Project Presentation

““The Cultured Group”The Cultured Group”Group Research TopicGroup Research Topic

““Privacy and Data ProtectionPrivacy and Data Protection””

Presenter:Presenter:

Mujeeb AkhterMujeeb AkhterMarek SchneiderMarek Schneider

Peter Richard LihachPeter Richard Lihach

Sub-TopicSub-Topic““Ethical and Social Issues in Information Ethical and Social Issues in Information

SystemSystem” ”

what is ethics?what is ethics?

““Ethics refers to the principles of right Ethics refers to the principles of right and wrong that can be used by and wrong that can be used by individuals acting as free moral agents individuals acting as free moral agents to make choices to guide their to make choices to guide their behavior”behavior”

Five Moral Dimensions of the Five Moral Dimensions of the Information AgeInformation Age

1. Information rights and obligation 1. Information rights and obligation 2. Property rights2. Property rights 3. Accountability and control 3. Accountability and control 4. System quality 4. System quality 5. Quality of life5. Quality of life

Information Rights and Obligation:Information Rights and Obligation: Privacy and Freedom in the Privacy and Freedom in the

Internet AgeInternet Age In the United States, the claim to privacy is protected primarily by the In the United States, the claim to privacy is protected primarily by the

Fourth Amendment against unreasonable search and seizure of one’s Fourth Amendment against unreasonable search and seizure of one’s personal documents, home, guarantee of due process, and by the Fair personal documents, home, guarantee of due process, and by the Fair Information Practices doctrine developed in the early 1973.Information Practices doctrine developed in the early 1973.

Fair Information Practices Principles:Fair Information Practices Principles:1.1. There should be no personal record systems whose existence is secret.There should be no personal record systems whose existence is secret.

2.2. Individuals have right of access, inspection, review, and amendment to Individuals have right of access, inspection, review, and amendment to systems that contain information about them.systems that contain information about them.

3.3. There must be no use of personal information for purposes other than There must be no use of personal information for purposes other than those for which it was gathered without prior consent.those for which it was gathered without prior consent.

4.4. Managers of systems are responsible and can be held accountable, and Managers of systems are responsible and can be held accountable, and liable for the damage done by systems, for their reliability and security.liable for the damage done by systems, for their reliability and security.

5.5. Governments have the right to intervene in the information relationships Governments have the right to intervene in the information relationships among private parties.among private parties.

Fair Information Practices form the basis of 13 federal statutes Fair Information Practices form the basis of 13 federal statutes that listed belowthat listed below

Set forth the conditions for handling information about Set forth the conditions for handling information about individuals in such areas as credit reporting, financial records, individuals in such areas as credit reporting, financial records, newspaper records, cable communications, electronic newspaper records, cable communications, electronic communications, and even video rentalscommunications, and even video rentals

Federal Privacy Laws in the U.SFederal Privacy Laws in the U.S General Federal Privacy LawsGeneral Federal Privacy Laws1.1. Freedom of Information Act, 1968 as Amended (5 USC 552)Freedom of Information Act, 1968 as Amended (5 USC 552)2.2. Privacy Act of 1974 as Amended (5 USC 552a)Privacy Act of 1974 as Amended (5 USC 552a)3.3. Electronic Communications Privacy Act of 1986Electronic Communications Privacy Act of 19864.4. Computer Matching and Privacy Protection Act of 1988Computer Matching and Privacy Protection Act of 19885.5. Computer Security Act of 1987Computer Security Act of 19876.6. Federal Managers Financial Integrity Act of 1982Federal Managers Financial Integrity Act of 1982

Privacy Laws Affecting Private InstitutionsPrivacy Laws Affecting Private Institutions1.1. Fair Credit Reporting Act of 1970Fair Credit Reporting Act of 19702.2. Family Educational Rights and Privacy Act of 1978Family Educational Rights and Privacy Act of 19783.3. Right to Financial Privacy Act of 1978Right to Financial Privacy Act of 19784.4. Privacy Protection Act of 1980Privacy Protection Act of 19805.5. Cable Communications Policy Act of 1984Cable Communications Policy Act of 19846.6. Electronic Communications Privacy Act of 1986Electronic Communications Privacy Act of 19867.7. Video Privacy protection Act of 1988Video Privacy protection Act of 1988

According to recent poll of Equifax, 76 % of American believe they According to recent poll of Equifax, 76 % of American believe they have lost all control over personal information and 67% believe have lost all control over personal information and 67% believe that computer must be restricted in the future to preserve privacy.that computer must be restricted in the future to preserve privacy.

Conclusion:Conclusion:

The only thing we can say is development of law is clearly lagging The only thing we can say is development of law is clearly lagging far behind the realty of computer-based information.far behind the realty of computer-based information.

Property RightsProperty Rights::

Intellectual PropertyIntellectual Property   Intellectual property is a result of someone's effort at creating a Intellectual property is a result of someone's effort at creating a

product of value based on their experiences, knowledge, and product of value based on their experiences, knowledge, and education. In short, intellectual property is brain power.education. In short, intellectual property is brain power.

