Wednesday, 10 August 2011

Data Privacy Issues in organizations

Hacking is the unauthorized access of people into computer and networking systems. This is a major breach of security because it gives access to private/confidential /sensitive information which can be misused.
Normally, there are four types of hacking:
IP Hack: A hacker is hired to hack a specific IP address with little or no information beforehand.
Application Hack: It is a more sophisticated hack that can delve deep into databases and down production servers. Only experienced hackers can execute this kind of hacking successfully.
Physical Infrastructure Hack: In this type of hack, illegal users try to get into facilities to access systems or go dumpster diving looking for confidential information such as passwords discarded on sticky notes
Wireless Hack: Wireless access points are exploited from the back of a van with the intention of stealing passwords.

Data Privacy in Organizations
The various stakeholders involved are:
1.      Shareholders
2.      Employees
3.      Government
4.      Customers/Clients
5.      Society
The primary objective of shareholders is wealth maximization. The company has to perform well in a competitive market to reap profits and gain in terms of share value. Company related information, such as client lists, process details, management structures and procedures and whatever might be deemed as the intellectual property of the organization, should not be disclosed to outsiders, especially competitors. Any such disclosure might threaten the organization’s prosperity or even its survival. Any internal inefficiencies or shortcomings should be immediately addressed and rectified without any information leaking so that the prosperity of the organization, its market share and share value are not affected negatively.
Whenever a new employee joins an organization, he/she provides personal information to the organization in good faith. The organization should not allow this information to leak out or provide this information to third parties (except for governmental/legal reasons). Otherwise, this information can be misused resulting in blackmail/exploitation of the employee. This may also result in social stigma if the information is sensitive such as the employee being HIV positive.
When an employee leaves an organization, he carries with him the trade secrets and knowledge of the processes and management structure of the organization. This information could be of immense value to business rivals. The employee should however, maintain an ethical stand by not giving out the organization’s secrets and confidential information.
Employees may also be tempted by outsiders and rivals during their employment tenure to divulge company related information. The outsiders/rivals may be willing to provide various benefits in cash and/or kind to employees with the intention that they can capitalize on the organizations internal knowledge and weaknesses. It is, therefore important that the employees have a sense of belongingness towards their organization and remain loyal to it. So, this kind of wrongdoing may be prevented by the organization rewarding its loyal employees and recognizing its employees’ contribution.
The Government should get a true picture of the firm and its performance so that taxes are not evaded by the firm. The Government should also know the demographic details of the firm’s owners and employees. This is important so that the Government has an accurate knowledge of its residents/citizens age, gender, income level, etc., which are vital for the Government at the time of formulating plans related to social and public welfare. Business performance data is also important to the Government to know about the state of industries in the country and where the business growth and development of the nation stands with respect to other countries worldwide.
The relation between an organization and its clients/customers involves the essential element of trust. The organization should be transparent in its dealing with customers. Along with reliability in terms of performance, transparency in procedures keeps the customers’ goodwill intact, which is essential for retaining customers. As a result, the company also becomes cost-efficient as the cost of getting a new customer is about ten times the cost of retaining an existing customer.          
The society has the right to know of the company’s actions, especially if something unethical is being carried out to give rise to company profits. The ultimate beneficiary of ethical practices relating to security of data is the society at large. If all other stakeholders that is, the shareholders, the employees, the Government and the customers are assured that obligations of data privacy are satisfied, the society benefits from a sound and secure environment with minimal data theft such that confidentiality of individuals is not breached.

 Most customers are of the opinion that the control of personal information should be retained with customers. They are especially concerned about what companies/sellers/vendors learn about their buying behaviour and tendencies in the course of monitoring their commercial transactions. It annoys customers when they get sales/marketing calls frequently as their personal data or transaction related information is stored in the database of private companies for long-term use, giving rise to the possibility of identity theft. With the growth of data mining and data sharing, it is important that these concerns are shared with company CIOs (Chief Information Officer), managers, marketing personnel and other customers. Hence, ethical measures must be adopted to ensure that 1) the customer’s privacy is respected, 2) harm is minimized and 3) consistency in operations serve to reassure the customer that their data is secure.

No comments:

Post a Comment