Module 3: Information Systems Ethics: Privacy, Accuracy,
Intellectual Property, and Accessibility
Privacy Issues in Information Systems
Accuracy and Accountability Issues in Information Systems
Intellectual Property Issues in Information Systems
Access in Information Systems
As you have read in previous modules, the rapid growth of information technology has provided
tremendous opportunities as well as ethical challenges. In this module, we will discuss some of
the specific issues related to the areas of privacy, accuracy, intellectual property, and
accessibility. How we think about these issues, how we value these concepts in our society, and
why we might value them specifically in a democratic society are important issues that we should
consider in this course.
Privacy Issues in Information Systems
What is privacy? Webster gives the following definition: "the quality or state of being apart from
company or observation" (Merriam-Webster Inc. 2003, 988). On a more political level, the U.S.
government began to address the issue of privacy, at least in part, in the Bill of Rights, which is
the first ten amendments of the U.S. Constitution. Take a look at how the First Amendment
addresses the protection of free speech and expression by clicking on First Amendment. Click on
the Fourth Amendment to see how it relates to privacy by addressing the issue of unreasonable
search and seizure.
The forms of protection granted to citizens in the Bill of Rights are individual protections. As a
society, we in the United States value the way our rights are formulated, often without thinking
about specific rights and why they are important in a free society. Certainly, we are all familiar
with popular visions of societies where there is a lack of individual privacy, from George
Orwell's 1984 (1948) or Ray Bradbury's Fahrenheit 451 (1953) to popular modern movies such
as Enemy of the State (1998), Gattaca (1997), and The Net (1995). As information technology
professionals, managers, and citizens in an information society, we have a need to deepen our
understanding beyond these fictional examples, as compelling and imaginative as they may be.
Quoting from An Anatomy of Values: Problems of Personal and Social Choice by Charles Fried
(Fried, 1970, p. 141), Manuel Velasquez, in Business Ethics: Concepts and Cases (Velasquez,
1992, p. 396), describes privacy as "the right of persons to determine the type and extent of
disclosure of information about themselves." Velasquez makes the point that physical and
psychological privacy are separate subsets, but that physical privacy tends to protect
psychological privacy, e.g., security of our person and property tends to protect the privacy of
our thoughts, feelings, plans, personal beliefs, and desires. Velasquez suggests three aspects
that should be considered when collecting information (about employees) (Velasquez, 1992, pp.
Velasquez provides a useful perspective on the vast impact the Internet and modern computing
environments have made on the traditional realm of privacy and privacy rights. First, the virtual
world of information and networks is in some ways closer to our "psychological space" than to
our physical space. Anonymity, for example, is easily achieved in cyberspace, but far more
difficult in a face-to-face context. Second, the three aspects of relevance, consent, and methods
have been radically altered by information technology. The most irrelevant data may be
collected, at low or no cost to the collector, as we surf the Internet or input information into our
computers, and this data can then be turned into something potentially valuable by inexpensive,
high-capacity computing capabilities. Consent is often optional, or unsolicited, as evidenced by
Companies, agencies, and organizations using the Web to attract and service customers are now
being asked hard questions about just what they are collecting with these cookies, and what they
intend to do with the information they collect. Methods of data-gathering, extraction,
interpretation, and sharing in larger sets have become subtle and sophisticated, diverse, and
low-cost. The Web is today's work and recreation place, and pervasive information technology—
bringing so many benefits—also brings challenges to the ethics of business and management,
particularly in the privacy arena.
In her book Legislating Privacy (1995), Priscilla Regan identifies three subtypes of privacy:
information, communications, and psychological. Dr. Regan suggests that when we approach
privacy as an individual right, we make less effective arguments in the development of public
policy—and are at risk legally as lawmakers struggle to deal with the infosphere.
She recommends that we focus on privacy's social importance, and its role in a democracy of
citizens who govern themselves. Many privacy advocacy groups share this objective. When we
look at privacy issues as common public interests, we can see the relationship between privacy
issues and the teleological theories studied earlier, such as the common good approach.
Reviewing the legal definitions of privacy (including status and types of bills currently before
Congress on this subject) will help define the issue. Laws in the United States and other
countries appear to trail technological change. Good sources for information and breaking news
include the Electronic Frontier Foundation and Privacy.org. Excellent reference materials are
provided by the Federal Trade Commission - Privacy Initiatives site, including testimony before
Congress and a number of reports to Congress on Internet privacy issues. Also, the Department
of Justice Criminal Division maintains a Web site specifically related to CyberCrime. These
resources are provided so that you can search out particular areas of interest and become
familiar with current issues and pending legislation.
Key privacy issues to keep in mind include both governmental and commercial "surveillance" and
"collection." Much of this surveillance and collection is participatory. We often voluntarily provide
requested information because we expect a good in return, such as discounts on grocery items
or targeted mailings about services we like or need, or because we want to gain personal access
to information, credit, or a favorite interest group. These data-collection and consolidation
systems can range from frequent shopper cards to credit card and frequent flyer applications to
cell phone monitoring conducted by your wacky neighbor or the government.
