HC2121 Comparative Business Ethics: Commonwealth Bank Data Breach

Verified

Added on 2023/06/12

AI Summary

This essay provides a comparative analysis of business ethics and social responsibility, focusing on the Commonwealth Bank of Australia (CBA) data breach case. It outlines the ethical issues arising from the breach, including concerns about corporate governance, social responsibility, and the erosion of public trust. The essay evaluates the appropriateness of the ethical decisions made by CBA, contrasting them with other ethical cases. Furthermore, it applies ethical decision-making frameworks, particularly the justice theory, to suggest a more ethical course of action. The essay also emphasizes the importance of corporate social responsibility and corporate citizenship in maintaining stakeholder trust and rectifying past ethical lapses. The analysis incorporates information from a news article in the Australian Financial Review, highlighting the challenges CBA faces in managing data security and restoring its reputation. The paper concludes by advocating for transparent communication and adherence to data security laws to rebuild public confidence.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

RUNNING HEAD: Comparative Business Ethics and Social Responsibility
Comparative Business Ethics and Social Responsibility

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Comparative Business Ethics and Social Responsibility 1
Introduction
In the current business environment every organization initiates the business process in such a
way that they do not harm the interest of stakeholders, instead keep them satisfied with their
corporate social responsibilities. The company uses their differential culture and values to define
ethics for the organization. Ethical issue in business is the issue that is caused in the organization
if the employees breach the moral values present in the environment. The business ethics is
typically concerned with the moral judgment of the rightness and wrongness of an event caused
by a person. These decision or activities initiated in the organization may be implemented by the
people but it affects to the stakeholders and the society at large. The corporate social
responsibilities help an organization to run sustainably in the business environment by increasing
the satisfaction level of the customers (Vaughn 2015).
A news article from the Australia financial Review is selected for the analysis of the ethical
issue. The article was presented on the issue of Commonwealth Bank (CBA) when they were
held liable for data breach of around 19 million accounts. The Commonwealth Bank is one of
most renowned bank worldwide that is being confronted for facing difficulty in managing the
data security in the organization. This issue is hampering the reputation of the bank due to
information breach scandal. The management of Commonwealth bank stated that they are facing
the issue data security; also the organization has lost financial information of its 20 million
account holders. But they also claimed that the account security of the account holders has not
been compromised by the organization. The information that was leaked only included the
customer names, account numbers, address and transaction details from 2000 to 2016. Any
information that can hamper the interest of the customer was not leaked. Further, the latter part
of the essay discusses about the ethical decision making process in accordance to the
philosophies identified in the system (Duarte, and Hanstad 2016).
Ethical issue in business and decision making
It has become one of the most important tasks for the organization to initiate their business
activities in such a way that it aligns to the interest of stakeholders in the society. The company
should always stick to their values and commitment made by them with respect to the customers
present in the society. Further, the essay represents the unethical act implemented in the society

Comparative Business Ethics and Social Responsibility 2
by the Commonwealth Bank of Australia. The company has faced difficulty in managing the
privacy of the account records of the account holders of the company specifically 9.8 million
people (Smith 2018). The information was stored in the two magnetic tapes that were to be
damaged by the subcontractor in the year 2016. The company has issued the statement that the
unethical cause that been implemented from their end and they are under strict investigation for
the cause of this event (Chell, et. al., 2016). All the information starting from the name of
accountholders, account number, transactions done from 2000 to 2016, address was leaked by
the company account by the magnetic tape. The subcontractor Fuji-Xerox was asked to discard
the tape by damaging it so that no person can make illicit use of it.
Further, it should be noted that the Commonwealth ban is under severe threat of disposing their
image because of the unethical act implemented by the company that resulted in harming the
interest of the customers present in the environment. This act resulted in data breach and security
threat for the accountholders of the bank. As the bank was unable to destroy the tape that
included all the information about the customers, due to which it was being unethically used by
some unknown source. It should be noted that the bank does have a standard and ethical format
to store all the information and discard it properly as well (Kolk 2016). It is important for the
organization to keep the interest of the stakeholder aligned with the activities of the company as
this act has made the customer feel unsecure for their account. Also, the customers have started
receiving messages for the balance of their account due to the ineffective damaged control in stir
of revelation. In response to the ethical issue, the company issued the statement that the
information that is being leaked in the environment is partial information that is used by the
company to issue financial and periodical statements of the customer. No person can make use of
this information to give into action for their fraudulent activities because the information is not
enough (Hartman, DesJardins, and MacDonald 2014).
Further, it was also stated by the company that the information breached does not include the
PIN or password of any customer’s account. This act stated that the bank is unable to properly
comply with the security requirements of the clients. The company breached one of the most
major social requirements or organizational legislation that is to keep the information of clients
secret. In regard to which, the company is also facing various allegations and proceedings under
the Data Protection Laws implemented in the environment (Sabag, and Schmitt 2016). Public

