PROJECT IN BSBI634 FA
The privacy of information in the organization and how to protect it
Dr. Akram Jalal
Information privacy is part of information technology (IT) parts that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties. Before we depend on paper to save small details, but now we can stored all every details in computer system. Loyalty and other cards, the Internet, and digital devices such as smart phones and tablets, All these details can be used to compile what Solove refers to as a (digital dossier) everyone in our society have to disclose personal information in order to receive services and establish friendships. Online communication and the Social Web have led us into the habit of sharing large amounts of information with a great number of people, yet many do not feel threatened when doing it, the main problem is that the same technology that makes it easy to share personal details. The safety of personal information has become major topic and most important for the business and it sector as A Review of Information Privacy and Its Importance to Consumers and Organizations well as the general public. Reports focused on the issues of privacy and personal information has become more numerous and prominent in popular media:
in 2013 a published newspaper story about how NSA (National security Agency) collecting phone records of millions of customers daily, information come that document leaked by one employee in NSA, now NAS become infamous.
In September 2014 many of public celebrities had their personal photos stolen from Apple iCloud service. In November 2014, Sony Pictures was hacked and stole thousands of documents that containing personal and private information of employee and celebrities were stolen and posted online.
Early in July 2015 it was disclosed that breaches of databases managed by the US government's Office of Personnel Management had exposed the sensitive information of at least 22.1 million individuals (Nakashima, 2015). Later on in July 2015, Ashley Madison – an online dating website that targets married people – was hacked and personal details on its 37 million users stolen (Krebs, 2015) and in August 2015 these details were released on to the Internet.
In February 2016, the Federal Bureau of Investigation (FBI) obtained a court order to compel Apple to break into an iPhone belonging to the perpetrator of a mass shooting (Edwards, 2016). Apple said that the only way this can be done is by creating a special version of Apple's iOS operating system that bypasses the phone's security, and opted to fight the order in court rather than comply. Ultimately, the FBI withdrew its request after finding a third party to assist in unlocking the phone, but the issue re-sparked debate about many aspects of privacy and state surveillance.
This article examine what is information privacy, how the organization safe the information privacy and how the organization effect and loss of reputation if the information leaked.
Integrating important of privacy from the people perspective. The narrative overview serves to discuss theory and context, with this article promoting a transdisciplinary view of information privacy research (Green, Johnson, & Adams, 2006).
it is difficult to define privacy because it is change over time, newspapers were the threat, as they were publishing photographs of, and statements by, individuals without the subjects' consent but now privacy is synonymous with personal information and information technology is seen as the danger and all our society want to protect their information privacy (Cooley, as cited in Warren & Brandeis, 1890, p. 195).
Tavani(2008) there are four factor that breaks down the effect information technology has had on personal privacy, first the amount of data that can be collected, second the speed at which it can be ex A Review of Information Privacy, third how long time that the data can be retained and finally type of information that can be acquired.
Westin (2003 p. 7) defines privacy as the “claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others.
Floridi (2009) discusses two informational privacy theories: the reductionist interpretation and the ownership-based interpretation. According to the reductionist interpretation, informational privacy is valuable because it guards against undesirable consequences that may be caused by a breach of privacy. The ownership-based interpretation has the view that each person owns his or her information. The theories are not incompatible, but emphasize different aspects of informational privacy.
The RALC theory stresses that privacy and control are separate concepts. According to Tavani and Moor (2008), “privacy is fundamentally about protection from intrusion and information gathering by others. Individual control of personal information, on the other hand, is part of the justification of privacy and plays a role in the management of privacy.
There are numerous ethical issues around information, its existence and use. Mason (2005) sums these up as PAPA: privacy (what information should one be required to divulge about one's self to others?), accuracy (who is responsible for the authenticity, fidelity and accuracy of information?), property (who owns information?), and accessibility (what information does someone have a right to obtain?).
Numerous issues can arise from the improper use or inadequate protection of consumers' privacy and the concern about these issues can further affect their decisions. Smith, Milberg, and Burke (2007) list four areas of consumer privacy concerns that are very similar to PAPA improper access to personal information, unauthorized secondary use of personal information, errors in personal information, and collection of personal information.
Solove (2004, p. 89) echoes this in stating that the “problem with databases is not that information collectors fail to compensate people for the proper value of personal information. The problem is people's lack of control, their lack of knowledge about how data will be used in the future, and their lack of participation in the process”. Ensuring privacy is a complex decision-making process and may differ from one individual or instance to another.
Rubinstein (2013), big data calls into question three long-standing assumptions of many privacy laws. The first is that personal data is distinct from non-personal data. Big data can include data from both and through sophisticated data mining techniques combine them to form new data that may not be labelled as personal data, and thus avoid regulation, yet still be applied to and affect individuals. Part of the concern is that with enough data organizations could generate group profiles and apply them to users to, for instance, determine who should get insurance for particular diseases or get access to credit.
Making decisions about privacy is as challenging for organizations as it is for individuals. Information plays a crucial role in all businesses in today's world. The “information revolution” was brought about by significant improvements in computer technology and rapid reductions in the cost of owning and operating this technology. Information technology has long been seen as a means of competitive advantage (Porter & Millar, 2001).
Despite the many studies that have been conducted at the individual level, there are still aspects that have not been explored in depth. The effect of privacy experiences, privacy awareness, personality differences, demographic differences, and culture on an individual's privacy concerns are all facets that have not been well explored, as mentioned by Smith et al. (2011).
Pedersen (2010) suggested that solitude, a mechanism to maintain privacy, reduces evaluation apprehension and allows individuals an opportunity to experiment and be creative.
