微信客服:xiaoxionga100
微信客服:ITCS521
ULO1-无代写
时间:2023-10-18
Introduction to Business
Information Systems
Seminar 11
Ethics, Privacy & Legal Issues
Unit Learning Objectives (ULO)
● ULO1: Key considerations of strategic business
contexts relevant to managing IT resources in an
organisation
● ULO4: Requirements for ongoing management of IT
infrastructure in an organisation
● ULO6: Understanding ethical and legal issues
2
Learning Objectives
Seminar Outline
• Ethics vs. Laws
• Ethical Theories & Ethical Decision Making
• Privacy, Personal Data & Data Breach
• Data Protection Legislations (GDPR, APPs, NDB,
PbD, PIA)
• Socio-political Impacts & Beyond (of Internet, Big Data
& AI)
• Ethical & Legal Challenges in Introducing BIS
Ethics vs. Law
Tzafestas, S. G. (2018). Ethics and law in the internet of things world. Smart cities, 1(1), 98-120.
Ethical Theories
https://www.youtube.com/watch?app=desktop&v=Uw7W1PpnbZQ
Ethical Decision Making
Schultze, U., & Mason, R. O. (2018). Managing the risks of big data at MyTelco: taking ethics seriously. Journal of Information Technology
Teaching Cases, 8(1), 1-8.
Privacy, Personal Data & Data Breach
United Nations Universal Declaration of Human Rights
“Personal data — Personal data is any information
that relates to an individual who can be directly or
indirectly identified. Names and email addresses
are obviously personal data. Location information,
ethnicity, gender, biometric data, religious beliefs,
web cookies, and political opinions can also be
personal data. Pseudonymous data can also fall
under the definition if it’s relatively easy to ID
someone from it.” https://gdpr.eu/what-is-gdpr/
The General Data Protection Regulation (GDPR)
● General Data Protection
Regulation (GDPR) a
baseline for data privacy and
global compliance,
● The personal data of EU
citizens or residents, even if
you’re not in the EU.
● Non-compliance two tiers
penalty for non-compliance:
- max out at €20 million or
4% of global revenue
(whichever is higher),
- plus data subjects have
the right to seek
compensation for
damages. https://unichrone.com/blog/gdpr/what-are-the-7-principles-of-gdpr/
Australian Privacy Act & Privacy Principles
Personal information refer to "information or an opinion,
whether true or not, and whether recorded in a material
form or not, about an identified individual, or an individual
who is reasonably identifiable."
- people's names, photos, DoB, addresses, email IDs,
signatures, phone numbers.
Sensitive information is different to personal
information,
- sexual preference, political opinion, religious
affiliation
Australian Privacy Act (1988) regulates how businesses
use personal data. As part of the Act, 13 Australian
Privacy Principles (APPs) apply
▪ Breaches are reported to the Office of the Australian
Information Commissioner (OAIC).
▪ Businesses with annual turnover of >= A$3 million
▪ Healthcare providers, government agencies
▪ Non-compliance penalty of up to $2.1 million for
corporate bodies and $360,000 for non-corporate
bodies (including government
departments/agencies)https://ovic.vic.gov.au/privacy/resources-for-organi
sations/information-privacy-principles-short-guide/
Notifiable Data Breaches (NDB) Scheme
Notifiable Data Breach Scheme (effective from 22nd
Feb., 2018) mandates
- Notification of a data breach occurance in an
organisation,
- To the Office of the Australian Information
Commissioner
- To the affected individuals
An eligible data breach occurs when:
- there is loss of, unauthorised access to, or
unauthorised disclosure of, personal information
- which is likely to result in serious harm
- remedial action has not been taken to prevent
such risk of harm
- generally, an organisation has 30 days to assess
the harms caused by data breach
Impact to business:
– brand damage and loss of customer trust.
Non-compliance penalty: Fines up to $2.1 million
Example of data breach fines on global companies:
https://www2.cio.com.au/article/668163/biggest-data-br
each-fines-penalties-settlements-far/
https://www.youtube.com/watch?v=GwbUz
QYYvRE
Privacy by Design & Privacy Impact
Assessment ● Privacy by Design (PbD) is an internationally
accepted framework for privacy protection.
