ICTICT418 Contribute to copyright, ethics and privacy in an ICT environment

Added on - 12 Nov 2019

  • ICTICT418

    Course

  • 7

    Pages

  • 1863

    Words

  • 106

    Views

  • 0

    Downloads

Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 3 of 7 pages
Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICTENVIRONMENT1Contribute to Copyright, Ethics and Privacy in an ICT Environment: ABC ITCompany CaseNameDate
Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICTENVIRONMENT2Task 1The ABC IT Company is obligated to ensure that the private information it holds aboutclients and people, including names, addresses, ethnicity, contact details, and other personalinformation, as outlined under the Australian Privacy principlesThe ‘What do we collect’ policy of the ABC IT Company IT security policy matches to the NPP(National Privacy Principles) One (Principle 1) that requires an elaborate definition of whatcompanies should do when collecting information and what they can collect, ABC IT Companystates that it collects data relevant to business dealingsThe company also complies with NPP 2 which requires a description of use and disclosureof the collected information; ABC covers this under ‘Who Do We Disclose Information To?’where it states that it (ABC) only discloses relevant information they collect to subcontractors and suppliersABC complies with NPP 3-4 on information quality and security under its principles under‘How Do We Store The Data We Collect?’ and ‘How Do We Protect The Information WeStore? ‘ABC IT Company also complies with the NPP 5 under all its company security policieswhere they disclose what they do with information, who can access it, and what informationis collectedFor NPP 6; access and correction; ABC company explicitly defines how the data is accessedusing authentication requirements on who can log on and access the stored information,under the title ‘How Do We Protect The Information We Store?’For NPP7, ABC IT Company states under ‘What ABC IT Company Must Do’ that it mustcomply with thePrivacy Act of 1988 that defines rules for identifiersFor NPP8, ABC describes how they deal with customers anonymously under its regulationtitled ‘How Do We Protect The Information We Store?’For NPP 9, ABC outlines the policies for transfers outside Australia under ‘How Do WeProtect The Information We Store?’ABC Complies with NPP 10 under the ‘How Do We Protect The Information We Store?’policyThe alterations I would make on their policy is to explicitly state that the information cannotbe shared outside the geographical borders of Australia to fully comply with NPP 9 and alsodefine how to assign clients ‘anonymous numbers’ to comply better with NPP 7 and 8.
Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICTENVIRONMENT3The policy by ABC addresses relevant security concerns, including restricted accessrequiring authentication, measures to stop external exploitation such as malware attacks;however, it is not exhaustive on how to handle internal threats and risks such as accidentaldisclosure, although it does explain strict policies on how internal staff can handle the data/information.Policies to add would include ensuring anonymity and better protocols to ensure internalthreats such as theft is restricted.Task 2ABC must identify issues and opportunities to collect data and all the relevant procedures,practices as applicable to employees and other audience must be reviewed. The organizationalculture must be evaluated for best practices in data collection, including encryption of collected dataand using secure interfaces to collect this information.The ABC company must select the opportunities and issues relevant to the information andset goals for every category of data and ensure the data collected is relevant to needs/ usesThe next step requires planning an approach on how to collect the data and the methods to use incollecting the data. This should define from who the data will be collected from, and understandingissues like discrimination and categories of people to collect information from. Further, the personswhose data is being collected must be informed why the data is being collectedThe buy-in for the data should be obtained from senior management support and selecting a steeringgroup to be responsible for, and be consulted on all collected data and information.The collected data should then be analyzed as well as interpretedEstablish policies for storage, access, and transfer of data to ensure it remains secure such asthrough encryption and storing paper copies in secured rooms that require physical authentication toaccess ('Office of the Australian Information Commissioner', 2015)Task 3In implementing the data collection procedure, a steering committee responsible for the datawas created and mandated to handle all the aspects of collecting the data. The team first establisheddata collection opportunities and defined the kind of information required to be collected and whythat data is necessary. The team then defined how the data was to be collected, starting from meansfor capturing the information; the information was to be collected through an online portal and alsoon-site where information was captured physically. The team also developed an online portalthrough which customers would enter their details n an interactive manner, with an option for quickhelp. The customers were detailed to why the information was necessary and given assurances that
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document