ABC IT Company Case Study: Copyright, Ethics, and Privacy Analysis

Verified

Added on 2019/11/12

AI Summary

This assignment analyzes the ABC IT Company's policies on copyright, ethics, and privacy within an ICT environment. It examines the company's compliance with Australian Privacy Principles, data collection methods, and data security measures, including access controls, encryption, and risk management strategies. The assignment also addresses the ITPA Code of Ethics, focusing on complaint reporting, social responsibility, and staff conduct. It outlines grievance procedures for employees and the NIT Student Code of Conduct, emphasizing ethical behavior, academic integrity, and responsible use of resources. The analysis covers areas for policy improvement, such as clarifying data sharing restrictions and enhancing internal threat management. Furthermore, the assignment provides insights into data collection procedures, including the establishment of a steering committee, data collection methods, and database design, ensuring data security through encryption, authentication, and regular security testing.

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 1
Contribute to Copyright, Ethics and Privacy in an ICT Environment: ABC IT
Company Case
Name
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 2
Task 1
The ABC IT Company is obligated to ensure that the private information it holds about
clients and people, including names, addresses, ethnicity, contact details, and other personal
information, as outlined under the Australian Privacy principles
The ‘What do we collect’ policy of the ABC IT Company IT security policy matches to the NPP
(National Privacy Principles) One (Principle 1) that requires an elaborate definition of what
companies should do when collecting information and what they can collect, ABC IT Company
states that it collects data relevant to business dealings
 The company also complies with NPP 2 which requires a description of use and disclosure
of the collected information; ABC covers this under ‘Who Do We Disclose Information To?’
where it states that it (ABC) only discloses relevant information they collect to sub
contractors and suppliers
 ABC complies with NPP 3-4 on information quality and security under its principles under
‘How Do We Store The Data We Collect?’ and ‘How Do We Protect The Information We
Store? ‘
 ABC IT Company also complies with the NPP 5 under all its company security policies
where they disclose what they do with information, who can access it, and what information
is collected
 For NPP 6; access and correction; ABC company explicitly defines how the data is accessed
using authentication requirements on who can log on and access the stored information,
under the title ‘How Do We Protect The Information We Store?’
 For NPP7, ABC IT Company states under ‘What ABC IT Company Must Do’ that it must
comply with the Privacy Act of 1988 that defines rules for identifiers
 For NPP8, ABC describes how they deal with customers anonymously under its regulation
titled ‘How Do We Protect The Information We Store?’
 For NPP 9, ABC outlines the policies for transfers outside Australia under ‘How Do We
Protect The Information We Store?’
 ABC Complies with NPP 10 under the ‘How Do We Protect The Information We Store?’
policy
 The alterations I would make on their policy is to explicitly state that the information cannot
be shared outside the geographical borders of Australia to fully comply with NPP 9 and also
define how to assign clients ‘anonymous numbers’ to comply better with NPP 7 and 8.

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 3
 The policy by ABC addresses relevant security concerns, including restricted access
requiring authentication, measures to stop external exploitation such as malware attacks;
however, it is not exhaustive on how to handle internal threats and risks such as accidental
disclosure, although it does explain strict policies on how internal staff can handle the data/
information.
 Policies to add would include ensuring anonymity and better protocols to ensure internal
threats such as theft is restricted.
Task 2
ABC must identify issues and opportunities to collect data and all the relevant procedures,
practices as applicable to employees and other audience must be reviewed. The organizational
culture must be evaluated for best practices in data collection, including encryption of collected data
and using secure interfaces to collect this information.
The ABC company must select the opportunities and issues relevant to the information and
set goals for every category of data and ensure the data collected is relevant to needs/ uses
The next step requires planning an approach on how to collect the data and the methods to use in
collecting the data. This should define from who the data will be collected from, and understanding
issues like discrimination and categories of people to collect information from. Further, the persons
whose data is being collected must be informed why the data is being collected
The buy-in for the data should be obtained from senior management support and selecting a steering
group to be responsible for, and be consulted on all collected data and information.
The collected data should then be analyzed as well as interpreted
Establish policies for storage, access, and transfer of data to ensure it remains secure such as
through encryption and storing paper copies in secured rooms that require physical authentication to
access ('Office of the Australian Information Commissioner', 2015)
Task 3
In implementing the data collection procedure, a steering committee responsible for the data
was created and mandated to handle all the aspects of collecting the data. The team first established
data collection opportunities and defined the kind of information required to be collected and why
that data is necessary. The team then defined how the data was to be collected, starting from means
for capturing the information; the information was to be collected through an online portal and also
on-site where information was captured physically. The team also developed an online portal
through which customers would enter their details n an interactive manner, with an option for quick
help. The customers were detailed to why the information was necessary and given assurances that