Everything on the Web is considered to be protected under Everything on the Web is considered to be protected under copyrightcopyright and and intellectual propertyintellectual property laws unless the Web site laws unless the Web site specifically states that the content is public domain. specifically states that the content is public domain. 

President Clinton signed a law in January 1998 making it a federal President Clinton signed a law in January 1998 making it a federal offense to violate copyright laws on the Internet, punishable with a offense to violate copyright laws on the Internet, punishable with a fine up to $250,000.fine up to $250,000.

Conclusion:Conclusion: How will intellectual property rights be protected in a digital How will intellectual property rights be protected in a digital

society where tracing and accounting for ownership is difficult, society where tracing and accounting for ownership is difficult, where ignoring such property right is so easy?where ignoring such property right is so easy?

Accountability, Liability, and Accountability, Liability, and

ControlControl In February 1992, hackers penetrated the computer network of Equifax, Inc In February 1992, hackers penetrated the computer network of Equifax, Inc

in Atlanta, Georgia, one of the world’s largest credit reporting bureaus that in Atlanta, Georgia, one of the world’s largest credit reporting bureaus that sell 450 million reports annually. Consumer files, credit card numbers and sell 450 million reports annually. Consumer files, credit card numbers and other confidential information were accessed. Who is liable for any other confidential information were accessed. Who is liable for any damages done to individuals?damages done to individuals?

If you outsource your information processing, can you hold the external If you outsource your information processing, can you hold the external vendor liable for injuries done to your customers?vendor liable for injuries done to your customers?

Conclusion:Conclusion: Whether or not individuals and organization who create, produce, and sell Whether or not individuals and organization who create, produce, and sell

systems are morally responsible for the consequences of their use. If so, systems are morally responsible for the consequences of their use. If so, under what condition. What liabilities should the user assume, and what under what condition. What liabilities should the user assume, and what should the provider assume?should the provider assume?

System Quality: System Quality: Data Quality and System ErrorsData Quality and System Errors

When the credit reporting agencies screw up your credit record and you When the credit reporting agencies screw up your credit record and you can't get a car loan, who's fault is it? can't get a car loan, who's fault is it? 

Most of us use software that the manufacturer knows has bugs. They Most of us use software that the manufacturer knows has bugs. They usually are nothing more than an aggravation and a frustration. But once usually are nothing more than an aggravation and a frustration. But once in a while, they will affect our use of the computer. Our natural tendency is in a while, they will affect our use of the computer. Our natural tendency is to let the marketplace control the balance by letting the customer punish to let the marketplace control the balance by letting the customer punish or reward the producer. But will that be enough, or will the issue end up in or reward the producer. But will that be enough, or will the issue end up in the courts?the courts?

Conclusion:Conclusion: What standards of data and system quality should we demand to protect What standards of data and system quality should we demand to protect

individual rights and the safety of society?individual rights and the safety of society?

Quality of Life:Quality of Life:

  Equity, Access, and Boundaries  Equity, Access, and Boundaries

Computer crime and abuse extends to any wrongdoing involving Computer crime and abuse extends to any wrongdoing involving equipment and Internet usage. You should remember that everything you equipment and Internet usage. You should remember that everything you do on a network or the Internet is recorded and can be tracked. Many do on a network or the Internet is recorded and can be tracked. Many people committing computer crimes and abuse have been caught and people committing computer crimes and abuse have been caught and prosecuted. prosecuted.

It is employee who have inflected the most injurious computer crimes It is employee who have inflected the most injurious computer crimes because they have the knowledge, access, and frequently a job related because they have the knowledge, access, and frequently a job related motive to commit such crimes.motive to commit such crimes.

Final Conclusion:Final Conclusion:

“ “ If it sounds too good to be true, it is. If it's illegal or immoral or unethical If it sounds too good to be true, it is. If it's illegal or immoral or unethical outside the computing arena, it's probably illegal, and immoral and outside the computing arena, it's probably illegal, and immoral and unethical in the computing arena. If you are aware of a problem or are a unethical in the computing arena. If you are aware of a problem or are a victim of unethical, illegal actions, and you don't do something about it, victim of unethical, illegal actions, and you don't do something about it, you're part of the problem. It's your new world - use it wisely. Since it's you're part of the problem. It's your new world - use it wisely. Since it's your world and your future, you should be concerned and become involved your world and your future, you should be concerned and become involved in their resolution” in their resolution” (Kenneth C. Laudon)(Kenneth C. Laudon)

Data ProtectionData Protection Backup overviewBackup overview Appropriate Strategeis and Factors InvolvedAppropriate Strategeis and Factors Involved CRM Application DataCRM Application Data Company Web serverCompany Web server

Need for BackupNeed for Backup

• federal, state and local laws and regulations federal, state and local laws and regulations data storage and privacydata storage and privacy

