The Ethical Implications of New Business Information Technologies
Edward M. Adams
This paper discusses the challenges inherent in E-Discover, the blurring of private and public lives and finally the risks and pitfalls of data mining. Advances in technology enhance our professional and private lives, but the advances and innovations can be weighed against ethical pitfalls and potential public relations risk factors. Some technologies such as email and smart phones are becoming so prevalent that most businesses have no choice but to take on the associated burdens of the new technologies or risk becoming obsolete. Ethical dilemmas and challenges for every initial advantage are created and these situations need to be properly managed. Beyond the obvious risk of identity theft is a dire danger as private and sensitive information can be used to discriminate against a person on everything from employment to rent and health care. To further explore the ethical dilemma and danger of data mining, the data breaches at TJX, an off price retailer can be studied. While no one wants to be the last to innovate, some caution in implementing new technologies and policies regarding their use is wise.
Every advance in technology, when applied to the business environment, creates new ethical dilemmas and challenges for every initial advantage. Some technologies, such as email and smart phones, are becoming so prevalent that most businesses have no choice but to take on the associated burdens of the new technologies or risk becoming obsolete. Advances and innovations can be weighed against ethical pitfalls and potential public relations risk factors. This paper discusses the challenges inherent in E-Discover, the blurring of private and public lives and, finally, the risks and pitfalls of data mining.
With the advent of email as a channel of communication officially recognized by courts and regulatory agencies, all businesses utilizing email must factor in the requirements to meet E-Discovery requests. Email is not the only media covered by E-Discover; any method or medium of electronic storage can be called on during the discovery phase of a court case. The cost of storage, recovery, filtering for relevance and penalties for failures of the same must all be born during the discovery phase of litigation. “Amendments to the Federal Rules of Civil Procedure (FRCP) (2009) make it clear that businesses have a duty to preserve and produce electronically stored information (ESI) that may be relevant to a lawsuit as soon as litigation is reasonably expected” (Ward, Purwin, Sipior and Volonino, 2009). ESI includes, but is not limited, to any data created or recorded by employees using company-owned digital equipment such as documents, images, presentations, videos, narrations, emails and entire databases. Discovery is the pretrial process by which potential evidence is ordered, preserved and produced. The technical expertise to accomplish this task often requires a computer forensics expert, which few companies keep on staff, increasing the cost of discovery by the expense of finding and hiring a specialized technician (Ward et al., 2009).
Whether or not data is covered by the scope of discovery is determined by its relevance to the case at hand. The scope of E-Discovery also includes meta-data, “ESI about the characteristics, origins or validity of the electronic data” (Ward et al., 2009). Meta-data is unique to electronic discovery and was not an option for ‘old-fashioned’ paper documentation. This data includes information such as the attributes of a file, its creator, date created, date modified, file type, file size, etc. Scope is directly related to the cost of E-Discovery, as a company’s stored data can easily run into gigabytes and terabytes with a gigabyte holding over seven hundred thousand pages of plain text (Ward et al., 2009). E-mail alone can cripple a company in discovery with the average employee sending approximately fifty messages every day and over two hundred and fifty business days per year for more than twelve thousand emails per employee per year (Ward et al., 2009). Now imagine the cost in money and time for a company of only ten thousand employees having to scan every email over a period of years for relevance to a pending case.
Even though relevance does impose some limitations on the scope of data and meta-data to be filtered during discovery, that still leaves a great deal of latitude for courts. “Even if discoverable information is not admissible at trial, production to a requesting party is still required if it is reasonably calculated to lead to the discovery of admissible evidence” (Cooper, 2010). E-Discovery does not begin with filing of formal charges or motions, but whenever a party may reasonably believe that such filings are likely. This means that if a business so much as strongly suspects that litigation will be brought against them, they are ethically and legally obligated to suspend any destruction or alteration of information that may be relevant to that litigation. Penalties for failure to preserve relevant information and documentation range from prohibiting the offending party from bringing related data for their defense to summarily finding for the plaintiff and possibly even finding them in contempt of court (Cooper, 2010). Not only is the defendant required to provide their own data during E-Discovery, but they may be directed to provide relevant data to which they had access, even if it is data held by another party (Cooper, 2010). The question then lies in who is responsible for the cost and burden of discovery, the defendant or the third party who is not under litigation but holds relevant data to which the defendant had access.
Off-Duty Online Conduct
While smart phones allow a company to maintain more frequent access to and control over employees, they also blur the line between “off-duty” and representational conduct. Companies enjoy the ability to reach their agents at any time, but take on extra liabilities for that employee’s conduct, even when they are not in the office. So much of our previously private lives are actually now lived in full view of the public online. Workers often expect relationships and communications they would regard as private to be respected even when they are between coworkers, superiors and subordinates as long as they are not directly related to their jobs (Palm, 2009). Employees are not a simple collective as race, gender, culture and socio-economic background all shape their individual expectations of privacy, even as the corporate culture reinforces or resists them. The environment also plays a critical factor as many positions and professions by nature cannot provide privacy or trust. Employees who must hold security clearances or endure random urinalysis must resign themselves to some loss of privacy as the cost of doing business.
