ABCXYZ Bank: Data Breach Case Study - Professional Issues in Computing

Verified

Added on 2021/04/17

AI Summary

The assignment presents a case study of a data breach at ABCXYZ Bank, focusing on the theft of customer data and proprietary information by hackers. The analysis explores the current situation, including the CEO's proposed response, and its impact on decision-making, bank reputation, and customer relationships. It examines the legal and regulatory implications under the Data Protection Act and GDPR, as well as ethical and professional violations based on the BCS Code of Conduct, IT Professional Code of Conduct, and ethical theories such as Virtue Ethics, Consequentialism, and Deontology. The conclusion and recommendations emphasize the importance of taking responsibility for the breach, improving data protection measures, and transparently communicating with customers and stakeholders to restore trust and avoid further legal, ethical, or professional violations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

ABCXYZ Bank
Banking System Breach Case Study
Professional Issues in Computing
3/14/2018

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Banking System Breach Case Study
Table of Contents
Introduction...........................................................................................................................................2
Current Situation of the Bank & Factors in Decision-Making...............................................................2
Impact of Disclosure of Proprietary Information...............................................................................2
Legal & Regulatory Analysis................................................................................................................2
The Data Protection Act....................................................................................................................2
The General Data Protection Regulation (GDPR).............................................................................2
Ethical & Professional Analysis............................................................................................................3
BCS Code of Conduct.......................................................................................................................3
IT Professional Code of Conduct to Protect Electronic Information..................................................3
Ethical Theories.................................................................................................................................3
Conclusion & Recommendation............................................................................................................4
Reference...............................................................................................................................................5
1

Banking System Breach Case Study
Introduction
ABCXYZ is a regional back that has suffered from a data breach given shape by unknown
hackers. The hackers stole private and confidential information of the bank comprising of
personal and credit card information of the customers, their account and transactional details
along with proprietary documents of the bank.
Current Situation of the Bank & Factors in Decision-Making
The hackers released some of this data in the public to tarnish the reputation of the bank.
Such an occurrence created a lot of stir in the media and the public against the bank. The
CEO recommended that the official statement by the company shall state that only a part of
the data stolen was accurate and the rest of it was fabricated. The CEO further suggested that
it shall be stated that the internal IT team could stop the attack and the magnitude was low.
However, such was not the case. The decision-making process is impacted by the
confirmation by the senior directors and leaders on the statement, bank reputation in the
market, market shares, and customer relationships.
Impact of Disclosure of Proprietary Information
The misuse of the proprietary documents by the hackers may have an extremely adverse
implication on the bank. It may result in legal obligations due to the disclosure of private and
confidential information of the bank and may also provide advantage to the competitors.
Legal & Regulatory Analysis
The Data Protection Act
The Data Protection Act, 1988 states that the business organizations and government must
always protect and securely use the personal information. The users and managers of the data
shall use the data fairly, accurately, relevantly, and lawfully (Gov, 2018). It shall also not be
transferred without necessary protection and must always be kept safe and secure. However,
such conditions are violated in the case of ABCXYZ bank. The violation of the act may result
in legal and regulatory obligations for the bank.
The General Data Protection Regulation (GDPR)
The regulation states that the businesses must maintain compliance levels in their data
processing and handling operations. The security of the data sets shall always be maintained.
2

Banking System Breach Case Study
The incident at the ABCXYZ violates the regulation which may result in the penalty of 4% of
the worldwide annual turnover of the bank (House, 2017).
Ethical & Professional Analysis
BCS Code of Conduct
The BCS Code of Conduct includes the norms as public interest, professional competence &
integrity, duty to relevant authority, and duty to the profession. The code demand compliance
to all of these four principles and the violation may result in disciplinary action (Bcs, 2018).
The statement recommended by the CEO is against the norms of the code as the public may
not know the consequences of the incident showing incompetent and unprofessional
behaviour.
IT Professional Code of Conduct to Protect Electronic Information
The code states that the IT team shall receive training and communication on the code and
shall regularly review the code for continuous improvement. The code suggests the secure
roles and activities that the members in the IT team shall carry out for the protection of data
and information (Huit, 2018).
The bank executives failed to provide the due protection to the electronic data and
information that provided the hackers with the ability to steal some parts of the same. The
principles of the code have therefore been violated.
Ethical Theories
The recommended by the CEO is not ethical as per the principles of Virtue Ethics as the
virtues involved are of dishonest, selfish interest and benefit as compared to the public
interest (Jost, 2009). The statement is also evaluated as unethical as per the norms of Ethical
Theory of Consequentialism. This is because the act is sure to result in negative
consequences for the customers as the security of their information has been compromised
and the organization may also suffer adversely if the hackers release further information in
the future (Gamlund, 2012). The Deontology Ethics also evaluates the recommended
statement as unethical as it does not adhere to the legal & regulatory policies and professional
codes.
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Banking System Breach Case Study
Conclusion & Recommendation
The data breach at the bank and the recommended statement of the CEO was analysed from
legal, regulatory, ethical, and professional perspectives & theories. The incident as well as the
statement violates all of these four areas and the CEO & the bank must not go ahead with the
same.
However, the organization shall accept and take up the responsibility for the data breach that
took place and must list out the causes behind the same. It shall also share the motive of the
hackers to cause damage to the reputation of the bank with the media and the public. The
bank must improve upon the data protection solutions and tools and shall share the details of
each of these advanced mechanisms with the public. The customers and stakeholders must be
explained about the new set of techniques for data protection to assure them of complete
safety and security of their data sets. In this manner, the company will be able to win over the
customer trust without any legal, ethical, regulatory, or professional violations.
4

Banking System Breach Case Study
Reference
Bcs (2018). Code of conduct | Membership | BCS - The Chartered Institute for IT. [online]
Bcs.org. Available at: http://www.bcs.org/category/6030 [Accessed 14 Mar. 2018].
Gamlund, E. (2012). Ethics. [online] Uio.no. Available at:
https://www.uio.no/studier/emner/matnat/ifi/MNSES9100/v14/lectures/mnses-ethical-theory-
gamlund.pdf [Accessed 14 Mar. 2018].
Gov (2018). Data protection - GOV.UK. [online] Gov.uk. Available at:
https://www.gov.uk/data-protection [Accessed 14 Mar. 2018].
House, N. (2017). UK Cyber Security and Data Privacy Legislation: Your Essential Guide.
[online] Station X. Available at: https://www.stationx.net/uk-cyber-security-data-privacy-
legislation-essential-guide/ [Accessed 14 Mar. 2018].
Huit (2018). IT Professional Code of Conduct to Protect Electronic Information. [online]
Huit.harvard.edu. Available at: https://huit.harvard.edu/it-professional-code-conduct-protect-
electronic-information [Accessed 14 Mar. 2018].
Jost, J. (2009). Virtue ethics and the social psychology of character: Philosophical lessons
from the personâ€“situation debate. Journal of Research in Personality, 43(2), pp.253-254.
5