Scribd
Upload
25 views16 pages

Week 8-9 Legal, Ethical, and Privacy Issues in Information Technology

Uploaded by

John Angelo Lapak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views16 pages

Week 8-9 Legal, Ethical, and Privacy Issues in Information Technology

Uploaded by

John Angelo Lapak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Legal, Ethical, and

Privacy Issues in
Information
Technology
Data Protection and Privacy Laws
Data Protection and Privacy Laws
Data protection and privacy laws govern the collection, use, storage, and sharing of
personal data. Organizations must comply with these laws to protect individuals'
privacy rights and ensure the secure handling of their data.
Regulations:
Republic Act 10173 - Data Privacy Act of 2012 (Philippines) - An Act
Protecting Individual Personal Information in Information and
Communications Systems in the Government and the Private Sector
General Data Protection Regulation (GDPR): A comprehensive regulation in
the European Union (EU) designed to protect the personal data of EU
residents. GDPR requires companies to obtain explicit consent from users
for data collection and imposes strict penalties for violations.
Data Protection and Privacy Laws
California Consumer Privacy Act (CCPA): A U.S.-based regulation
that gives California residents the right to know what personal data
companies collect and request data deletion. It also allows
individuals to opt out of the sale of their data.
Health Insurance Portability and Accountability Act (HIPAA): A U.S.
law that mandates data privacy and security provisions to protect
health information, especially in healthcare and insurance.
Children's Online Privacy Protection Act (COPPA): Focuses on
protecting the online data of children under 13 in the U.S. by
requiring parental consent for data collection.
Compliance Requirements for this regulation
Transparency. Companies must provide clear information
on what data is collected, how it's used, and who it’s shared
with.
Data Minimization. Collect only the data necessary for a
specified purpose.
User Consent. Explicit consent must be obtained from
users for data collection, and organizations must provide
mechanisms to withdraw consent.
Data Breach Notification. In case of a data breach,
organizations must notify affected users and relevant
authorities promptly.
Legal Consequences of Non-Compliance

Financial Penalties: Non-compliance with regulations like


GDPR can lead to severe fines, potentially up to 4% of annual
global revenue or €20 million, whichever is higher.
Reputational Damage: Legal issues, especially those related to
privacy breaches, can damage an organization’s reputation
and erode consumer trust.
Legal Liability: Organizations may face lawsuits from affected
users or partners if they fail to comply with legal standards,
resulting in costly settlements and potential criminal liability.
Ethical Issues in Computing and Information Technology

Intellectual Property (IP) Rights in IT


Intellectual property laws protect creations of the
mind, such as software, designs, and inventions.
In IT, intellectual property rights prevent
unauthorized use and distribution of software and
digital content.
Types of IP Protection
Copyright: Protects software code, digital content, and
original works. Infringing copyright laws can lead to
lawsuits and fines.
Patents: Protect inventions, particularly in software
and hardware technologies. They grant the inventor
exclusive rights to their invention for a specified
period.
Trademarks: Protect brands, logos, and slogans,
ensuring that only the brand owner can use them.
Examples of Violations
Software Piracy: Unauthorized copying or distribution
of software is a significant violation of copyright.
Patent Infringement: Using a patented technology
without permission can lead to costly legal disputes.
The Apple vs. Samsung patent dispute over
smartphone designs and features demonstrated
the high stakes of patent infringement in IT and
led to substantial damages and court-mandated
changes in product designs.
Privacy Issues in IT
Data Collection and Consent
Informed Consent: Users must be fully informed
and give explicit permission before their data is
collected or shared.
Minimization Principle: Collecting only the data
necessary for the intended purpose.
Transparency: Organizations should be clear about
what data is collected, why it’s collected, how it’s
used, and with whom it’s shared.
Privacy Issues in IT
Employers search social networking sites for
background information on applicants
Monitoring systems are adopted by employers to
check employee performance
Information technology has aided in the easy
availability of personal information
Information in databases can be used for direct
marketing and for credit checks on potential
borrowers or renters
Data Security and Breach Response
Encryption
Data should be encrypted to protect it from
unauthorized access, both in transit and at rest.
Access Control
Limiting access to data based on user roles to
reduce the risk of unauthorized access.
Breach Notification
Organizations must notify individuals and
regulatory bodies promptly in case of a data
breach to prevent further damage.
Data Security and Breach Response
Conduct business only with websites having privacy
policies
Limit access to personal information to those with
authorization
Ensure data’s reliability and take precautions to
prevent misuse of the data
Data collection must have a stated purpose
Identify ways to prevent personal information
gathered being disclosed without consent
Best Practices for Managing Legal, Ethical, and Privacy Issues in IT

Develop and Enforce IT Policies


Organizations should have clear policies covering
data privacy, data use, and information security.
Policies should be communicated and enforced
across the organization.
Employee Training
Regular training on IT best practices, security
protocols, and data privacy laws helps employees
understand their role in safeguarding data.
Best Practices for Managing Legal, Ethical, and Privacy Issues in IT

Compliance Audits
Routine audits to check compliance with data
protection laws and internal policies help mitigate
risks.
Transparent Data Use Policies
Publicly posted data use and privacy policies help
build user trust and demonstrate organizational
commitment to ethical practices.
Assignment

1. Should companies be allowed to use data for purposes


other than those explicitly consented to by users?
Explain
2. How can we ensure fairness and reduce bias in AI and
machine learning applications?
References
https://www.utc.edu/engineering-and-computer
science/caecd/course-listing/cpsc-3610
https://www.geeksforgeeks.org/ethical-issues-in-information
technology-it/ Ethical Issues of Information Technologies •
https://www.csub.edu › ~ychoi2 › 300Lecture

You might also like