● Proactive vs. reactive approach of privacy
protection
● In-built privacy protection at all stages (e.g., in
the conception, development, implementation
phases) of organisational initiatives or
decision-making process
PIA process step by step
Internet: Socio-political Impacts & Beyond
Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems. Journal on Interactive Systems, 12(1), 69-82.
Artificial Intelligence: Socio-political Impacts & Beyond
Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems. Journal on Interactive Systems, 12(1), 69-82.
Big Data: Socio-political Impacts & Beyond
Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems. Journal on Interactive Systems, 12(1), 69-82.
Ethical & Legal Challenges in Introducing BIS
Data Privacy and Security:
▪ Mishandling or data breaches can lead to significant harm to individuals and organizations.
▪ Compliance with data protection laws (e.g., APPs, NDB, GDPR, etc.) is mandatory. Failure to do so can result in
substantial fines and legal consequences.
Accountability and Transparency:
▪ Lack of accountability can lead to injustice. It is ethically imperative that stakeholders can understand and explain the
reasoning behind automated decisions to build trust.
▪ Legal frameworks need to address liability issues, especially when AI or autonomous systems make critical decisions.
Job Displacement and Economic Impact:
▪ The adoption of advanced technologies can lead to job displacement, affecting the livelihoods of workers.
▪ Governments may need to address this issue through labor laws, workforce retraining programs, and social safety nets.
Bias and Fairness:
▪ Advanced technologies, such as machine learning algorithms, may inadvertently perpetuate biases present in historical
data, leading to unfair or discriminatory outcomes.
▪ Discriminatory algorithms can result in lawsuits and regulatory penalties. Ensuring fairness and transparency in
algorithmic decision-making is increasingly becoming a legal requirement.
Surveillance and Control:
▪ Widespread surveillance and control through technology can infringe on civil liberties and individual freedoms.
▪ Governments and regulatory bodies may need to strike a balance between security and privacy through legislation and
oversight.
Tackling Ethical & Legal Challenges in Introducing BIS
Ethical considerations and compliance with data protection regulations:
▪ Establish an ethics committee, develop a code of ethics or conduct for employees involved in information system
adoption.
▪ Identify and understand the relevant data protection regulations in organisation’s own jurisdiction (e.g., APPs, GDPR,
NDB, etc.) and ensure compliance with them.
Security Measures:
▪ Implement robust cybersecurity measures to protect data from unauthorized access, breaches, and cyberattacks.
Conduct regular security audits and penetration testing to identify vulnerabilities.
Privacy Impact Assessment (PIA):
▪ Conduct a Privacy Impact Assessment to identify and mitigate privacy risks associated with the information system.
Document the PIA process and make necessary adjustments based on its findings.
Data Retention and Deletion:
▪ Establish clear data retention and deletion policies in accordance with legal requirements. Ensure that data is deleted
when it is no longer needed for the specified purposes.
Incident Response Plan:
▪ Develop an incident response plan to address data breaches and security incidents promptly and effectively. Report
data breaches to regulatory authorities and affected individuals as required by law.
Supplier and Vendor Assessments:
▪ Assess the data handling practices of third-party suppliers and vendors to ensure they comply with your organization's
standards and legal requirements.
Training and Awareness:
▪ Train employees and contractors on data protection laws, ethical guidelines, and best practices. Foster a culture of data
privacy and security within the organisation.
Summary
Today, we have discussed:
• Ethics & legal challenges in introducing BIS
• How to handle those challenges
Week 12 : Final Seminar
• Research insight in IS, Unit revision & Exam tips.
References
● Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems.
Journal on Interactive Systems, 12(1), 69-82.
● Schultze, U., & Mason, R. O. (2018). Managing the risks of big data at MyTelco: taking
ethics seriously. Journal of Information Technology Teaching Cases, 8(1), 1-8.
● Tzafestas, S. G. (2018). Ethics and law in the internet of things world. Smart cities, 1(1),
98-120.
● Mingers, J., & Walsham, G. (2010). Toward ethical information systems: The contribution of
discourse ethics. MIS quarterly, 833-854.
● Anderson, J. G. (2007). Social, ethical and legal barriers to e-health. International journal of
medical informatics, 76(5-6), 480-483.
● Laudon, K. C. (1995). Ethical concepts and information technology. Communications of the
ACM, 38(12), 33-39.
