be reasonably
and directly ascertained by the entity
holding the information, or when put
together with other information would
directly and certainly identify an individual.

1-16

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 Sensitive Personal Information.
Refers to personal information about an
individual’s:
race, ethnic origin, marital status, age,
color, religious, philosophical or political
affiliations, health, education, genetics, sexual
life, any proceeding for any offense committed
or alleged to have been committed, the
disposal of such proceedings, the sentence of
any court in such proceedings;

Also includes information issued by government

agencies peculiar to an individual which includes,
but not limited to:
social security numbers, previous or current
health records, licenses or its denials,
suspension or revocation, and tax returns;
and specifically established by an executive order
or an act of Congress to be kept classified. 1-17

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 1-18

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 1-19

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 TRANSPARENCY – “the CONSENT Regime”

Principle of Transparency
A data subject must be aware of the nature, purpose, and extent of the processing of his or
her personal data, including the risks and safeguards involved, the identity of personal
information controller, his or her rights as a data subject, and how these can be exercised.
Any information and communication relating to the processing of personal data should be
easy to access and understand, using clear and plain language.

1-20

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 LEGITIMATE PURPOSE

Principle of Legitimate Purpose

The processing of information shall be
compatible with a declared and specified
purpose, which must not be contrary to law,
morals, or public policy.

1-21

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 PROPORTIONALITY

Principle of Proportionality
The processing of information shall be adequate, relevant, suitable, necessary, and not
excessive in relation to a declared and specified purpose. Personal data shall be
processed only if the purpose of the processing could not reasonably be fulfilled by
other means.

Avoid this mentality:

“just in case we need it”
“this is what we always do”

1-22

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

The Data Privacy Principles
• Personal data shall be:
1. processed fairly and lawfully
2. processed only for specified, lawful and compatible
purposes
3. adequate, relevant and not excessive
4. accurate and up to date
5. kept for no longer than necessary
6. processed in accordance with the rights of data
subjects
7. kept secure
8. shared to other PICs only if there is a DSA.

1-23

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 Other Security Measures

• Shredding all confidential waste.

• Using strong passwords.
• Installing a firewall and virus checker on your computers.
• Encrypting any personal information held electronically.
• Disabling any ‘auto-complete’ settings.
• Holding telephone calls in private areas.
• Checking the security of storage systems.
• Keeping devices under lock and key when not in use.
• Not leaving papers and devices lying around.
1-24

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

12 offline measures to keep your physical data
secure
• Lock rooms containing confidential information when not in use.
• Make sure employees don’t write their passwords down.
• Use swipe cards or keypads to access the office.
• Use CCTV cameras to monitor your office space.
• Shield keyboards when inputting passwords.
• Shred confidential waste.
• Use forensic property marking equipment and spray systems to mark assets.
• Use anti-climb paint on exterior walls and drains.
• Install an alarm system.
• Place bars on ground floor windows.
• Hide valuable equipment from view when not in the office.
• Assign a limited number of trustworthy employees as key safe holders.

1-25

Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley

 In your own opinion, do you think it's okay for
the telephone company to include your
phone number, complete name, and address
on the telephone directory?
Discuss the pros and cons.

1-26

1-26
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Chapter 6:
Computer and Network Security

Ethics for the Information Age

Forth Edition

by
Michael J. Quinn
 Introduction

• Computers getting faster and less

expensive
• Utility of computers increasing
– Email
– Web surfing
– Shopping
– Managing personal information
• Increasing use of computers → growing
importance of computer security 1-28

6-28
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Viruses (1/2)

• Virus: piece of self-replicating code

embedded within another program (host)
• Viruses associated with program files
– Hard disks, floppy disks, CD-ROMS
– Email attachments
• How viruses spread
– Diskettes or CDs
– Email
– Files downloaded from Internet
1-29

6-29
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Viruses (2/2)

• Well-known viruses
– Brain
– Michelangelo
– Melissa
– Love Bug
• Viruses today
– Commercial antivirus software
– Few people keep up-to-date
1-30

6
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley -
 1-31

1-31
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 1-32

1-32
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Worms

• Worm
– Self-contained program
– Spreads through a computer network
– Exploits security holes in networked computers

1-33

6-33
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 1-34

1-34
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Trojan Horses
• Trojan horse virus, also called trojan, may be defined as malware
that appears to be legitimate or appropriate software and used by
attackers to compromise the system’s security.

1-35

1-35
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Defensive Measures

• System administrators play key role

• Authorization: determining that a user has
permission to perform a particular action
• Authentication: determining that people are
who they claim to be
• Firewall: a computer monitoring packets
entering and leaving a local area network
– Ex: packet filter which accepts packets only
from trusted computer on the Internet
1-36

6-36
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 1-37

1-37
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 1-38

1-38
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Hackers

– Modern use of hacking means ------- Malicious acts

• Computer break-ins
• Destroying databases
• Stealing confidential personal information

1-39

6-39
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Phone Phreaking

• Phone phreak: someone who manipulates

phone system to make free calls
• Most popular methods
– Steal long-distance telephone access codes
– Guess long-distance telephone access codes
– Use a “blue box” to get free access to long-
distance lines --- mimic the actual frequency
• Access codes posted on “pirate boards” by
phreaks to share codes and credit card No.
1-40

6-40
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 1-41

1-41
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley
 Penalties for Hacking
• Examples of illegal activities
– Accessing without authorization any Internet
computer
– Transmitting a virus or worm
– Trafficking in computer passwords
– Accessing stored email messages without
authorization
– Adopting another identity to carry out an illegal
activity
• Maximum penalty: 20 years in prison + $250,000
fine

1-42

6-42
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley