Professional Documents
Culture Documents
A R E
T H E R E
G O O D
R E A S O N S
F O R
I N C L U D I N G
P R I V A C Y
P R O V I S I O N S
I N
C O D E S
O F
P R A C T I C E
O F
I T
P R O F E S S I O N A L
B O D I E S
S U C H
A S
T H E
BCS?
PRIVACY
Privacy
is
the
claim
of
individual,
groups
or
institutions
to
determine
for
themselves
when,
how,
and
to
what
extent
information
about
them
is
communicated
to
others.
Viewed
in
terms
of
the
relation
of
the
individual
to
social
participation,
privacy
is
the
voluntary
and
temporary
withdrawal
of
a
person
from
general
society
through
physical
or
psychological
means,
either
in
a
state
of
solitude
or
small
groups
intimacy
or,
when
among
large
groups,
in
a
condition
of
anonymity
or
reserve.
(Westin,
1967
as
cited
in
Westin,
2003)
In
todays
world
of
ever
growing
reliance
on
information
technologies
it
is
becoming
difficult
for
individuals,
groups
or
institutions
to
control
of
what
information
about
them
may
or
may
not
be
communicated
to
others.
This
drastic
change
has
led
to
a
widespread
cultural
adjustment
involving
privacy
in
which
old
norms
of
privacy
are
being
changed
(Mcreary,
2008).
Modern
governments
tend
to
store
information
of
its
citizens
such
in
a
central
database
so
it
could
provide
various
social
welfare
programs
and
be
easier
to
retrieve
tax
etc
the
United
States
of
America
started
digitizing
its
citizens
information
in
1960s
which
lead
to
a
renewed
debate
about
individual
privacy
right,
leading
to
a
debate
in
congress,
one
of
the
reasons
for
the
concerns
raised
was
the
impact
of
computers
having
all
that
information
and
how
it
would
be
accessed
by
individuals
and
agencies
and
what
sort
of
guidelines
would
be
followed
before
the
personal
information
of
individuals
being
passed
on
to
various
agencies
(Regan
1986.)
this
debate
lead
to
the
1974
Privacy
Act,
most
modern
countries
have
followed
suit
since.
One
of
the
fundamental
reasons
for
these
laws
to
be
introduced
in
Europe
and
USA
was
to
deter
people
from
misusing
the
power
gained
by
having
access
to
such
personal
information
about
others
(Olivier
2003).
As
we
have
entered
the
21st
century
individuals
have
become
more
concerned
about
their
privacy
when
it
comes
to
using
information
technologies,
people
are
concerned
organization
will
take
advantage
of
them
by
invading
their
privacy
through
technological
means
and
use
them
for
marketing
and
other
means
without
explicitly
informing
them,
this
has
created
uncertainty
and
lack
of
trust
in
society
towards
people
gathering
and
saving
personal
data,
this
lack
of
trust
is
one
of
the
largest
barriers
for
ecommerce
businesses
(Hann,
2007).
IMPACT
ON
ORGANIZATIONS
The
World
Wide
Web
in
the
21st
has
become
instrumental
for
organizations
success
in
understanding
their
customers
and
providing
them
with
improved
service.
Organizations
have
come
up
with
various
ways
to
better
understand
their
customers,
one
of
the
mostly
used
technique
is
to
gather
data
about
a
users
from
the
analysis
of
the
their
online
navigational
behavior
in
correlation
with
other
information
collected
in
the
web
context
(Eirinaki
2003).
Organizations
desire
to
gather,
store
and
process
vast
amounts
of
data
quickly
and
efficiently
to
be
more
competitive
has
led
to
an
increase
of
privacy
concerns
by
employees,
customers
and
societies
(Greenway
and
Chan
2005).
These
concerns
have
lead
organizations
to
follow
FIPs.
Fair
information
practices
(FIPs)
are
the
prevailing
global
data
protection
principles
that
address
privacy
harms
by
defining
guidelines
for
individual
rights
and
organizational
responsibilities,
thereby
reflecting
social
expectations
for
responsible
information
use
(Culnan
and
Bies
2003;
Greenaway
and
Chan
2005;
Smith
1993).
Adaption
of
FIPs
not
only
gives
organizations
guidelines
on
how
to
avoid
privacy
infringement
it
also
increases
trust
in
customers
and
other
external
audiences
(Smith
1993)
An
organizations
failure
to
implement
fair
information
practices,
could
lead
to
an
unauthorized
access
of
a
users
data
or
data
reuse.
Information
reuse
and
unauthorized
access
can
infringe
on
users
privacy,
which
could
threaten
the
organizations
legitimacy
to
handle
such
data
and
could
very
well
lead
to
its
demise
(Greenaway
and
Chan
2005;
Smith
1993;
Solove
2006).
There
is
a
limit
to
which
FIPs
can
be
useful.
In
order
for
System
administrators
to
run
a
computer
system
efficiently
they
have
to
be
allowed
access
to
all
the
information
on
the
network,
and
the
ability
to
monitor,
create
and
destroy
private
data
of
users
(Langford
1995,
practical
computer
ethics).
Organizations
have
no
other
option
other
than
to
trust
the
IT
professionals
in
charge
of
the
security
of
the
data.
There
has
always
been
a
need
to
share
information
within
or
across
organizations,
to
be
of
any
use
this
information
needs
to
be
current,
complete,
accurate
and
passed
onto
the
right
person
securely.
Unfortunately
todays
IT
professionals
do
not
typically
pay
much
attention
in
finding
a
balance
between
the
need
of
security
and
personal
privacy
(Gordon,
2008).
Many
organizations
have
invested
a
lot
of
time
and
money
in
to
educate
their
IT
professionals
about
privacy
policies
and
enforce
them,
however
this
does
not
guarantee
privacy
protection
(Brande,
2000).Organizations
have
a
limit
to
how
they
can
make
sure
users
privacy
is
respected
since
it
always
comes
down
to
the
ethics
and
code
of
practice
of
the
individual
IT
professional
in
charge
of
the
data.
Unfortunately,
there
is
always
going
to
be
a
problem
with
internal
corruption,
particularly
in
departments
where
corruption
is
easy,
such
as
the
IT
department.
As
long
as
there
are
people,
there
will
be
fraud.
One
criminologist
in
the
group
admitted
that
most
people
can't
protect
themselves
from
electronic
fraud;
we
all
just
cross
our
fingers
and
hope
it
doesn't
happen
to
us.
(Gordon,
2008)
improve their services and products by analyzing user data across the web. The existence of this valuable information has made IT professionals in charge of data, vulnerable to bribery and forms of intimidation (Ryan, 2005). Concerns of improper collection and usage of personal information by businesses and governments has lead to a lack of trust among society. IT professionals often have access to confidential data and knowledge about individuals in their organizations and its customers, thus the need for these professionals to respect and follow sound information privacy practices are essential (Kuo, 2007). Being considerate towards the privacy of users data is an ethical responsibility of information technology professionals. It is very difficult to talk about information privacy without talking about ethical issues. Information technologies continue to remain ahead of the law, new laws always have to be brought in to keep up with changing technologies. One can be following the law and at the same time being ethically wrong (Brande 2000). IT professional can build a website with a privacy statement in accordance with the law but at the same time place it where it is difficult for a user to read. In another scenario if a client asks an IT professional to develop a website, the IT professional could develop the website in accordance to current law, but failing to mention that some aspects such as cookies will be illegal in near future can be considered as morally and ethically wrong. IT professionals should not consider themselves as merely tools, but instead they should take into account the need to respect and protect privacy of all entities who will come into contact with the system being developed, arguably information technology professionals must have ethical training, because of the pervasive nature of IT (Kavanagh,2005). IT professionals must implement sound data management and security measures to protect vital organizational data, and to safeguard a customers personal information, encouraging a more stable consumer base (Brande 2000).