An evaluation of the issue of the sharing of personal data by third parties must include the cost
and benefit to individuals, groups, and society, as well as the rightness and wrongness of the
particular act of sharing. Although most of the laws and standards we have relate to non-
electronic data (note that the Privacy Act of 1974 preceded widespread use of the Internet and
computing), our ethical code is challenged by the immediacy, ease, and convenience of datasharing via modern computing systems.
One of the extremely useful capabilities of information systems is the ability to manage
information in new ways by linking and bringing together data previously contained in
independent, discrete systems. Although this practice, frequently referred to as computer
matching, may be a powerful management tool for organizations, this same capability can
produce unintended results with detrimental consequences. For example, I may provide various
pieces of personal information on an as-needed basis. My doctor has certain medical information,
my financial institutions have different data, my employer has specific data relating to
employment, and my new mortgage broker has yet another set of data. However, were this
information combined, it would now present a consolidated set of information that I may not
want any individual or organization to possess. Numerous cases have appeared in the press
where data from individual systems have been matched and combined to provide much larger
sets of information.
Consider the following: Each citizen has an average of seventeen files in various federal agencies
and administrations. This creates a scenario where "Social Security data has been matched with
Selective Service data to reveal draft resisters. IRS data has been matched with other
administrative records to tease out possible tax evaders. Federal employment records have been
matched with delinquent student loan records to identify some 46,860 federal and military
employees and retirees whose pay checks might be garnished" (Mason, 1986, p. 7).
The power of this information consolidation allows businesses and agencies to provide better
service and to manage operations more effectively. This consolidation can also help uncover
criminals. Often, demands for individual privacy are really demands for anonymity, and these
demands may be made to protect people from prosecution for a crime. Again, the Fourth
Amendment prevents unreasonable search and seizure, and the First Amendment protects
freedom of expression—and yet these same rules are used to hide crimes. The earliest popular
use of Internet encryption schemes—specifically, one-time encryption and complex, extremely
difficult-to-crack, privately developed encryption—were in demand by Internet users who were
committing crimes in some jurisdictions. Pornography peddlers and drug dealers were among the
earliest customers, and they pushed the production envelope of better and better encryption
schemes for voice and data.
Now, as more information about us is "out there," we want to be able to control that information
and to ensure that it is accurate and not misused by second or third parties. An additional
concern is how much information should be available to law enforcement and other regulatory
agencies for legitimate identification and enforcement activities. In fact, it may be that the real
issue about Internet privacy is as much about accuracy and accountability as it is about a real
desire or need for privacy in its various forms.
Accuracy and Accountability Issues in Information
Horror stories abound regarding database inaccuracies and lack of accountability. A survey
conducted in 2004 by the National Association of State PIRGS (public interest research groups)
found that 79 percent of the credit reports received contained inaccuracies, with 25 percent of
the reports containing errors that could result in an individual being denied credit (Cassaday,
2004). The Federal Trade Commission (FTC) has sponsored an annual National Consumer
Protection Week for the last seven years, and the focus of the 2005 event was Identify Theft.
The FTC reports identity theft losses to businesses that run $50 billion dollars annually, to say
nothing of the losses to individuals, including the time and legal fees to clear their good name
(Federal Trade Commission, 2003).
Many of the organizations and resources that focus on privacy are, by implication, also
concerned with accountability and accuracy. However, although privacy often is discussed in
terms of the individual, when we discuss accountability and accuracy in data, we are much more
likely to be talking about commercial entities, organizations, and the government—those that
create, maintain, sell, and use large databases. Court dockets are full of cases trying to
determine who is at fault, who is accountable, and how data integrity will be restored if it has
A quick review of FTC news releases will indicate the range of concerns, from groups making
false claims of client-privacy protection to organizations providing few or no means to correct
inaccurate data in their databases to those that illegally or unethically sell or use their data for
non-prescribed purposes. False advertising and a "buyer beware" attitude have been around
forever, but the Internet and modern computing capabilities compound the issues, and the
damage done may be far more pervasive to individuals, to groups, and even to society than ever
Privacy and accountability are linked, especially when information technology has challenged
traditional ideas of privacy. Think about this: Lending or trading information bits about myself
(my profile, preferences, likes, dislikes, or habits) can make it easier and cheaper for me to shop
at my favorite stores, so how do I know when there is a problem? Usually, it is when trust
between me and the other contractual partner is damaged or broken. Sometimes, this occurs
when my assumptions about the ethical use of my data do not match the legal allowances for the
use of my data. It could be that I am harmed or inconvenienced because my privacy has not
been fully secured. For example, if the sale of my personal data to a third party vendor results in
frequent marketing emails and solicitations, I may feel that the possible value of new retail
opportunities is overshadowed by the volume and inconvenience of unsolicited advertisements.
Where does the accountability lie? Who owns what? And if it's a matter of contract violation, is
that contract explicit or implicit?
