The Ethical and Legal Implications of Information Systems
In this chapter, you will learn how the ubiquity of information systems today compels us to act ethically and legally. As you read, consider the sorts of ethical questions that we must ask ourselves now that did not exist before. How does this affect you personally?
Personally Identifiable Information
Information about a person that can be used to uniquely establish that person's identify is called personally identifiable information, or PII. This is a broad category that includes information such as:
- Social Security Number;
- Date of birth;
- Place of birth;
- Mother‘s maiden name;
- Biometric records (fingerprint, face, etc.);
- Medical records;
- Educational records;
- Financial information; and
- Employment information.
Organizations that collect PII are responsible to protect it. The Department of Commerce recommends that "organizations minimize the use, collection, and retention of PII to what is strictly necessary to accomplish their business purpose and mission". They go on to state that "the likelihood of harm caused by a breach involving PII is greatly reduced if an organization minimizes the amount of PII it uses, collects, and stores". Organizations that do not protect PII can face penalties, lawsuits, and loss of business. In the US, most states now have laws in place requiring organizations that have had security breaches related to PII to notify potential victims, as does the European Union.
While the privacy laws in the US seek to balance consumer protection with promoting commerce, privacy in the European Union is considered a fundamental right that outweighs the interests of commerce. This has led to much stricter privacy protection in the EU, but also makes commerce more difficult between the US and the EU.