make sure computer professionals are aware of how their work may effect individuals (Johnson, 1985). Associations and organizations for IT professionals have begun to address the ethical side of the IT profession by introducing codes of practice, these codes are meant to guide members of these organizations in times of conflict and confusion (Grodzinsky 2000) and set out rules for current best practices, as needs and norms of society change with rapid changes in technology. Codes of ethics and practice are carefully written to safeguard public interests, concerns and their ethical rights. Codes of practice instruct information technology professionals about the standards society expect them to meet. Informing the public of these codes makes them aware of the responsibilities that are important to an IT professional, this could lead to increased public trust in the IT professional (Gotterbarn 1997). In the world of information technology trust is considered as a key differentiator that determines success or failure of companies over the Internet (Lauer, 2007 as cited in Urban, 2000).
CONCLUSION
Unlike
other
professions
such
as
physicians
and
attorneys
IT
professionals
do
not
have
standardized
training
requirements.
Many
IT
professionals
have
a
As
long
as
the
job
gets
done
approach
without
realizing
if
that
approach
will
effect
a
users
privacy
or
other
ethical
aspects
(Shinder,
2005).
Privacy
is
one
of
the
major
concerns
for
users,
surveys
have
shown
that
85%
of
adults
are
concerned
about
their
privacy
and
believe
it
was
very
important
that
they
had
control
over
who
could
access
their
personal
information
(Madden
et
al.
2007).
Information
privacy
concerns
greatly
influence
individuals
attitudes
to
be
profiled
and
their
preferences
for
regulatory
environments,
which
would
give
individuals
a
sense
of
security
and
comfort
when
coming
across
information
technologies
(Belanger
et
al.
2011).
Various
professional
information
technology
bodies
such
as
British
Computer
Society,
Association
For
Computing
Machinery,
Australian
Computer
Society
have
taken
a
notice
of
this
concern
and
added
privacy
provisions
in
their
codes
of
practice
(BCS,
ACM,
ACS)
and
make
sure
their
members
comply
with
this
provisions.
Adding
privacy
provisions
in
codes
of
practice
not
only
helps
the
members
of
public
in
identifying
IT
professionals
complying
with
privacy
provisions.
It
also
helps
IT
professionals
think
beyond
the
engineering
aspect
of
their
work,
making
them
consider
the
ethical
issues
of
their
work
and
how
it
would
affect
society,
considering
privacy
at
development
level
would
also
reduce
user
data
leakage
and
lead
to
more
secure
environment
since
the
IT
professional
will
not
just
think
of
getting
the
job
done
but
also
think
of
how
privacy
of
a
user
maybe
infringed
in
current
state
of
the
system
(Kavanagh,
2005),
over
all
increasing
publics
trust
in
the
IT
profession.
REFERENCES
Ackerman S (2009).Privacy in Pervasive Environments: Next Generation Labeling Protocols. Department of Electrical Engineering and Computer Science and School of Information. 1(1), p3. ACS (2011). Codes Of Professional Conduct And Practice. Available:http://www.acs.org.au/documents/codes/CodeofProfConductPractice.p df. Last Accessed Date:15/12/2011. ACM (2011). Codes Of Conduct. Available:http://www.acm.org/about/code-of- ethics . Last Accessed Date:15/12/2011. BCS (2011). Codes Of Practice. Available:http://www.bcs.org/upload/pdf/cop.pdf. Last Accessed Date:15/12/2011. Belanger France (2011).PRIVACY IN THE DIGITAL AGE: A REVIEW OF INFORMATION PRIVACY RESEARCH IN INFORMATION SYSTEMS. MIS Quarterly. 35(4), p1017-A36. Brande Julia (2000).Dirty Laundry: Privacy Issues for IT Professionals. IT Professional. 2(2), p51-54. Carr John (2009).Facebook's Beacon Extinguished. Information Today. 26(10), p44- 44. Culnan, M.J (2003).Consumer Privacy: Bal ancing Economic and Justice Considerations. Journal of Social Issues . 59(2), p323-342. Eirinaki Magdalini (2003).Web mining for web personalization . ACM Transactions on Internet Technology . 3(1), p1-27. Floridi Luciano (2010).The Cambridge Handbook of Information and Computer Ethics. 1 .UK: Cambridge University Press. p59 Frankel S (1989).Professional Codes: Why,How, and with What Impact ?. Journal of BusinessEthics. 8(1), p109-115. Gordon Keith (2011). The privacy conudrum. Available:http://www.bcs.org/content/ConWebDoc/17577. Last Accessed Date:15/12/2011.