Corporations and other business entities must now attempt to balance the need to police employee activities online to preserve their image against said employee’s First Amendment right to free speech. “Employers have legitimate business interests in monitoring workplace Internet use: to minimize legal exposure, to increase productivity, and to avoid proprietary information loss (Genova, 2009). Often challenges to employee rights online draw attention to the very words and images they want to mitigate, such as lawsuits over company demands for or attempts to gain data about employees’ after hours activities. In a 2006 survey over sixty percent of managers admitted that after viewing a potential employee’s online social activities, they decided not to hire them based on what they found, nor were there any state or federal laws that prohibited them from doing so (Genova, 2009). Constant access to social media has become so prevalent that potential employees are factoring in such connectivity in job searches. Some organizations are attempting to limit or ban access out of concerns over productivity and propriety, while others are taking the opposite approach and using more permissive access policies at work to attract more socially savvy workers.
Data Mining and Identity Theft
Data mining is the analysis of large amounts of gathered information to detect previously unseen patterns, specifically for exploitation. This information systems process has provided vast treasure hoards of data about consumer habits allowing businesses to tailor their products and services to retain and gain customers. However, these accumulations of data are attractive targets for hackers and identity thieves. When businesses take it upon themselves to gather and/or retain information about customers, they take on the very risky responsibility to safeguard the same. In the United States of America, most laws regarding protection of personal data are to prevent government invasions of privacy. As of 2009, the only laws governing information privacy for private entities are the Children’s Online Privacy Act to shield children from marketing campaigns and the Health Insurance Portability and Accountability Act (Payne, 2009). While some may consider the scarcity of laws regarding data privacy as a license for free use, the lack also fails to provide guidance on how to handle and secure such data. This lack of guidance leaves data miners vulnerable as customers react negatively to failures to secure data they consider theirs. “The public image of the firm collecting the data can be significantly harmed if consumers feel that the collection of the data was an egregious violation of their privacy” (Payne, 2009).
Beyond the obvious risk of identity theft is a dire danger as private and sensitive information can be used to discriminate against a person on everything from employment to rent and health care (Payne, 2009). Making personal data a condition of purchase or services can make a customer feel pressured. Even when customers volunteer information, they hold their own expectations for how it will be used and when it is directed to other purposes. Unfortunately, quite often data gathered during transactions or when eliciting membership is subsequently put up for sale to third parties (Payne, 2009). Many customers consider their data to be their undisputed property, but when searches are made against their information held by others, they have little or no control leading to ill-feelings of betrayal and helplessness that will be transferred against the entity that held the information (Payne, 2009). Once trust is lost in this manner, it can be extremely hard to regain.
To further explore the ethical dilemma and danger of data mining, the data breaches at TJX, an off price retailer, can be studied. The gathered transactional data about customer credit cards, checking accounts and merchandise purchased were all in violation of industry standards regarding data retention (Culnan & Williams, 2009). The breach occurred over eighteen months from 2005 to 2006 compromising payment information of over 45 million customers (Culnan & Williams, 2009). In 2008, the Federal Trade Commission “faulted TJX for storing unencrypted sensitive information, for failing to limit unauthorized wireless access to their networks, and for failing to employ appropriate security measurements” (Culnan & Williams, 2009). Beyond the loss of trust of 45 million customers, TJX was fined by the FTC and required to submit to compliance monitoring for twenty years (Culnan & Williams, 2009).
In conclusion, new information technologies are the primary weapons of every business competing in the global market. Unfortunately that weapon is double edged, and clumsy or inattentive use is likely to do far more damage to the wielder than their competitors. While no one wants to be the last to innovate, some caution in implementing new technologies and policies regarding their use is wise. The cost of E-Discover can destroy small businesses and encumber even the largest corporation. Balancing the privacy and other rights of employees in communications and on social networks against the interests of the business entity to control its information and public image are a growing source of cultural friction. Finally, while data mining is a potential source of data to customize production and marketing towards maximizing customer satisfaction and the profits it drives, the practice leaves an organization vulnerable to breaches. Even a small leakage of private information can have devastating legal and brand image repercussions.
- Cooper, T. A. (2010). Jurisdictional, procedural, and economic considerations for non-party electronic discovery. Emory Law Journal, 59(5), 1339-1362.
- Culnan, M. J., & Williams, C. (2009). How ethics can enhance organizational privacy: Lessons from the Choice point and TJX data breaches. MIS Quarterly, 33(4), 673-687.
- Genova, G. L. (2009). No place to play: Current employee privacy rights in social networking sites. Business Communication Quarterly, 72(1), 97-101.
- Payne, D., & Trumbach, C. (2009). Data mining: Proprietary rights, people and proposals. Business Ethics: A European Review, 18(3), 241-252. doi:10.1111/j.1467-8608.2009.01560.x
- Ward, B. T., Purwin, C., Sipior, J. C., & Volonino, L. (2009). Recognizing the impact of E-Discovery amendments on electronic records management. Information Systems Management, 26(4), 350-356. doi:10.1080/10580530903245721
|Edward Adams enlisted in the U.S. Navy at the age of 23 to pursue training in computers and electronics. He spent six years in active duty and nine as a contractor for the Military Sealift Command. His duties allowed him to travel all over the world. For the past three years, Edward has worked as a laboratory computer technician with Parsons Inc. He is currently pursuing a Bachelors degree in Business Management with plans to follow up with a major in Logistics.|