Information Systems
Seminar 11
Ethics, Privacy & Legal Issues
Unit Learning Objectives (ULO)
● ULO1: Key considerations of strategic business
contexts relevant to managing IT resources in an
organisation
● ULO4: Requirements for ongoing management of IT
infrastructure in an organisation
● ULO6: Understanding ethical and legal issues
2
Learning Objectives
Seminar Outline
• Ethics vs. Laws
• Ethical Theories & Ethical Decision Making
• Privacy, Personal Data & Data Breach
• Data Protection Legislations (GDPR, APPs, NDB,
PbD, PIA)
• Socio-political Impacts & Beyond (of Internet, Big Data
& AI)
• Ethical & Legal Challenges in Introducing BIS
Ethics vs. Law
Tzafestas, S. G. (2018). Ethics and law in the internet of things world. Smart cities, 1(1), 98-120.
Ethical Theories
https://www.youtube.com/watch?app=desktop&v=Uw7W1PpnbZQ
Ethical Decision Making
Schultze, U., & Mason, R. O. (2018). Managing the risks of big data at MyTelco: taking ethics seriously. Journal of Information Technology
Teaching Cases, 8(1), 1-8.
Privacy, Personal Data & Data Breach
United Nations Universal Declaration of Human Rights
“Personal data — Personal data is any information
that relates to an individual who can be directly or
indirectly identified. Names and email addresses
are obviously personal data. Location information,
ethnicity, gender, biometric data, religious beliefs,
web cookies, and political opinions can also be
personal data. Pseudonymous data can also fall
under the definition if it’s relatively easy to ID
someone from it.” https://gdpr.eu/what-is-gdpr/
The General Data Protection Regulation (GDPR)
● General Data Protection
Regulation (GDPR) a
baseline for data privacy and
global compliance,
● The personal data of EU
citizens or residents, even if
you’re not in the EU.
● Non-compliance two tiers
penalty for non-compliance:
- max out at €20 million or
4% of global revenue
(whichever is higher),
- plus data subjects have
the right to seek
compensation for
damages. https://unichrone.com/blog/gdpr/what-are-the-7-principles-of-gdpr/
Australian Privacy Act & Privacy Principles
Personal information refer to "information or an opinion,
whether true or not, and whether recorded in a material
form or not, about an identified individual, or an individual
who is reasonably identifiable."
- people's names, photos, DoB, addresses, email IDs,
signatures, phone numbers.
Sensitive information is different to personal
information,
- sexual preference, political opinion, religious
affiliation
Australian Privacy Act (1988) regulates how businesses
use personal data. As part of the Act, 13 Australian
Privacy Principles (APPs) apply
▪ Breaches are reported to the Office of the Australian
Information Commissioner (OAIC).
▪ Businesses with annual turnover of >= A$3 million
▪ Healthcare providers, government agencies
▪ Non-compliance penalty of up to $2.1 million for
corporate bodies and $360,000 for non-corporate
bodies (including government
departments/agencies)https://ovic.vic.gov.au/privacy/resources-for-organi
sations/information-privacy-principles-short-guide/
Notifiable Data Breaches (NDB) Scheme
Notifiable Data Breach Scheme (effective from 22nd
Feb., 2018) mandates
- Notification of a data breach occurance in an
organisation,
- To the Office of the Australian Information
Commissioner
- To the affected individuals
An eligible data breach occurs when:
- there is loss of, unauthorised access to, or
unauthorised disclosure of, personal information
- which is likely to result in serious harm
- remedial action has not been taken to prevent
such risk of harm
- generally, an organisation has 30 days to assess
the harms caused by data breach
Impact to business:
– brand damage and loss of customer trust.
Non-compliance penalty: Fines up to $2.1 million
Example of data breach fines on global companies:
https://www2.cio.com.au/article/668163/biggest-data-br
each-fines-penalties-settlements-far/
https://www.youtube.com/watch?v=GwbUz
QYYvRE
Privacy by Design & Privacy Impact
Assessment ● Privacy by Design (PbD) is an internationally
accepted framework for privacy protection.
● Proactive vs. reactive approach of privacy
protection
● In-built privacy protection at all stages (e.g., in
the conception, development, implementation
phases) of organisational initiatives or
decision-making process
PIA process step by step
Internet: Socio-political Impacts & Beyond
Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems. Journal on Interactive Systems, 12(1), 69-82.
