La Trobe University BUS5PB: Data Ethics and Privacy Case Study
VerifiedAdded on 2023/03/30
|10
|2006
|459
Case Study
AI Summary
This assignment provides solutions to case studies concerning data ethics and privacy within business analytics, specifically addressing issues related to employee monitoring, ethical classification models in healthcare, and data security breaches. It discusses the ethics of monitoring employee computer use, proposes an analytical solution for balancing organizational needs with employee privacy, and evaluates the ethical implications of using sensitive attributes in classification models. The document also explores alternative classification models, outlines the ethical obligations of health information management, and suggests strategies for enhancing data security and privacy in private sector organizations. Furthermore, it addresses the role of government access to private data for security reasons and identifies other organizations that may require such access. Desklib provides students access to a wide range of assignments and study tools.
DATA ETHICS AND PRIVACY 1
Data Ethics and Privacy
Data Ethics and Privacy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DATA ETHICS AND PRIVACY 2
1.0 Case Study
Question 1.1
Yes, it is ethical. This is because watching pornography in the place of work is misconduct
and comes up with many issues that can negatively affect the success of the organization. One of
the problems of watching pornography in the workplace is encouraging time wasting. An
employee wakes up early in the morning to go to work not to watch pornography in the
workplace (Lam, 2016). There is time for everything, when somebody is at work he or she
should be productively active for the success of the company.
The organization depends on the employee’s effort of production, and if the worker is busy
wasting prestigious time by watching porn, then the organization’s productivity will decrease,
thereby ending up making losses. For example, the case indicates that time-wasting among
employees in the US has become an issue whereby the majority of the workers spend more time
surfing non- work-related subjects such as watching pornography. Also, watching porn and
other non-related work can cost the organization with extra costs. Downloading or sending these
pornography videos from online carries a large file size, which requires a lot of bundles to
download or send (Graban, 2016).
Besides, these sites may be a threat to the organization as most of them can infect virus to the
organization’s desktops, thereby bringing in extra management costs for such damages. As in the
case, Ray Stanton, the director of security at Unisys, provides an excellent example of how an
employee from his previous job was caught sending large files of data through emails. He says
the sheer size of the file made the companies email server to crash which by the end made the
business to incur a serious management cost of about 250,000 dollars (Zafar, H., 2013).
1.0 Case Study
Question 1.1
Yes, it is ethical. This is because watching pornography in the place of work is misconduct
and comes up with many issues that can negatively affect the success of the organization. One of
the problems of watching pornography in the workplace is encouraging time wasting. An
employee wakes up early in the morning to go to work not to watch pornography in the
workplace (Lam, 2016). There is time for everything, when somebody is at work he or she
should be productively active for the success of the company.
The organization depends on the employee’s effort of production, and if the worker is busy
wasting prestigious time by watching porn, then the organization’s productivity will decrease,
thereby ending up making losses. For example, the case indicates that time-wasting among
employees in the US has become an issue whereby the majority of the workers spend more time
surfing non- work-related subjects such as watching pornography. Also, watching porn and
other non-related work can cost the organization with extra costs. Downloading or sending these
pornography videos from online carries a large file size, which requires a lot of bundles to
download or send (Graban, 2016).
Besides, these sites may be a threat to the organization as most of them can infect virus to the
organization’s desktops, thereby bringing in extra management costs for such damages. As in the
case, Ray Stanton, the director of security at Unisys, provides an excellent example of how an
employee from his previous job was caught sending large files of data through emails. He says
the sheer size of the file made the companies email server to crash which by the end made the
business to incur a serious management cost of about 250,000 dollars (Zafar, H., 2013).
DATA ETHICS AND PRIVACY 3
Question 1.2
From the employer’s perspective, there are immense benefits to monitor workers. Employers
must come up with an analytical solution to address the scope of what will be monitored, how it
will be monitored, and who will perform the task of monitoring. Knowledge management
systems should be put in place to provide benefits of improved performance and increased
organization awareness (Eivazi, 2011). It is important for the organization to put measures or
guidelines for monitoring the employees. The first step towards this is by getting employee
consent for monitoring like including a monitoring clause while agreeing on the contract (Eivazi,
2011). Besides, measures such as filtering and blocking websites that are not relevant to the
organization’s daily activities should be set with policies that and the guidelines that the workers
should stick and adhere to (Larson and Chang, 2016).
2.0 Case Study – The Ethics of Classification:
Question 2.1
No, use of attributes like weight, chronic illness, and marital status are unethical. This is
because providing such information in hospital provides grounds for discrimination.