Comparative Business Ethics and Social Responsibility 3
trust is being hampered along with the privacy and security of the sensitive information about the
clients. The company is now facing several issues relating to their image as the Australian
Prudential Regulation Authority also stated that the company has now fallen from the grace, and
is badly eroded. Also, the Buzzfeed News stated that the company has introduced a team to mend
the missing tape and this project has been named as ‘Project Chesapeake’ (Smith 2018). After
having this attractive name for the project, the company was unable to track any information
related to the unethical event. The Office of Australian Information Commissioner (OAIC) is
now having conversation with the bank in order to attain proper information about the case. In
response to the enquiry made, the company also stated that they are unable to assure the
demolition of the two tapes having information about the customers. This unethical effect made
by the company Commonwealth bank has spread awareness in the banking industry with
response to the ethics and the responsibility of the banks towards their customers. Further, it is
the responsibility to inform the customers about the unethical act implemented by them (Crane,
and Matten 2016).
The bank should adopt more initiatives to secure the position of the company and manage the
corporate social responsibilities as well. The CSR activities and the act of corporate citizenship
activity should be initiated by the company in such a way that the organization completely
satisfies the customers without hurting their interest (Pearson 2017). As discussed above that the
organization has shattered the trust of the stakeholders of the company due to waiving their roles
and responsibilities present in the environment and not acting according to the rules and
guidelines of the company. Now the people of the company believe that the organization has
broken their trust and not fulfilled their responsibilities against them in the environment. The
customers feel that the company has not acted according to the guidelines formed by them and
breached their interest by levying the data security responsibility (Andriof, and McIntosh 2017).
Thus, subsequently the satisfaction of the customers is reduced in the market due to the loss of
confidential information about the customers in the market without their consent. As the
company is unable to fulfill their corporate social responsibility and corporate citizenship, they
lost the trust of their customers on their activities. In order to rectify the past mistakes made by
them in the environment, the organization has initiated various steps as well (Jizi, et. al., 2014).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Comparative Business Ethics and Social Responsibility 4
The company is again aiming to develop its reputation among the stakeholders present in the
market. Thus, it should be noted that the company is strongly facing the issues in ethical
breaching the data of clients stored with them. The company has failed to initiate certain actions
that were initiated with respect to maintain signified image in the market. The company needed
to dispose off the tape that included such information about the clients, but due to non-
performance of this event the company is now facing severe penalties and ethical case with them
(Den Hond, de Bakker, and Neergaard 2016). The company is now performing several events to
keep the customers interested in their activities and satisfy them as well. Although, this process
will take time but the company will again achieve the trust of the customers if they regularly
perform their corporate responsibilities in the environment. Further, from the information gained
from the article it should be noted that the Bank has initiated a good decision by publicizing the
data breach event to the public socially. The head of the company issued a video stating the
event, how it happened and the new security principles made and implemented by them as well.
In order to maintain their dignified image in the market, the company now aims to comply with
all the rules, laws and legislations presented in the Data Security Laws for the banking sector
(Trevino, and Nelson 2016).
Ethical decision making framework
The CBA should make use of the below presented format of ethical decision making process to
initiate an effective and ethical decision in the environment. The ethical decision making process
includes the use of moral philosophies along with the theory of ethics that the company can use
to make an ethical decision in the environment. The process is explained below:
Identification of ethical issue: Under this process, the company needs to initially identify the
issue that is related to the breachment of ethical rules and guidelines present in the environment.
In news article stated that the company CBA is facing the issue of data breach under which they
have failed to secure the sensitive information of 20 million accountholders of thee company
(Amartya 2017).
Gathering of information: After identifying the ethical issue caused with them, the company
needs to gather all the information related to the case. They need to identify different rules and

