Salik

Bhatti sb377@bath.ac.uk Department Of Computer Science

A R E T H E R E G O O D R E A S O N S F O R I N C L U D I N G P R I V A C Y P R O V I S I O N S I N C O D E S O F P R A C T I C E O F I T P R O F E S S I O N A L B O D I E S S U C H A S T H E BCS?

PRIVACY
Privacy is the claim of individual, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. Viewed in terms of the relation of the individual to social participation, privacy is the voluntary and temporary withdrawal of a person from general society through physical or psychological means, either in a state of solitude or small groups intimacy or, when among large groups, in a condition of anonymity or reserve. (Westin, 1967 as cited in Westin, 2003) In todays world of ever growing reliance on information technologies it is becoming difficult for individuals, groups or institutions to control of what information about them may or may not be communicated to others. This drastic change has led to a widespread cultural adjustment involving privacy in which old norms of privacy are being changed (Mcreary, 2008). Modern governments tend to store information of its citizens such in a central database so it could provide various social welfare programs and be easier to retrieve tax etc the United States of America started digitizing its citizens information in 1960s which lead to a renewed debate about individual privacy right, leading to a debate in congress, one of the reasons for the concerns raised was the impact of computers having all that information and how it would be accessed by individuals and agencies and what sort of guidelines would be followed before the personal information of individuals being passed on to various agencies (Regan 1986.) this debate lead to the 1974 Privacy Act, most modern countries have followed suit since. One of the fundamental reasons for these laws to be introduced in Europe and USA was to deter people from misusing the power gained by having access to such personal information about others (Olivier 2003). As we have entered the 21st century individuals have become more concerned about their privacy when it comes to using information technologies, people are concerned organization will take advantage of them by invading their privacy through technological means and use them for marketing and other means without explicitly informing them, this has created uncertainty and lack of trust in society towards people gathering and saving personal data, this lack of trust is one of the largest barriers for ecommerce businesses (Hann, 2007).

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

IMPACT ON ORGANIZATIONS
The World Wide Web in the 21st has become instrumental for organizations success in understanding their customers and providing them with improved service. Organizations have come up with various ways to better understand their customers, one of the mostly used technique is to gather data about a users from the analysis of the their online navigational behavior in correlation with other information collected in the web context (Eirinaki 2003). Organizations desire to gather, store and process vast amounts of data quickly and efficiently to be more competitive has led to an increase of privacy concerns by employees, customers and societies (Greenway and Chan 2005). These concerns have lead organizations to follow FIPs. Fair information practices (FIPs) are the prevailing global data protection principles that address privacy harms by defining guidelines for individual rights and organizational responsibilities, thereby reflecting social expectations for responsible information use (Culnan and Bies 2003; Greenaway and Chan 2005; Smith 1993). Adaption of FIPs not only gives organizations guidelines on how to avoid privacy infringement it also increases trust in customers and other external audiences (Smith 1993) An organizations failure to implement fair information practices, could lead to an unauthorized access of a users data or data reuse. Information reuse and unauthorized access can infringe on users privacy, which could threaten the organizations legitimacy to handle such data and could very well lead to its demise (Greenaway and Chan 2005; Smith 1993; Solove 2006). There is a limit to which FIPs can be useful. In order for System administrators to run a computer system efficiently they have to be allowed access to all the information on the network, and the ability to monitor, create and destroy private data of users (Langford 1995, practical computer ethics). Organizations have no other option other than to trust the IT professionals in charge of the security of the data. There has always been a need to share information within or across organizations, to be of any use this information needs to be current, complete, accurate and passed onto the right person securely. Unfortunately todays IT professionals do not typically pay much attention in finding a balance between the need of security and personal privacy (Gordon, 2008). Many organizations have invested a lot of time and money in to educate their IT professionals about privacy policies and enforce them, however this does not guarantee privacy protection (Brande, 2000).Organizations have a limit to how they can make sure users privacy is respected since it always comes down to the ethics and code of practice of the individual IT professional in charge of the data. Unfortunately, there is always going to be a problem with internal corruption, particularly in departments where corruption is easy, such as the IT department. As long as there are people, there will be fraud. One criminologist in the group admitted that most people can't protect themselves from electronic fraud; we all just cross our fingers and hope it doesn't happen to us. (Gordon, 2008)