Question 2.2
There are various characteristics that I can consider in my classification model. One of the
aspects is the transparency of the model. Different classification model differs from each other in
their degree of transparency. Transparency, in this case, refers to the ability of the user to analyze
and understand how the patterns of data were generated (Kirwan, Matthews and Scott, 2013).
Question 1.2
From the employer’s perspective, there are immense benefits to monitor workers. Employers
must come up with an analytical solution to address the scope of what will be monitored, how it
will be monitored, and who will perform the task of monitoring. Knowledge management
systems should be put in place to provide benefits of improved performance and increased
organization awareness (Eivazi, 2011). It is important for the organization to put measures or
guidelines for monitoring the employees. The first step towards this is by getting employee
consent for monitoring like including a monitoring clause while agreeing on the contract (Eivazi,
2011). Besides, measures such as filtering and blocking websites that are not relevant to the
organization’s daily activities should be set with policies that and the guidelines that the workers
should stick and adhere to (Larson and Chang, 2016).
2.0 Case Study – The Ethics of Classification:
Question 2.1
No, use of attributes like weight, chronic illness, and marital status are unethical. This is
because providing such information in hospital provides grounds for discrimination.
Question 2.2
There are various characteristics that I can consider in my classification model. One of the
aspects is the transparency of the model. Different classification model differs from each other in
their degree of transparency. Transparency, in this case, refers to the ability of the user to analyze
and understand how the patterns of data were generated (Kirwan, Matthews and Scott, 2013).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
DATA ETHICS AND PRIVACY 4
Some classification models may not be accepted by the end user since they are difficult to
understand.
The other attributes that I will consider in my classification model are interpretability and
understandability of results. In hospital settings, users do not care how intricate is the data
classification model, but they care more about how understandable is its results. Many will prefer
a classification model which is understandable and can be interpreted. The other attributes that I
will consider are the safety of the data. It is crucial to protect the privacy of the data, especially
when dealing with medical data. A classification model which can protect the privacy and
sensitive information from disclosure is highly considered.
Besides, the fourth attributes that I can consider are the performance of the classification
model. A classification model with high performance and efficiency is highly viewed by the
user as a result of its accuracy (Runciman, Merry, and Walton, 2017).
Question 2.3
Yes, there are other better alternative classification models that can be used to achieve the
desired outcome in the hospital setting. One of the best classification models is the Naïve
Bayesian classifier, also referred to as naïve Bayes. It is one of the most effective and efficient
and simple classification models in health care settings. It classifies information based on the
probability by applying the Bayes theorem in relation to independence assumptions. Some of the
merits of Naïve Bayes classifier include they are very easy in the implementation process, it
needs a very few amounts of data in the estimation of the parameters, and in most cases its
results are good. Its demerits are that it cannot modify dependencies since dependencies exist
between the variables, and there is a chance of loss of accuracy (Siau, Nah, and Teng, 2002).
Some classification models may not be accepted by the end user since they are difficult to
understand.
The other attributes that I will consider in my classification model are interpretability and
understandability of results. In hospital settings, users do not care how intricate is the data
classification model, but they care more about how understandable is its results. Many will prefer
a classification model which is understandable and can be interpreted. The other attributes that I
will consider are the safety of the data. It is crucial to protect the privacy of the data, especially
when dealing with medical data. A classification model which can protect the privacy and
sensitive information from disclosure is highly considered.
Besides, the fourth attributes that I can consider are the performance of the classification
model. A classification model with high performance and efficiency is highly viewed by the
user as a result of its accuracy (Runciman, Merry, and Walton, 2017).
Question 2.3
Yes, there are other better alternative classification models that can be used to achieve the
desired outcome in the hospital setting. One of the best classification models is the Naïve
Bayesian classifier, also referred to as naïve Bayes. It is one of the most effective and efficient
and simple classification models in health care settings. It classifies information based on the
probability by applying the Bayes theorem in relation to independence assumptions. Some of the
merits of Naïve Bayes classifier include they are very easy in the implementation process, it
needs a very few amounts of data in the estimation of the parameters, and in most cases its
results are good. Its demerits are that it cannot modify dependencies since dependencies exist
between the variables, and there is a chance of loss of accuracy (Siau, Nah, and Teng, 2002).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DATA ETHICS AND PRIVACY 5
Question 2.4
The ethical obligations of health information management are to safeguard the privacy and
security of patient’s data, appropriate use, and ensure the accessibility and integrity of data. The
hospital should be able to put measures that can protect the patient’s information from being
utilized unethically. Some of the steps that a health care organization can put in place include
uphold, advocate, and defend the patient’s right to privacy and confidentiality in the use and
disclosure of their data. This can be met by responding promptly to patient’s requests to exercise
their rights (Graban, 2016).