Comparative Business Ethics and Social Responsibility 5
guidelines related to the effect of data breaching and reducing security of customers (Cheng,
Ioannou, and Serafeim, 2014).
Analysis of data: after gathering information the company needs to analyze the gathered
information with assistance of the regulators and banking authorities. After analyzing the event, t
was found out that the company has not destroyed the tape in which all such information about
the company was stored. This process resulted in leakage of the personal information of the
clients (19.8 million specifically).
Consideration of Alternative: The Company had conversation about the case with many officials
and experts for suggesting a better way to manage the issue. This step provides strict principles,
rules and guidelines to the company for regaining the public trust.
Make a decision: After analyzing all the options in the above mentioned case, the company needs
to choose the best decision that is fit for their organization and will help them to maintain their
image ethically and sustainably. The company can make use of the justice theory of ethics to
initiate an ethical decision in the organization. The justice theory explains that the person should
initiate a decision in the society on the basis of providing equality in the environment. The
justice theory initiates equality in the decision making process, the decision should not harm he
interest of the stakeholders present in the society. According to this policy the company should
initiate a decision that is fair and justified in the environment; the decision should not harm the
interest of any person or create inequality (Saeidi, et. al., 2015).
Implementation of decision: After making the decision on the basis of moral approaches, the
company should implement that decision in their business process to implement corporate
citizenship.
Conclusion
Thus, in the limelight of above mentioned events, it should be noted that the companies present
in the environment should strictly follow their corporate social responsibility in order to maintain
the trust off customers present in the environment. The above mentioned essay outlines the
ethical issue of data breach issue in the company Commonwealth Bank. It also explains the

Comparative Business Ethics and Social Responsibility 6
reason of occurring of the event and the ways in which the company can take adequate ethical
decisions to mitigate its effect.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Comparative Business Ethics and Social Responsibility 7
References
Amartya, S., 2017. What do we want from a theory of justice?. In Theories of Justice (pp. 27-
50). Routledge.
Andriof, J. and McIntosh, M. eds., 2017. Perspectives on corporate citizenship. Routledge.
Chell, E., Spence, L.J., Perrini, F. and Harris, J.D., 2016. Social entrepreneurship and business
ethics: Does social equal ethical?. Journal of business ethics, 133(4), pp.619-625.
Cheng, B., Ioannou, I. and Serafeim, G., 2014. Corporate social responsibility and access to
finance. Strategic Management Journal, 35(1), pp.1-23.
Crane, A. and Matten, D., 2016. Business ethics: Managing corporate citizenship and
sustainability in the age of globalization. Oxford University Press.
Den Hond, F., de Bakker, F.G. and Neergaard, P., 2016. Introduction to managing corporate
social responsibility in action: Talking, doing and measuring. In Managing Corporate Social
Responsibility in Action (pp. 15-26). Routledge.
Duarte, M. and Hanstad, T.I., 2016. Realizing global justice: Theory and practice. Etikk i
praksis-Nordic Journal of Applied Ethics, 10(2), pp.1-10.
Hartman, L.P., DesJardins, J.R. and MacDonald, C., 2014. Business ethics: Decision making for
personal integrity and social responsibility. New York: McGraw-Hill.
Jizi, M.I., Salama, A., Dixon, R. and Stratling, R., 2014. Corporate governance and corporate
social responsibility disclosure: Evidence from the US banking sector. Journal of Business
Ethics, 125(4), pp.601-615.
Kolk, A., 2016. The social responsibility of international business: From ethics and the
environment to CSR and sustainable development. Journal of World Business, 51(1), pp.23-34.
Pearson, R., 2017. Business ethics as communication ethics: Public relations practice and the
idea of dialogue. In Public relations theory (pp. 111-131). Routledge.

