Information Systems, or IS, refers to the vast databases of customer’s personal information that companies hold. This information is digitized and can be accessed by authorized employees. Keeping such sensitive information safe is a tough task, and it’s full of legal pitfalls. Technology law lags behind technology, so IS laws often are created retrograde to rectify unforeseen problems. That’s why it’s up to ethical IS owners to risk assess, predict problems and shore up potential security breaches.
ChoicePoint Data Breach of 2005
ChoicePoint was a “information broker,” meaning it bought, stored and sold the personal information of 163,000 consumers. This information could include the consumer's name, address, financial information and Social Security number. ChoicePoint falsified security information that verified the safety of its IS. ChoicePoint also turned some data over to questionable businesses that signed on as information subscribers. Some of these businesses were fraudulent and used the consumers' information for more than 800 cases of identity theft. After an investigation, the Federal Trade Commission (FTC) fined the company a total of $15 million and ordered regular third-party audits of the company.
Ethical Analysis of ChoicePoint Case
Different types of companies have different information in their systems. For example, retailers have records of their customers' credit card numbers from purchases and email providers have a record of all the information their customers share and save. The difference with ChoicePoint was that it held information solely to hold and sell that information. It should have been doubly careful to ensure its reputation and as part of basic business ethics. Instead ChoicePoint representatives lied to regulators and purposely compromised consumer's private data. ChoicePoint's actions were both unethical and illegal.
AOL Search Breach of 2006
In 2006, AOL posted 20 million keyword searches that could be traced to 650,000 AOL subscribers. The information was quickly pulled, and those responsible were fired from AOL. However, this release of information was not a case of stolen or leaked knowledge, it was actually deliberate and well-intentioned. The AOL employees thought their keyword publishing project would allow Web researchers and writers access to trending search topics, they didn’t realize that their presentation of the keywords allowed the searches to be back-traced to the searchers.
Ethical Analysis of the AOL Case
Other search engines besides AOL keep records of who searches for what. It’s up for debate if this retention of information is ethical and it is considered legal. The AOL leak was also deemed within the law because it didn’t directly disclose personal information. The information was pulled because of public outcry, not for legal reasons. It might be that future laws will prevent this type of leak or hold accidental information publishers responsible for their carelessness. AOL could have prevented the situation with some ethical risk analysis and a tweak in its publication program.