Besides, the health care institution can advocate for changes in the policy and legislation
which bears all health care professionals from disclosing patient’s data when unnecessary. Such
a system should allow all health care providers and staffs to protect the confidentiality of all data
obtained from the clients and only disclose information that is directly relevant or necessary. The
hospital management should also take adequate measures in preventing, discouraging, and
correcting any unethical conduct of health care staffs. The management should also protect the
privacy and security of all written and electronic health data by taking reasonable steps to ensure
the stored patient’s information is secure from any other party who is not allowed to have access.
Furthermore, the health care organization should take precautions to make sure there is the
maintenance of confidentiality of patient’s data that is transferred, transmitted or disposed of
during the event of termination, death or incapacitation.
Question 2.4
The ethical obligations of health information management are to safeguard the privacy and
security of patient’s data, appropriate use, and ensure the accessibility and integrity of data. The
hospital should be able to put measures that can protect the patient’s information from being
utilized unethically. Some of the steps that a health care organization can put in place include
uphold, advocate, and defend the patient’s right to privacy and confidentiality in the use and
disclosure of their data. This can be met by responding promptly to patient’s requests to exercise
their rights (Graban, 2016).
Besides, the health care institution can advocate for changes in the policy and legislation
which bears all health care professionals from disclosing patient’s data when unnecessary. Such
a system should allow all health care providers and staffs to protect the confidentiality of all data
obtained from the clients and only disclose information that is directly relevant or necessary. The
hospital management should also take adequate measures in preventing, discouraging, and
correcting any unethical conduct of health care staffs. The management should also protect the
privacy and security of all written and electronic health data by taking reasonable steps to ensure
the stored patient’s information is secure from any other party who is not allowed to have access.
Furthermore, the health care organization should take precautions to make sure there is the
maintenance of confidentiality of patient’s data that is transferred, transmitted or disposed of
during the event of termination, death or incapacitation.
DATA ETHICS AND PRIVACY 6
3.0 Case Study – Privacy and security breaches at Acxiom:
Question 3.1
To increase the security and privacy of its customer’s data, Acxiom could first encrypt its
customer’s data. Encryption is the approach of encoding sensitive information by making it
unreadable to anyone else rather than the intended persons. In this case, the organization could
encode its sensitive customer data to make it readable to a few trusted staffs and unreadable to
other entrusted parties (Safa, Von, and Furnell, 2016). The approach will play a crucial role in
ensuring the customer’s data remains safe and secure from insider access such as entrusted
employees as well as from external hackers. The organization can consider getting an SSL
Certificate to start its encrypted link between its website and the consumer’s browser (Miller,
Voas and Hurlburt, 2012).
Secondly, Acxiom could also consider setting a patch assessment tool which ensures its
application and operating systems are up to date with modern security fixes. Most hackers
succeed since many companies do not appreciate advanced security software’s that are available
in the contemporary market. The third approach that Acxiom could set is to install endpoint
protection software, which can determine and block any exploit kits before they infect the
companies system. Besides, the organization could also implement data protection policies
which can guide its workers to keep its customer's data secure from external threats.
Furthermore, Acxiom could put in place a device control strategy that can identify and control
the use of removable storage devices such as USB drives, diskettes, and CDs. This strategy
prevents bad stuff from getting in with data loss prevention and blocks intellectual property data
(IP) and identifiable information (PII) from going out (Malik, 2013).
3.0 Case Study – Privacy and security breaches at Acxiom:
Question 3.1
To increase the security and privacy of its customer’s data, Acxiom could first encrypt its
customer’s data. Encryption is the approach of encoding sensitive information by making it
unreadable to anyone else rather than the intended persons. In this case, the organization could
encode its sensitive customer data to make it readable to a few trusted staffs and unreadable to
other entrusted parties (Safa, Von, and Furnell, 2016). The approach will play a crucial role in
ensuring the customer’s data remains safe and secure from insider access such as entrusted
employees as well as from external hackers. The organization can consider getting an SSL
Certificate to start its encrypted link between its website and the consumer’s browser (Miller,
Voas and Hurlburt, 2012).
Secondly, Acxiom could also consider setting a patch assessment tool which ensures its
application and operating systems are up to date with modern security fixes. Most hackers
succeed since many companies do not appreciate advanced security software’s that are available
in the contemporary market. The third approach that Acxiom could set is to install endpoint
protection software, which can determine and block any exploit kits before they infect the
companies system. Besides, the organization could also implement data protection policies
which can guide its workers to keep its customer's data secure from external threats.