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

IMPACT ON END USERS

People generally base their online expectations on offline experiences and expect to have the same level of privacy protection online.(LEENES, 2005) When a person goes into a store or a library and browses through books or items to purchase one does not expect the librarian or store assistant to be keeping a track of each and every item the person browses through, further when the person goes to a different shop or library he wouldnt expect them to know if he had just come from another shop or library, and the chances of being subject to price discrimination are less. But online most of the activities of a user are tracked through IP addresses, third party cookies, by aggregating the data obtained from them one can easily create a detailed profile of a user, which could lead to price discrimination or targeted advertisement (Lee, 2011). This detailed information of a users profile can be used for harmful purposes too. Loss of ones privacy when one does not expect it can be psychologically devastating some people become incensed (Ackerman, 2009). Researchers have been able to create a detail profile of Netflix and AOL users using linkage attacks (use innocuous data in one data set to identify a record in a second data set with both innocuous and sensitive data), and able to retrieve a persons name, address, social security number, credit card details and personal habit (Greengard, 2008). New features introduced by companies with a default opt in too can have serious consequences on a users life. The now discontinued service Facebook beacon is a prime example of it, where visits by users on certain third party e-commerce sites could trigger automatic notification to their friends (Krishnamurth, 2008) this resulted in a massive backlash from facebook users complaining about privacy invasion, more than 50,000 facebook users signed a petition asking facebook to change the way Beacon used their information (Rapoza,2007 ; Carr, 2009). Such privacy violations could lead to public humiliation in various ways such as identifying if a person is gay or has interest in extremely violent pornography (Greengard, 2008). Information privacy concerns can also impact on an individuals acceptance of technology, such as purchasing online (Malhotra et al. 2004). Specific profiles can only be created by getting access to information stored by various organizations. Technologies, which enable collection and aggregation of information would not be able to exist without the existence of IT Professionals, making them the de facto custodians of user information (Ryan 2005; Miller 2000).

ETHICAL RESPONSIBILITES OF IT PROFESSIONAL

Some of the major moral problems of Information societies at the beginning of the 21st century concern the responsibility for data processing, privacy and protection of data protection (floridi, 2010). Many firms are trying to gain access to information about users to

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

improve their services and products by analyzing user data across the web. The existence of this valuable information has made IT professionals in charge of data, vulnerable to bribery and forms of intimidation (Ryan, 2005). Concerns of improper collection and usage of personal information by businesses and governments has lead to a lack of trust among society. IT professionals often have access to confidential data and knowledge about individuals in their organizations and its customers, thus the need for these professionals to respect and follow sound information privacy practices are essential (Kuo, 2007). Being considerate towards the privacy of users data is an ethical responsibility of information technology professionals. It is very difficult to talk about information privacy without talking about ethical issues. Information technologies continue to remain ahead of the law, new laws always have to be brought in to keep up with changing technologies. One can be following the law and at the same time being ethically wrong (Brande 2000). IT professional can build a website with a privacy statement in accordance with the law but at the same time place it where it is difficult for a user to read. In another scenario if a client asks an IT professional to develop a website, the IT professional could develop the website in accordance to current law, but failing to mention that some aspects such as cookies will be illegal in near future can be considered as morally and ethically wrong. IT professionals should not consider themselves as merely tools, but instead they should take into account the need to respect and protect privacy of all entities who will come into contact with the system being developed, arguably information technology professionals must have ethical training, because of the pervasive nature of IT (Kavanagh,2005). IT professionals must implement sound data management and security measures to protect vital organizational data, and to safeguard a customers personal information, encouraging a more stable consumer base (Brande 2000).