Bies (2009) notes the strong conceptual overlap between information privacy and procedural justice, the latter of which has been found to be strongly linked to OCBs.
Technology has become easier to use in our time, so the company must protect its privacy, the protection process always starts with the Fire Wall, where the company uses very complex firewalls to analyze and control any request inside and outside the server to ensure its integrity and the absence of malicious codes or attempts to penetrate from doing, all this means the investment Of millions of dollars to provide experts on the clock monitors everything on their own and also inside the centers, to meet the call immediately if there is any alert about problems in a server.Also, raising awareness of employees from the stages of the company designers have no experience or great relationship with safety and security systems. However, providing induction lectures on a continuous basis to inform employees of the latest penetration attempts and the mechanisms used will improve their skills in this field. Which could possibly break into their devices and leak their own data.A step that is more important than using high-security systems or employing skilled engineers is the penetration competitions that many companies do each year,the company tries to attract the best in the field of security and protection by testing their ability to understand the mechanism of the work of this software, the attempt to break does not occur randomly, and must understand the architecture on which the software is based first, And therefore superior to others certainly because they succeeded in breaking something they do not have. The employee has a significant and important role in the position of protecting the confidential information of the company, when the company is unable to identify the competent employee to take responsibility for supervising this information, it is vulnerable to the arrival of intruders from inside and outside the company, Companies must define employee selection criteria to oversee this information based on technical management criteria: (honesty, diligence, career maturity, duration of work in the institution), The last criterion contributes to the identification and discovery of the first criteria. If the employee is a trustee, it is difficult to submit the amendment unless it is authorized to do so, such as financial and accounting adjustments, and it is difficult to trade or leak employee, Others are competent to trade information of others to serve their policies, in order to obtain the confidence of employees and improve the reputation of the company, All of this comes only from a career maturity employee through his long tenure in the company. If the criteria are not met and the selection of employees becomes random, the company becomes more exposed to employees' risk of confidential information driven by certain factors related to the working environment, the employee can change there in accounting and financial transactions, It reduces the accounts of assets by adjusting the restrictions or changes in salaries of employees by increasing or decreasing, or disclosing customer and employee data and selling them to those specialized in trading them, as well as the risks of bringing viruses and implanting them into the company's systems and systems or neglecting and not applying computer safety procedures. External intruders have access to all conveniences, tampering with contents, making the company vulnerable to loss, courtroom intrusion and then bankruptcy. Lack of consumer control may affect information about how information is used and managed or not. Finally, the context in which information is collected or used - the type of information collected, the industry, etc. - will be included in the resolution. These factors underline the challenges facing the decision-making process regarding privacy, identity theft, data breaches, and changes in legislation are also issues facing consumers, but we suggest that they affect the consumer through the organization. These are issues that are often of great importance to the organization and can have audio and economic consequences if not planned.
Organizations have a range of concerns about the privacy of information. Profitability is of paramount importance to most companies, and therefore containment and avoidance of fines, given their return to information management and privacy, are important concerns. How the company manages its information can affect its perceived credibility and reputation - not only with consumers, but with employees, officials, partners and other parties. Trustworthiness can be affected if the organization does not sufficiently address consumer concerns, affecting the organization's ability to establish and maintain a relationship with the consumer. As discussed earlier, the characteristics of trust include the Organization's capacity, integrity and good. The problem can lead to loss of customers and even directly affect the share price of the company.
There are several factors that can influence the organization's decisions regarding the privacy of information. The internal nature of the company itself (its structure, dynamics, and ethics) will affect its privacy decisions How information management can affect or be affected by these decisions Through privacy, management and policy decisions, a comprehensive vision of privacy can be created that will guide future decisions about Privacy, and information management, and the management of these factors often has a direct impact on the consumer's privacy concerns and, consequently, play a role in the consumer-organization trust relationship.
Conclusion and Recommendations
The concept of privacy has transformed and develop today privacy of information become most important all people face need to protect the information reveal personal information in order to interact socially and obtain services. Numerous public incidents involving large companies and personal information of people help to bring topic of privacy to the fore, privacy is very important to every organization and the customer, but decisions about it are not simple for either the transdisciplinary view developed in this article shows various domains that influence the problem area: technology, psychology, economics, management, and law all play a role in our view of privacy. Our view contributes a holistic understanding of the problem domain and the complex interactions that take place. Although areas are often studied in isolation it is clear that there is a close link between concerns and influencing factors for consumers and organizations alike. To conclude, informational privacy is an important and complex issue that affects the lives of everyone in our information-oriented society. As society and technology progress, inevitably it is going to become more complex and as such require on-going thought, research and intellectual engagement. Civilization is the progress toward a society of privacy.
Alge, B. J. (2001). Effects of computer surveillance on perceptions of privacy and procedural
justice. Journal of Applied Psychology, 86, 797-804
Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the 5th ACM Conference on Electronic Commerce (pp. 21–29). New York, NY: ACM
Acquisti, A., & Gross, R. (2009). Predicting Social Security numbers from public data. Proceedings of the National Academy of Sciences, 106(27), 10975–10980.
Awad, N. F., & Krishnan, M. S. (2006). The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Quarterly, 30(1), 13–28
Dommeyer, C. J., & Gross, B. L. (2003). What consumers know and what they do: An investigation of consumer knowledge, awareness, and use of privacy protection strategies. Journal of Interactive Marketing, 17(2), 34–51.
Bies, R. J. (2004). Privacy and procedural justice in organizations. Social Justice in Research,
Racicot, B. M., & Williams, K. J. (2007). Perceived fairness of drug testing programs:
procedures for current employees. Journal of Applied Social Psychology, 23.
...(download the rest of the essay above)