Furthermore, Acxiom could put in place a device control strategy that can identify and control
the use of removable storage devices such as USB drives, diskettes, and CDs. This strategy
prevents bad stuff from getting in with data loss prevention and blocks intellectual property data
(IP) and identifiable information (PII) from going out (Malik, 2013).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
DATA ETHICS AND PRIVACY 7
Question 3.2
Yes, the government should have full access to private sector data for security reasons. it is the
role and responsibility of the government to protect its citizens from cyber lying and terrorism,
and this cannot be achieved without access the access to private sector data (Elmaghraby and
Losavio, 2014). The technology has advanced, and with access to private sector information, the
government can monitor any fraudulent activity that can lead to security threats and act
accordingly.
Question 3.3
There are other organizations that may need access to private data for security reasons. One of
the organizations is security organizations such as border security force, the National Security
Council, and Special Protection Group. The mandates of security forces are to keep law and
order. Their work is to ensure every citizen leaves in a safe and secure environment. With access
to private information, the security forces are able to track the fraudsters who might be planning
to attack or hijack other organizations (Chen and Zhao, 2012).
Besides, with access to private data, the security forces can corporate with other investigation
agencies to identify, arrest, and take to courts parties that have been involved in crimes. The
other organizations that might need private data for security reasons are the financial bank. With
access to private data of its customers, commercial banks can loan their customers, and in case of
defrauding, the financial institutions can use the private data provided by the customers to make
him or her pay for the loan.
Question 3.2
Yes, the government should have full access to private sector data for security reasons. it is the
role and responsibility of the government to protect its citizens from cyber lying and terrorism,
and this cannot be achieved without access the access to private sector data (Elmaghraby and
Losavio, 2014). The technology has advanced, and with access to private sector information, the
government can monitor any fraudulent activity that can lead to security threats and act
accordingly.
Question 3.3
There are other organizations that may need access to private data for security reasons. One of
the organizations is security organizations such as border security force, the National Security
Council, and Special Protection Group. The mandates of security forces are to keep law and
order. Their work is to ensure every citizen leaves in a safe and secure environment. With access
to private information, the security forces are able to track the fraudsters who might be planning
to attack or hijack other organizations (Chen and Zhao, 2012).
Besides, with access to private data, the security forces can corporate with other investigation
agencies to identify, arrest, and take to courts parties that have been involved in crimes. The
other organizations that might need private data for security reasons are the financial bank. With
access to private data of its customers, commercial banks can loan their customers, and in case of
defrauding, the financial institutions can use the private data provided by the customers to make
him or her pay for the loan.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DATA ETHICS AND PRIVACY 8
References
Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud
computing. In 2012 International Conference on Computer Science and Electronics
Engineering (Vol. 1, pp. 647-651). IEEE. Access date: 31/52019,
https://doi.org/ 10.1109/ICCSEE.2012.193
Eivazi, K., 2011. Computer use monitoring and privacy at work. Computer Law & Security
Review, 27(5), pp.516-523. Accessed date: 31/52019,
https://doi.org/10.1016/j.clsr.2011.07.003
Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety,
security and privacy. Journal of advanced research, 5(4), pp.491-497. Accessed date:
31/52019, https://doi.org/10.1016/j.jare.2014.02.006
Graban, M., 2016. Lean hospitals: improving quality, patient safety, and employee engagement.
Productivity Press. Accessed date: 31/52019, https://doi.org/10.1201/b11740
Lam, H., 2016. Social media dilemmas in the employment context. Employee Relations, 38(3),
pp.420-437. Accessed date: 31/52019, https://doi.org/10.1108/ER-04-2015-0072
Larson, D. and Chang, V., 2016. A review and future direction of agile, business intelligence,
analytics and data science. International Journal of Information Management, 36(5),
pp.700-710. Accessed date: 31/52019, https://doi.org/10.1016/j.ijinfomgt.2016.04.013
Kirwan, M., Matthews, A. and Scott, P.A., 2013. The impact of the work environment of nurses
on patient safety outcomes: a multi-level modelling approach. International journal of
References
Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud
computing. In 2012 International Conference on Computer Science and Electronics
Engineering (Vol. 1, pp. 647-651). IEEE. Access date: 31/52019,
https://doi.org/ 10.1109/ICCSEE.2012.193
Eivazi, K., 2011. Computer use monitoring and privacy at work. Computer Law & Security
Review, 27(5), pp.516-523. Accessed date: 31/52019,
https://doi.org/10.1016/j.clsr.2011.07.003
Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety,
security and privacy. Journal of advanced research, 5(4), pp.491-497. Accessed date:
31/52019, https://doi.org/10.1016/j.jare.2014.02.006
Graban, M., 2016. Lean hospitals: improving quality, patient safety, and employee engagement.