PROFESSIONAL BODIES AND CODES OF PRACTICE

All physicians and attorneys are legally bound to take an oath to follow and abide by ethical standards set out by a state in which they wish to practice, because their profession can tremendously affect lives of others. IT personnel often have access to confidential data about individuals and companies, which gives them great deal of power, and could affect lives of others drastically, yet they are not required to take a legal oath as physicians and attorneys (Oz 1993). Various public, legal and political events have had an effect on the publics expectations of professionals. In todays world professionals no longer have unquestioned trust and admiration of the public. To regains the publics trust and improve service to the public, professionals have created bodies to promote their codes of practice (Frankel 1989). Just because a computer professionals works closely with computers, it does not mean they are trained in the social effects of computers affecting other individuals and there is need to

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

make sure computer professionals are aware of how their work may effect individuals (Johnson, 1985). Associations and organizations for IT professionals have begun to address the ethical side of the IT profession by introducing codes of practice, these codes are meant to guide members of these organizations in times of conflict and confusion (Grodzinsky 2000) and set out rules for current best practices, as needs and norms of society change with rapid changes in technology. Codes of ethics and practice are carefully written to safeguard public interests, concerns and their ethical rights. Codes of practice instruct information technology professionals about the standards society expect them to meet. Informing the public of these codes makes them aware of the responsibilities that are important to an IT professional, this could lead to increased public trust in the IT professional (Gotterbarn 1997). In the world of information technology trust is considered as a key differentiator that determines success or failure of companies over the Internet (Lauer, 2007 as cited in Urban, 2000).

CONCLUSION
Unlike other professions such as physicians and attorneys IT professionals do not have standardized training requirements. Many IT professionals have a As long as the job gets done approach without realizing if that approach will effect a users privacy or other ethical aspects (Shinder, 2005). Privacy is one of the major concerns for users, surveys have shown that 85% of adults are concerned about their privacy and believe it was very important that they had control over who could access their personal information (Madden et al. 2007). Information privacy concerns greatly influence individuals attitudes to be profiled and their preferences for regulatory environments, which would give individuals a sense of security and comfort when coming across information technologies (Belanger et al. 2011). Various professional information technology bodies such as British Computer Society, Association For Computing Machinery, Australian Computer Society have taken a notice of this concern and added privacy provisions in their codes of practice (BCS, ACM, ACS) and make sure their members comply with this provisions. Adding privacy provisions in codes of practice not only helps the members of public in identifying IT professionals complying with privacy provisions. It also helps IT professionals think beyond the engineering aspect of their work, making them consider the ethical issues of their work and how it would affect society, considering privacy at development level would also reduce user data leakage and lead to more secure environment since the IT professional will not just think of getting the job done but also think of how privacy of a user maybe infringed in current state of the system (Kavanagh, 2005), over all increasing publics trust in the IT profession.

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

REFERENCES

Ackerman S (2009).Privacy in Pervasive Environments: Next Generation Labeling Protocols. Department of Electrical Engineering and Computer Science and School of Information. 1(1), p3. ACS (2011). Codes Of Professional Conduct And Practice. Available:http://www.acs.org.au/documents/codes/CodeofProfConductPractice.p df. Last Accessed Date:15/12/2011. ACM (2011). Codes Of Conduct. Available:http://www.acm.org/about/code-of- ethics . Last Accessed Date:15/12/2011. BCS (2011). Codes Of Practice. Available:http://www.bcs.org/upload/pdf/cop.pdf. Last Accessed Date:15/12/2011. Belanger France (2011).PRIVACY IN THE DIGITAL AGE: A REVIEW OF INFORMATION PRIVACY RESEARCH IN INFORMATION SYSTEMS. MIS Quarterly. 35(4), p1017-A36. Brande Julia (2000).Dirty Laundry: Privacy Issues for IT Professionals. IT Professional. 2(2), p51-54. Carr John (2009).Facebook's Beacon Extinguished. Information Today. 26(10), p44- 44. Culnan, M.J (2003).Consumer Privacy: Bal ancing Economic and Justice Considerations. Journal of Social Issues . 59(2), p323-342. Eirinaki Magdalini (2003).Web mining for web personalization . ACM Transactions on Internet Technology . 3(1), p1-27. Floridi Luciano (2010).The Cambridge Handbook of Information and Computer Ethics. 1 .UK: Cambridge University Press. p59 Frankel S (1989).Professional Codes: Why,How, and with What Impact ?. Journal of BusinessEthics. 8(1), p109-115. Gordon Keith (2011). The privacy conudrum. Available:http://www.bcs.org/content/ConWebDoc/17577. Last Accessed Date:15/12/2011.