The federal government has recognized another area where protecting the privacy of information
is vital: the transmission of medical data within our health care system. The Health Insurance
Portability and Accountability Act (HIPAA), which became public law in 1996, requires Health and
Human Services (HHS) to adopt national standards for electronic transactions to improve the
efficiency of the health care system. Congress acknowledged that current information technology
puts the privacy of health information at risk, and it incorporated provisions requiring the
adoption of federal privacy protections for any health information that could be identified to an
individual. HHS then published national standards for the protection of such information in its
Privacy Rule, which was finalized in 2002.
Under the Privacy Rule, covered entities, including health plans, clearinghouses, and health care
providers who conduct transactions electronically are required to take certain precautions to
ensure that individually identifiable health care information is appropriately protected. Anyone
working in a doctor's office, in a medical insurance company, or for certain third-party
administrators will be very aware of the need to comply with the rule and protect individual
information. This legislation goes a long way toward protecting data related to an individual's
medical information as it relates to health plans; however, there still exist significant medical
data not protected under HIPAA.
Many of the examples you will see in this module concern employer accountability and employee
privacy assumptions and realities. Some cases involve commercial or possibly governmental
violation of an individual's privacy, and other cases focus on an individual violating the privacy of
another person using the Internet. Electronic criminal harassment and stalking, caller ID
technology, and criminal or other mischief conducted through the Internet should all be explored
as you think of privacy, accuracy, and accountability as individual and social goods.
The explosion of the Internet and business conducted over the Internet leads us back to a
consideration of the free market and its nature. The free market—indeed, any marketplace—
exists because people wish to trade various goods and values. Your personal information has
value—and you may knowingly and sometimes unknowingly trade it. One interesting
phenomenon of the Information Age is how we are now thinking about and understanding more
clearly the concept of information property ownership and, relatedly, the idea that information
has measurable (and marketable) value.
You can see the role of contractarian ethics in the marketplace: If you cheat me, I will be
unlikely to trade with you in the future. Or, if I am rewarded for sharing my information (value)
with you, I'll be likely to continue to trade with you and will recommend you to my friends and
neighbors. Companies are rapidly learning that marketplace consumers increasingly value their
data points, their privacy, and the level of accuracy and trust in the accountability of the
database keepers. This is the caveat vendidor warning mentioned in module 1.
Intellectual Property Issues in Information Systems
As we examine property issues in information systems, it is helpful to know a little background.
Our ideas about individual property and property rights, like our ideas about privacy, are
somewhat new. The Scottish Enlightenment of the 1700s provided the basis for many of our
current views about property ownership and property rights. The economic theories of Adam
Smith, author of The Wealth of Nations (1776), were extremely influential during
the Enlightenment. Along with Smith, Edmund Burke and Samuel Johnson contributed to the
intellectual environment of the Enlightenment, along with John Stuart Mill, Immanuel Kant, and
Jeremy Bentham, key thinkers about ethics with whom we became familiar in module 1.
Interestingly, the drafters of the U.S. Constitution were guided by ideas that came about during
the Enlightenment, particularly those of John Locke.
Locke, whose writings were published in the late 1600s, was one of the initiators of the Scottish
Enlightenment and our modern ideas of capitalism. The following reflects his influential views on
property and property claims:
The Labour of his Body, and the Work of his Hands, we may say, are properly his.
Whatsoever then he removes out of the State that Nature hath provided, and left it in, he
hath mixed his Labour with, and joyned to it something that is his own, and thereby makes
it his Property. (Locke, 1988, p. 239)
Locke believed that mixing one's labor with nature, making or creating something by hard work,
talent, and effort, conferred undeniable property rights to the person—even if the person did not
purchase the basic "nature" that he improved or whether or not he had a title.
Fast forward to the present ... property rights, claims, ownership, and contractual exchange of
property all create a complex environment, at least in the West, where legal agreements and
common understanding of property laws is widespread, and where many lawyers are employed
in managing, interpreting, and modifying property law every day. The current notion of what
property is, new as it may be, is challenged further by the nature of information technology—
both of the information itself and of the distribution and accessibility of that information.
Velasquez notes that "property consists of a bundle of rights that attach to some identifiable
asset" (Velasquez, 1992, p. 380), and in IT, we are still identifying and defining this "bundle of
Property Rights and Law
Many of us in the United States have never really thought about the evolution of property law in
this country and may take property rights for granted. Just as a foundation in traditional ethical
theories supports our current ethical decision-making, an understanding of the evolution of
property rights can support us as we encounter current and developing issues of property and its
ownership in the information technology arena. In fact, our current collective views toward, and
definitions of, property rights have been influenced both by eighteenth-century philosophers and
by the cumulative experiences of millions of people. Hernando de Soto, in his The Mystery of
Capital (2000), describes the evolution of Western thinking about property rights and the legal
documentation of rights over time.
Consider the following history. In the 1600s, titles to large swathes of land in America were
granted to those favored by the King of England, and for parts of the New World colonized by
other European countries, similar beque ...
Purchase answer to see full attachment