Productivity Press. Accessed date: 31/52019, https://doi.org/10.1201/b11740
Lam, H., 2016. Social media dilemmas in the employment context. Employee Relations, 38(3),
pp.420-437. Accessed date: 31/52019, https://doi.org/10.1108/ER-04-2015-0072
Larson, D. and Chang, V., 2016. A review and future direction of agile, business intelligence,
analytics and data science. International Journal of Information Management, 36(5),
pp.700-710. Accessed date: 31/52019, https://doi.org/10.1016/j.ijinfomgt.2016.04.013
Kirwan, M., Matthews, A. and Scott, P.A., 2013. The impact of the work environment of nurses
on patient safety outcomes: a multi-level modelling approach. International journal of
DATA ETHICS AND PRIVACY 9
nursing studies, 50(2), pp.253-263. Accessed date: 31/52019,
https://doi.org/10.1016/j.ijnurstu.2012.08.020
Malik, P., 2013. Governing big data: principles and practices. IBM Journal of Research and
Development, 57(3/4), pp.1-1.
Miller, K.W., Voas, J. and Hurlburt, G.F., 2012. BYOD: Security and privacy considerations. It
Professional, 14(5), pp.53-55. Accessed date: 31/52019, https://doi.org/10.1108/IMCS-
12-2012-0068
Runciman, B., Merry, A. and Walton, M., 2017. Safety and ethics in healthcare: a guide to
getting it right. CRC Press. Accessed date: 31/5/2019,
https://doi.org/10.1201/9781315607443
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82. Accessed date: 31/5/2019,
https://doi.org/10.1016/j.cose.2015.10.006
Siau, K., Nah, F.F.H. and Teng, L., 2002. Acceptable internet use policy. Communications of the
ACM, 45(1), pp.75-79. Accessed date: 31/5/2019,
https://www.researchgate.net/profile/Keng_Siau/publication/220423077_Acceptable_Inte
rnet_use_policy/links/5984f1bca6fdcc75624fc2a0/Acceptable-Internet-use-policy.pdf
Young, K., 2010. Policies and procedures to manage employee Internet abuse. Computers in
Human Behavior, 26(6), pp.1467-1471. Accessed date: 31/5/2019,
https://doi.org/10.1016/j.chb.2010.04.025
nursing studies, 50(2), pp.253-263. Accessed date: 31/52019,
https://doi.org/10.1016/j.ijnurstu.2012.08.020
Malik, P., 2013. Governing big data: principles and practices. IBM Journal of Research and
Development, 57(3/4), pp.1-1.
Miller, K.W., Voas, J. and Hurlburt, G.F., 2012. BYOD: Security and privacy considerations. It
Professional, 14(5), pp.53-55. Accessed date: 31/52019, https://doi.org/10.1108/IMCS-
12-2012-0068
Runciman, B., Merry, A. and Walton, M., 2017. Safety and ethics in healthcare: a guide to
getting it right. CRC Press. Accessed date: 31/5/2019,
https://doi.org/10.1201/9781315607443
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82. Accessed date: 31/5/2019,
https://doi.org/10.1016/j.cose.2015.10.006
Siau, K., Nah, F.F.H. and Teng, L., 2002. Acceptable internet use policy. Communications of the
ACM, 45(1), pp.75-79. Accessed date: 31/5/2019,
https://www.researchgate.net/profile/Keng_Siau/publication/220423077_Acceptable_Inte
rnet_use_policy/links/5984f1bca6fdcc75624fc2a0/Acceptable-Internet-use-policy.pdf
Young, K., 2010. Policies and procedures to manage employee Internet abuse. Computers in
Human Behavior, 26(6), pp.1467-1471. Accessed date: 31/5/2019,
https://doi.org/10.1016/j.chb.2010.04.025
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
DATA ETHICS AND PRIVACY
10
Zafar, H., 2013. Human resource information systems: Information security concerns for
organizations. Human Resource Management Review, 23(1), pp.105-113. Accessed date:
31/5/2019, https://doi.org/10.1016/j.hrmr.2015.12.001
10
Zafar, H., 2013. Human resource information systems: Information security concerns for
organizations. Human Resource Management Review, 23(1), pp.105-113. Accessed date:
31/5/2019, https://doi.org/10.1016/j.hrmr.2015.12.001
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.