• backing up data on daily basesbacking up data on daily bases

• accounting dataaccounting data• customer databasescustomer databases• digital photos and other data that is important and digital photos and other data that is important and

irreplaceableirreplaceable

Historical view and Historical view and Important IssuesImportant Issues

Data protection is a wide-focused issue. Data protection is a wide-focused issue. Affecting industries Affecting industries responsibility to keep pace with federal legislationresponsibility to keep pace with federal legislation

Example: Example:

the Health Insurance Portability and the Health Insurance Portability and Accountability Act (HIPAA) of 1996Accountability Act (HIPAA) of 1996

California's state laws SB1386 require all California's state laws SB1386 require all companies conducting business electronically to companies conducting business electronically to report breaches of security that report breaches of security that could compromise could compromise personal informationpersonal information

Appropriate Strategeis and Appropriate Strategeis and Factors InvolvedFactors Involved

Development Stage - UserDevelopment Stage - User Backup strategy Backup strategy

several steps, starting with defining the user’s needsseveral steps, starting with defining the user’s needs

Time Retention in Relation to CorporationsTime Retention in Relation to Corporations state and/or local laws and regulations state and/or local laws and regulations

CostsCosts 24/7 data access, disaster recovery, and 24/7 data access, disaster recovery, and

scalability scalability

Appropriate Strategeis and Appropriate Strategeis and Factors InvolvedFactors Involved

• Protection StrategyProtection Strategy• Backup planBackup plan

• ArchivingArchiving• safetysafety • accessibility

• Recovery• all recovery plans at least twice a year • advance warning

CRM Application DataCRM Application Data

Data QualityData Quality plan CRM (Customer Relationship plan CRM (Customer Relationship

Management) Management)

ProceduresProcedures 1 monthly copy with 1-year 1 monthly copy with 1-year

retentionretention 1 copy archived at the end of 1 copy archived at the end of

fiscal yearfiscal year Weekly total with 1-month Weekly total with 1-month

retentionretention Daily incrementalDaily incremental

CCompany Web serverompany Web server

Recommended backup strategy for Recommended backup strategy for company’s Web servers:company’s Web servers:

Weekly total with 1-month retentionWeekly total with 1-month retention Daily incrementalDaily incremental

ConclusionConclusion

Each minute of lost data Each minute of lost data equals equals unrecoverable revenueunrecoverable revenue an appropriate backup data strategyan appropriate backup data strategy

overcome disasters and database overcome disasters and database application server failuresapplication server failures

Reducing the risk of lost productivity and Reducing the risk of lost productivity and damages due to revenue losses !damages due to revenue losses !

Hardware and Software Hardware and Software Options for Data Options for Data

ProtectionProtectionBy: Peter LihachBy: Peter Lihach

Data Back-Up HardwareData Back-Up Hardware

Magnetic Tape DrivesMagnetic Tape Drives

High Capacity Removable High Capacity Removable DisksDisks

Optical Media DrivesOptical Media Drives

Data Safeguarding Hardware Data Safeguarding Hardware and Softwareand Software

Redundant Array of Redundant Array of Independent DisksIndependent Disks

FirewallsFirewallsI.I. Hardware-TypeHardware-Type

II.II. Software-TypeSoftware-Type

Virus ScannersVirus Scanners

Hardware Firewalls Versus Software Hardware Firewalls Versus Software FirewallsFirewalls

Hardware’s Pros: Hardware’s Pros: “Can be effective with little or no configuration, and they can protect“Can be effective with little or no configuration, and they can protectevery machine on a local network.”(every machine on a local network.”(SurferBewareSurferBeware) Most types of modems) Most types of modemshave them built in such as cable, DSL, and ADSL modems. Since most modemshave them built in such as cable, DSL, and ADSL modems. Since most modemshave them built in already, they are free of charge.have them built in already, they are free of charge.

Hardware’s Cons: Hardware’s Cons: “They typically treat any kind of traffic traveling from the local“They typically treat any kind of traffic traveling from the localnetwork out to the Internet as safe, which can sometimes be anetwork out to the Internet as safe, which can sometimes be aproblem.”(problem.”(SurferBewareSurferBeware) TCP/IP has over 65,000 possible ports and it’s) TCP/IP has over 65,000 possible ports and it’snear impossible to block the exact one that a malevolent virus or program maynear impossible to block the exact one that a malevolent virus or program mayhave used to crossover.have used to crossover.

Software’s Pros:Software’s Pros: When certain “programs that aren't explicitly allowed to do so are When certain “programs that aren't explicitly allowed to do so areeither blocked or the user is prompted for confirmation before the traffic iseither blocked or the user is prompted for confirmation before the traffic isallowed to pass.” “Software firewalls generally offer the best measure ofallowed to pass.” “Software firewalls generally offer the best measure ofprotection against certain types of situations like Trojan programs or e-mailprotection against certain types of situations like Trojan programs or e-mailworms.”(worms.”(SurferBewareSurferBeware))

Software’s Cons: Software’s Cons: Each computer must have the firewall software installed andEach computer must have the firewall software installed andConfigured, sometimes extensively configured. Most firewall applications costsConfigured, sometimes extensively configured. Most firewall applications costsmoney for the rights to use the software.money for the rights to use the software.