Artificial Intelligence: Socio-political Impacts & Beyond
Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems. Journal on Interactive Systems, 12(1), 69-82.
Big Data: Socio-political Impacts & Beyond
Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems. Journal on Interactive Systems, 12(1), 69-82.
Ethical & Legal Challenges in Introducing BIS
Data Privacy and Security:
▪ Mishandling or data breaches can lead to significant harm to individuals and organizations.
▪ Compliance with data protection laws (e.g., APPs, NDB, GDPR, etc.) is mandatory. Failure to do so can result in
substantial fines and legal consequences.
Accountability and Transparency:
▪ Lack of accountability can lead to injustice. It is ethically imperative that stakeholders can understand and explain the
reasoning behind automated decisions to build trust.
▪ Legal frameworks need to address liability issues, especially when AI or autonomous systems make critical decisions.
Job Displacement and Economic Impact:
▪ The adoption of advanced technologies can lead to job displacement, affecting the livelihoods of workers.
▪ Governments may need to address this issue through labor laws, workforce retraining programs, and social safety nets.
Bias and Fairness:
▪ Advanced technologies, such as machine learning algorithms, may inadvertently perpetuate biases present in historical
data, leading to unfair or discriminatory outcomes.
▪ Discriminatory algorithms can result in lawsuits and regulatory penalties. Ensuring fairness and transparency in
algorithmic decision-making is increasingly becoming a legal requirement.
Surveillance and Control:
▪ Widespread surveillance and control through technology can infringe on civil liberties and individual freedoms.
▪ Governments and regulatory bodies may need to strike a balance between security and privacy through legislation and
oversight.
Tackling Ethical & Legal Challenges in Introducing BIS
Ethical considerations and compliance with data protection regulations:
▪ Establish an ethics committee, develop a code of ethics or conduct for employees involved in information system
adoption.
▪ Identify and understand the relevant data protection regulations in organisation’s own jurisdiction (e.g., APPs, GDPR,
NDB, etc.) and ensure compliance with them.
Security Measures:
▪ Implement robust cybersecurity measures to protect data from unauthorized access, breaches, and cyberattacks.
Conduct regular security audits and penetration testing to identify vulnerabilities.
Privacy Impact Assessment (PIA):
▪ Conduct a Privacy Impact Assessment to identify and mitigate privacy risks associated with the information system.
Document the PIA process and make necessary adjustments based on its findings.
Data Retention and Deletion:
▪ Establish clear data retention and deletion policies in accordance with legal requirements. Ensure that data is deleted
when it is no longer needed for the specified purposes.
Incident Response Plan:
▪ Develop an incident response plan to address data breaches and security incidents promptly and effectively. Report
data breaches to regulatory authorities and affected individuals as required by law.
Supplier and Vendor Assessments:
▪ Assess the data handling practices of third-party suppliers and vendors to ensure they comply with your organization's
standards and legal requirements.
Training and Awareness:
▪ Train employees and contractors on data protection laws, ethical guidelines, and best practices. Foster a culture of data
privacy and security within the organisation.
Summary
Today, we have discussed:
• Ethics & legal challenges in introducing BIS
• How to handle those challenges
Week 12 : Final Seminar
• Research insight in IS, Unit revision & Exam tips.
References
● Santoro, F. M., & da Costa, R. M. E. M. (2021). Towards ethics in information systems.
Journal on Interactive Systems, 12(1), 69-82.
● Schultze, U., & Mason, R. O. (2018). Managing the risks of big data at MyTelco: taking
ethics seriously. Journal of Information Technology Teaching Cases, 8(1), 1-8.
● Tzafestas, S. G. (2018). Ethics and law in the internet of things world. Smart cities, 1(1),
98-120.
● Mingers, J., & Walsham, G. (2010). Toward ethical information systems: The contribution of
discourse ethics. MIS quarterly, 833-854.
● Anderson, J. G. (2007). Social, ethical and legal barriers to e-health. International journal of
medical informatics, 76(5-6), 480-483.
● Laudon, K. C. (1995). Ethical concepts and information technology. Communications of the
ACM, 38(12), 33-39.