Comparative Business Ethics and Social Responsibility 8
Sabag, Ḳ. and Schmitt, M. eds., 2016. Handbook of social justice theory and research (pp. 10-
14). New York, NY: Springer.
Saeidi, S.P., Sofian, S., Saeidi, P., Saeidi, S.P. and Saaeidi, S.A., 2015. How does corporate
social responsibility contribute to firm financial performance? The mediating role of competitive
advantage, reputation, and customer satisfaction. Journal of Business Research, 68(2), pp.341-
350.
Smith, P., 2018. Commonwealth Bank under fire again for data breach of 19m accounts [online].
Available from < http://www.afr.com/technology/web/security/commonwealth-bank-admits-
customer-data-breach-affecting-19-million-accounts-20180502-h0zkh7> Accessed on 25 May
2018.
Trevino, L.K. and Nelson, K.A., 2016. Managing business ethics: Straight talk about how to do
it right. John Wiley & Sons.
Vaughn, L., 2015. Doing ethics: Moral reasoning and contemporary issues. WW Norton &
Company.

Comparative Business Ethics and Social Responsibility 9
Appendices
Commonwealth Bank under fire
again for data breach of 19m
accounts
In a statement the bank said it had confirmed there was no evidence of
suspicious activity involving the 19.8 million accounts affected following the
incident. Wayne Taylor
Commonwealth Bank of Australia is facing renewed focus on its internal
governance procedures after admitting it lost backup data for more than 15
years of customer statements in 2016, affecting almost 20 million accounts,
and decided against telling customers.
The CBA's acting group executive for retail banking services, Angus
Sullivan, was forced to issued a video statement confiming the damaging
potential data breach after a media report exposed details of the incident on
Wednesday.
The report found that CBA had commissioned Fuji Xerox to decommission
one of its data storage centres, which was supposed to include the
destruction of backup magnetic tape drives that contained financial
statements.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Comparative Business Ethics and Social Responsibility 10
However the bank later realised it didn't have the certificate to prove the
tapes had been destroyed, which would normally have been produced. It
then failed to find any trace of the missing tapes in a search, before
concluding that they had probably been destroyed in the first place.
In a bid to locate the tapes the bank reportedly formed an internal task
force called "Project Chesapeake," and commissioned KPMG to conduct a
forensic investigation into the incident.
One of the avenues of investigation undertaken was based on the notion
that the tapes could have fallen off the truck taking them to be destroyed.
However retracing the route of the truck and looking alongside the road
proved fruitless.
Mr Sullivan assured customers their information had not been compromised
and that no action was required in terms of changing account details or PIN
numbers.
In a statement posted to the ASX the bank said it had confirmed there was
no evidence of suspicious activity involving the 19.8 million accounts
affected following the incident.
"The tapes contained customer names, addresses, account numbers and
transaction details from 2000 to early 2016. The tapes did not contain
passwords, PINs or other data which could be used to enable account
fraud," the statement said.
"The bank immediately put in place monitoring mechanisms to further
protect customers. The 2016 incident was not cyber-related and there has
been no compromise of CBA's technology platforms, systems, services, apps
or websites," the CBA statement said.
'Incidents like this are not acceptable'
Mr Sullivan said CBA took the protection of customers' data very seriously,
and conceded the incident was not acceptable.
"I want to assure our customers that we have taken the steps necessary to
protect their information and we apologise for any concern this incident
may cause," he said.
He added that the relevant regulators were informed in 2016 but that the
bank had decided it was not necessary to alert customers after discussion
with the Office of the Australian Information Commissioner (OAIC).

Comparative Business Ethics and Social Responsibility 11
However, BuzzFeed reported the OAIC was making further inquiries into
the incident, following a report by the banking regulator that slammed the
bank for its "widespread sense of complacency".
The Australian Prudential Regulation Authority said on Tuesday that
community trust in Australia's banks had been "badly eroded" and CBA had
failed to meet expectations and "fallen from grace".
Speaking on Thursday morning Shadow Treasurer Chris Bowen described
the reports as "extremely concerning," and suggested the government's
lengthy prevarication over introducing data breach notification laws could be
to blame for a cover up.
'It's only natural that CBA customers would be worried about the breach -
our financial information is one of the most important things to protect," he
said.'What did the Turnbull Government and Information Commissioner
know about the breach? Why has it taken years - and a media report - for
people to find out? The Government and the Information Commissioner
need to make full statements today on their knowledge and actions in
2016."
CBA and the OAIC have been contacted for further comment.