1 / 22

IS482/682 Agenda April 25, 2013

IS482/682 Agenda April 25, 2013. Finish discussing governance of business intelligence systems Explore data privacy Examples, issues and surveys Answer the question: Is data privacy a legal or ethical issue? Ethical context and background Analysis of data privacy issues

argyle
Télécharger la présentation

IS482/682 Agenda April 25, 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS482/682 Agenda April 25, 2013 • Finish discussing governance of business intelligence systems • Explore data privacy • Examples, issues and surveys • Answer the question: Is data privacy a legal or ethical issue? • Ethical context and background • Analysis of data privacy issues • Decision making about data privacy

  2. Business Intelligence Governance The problem: Who is in charge of the development, implementation, and ongoing maintenance of business intelligence applications?

  3. Why is this a problem? • BI applications are NOT traditional types of applications that were previously done on paper and now can be translated into technology. • BI applications probably can’t be done at all without technology; • They weren’t done before technology. • BI applications are NOT required to maintain compliance with governmental or accounting regulations. • Many BI applications are more entrepreneurial in flavor than traditional information systems applications.

  4. Who’s needed? • Someone to come up with the idea. • Usually requires collaboration between people who understand technology and people who understand the business. • Someone to make it happen. • Usually requires collaboration between people who are willing and able to try new things and fail, then try again, and people who have resources and are willing to spend them on experimentation. • Someone to make it part of the culture of the organization. • Someone to make it continue to work.

  5. Who keeps it going? • Organizational structures • Steering Committees • Project Committees • Project Management Office • BI Center • People • Data Administrator • Metadata Administrator • Data Steward • Security Office • Data Assurance Officer • Data Architect • BI Champion/Evangelist Where are these people/structured placed in an organization?

  6. Introduction to data privacy • What is privacy? • Privacy is the ability of an individual or group to keep their lives and affairs out of public view. • To control the flow of information about oneself and thereby reveal oneself selectively. • The boundaries and content of what is considered private differs between cultures and individuals, but shares basic common themes. • Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. • Balance between privacy and public good.

  7. Right to Privacy • The U.S. Constitution contains no express right to privacy. • The Bill of Rights “implies” certain rights to privacy depending on area: • Privilege against self-incrimination; • Privacy of the person and possessions against unreasonable searches; • Privacy of beliefs. • U.S. Law has been vague about the extent of an individual’s right to privacy. • U.S. culture is somewhat libertarian and incorporates a fairly large personal zone/space.

  8. What is data privacy? • The “right” to privacy in data collection and dissemination. • What is the public expectation of privacy in the collection and sharing of data? • Who has the right to view data? • Who has the right to combine data collected in different venues? • Who owns “you”?

  9. Examples of data privacy concerns • Sears Holding Corporation (SHC Community) • Sears collects data on all purchases made by Sears customers • Sears offers a web site with a “tailored” shopping experience • ManageMyHome web site displays purchase information • It was relatively easy to see purchases made by others • Health Information Exchange • Data once available in restricted locations may be collected and integrated • Very personal data; data about health is considered synonymous with the individual him or herself • Subject to HIPAA, but the regulations are rarely enforced

  10. Other examples • Google’s gmail • When you use gmail, Google’s servers automatically record information such as account activity, data displayed or clicked on, browser type, IP-address, cookie ID and referrer URL. • Google scans the text of all email sent via gmail for various purposes, including formatting, delivering advertisements and related links, and other purposes. • Amazon.com • Tracks all purchases. • Tailors format of site depending on past searches and purchases. • Customer data is viewed as an asset • Provides customer data to “affiliates”

  11. Issues in data privacy • Public records are public. • Data is recorded on virtually every transaction made. • Credit card companies, banks, insurance companies and brokerage firms may share their respective databases with one another without notification. This is referred to as “affiliate sharing”. • Medical information can be shared for treatment, payment, or health care operations. It can be used for marketing and may be disclosed to pharmaceutical companies. • Who owns data about you?

  12. Small survey related to privacy • 250 IT professionals (2012). • 67% say they depend on their company’s code of conduct for determining business practices; they follow company policy. • 80% say their company gathers, stores and processes detailed customer data. • 60% say their company has a publicly displayed policy on the privacy of customer data that they collect. • 92% say their company gathers data about employee’s computer usage.

  13. Is data privacy a legal issue? • The European Union approach to privacy is based on comprehensive legislation. • EU has detailed laws regarding collection, processing, and distribution of personal data. • Privacy Electronic Communications Directive prohibits secondary uses of data without informed consent. • Data Protection Act requires all entities that maintain records must register with the Data Protection Commissioner. • EU requires all member countries to have an independent enforcement body. • Uses an “opt-in” default.

  14. How do laws address privacy? • Federal Trade Commission (FTC) guidelines. • Notice/awareness: Must notify consumer. • Consent/choice: Consumer must agree. • Access/participation: Data collectors must allow consumer access to the stored data. • Security/Integrity: Data collectors must “take steps” to ensure the safety, confidentiality and integrity of the data. • Enforcement/Redress: Data collectors must have an enforcement protocol to ensure that their stakeholders align with their principles. • Collection limitation: Can only collect what is directly pertinent.

  15. The U.S. approach to data privacy law • Combination of federal laws, some state laws, case law, and self-regulation. • Federal laws • HIPAA, Children’s Online Privacy Protection Act, FERPA, GLB Act, Sarbanes-Oxley, FISA • Much pending and never-to-be-approved legislation. Most focusing on privacy “breaches” and at most using “opt-out” method for privacy protection (but not even that for most). • Federal Internet Privacy Act • Consumer Internet Privacy Protection Act (Privacy Bill of Rights) • Protecting Children from Internet Pornographers Act • GPS Act • Electronic Mailbox Protection Act • Netizens Protection Act • Unsolicited Commercial Electronic Mail Choice Act • Cyber-Security Enhancement and Consumer Data Protection Act

  16. Huge dependence on self-regulation • A framework for global electronic commerce (as seen by the U.S.) announced in 1997: • The private sector should lead. • Governments should avoid undue restrictions on electronic commerce. • Where governmental involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent and simple legal environment for commerce. • Governments should recognize the unique qualities of the Internet. • Electronic commerce over the Internet should be facilitated on a global basis.

  17. The U.S. treats data privacy as an ethical issue People are responsible for protecting themselves within the cyber-domain. The default is “opt-out” within the U.S. A few groups are protected, but the majority are not. Even of the protected groups, there is very little actual enforcement of the laws. Organizations are left mainly to monitor themselves.

  18. Is data privacy an ethical issue? • Ethics: A field of philosophy that examines concepts related to right and wrong behavior. It encompasses such concepts as: • Determining what is “right” conduct; • Defining the good life, the life that is satisfying and worth living; • Conceptualizing the greatest good for the greatest number; • Determining the origination of human rights; • Defining what is and is not human right(s); • Clarifying what might be best addressed by law.

  19. Ethics in quick summary • Metaethics: Investigates where our ethical principles come from and what they mean. • Universal truths • Social inventions • Divine right • Normative ethics: Determining moral standards that regulate right and wrong conduct. • Virtue and duty theories • Consequence theories • Applied ethics: Examines controversial subjects using metaethics and normative ethics for analytical reasons to guide conduct.

  20. Brief list of ethical theories • Big questions: • Moral relativism vs. moral absolutism: Beauty is in the eye of the beholder vs. beauty is always beautiful. • Individual actions vs. group actions: If it is not OK for an individual, is it OK for a group? • Hedonism: Maximize pleasure and minimize pain. • Utilitarianism: The greatest good for the greatest number. • Consequentialism: The ends justify the means. • Deontology: There are unbreakable moral rules, such as “do not kill.” Described as rule-based ethics.

  21. Principles used in applied ethics • The extent to which an action: • Produces benefit for an individual. • Produces benefit for society. • Helps those in need. • Does not harm others. • Does not deceive others. • Does not violate a law. • Assists others in pursuing their best interests when they cannot do so themselves. • Acknowledges a person’s right to fair process, fair compensation for harm done, and fair distribution of benefits. • Acknowledges a person’s freedom over his/her actions or physical body.

  22. Decision making about data privacy • When performing your case analysis: • Highlight whether individual privacy will be or is compromised with the systems described in the case. • Identify either the legal or ethical issues with the case. Analyze whether the company is exhibiting good conduct. • Identify whether any security safeguards should be taken to facilitate privacy protection. • Recommend any laws or other protection that should be enacted to facilitate privacy protection.

More Related