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 4
the information would only be used for the specified purposes and that the information cannot be
shared, modified, or exchanged, without expressly getting the customers’ permission. The data
collection opportunity and methods for collection were used to develop a database that defined what
information was placed in the data base tables and in what order to ensure ease of access and
management. The data collected had security features implemented for transfer and storage; access
passwords from the internal infrastructure was restricted with two step authentication and these
access credentials encrypted. Further, the information was encrypted so that in the event of
accidental exposure or malicious theft, the person holding it cannot access the information without
the decryption information. The data was then secured by having backup and penetration tests
undertaken to ensure any risks to its access were identified and a risk management strategy
developed based on these tests. Realizing that there are continuous threats to this data, the risk
management strategy was developed in such a way that it was continuously updated and mitigation
measures also continuously updated ('Information technology professionals Association', 2017).
Task 4
The code of ethics regarding the ABC IT Company scenario on complaint reporting is
developed based on the ITPA (Information technology professionals Association) Code of Ethics.
For an internal staff wishes to report suspicious activity regarding data security by other staff
members, they have a portal to report such incidents. This information must be managed in
compliance with the ITPA code of ethics on privacy; the information must kept confidential to avoid
exposing the person making the report. Further, there must be cooperation with customers and even
staff; this will be achieved by complying with the code on cooperation that requires support for
fellow professionals in computing; this code requires the acknowledgement of community
responsibility necessary for ensuring the integrity of national and international network resources
Task 5
Social responsibility of the ITPA Code of ethics
To ensure that the understanding of the legal and social issues arising in computing
environments; including ensuring exploit risks are kept to a minimum and that any breaches to data
are reported appropriately and accordingly.
Full disclosure of any information collected, its use, and any breaches
All relevant codes for data security and ethical standards will be observed, including the
NPP and the ACS code of ethics
Cooperate with colleagues to enhance their personal and professional development
Task 6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 5
Grievance procedure at work
All aggrieved staff must directly communicate their grievances with their respective
supervisors; even when the complaint is about the supervisor, the employee must first make an
attempt to resolve the issue with the supervisor by requesting an informal meeting and if unable to
resolve the issue, then have it reported to HR
Complains directly touching on supervisor behavior that can result in disciplinary action, the
concerned staff should directly report to the HR department
The employee must use the procedure outlined below;
 Fill a relevant grievance form
 Communicate to ensure the matter is well understood
 The allegation form copy should be given to the person facing the complaint
 Mediation procedures should be planned to resolve the issue
 The matter must be investigated by relevant staff
 Employees must remain informed
 Formal decisions must be confidentially communicated
 Action should be taken to make sure the formal decision is implemented
 Appeals must be dealt with by collecting more information ('Office of the Australian
Infomation Commissioner', 2012)
Task 7
NIT Student Code of Conduct & Responsibilities
When undertaking their academic work, students must comply with this code by ensuring
their work is genuinely done by themselves and not plagiarized. Students must ensure all work they
borrow is referenced. Students must not engage in assisting other students with their academic
work, including helping them do assignments or any other academic tasks. Students must desist
from antagonistic behaviors, such as character assassination without following the due procedures.
Students must ensure they conduct themselves in a manner consistent with the institutions goals and
image; they must show respect to all staff and students as well as other stakeholders, including
visitors. The rights of others might be respected, including their rights to make complaints against
you. Unlawful, discriminatory, and unbecoming behavior, such as ethnic, religious, or cultural
intolerance and victimization must be avoided; this is to ensure the institution remains diverse in a
number of aspects, including cultural and ethnic diversity.

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 6
All NIT resources must be used ethically and responsibly, including educational and social
amenity resources. The actions of students must not cause any harm, damage, or destruction of NIT
resources and facilities. Students must not behave in a way that hampers the ability of other students
to enjoy and use NIT resources. Students must remain aware that any actions that go against the
code of conduct will have consequences

Running head: CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN ICT
ENVIRONMENT 7
References
'Information technology professionals Association'. (2017). Code of Ethics. Retrieved September
09, 2017, from https://www.itpa.org.au/code-of-ethics/
'Office of the Australian Infomation Commissioner'. (2012). Ten steps to protect other people’s
personal information. Retrieved September 9, 2017, from
https://www.oaic.gov.au/images/documents/privacy/privacy-resources/privacy-fact-
sheets/privacy-fact-sheet-07-10-steps-protect-personal-information.pdf
'Office of the Australian Infomation Commissioner'. (2015, July 28). Australian Privacy Principles -
Office of the Australian Information Commissioner (OAIC). Retrieved September 09, 2017,
from https://www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles