Al Imam Mohammad Ibn Saud Islamic University

College of Computer and Information Sciences

Information Systems Department

IS 1180
IS and ethics
Chapter 4
PRIVACY
LEARNING OBJECTIVES
1. What is the right of privacy, and what is the basis for protecting personal
privacy under the law?
2. What are some of the laws that provide protection for the privacy of
personal data, and what are some of the associated ethical issues?
3. What are the various strategies for consumer profiling, and what are the
associated ethical issues?
4. What is e-discovery, and how is it being used?
5. Why and how are employers increasingly using workplace monitoring?
6. What are the capabilities of advanced surveillance technologies, and
what ethical issues do they raise?
ORGANIZATIONS BEHAVING BADLY
• In the fall of 2016, WhatsApp announced that it would begin providing user
data—including phone numbers, usage data, and information on devices —
to Facebook and the “Facebook family of companies.”
• According to the company, this information allows Facebook to make
better friend suggestions and display more relevant ads to users while also
allowing businesses to send messages to users, including appointment
reminders, delivery and shipping notifications, and marketing pitches.
• The policy shift is intended to help WhatsApp generate more revenue and
makes economic sense; however, the change has raised concerns over the
privacy of users’ conversations and identities and has upset users drawn to
the app by the company’s previous strong stance on privacy.
PRIVACY PROTECTION AND THE LAW
• The use of information technology in both government and business
requires balancing the needs of those who use the information that is
collected against the rights and desires of the people whose
information is being used.
• Why would an organization want to collect information about people?
• Make better decisions
• Target marketing
• To better serve their customers
• Organizations want systems that collect and store key data from every
interaction they have with a customer
PRIVACY PROTECTION AND THE LAW
What google knows
about you ?
• From Google, go to “Manage your Google
account”
• Data & Privacy
• From “My personalized ads” go to “My Ad
Centre”
• Go to “Manage privacy”
PRIVACY PROTECTION AND THE LAW
• Many people object to the data collection policies of governments
and businesses because they believe that they strip individuals of the
power to control their own personal information.
• A combination of approaches is required to balance the scales:
• Reasonable limits must be set on government and business access to personal
information
• new information and communication technologies must be designed to
protect rather than diminish privacy
• appropriate corporate policies must be developed to set baseline standards
for people’s privacy
• Education and communication is essential.
PRIVACY PROTECTION AND THE LAW
• Privacy is a right protected by law. Today, people want and need
privacy protection from private industry. Meanwhile, Few laws
provide such protection, and most people assume that they have
greater privacy rights than the law actually provides.
• Some of the systems that gather data about individuals : Cookies,
Drones, Facebook tagging system , Google location services , Smart
TVs, Surveillance cameras
PRIVACY PROTECTION AND THE LAW
What is privacy ?
• A broad definition of the right of privacy is: the right to be left alone.
• In IT, the term information privacy is a combination of:
• communications privacy: the ability to communicate with others without
those communications being monitored.
• data privacy: the ability to limit access to one’s personal data by other
individuals and organizations.
Privacy Laws, Applications, and Court Rulings
• In the USA there are several laws that covers the privacy issue in
financial data, health information, children’s personal data, electronic
surveillance, fair information practices, and access to government
records
• for example: Children’s Online Privacy Protection Act (COPPA) that states any
website that caters to children must offer comprehensive privacy policies,
notify parents or guardians about its data collection practices, and receive
parental consent before collecting any personal information from children
under 13 years of age.
• An example from KSA: Personal Data Protection Law that was passed
by a royal decree in September 2021
KEY PRIVACY AND ANONYMITY ISSUES
1) Consumer Profiling :
• Companies openly collect personal information about users when they
register at websites, complete surveys, fill out forms, follow them on social
media, or enter contests online
• Many companies also obtain personal information through the use of:
• cookies— text files that can be downloaded to the hard drives of users who visit a
website, so that the website is able to identify visitors on subsequent visits.
• Tracking software — to allow their websites to analyze browsing habits and deduce
personal interests and preferences.
• The use of cookies and tracking software is controversial because
companies can collect information about consumers without their explicit
permission
KEY PRIVACY AND ANONYMITY ISSUES
• What do marketing firms do with this information ?
They gather information about consumers to build databases that contain a
huge amount of consumer data, the firms marketing provide these data to:
• Companies: so that they can tailor their products and services to individual consumer
preferences.
• Advertisers: that use the data to more effectively target and attract customers to
their messages.

Online marketers cannot capture personal information, such as names,

addresses, and Social Security numbers, unless people provide them
voluntarily.
KEY PRIVACY AND ANONYMITY ISSUES
• Companies that can’t protect or don’t respect customer information often
lose business, and some become defendants in class action lawsuits
stemming from privacy violations.
• A data breach is the unintended release of sensitive data or the access of
sensitive data (e.g., credit card numbers, health insurance member ids, and
Social Security numbers) by unauthorized individuals.
• Data breach cost the organization a lot - some estimates nearly $200 for
each record lost. The high cost is a result of:
• lost business opportunity.
• public relations–related costs to manage the firm’s reputation.
• increased customer-support costs (hotlines and credit monitoring services for
victims)
KEY PRIVACY AND ANONYMITY ISSUES
• Identity theft is the theft of personal information, which is then used
without the owner’s permission.
• Often, stolen personal identification information, such as a person’s name,
Social Security number, or credit card number, is used to commit fraud or
other crimes.
• What can an identity thief do with it ?
• use a consumer’s credit card number to charge items to that person’s
account.
• apply for a new credit card or a loan.
• use a consumer’s name and Social Security number to obtain government
benefits
• sell personal identification information on the black market.
KEY PRIVACY AND ANONYMITY ISSUES
• Organizations are often reluctant to announce data breaches due to
the ensuing bad publicity and potential for lawsuits by angry
customers. However, victims whose personal data were compromised
during a data breach need to be informed so that they can take
protective measures.
KEY PRIVACY AND ANONYMITY ISSUES
2) Electronic Discovery :
• Electronic discovery (e-discovery) : the collection, preparation, review, and
production of electronically stored information for use in criminal and civil
actions and proceedings.
• Electronically stored information (ESI) : any form of digital information on
any form of magnetic storage device.
• digital information included examples like emails, drawings, graphs, web pages,
photographs, word-processing files, sound recordings, and databases stored.
• magnetic storage device, including hard drives, CDs, and flash drives.
• Through the e-discovery process, it is quite likely that various forms of ESI
of a private or personal nature (e.g., personal emails) will be disclose.
KEY PRIVACY AND ANONYMITY ISSUES
• e-discovery can become so expensive and time consuming, and it is
further complicated because there are often multiple versions of
information stored in many locations.
• As a result, dozens of companies now offer e-discovery software that
provides the ability to:
• Analyze large volumes of ESI quickly to perform early case assessments
• Simplify and streamline data collection from across all relevant data sources
in multiple data formats
• Cull large amounts of ESI to reduce the number of documents that must be
processed and reviewed
• Identify all participants in an investigation to determine who knew what and
when
KEY PRIVACY AND ANONYMITY ISSUES
3) Workplace Monitoring:
Society is still struggling to define the extent to which employers should
be able to monitor the work-related activities of employees. On one
hand, employers want to be able to guarantee a work environment that
is conducive to all workers, ensure a high level of worker productivity,
and limit the costs of defending against privacy-violation lawsuits. On
the other hand, privacy advocates want federal legislation that keeps
employers from infringing on the privacy rights of employees.
KEY PRIVACY AND ANONYMITY ISSUES
• Cyberloafing is defined as using the Internet for purposes unrelated
to work such as posting to Facebook, sending personal emails or
Instant messages, or shopping online.
• It is estimated that cyberloafing costs U.S. business as much as $85
billion a year.
• Many organizations implement IT usage policies to prevent employee
abuse, set clear boundaries, and monitor compliance, aiming to
safeguard productivity and reduce legal risks.
KEY PRIVACY AND ANONYMITY ISSUES
• Many companies encourage their employees to wear fitness trackers
as part of an organizational fitness program. Devices from Apple,
Fitbit, and others collect valuable data on employee’s health and
physical movement but can also open the door to numerous ethical
and legal issues.
• For example, suppose a production floor worker’s tracking device reveals the
worker is less mobile and active than his peers. Can the employer use this
data to justify firing the employee or moving him to another position?
KEY PRIVACY AND ANONYMITY ISSUES
4) Advanced Surveillance Technology :
A number of advances in information technology—such as surveillance
cameras and satellite-based systems that can pinpoint a person’s
physical location—provide amazing new data-gathering capabilities.
• Advocates of this technology argue that people have no legitimate
expectation of privacy in a public place.
• Critics also raise the possibility that such technology may not identify people
accurately.
KEY PRIVACY AND ANONYMITY ISSUES
• Camera Surveillance: Surveillance cameras are used in major cities
around the world in an effort to deter crime and terrorist activities.
For example: Great Britain, Beijing-China, UAE, and USA.
• vehicle event data recorder (EDR) is a device that records vehicle and
occupant data for a few seconds before, during, and after any vehicle
crash that is severe enough to deploy the vehicle’s air bags.
• One purpose of the EDR is to capture and record data that can be used by the
manufacturer to make future changes to improve vehicle performance in the
event of a crash. Another purpose is for use in a court of law to determine
what happened during a vehicle accident.
KEY PRIVACY AND ANONYMITY ISSUES
• A stalking app can be quickly installed on a cell phone, allowing the
user to track location, record calls, monitor texts and images, record
the URLs of any website visited on the phone , and activate the
phone's microphone as a listening device, even when it's powered off.
• There is no law that prohibits a business from making these apps, However, it
is illegal to install the software on a phone without the permission of the
phone owner. It is also illegal to listen to someone’s phone calls without their
knowledge and permission