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

Gotterbarn Don (1997).Software Engineering Code Of Ethics. Communication Of The ACM. 40(4), p110-118. Greengard Samuel (2008).Privacy Matters. Communication of the acm. 51(9), p17- 18. Greenway Chan (2005).Theoretical Explanations of Firms Information Privacy Behaviors. Journal of the Association for Information Systems. 6(6), p171-198. Grodzinky ES (2000).The Development Of The Ethical ICT Professional. Computers And Society. 1(1), p1-7. HANN IL-HORN (2007). Overcoming Online Information Privacy Concerns: An Information-Processing Theory Approach.. Journal of Management Information Systems. 24(2), p13-p42. Johnson Deborah (1985)..Computer Ethics. Computer Ethics. 1(1), p86-86. Kavanagh John (2005).T developers need to consider privacy implications of systems. Computer Weekly. 35(4), p50-50. Krishnamurthy Balachander (2008).Characterizing Privacy in Online Social Networks. ACM. 35(4), p. Kuo Feng (2007)... Journal of Business Ethics. 73(2), p145-160. Lauer Thomas (2007).Building online trust through privacy practices. International Journal of Information Security. 6(5), p323-331. Lee Dang (2011).CONSUMER PRIVACY CONCERNS IN PERSONALIZATION: A STRATEGIC ANALYSIS OF PRIVACY Leenes Rownald (2005).Code: Privacys Death or Saviour?. INTERNATIONAL REVIEW OF LAW COMPUTERS& TECHNOLOGY. 19(3), p329-340. McCreary Lew (2008).What Was Privacy?. Harvard Business Review. 86(10), p. Miller Seumas (2000).Privacy, the Workplace and the Internet. Journal of Business Ethics. 28(1), p255-265. Madden (2007). Digital Foot- prints: Online Identity Management and Search in the Age of Transparency. Available:http://pewinternet.org/Reports/2007/Digital- Footprints.aspx. Last Accessed Date:15/12/2011.

Salik Bhatti sb377@bath.ac.uk Department Of Computer Science

Malhotra (2004).Internet Users Information Privacy Concerns (IUIPC): The Construct, the Scale, anda Causal Model. Information Systems Research. 15(4), p336-355. Oliver Martin (2003).Using Organisational Safeguards to Make Justifiable Decisions when Processing Personal Data. IT Research in Developing Countries (SAICSIT 2003). 33(0), p275-284. Ozzy Effy (1993).Ethical Standardsfor Computer Professionals:A Comparative Analysis of Four Major Codes. Journal Journal ofBusiness Ethics. 12(1), p709-726. Rapoza Jim (2007).Facebook Beacon. eWeek. 24(38), p58-58. Regan Priscila (1986).Privacy. Government Information and technology. 1(0), p. Ryan Mark (2011).Cloud Computing Privacy Concerns on Our Doorstep. Communications of the ACM. 54(1), p36-38. Shinder Deb (2005). Ethical Issues for IT Security Professionals. Available:http://www.windowsecurity.com/articles/Ethical-Issues-IT-Security- Professionals.html. Last Accessed Date:15/12/2011. Smith H (1993).Privacy Policies and Practices: Inside the Organizational Maze. Communications of the ACM. 36(12), p105-122. Solove (2006).A Taxonomy of Privacy. University of Pennsylvania Law Review. 154(3), p477-560. Westin A (2003).Social and Political Dimensions Of Privacy. Journal of Social Issues. 59(2), p431-453.