Gotterbarn Don (1997).Software Engineering Code Of Ethics. Communication Of The ACM. 40(4), p110-118. Greengard Samuel (2008).Privacy Matters. Communication of the acm. 51(9), p17- 18. Greenway Chan (2005).Theoretical Explanations of Firms Information Privacy Behaviors. Journal of the Association for Information Systems. 6(6), p171-198. Grodzinky ES (2000).The Development Of The Ethical ICT Professional. Computers And Society. 1(1), p1-7. HANN IL-HORN (2007). Overcoming Online Information Privacy Concerns: An Information-Processing Theory Approach.. Journal of Management Information Systems. 24(2), p13-p42. Johnson Deborah (1985)..Computer Ethics. Computer Ethics. 1(1), p86-86. Kavanagh John (2005).T developers need to consider privacy implications of systems. Computer Weekly. 35(4), p50-50. Krishnamurthy Balachander (2008).Characterizing Privacy in Online Social Networks. ACM. 35(4), p. Kuo Feng (2007)... Journal of Business Ethics. 73(2), p145-160. Lauer Thomas (2007).Building online trust through privacy practices. International Journal of Information Security. 6(5), p323-331. Lee Dang (2011).CONSUMER PRIVACY CONCERNS IN PERSONALIZATION: A STRATEGIC ANALYSIS OF PRIVACY Leenes Rownald (2005).Code: Privacys Death or Saviour?. INTERNATIONAL REVIEW OF LAW COMPUTERS& TECHNOLOGY. 19(3), p329-340. McCreary Lew (2008).What Was Privacy?. Harvard Business Review. 86(10), p. Miller Seumas (2000).Privacy, the Workplace and the Internet. Journal of Business Ethics. 28(1), p255-265. Madden (2007). Digital Foot- prints: Online Identity Management and Search in the Age of Transparency. Available:http://pewinternet.org/Reports/2007/Digital- Footprints.aspx. Last Accessed Date:15/12/2011.
Malhotra (2004).Internet Users Information Privacy Concerns (IUIPC): The Construct, the Scale, anda Causal Model. Information Systems Research. 15(4), p336-355. Oliver Martin (2003).Using Organisational Safeguards to Make Justifiable Decisions when Processing Personal Data. IT Research in Developing Countries (SAICSIT 2003). 33(0), p275-284. Ozzy Effy (1993).Ethical Standardsfor Computer Professionals:A Comparative Analysis of Four Major Codes. Journal Journal ofBusiness Ethics. 12(1), p709-726. Rapoza Jim (2007).Facebook Beacon. eWeek. 24(38), p58-58. Regan Priscila (1986).Privacy. Government Information and technology. 1(0), p. Ryan Mark (2011).Cloud Computing Privacy Concerns on Our Doorstep. Communications of the ACM. 54(1), p36-38. Shinder Deb (2005). Ethical Issues for IT Security Professionals. Available:http://www.windowsecurity.com/articles/Ethical-Issues-IT-Security- Professionals.html. Last Accessed Date:15/12/2011. Smith H (1993).Privacy Policies and Practices: Inside the Organizational Maze. Communications of the ACM. 36(12), p105-122. Solove (2006).A Taxonomy of Privacy. University of Pennsylvania Law Review. 154(3), p477-560. Westin A (2003).Social and Political Dimensions Of Privacy. Journal of Social Issues. 59(2), p431-453.