11/13/2012isc329 isabelle bichindaritz1 professional, legal, and ethical concerns in data management
TRANSCRIPT
ISC329 Isabelle Bichindaritz 111/13/2012
Professional, Legal, and Ethical Concerns in Data Management
ISC329 Isabelle Bichindaritz 211/13/2012
Learning Objectives
• Define ethical concerns in IT.• Define legal concerns in IT.• Review regulations and legal aspects of data
management.• Prepare for compliance audits.• Define intellectual property (IP) concerns in data
management.
ISC329 Isabelle Bichindaritz 311/13/2012
• There is a need to define ethical behavior in the IT profession.
• Ethics can be defined as a set of principles of correct conduct or a theory or a system for moral values.
• What is not ethical may be legal.• However “ethics fills the gap between the time
when technology creates new problems and the time when laws are introduced” (Connolly & Begg).
Ethics in Information Technology
ISC329 Isabelle Bichindaritz 411/13/2012
• Examples– 57% of IT workers reported having asked to do
something unethical by their supervisors (TechRepublic survey 2002).• Ex: install, maintain, or overlook unlicensed software
– Data aggregation in databases, data warehouses, “clickstreams: …• Ex: selling data to other companies
– Data collection on a large scale.• Ex: Google searches used for online advertisement
Ethical Concerns in IT
ISC329 Isabelle Bichindaritz 511/13/2012
• Laws affect how data are collected, analyzed, transmitted, and used:– Securities and Exchange Commission (SEC)
Regulation National Market system (NMS) – financial firms have to prove that a better price was not available at the time of purchasing a large amount of shares
– Sarbanes-Oxley Act of 2002 (SOX) requires companies to certify the accuracy of their financial data (and databases)
– COBIT (framework and toolset to audit and control IT systems) and COSO (internal controls of IT) propose tools and methods to comply with SOX requirements.
Legal Framework for IT
ISC329 Isabelle Bichindaritz 611/13/2012
• The Health Insurance Portability and Accountability Act (HIPAA, 1996) has provisions for:– Privacy of patient information (protects patient-identifiable
data)– Standardizing electronic health/medical records and transactions
between healthcare organizations– Establishing a nationally recognized identifier for all employees
healthcare plans (different from SSN)– Standards for the security of patients data and their transactions
(within and across institutions)– Need for a nationally recognized identifier for healthcare
organizations and individual providers
Legal Framework for Health IT
ISC329 Isabelle Bichindaritz 711/13/2012
• The European Union (EU) Directive on Data Protection of 1995 :– Prohibits of processing – except exceptions - of “personal data
revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life”.
– Specifies how data is collected and the right of the individual to see their data and appeal for corrections.
– Addresses the confidentiality and security measures taken while data is collected and processed.
– Specifies how a processor notifies an EU member of its intention to process data.
• The United Kingdom’s Data Protection Act of 1998.
Legal Framework for IT
ISC329 Isabelle Bichindaritz 811/13/2012
• Steps to encourage legal and ethical data stewardship:
– Develop an organization-wide policy for legal and ethical behavior• Management must keep up-to-date with new legislation• Management must adjust operations to international standards• Data administrators and CIOs need to assess how legislation affects
the flow of data, how data is collected, stored, retrieved, shared• Develop a corporate statement of ethics and make each employee
aware of it• Develop procedures for dealing with legal and/or ethical lapses
Legal and Ethical Data Stewardship
ISC329 Isabelle Bichindaritz 911/13/2012
• Steps to encourage legal and ethical data stewardship:
– Professional organizations and Codes of EthicsAssociation for Computing Machinery (ACM) Code of Ethics (ACM, 1992) consists in 24 statements• Fundamental ethical considerations• Specific considerations of professional conduct• Considerations for individuals in leadership roles
Legal and Ethical Data Stewardship
ISC329 Isabelle Bichindaritz 1011/13/2012
• Intellectual property (IP) refers to creations of the mind in industrial, scientific, literary, and artistic fields for which exclusive rights are recognized in law.– Background IP – IP that exists before an activity takes
place.– Foreground IP – IP that is generated during an activity.
• Protection of IP rights– Through patents– Through copyright– Through trademarks
Intellectual Property
ISC329 Isabelle Bichindaritz 1111/13/2012
• Databases and applications developed while working at a company belong to the company
• Patent – provides an exclusive (legal) right for a set period of time to make, use, sell, or import an invention.– Invention needs to be new, useful, involve an inventive step.– Invention must disclose how it works.– The process is formal and often involves hiring a patent
attorney.
Intellectual Property
ISC329 Isabelle Bichindaritz 1211/13/2012
• Copyright – provides an exclusive (legal) right for a set period of time to reproduce and distribute a literary, musical, audiovisual, or other “work” or authorship.– Copyright takes effect as soon as the product is written,
created, …– Copyright can be registered in many countries by
registration agencies – although it is not required.– Copyright owners can sell rights to others in return for
royalties.
Intellectual Property
ISC329 Isabelle Bichindaritz 1311/13/2012
• Trademark – provides an exclusive (legal) right to use a word, symbol, image, sound, or other distinctive (in connection with certain goods or services) element that identifies the source of origin.– Trademarks give the owner exclusive rights to the product.– Trademarks does not have to be registered but it is
advisable to register them.
Intellectual Property
ISC329 Isabelle Bichindaritz 1411/13/2012
• Software and patentability– Only the ideas, “business methods” , or technical effects can be
patented.
• Software and copyright– Copyright applies to all software.– A fee has to be paid for commercial software licenses for perpetual use,
or for annual use.– Shareware does not require a fee during trial period, but does after its
expiration.– Freeware can be used without a fee either without the source code or
with the source code (open source software OSS such as GNU).
Intellectual Property Rights for Database Applications
ISC329 Isabelle Bichindaritz 1511/13/2012
• Limited data can be shared freely if the individual identities are kept secret or if the data are aggregated.
• Data can also be licensed to be shared.
Intellectual Property Rights for Data