Ethics Related to the Collection of Information
The following are ethics that must be addressed when information systems are designed, and how they relate to the Confidentiality, Integrity, Availability (CIA) security concept.
The first concern related to ethics is; who benefits from the information collected? The applicable area of the CIA security triad is confidentiality. Information collected for one use might have a use elsewhere. What type of policies or restrictions are in place controlling how the information will be used? Does an organization specify all the way information is allowed to be used?
The second issue is privacy and confidentiality. Example; there are many “information mining” websites that require that a user provides personal information to access information, download, or other content. Many users never read or research how that information will be used. When they do explore how the information will be used, the content provider might use vague descriptions and legal terms to mislead users into believing the information collected will remain private.
The third issue is accuracy of information which comes under the integrity aspect of information security. Inaccurate information can have positive and negative effects. Even if users are inputting information themselves this does not completely absolve an organization such as a medical provider of all responsibility for inaccurate information.
The fourth issue is property and ownership. This issue can fall under both confidentiality and integrity. The copying or use of copyrighted material that may, or may not, be altered for other purposes. Is the information owned by someone else, is alteration of the information allowed, is use in any form allowed?
The fifth issue is accessibility which falls under the confidentiality, integrity, and availability aspect of information security. Are controls in place to address amending data. How accessible is information, can only authorized users get access to information?
The sixth issue relates to how information will be used. What is its purpose. This is somewhat related to issue one, but addresses the issue more in-depth to include how extensively the information can be used for purposes beyond what it is primarily intended. This falls under the confidentiality aspect of information security.
The seventh issue relates to system availability which is covered by the availability aspect of information security. Is information consistently and reliably available.
The eighth issue is related to categorization and falls under the integrity aspect of information security. The ultimate goal of categorization is to minimize variations within a category of information and between categories.
References
Capozzoli, E. A., Windsor, R. D., & True, S. L. (2006). Reading 7: Integration and Ethical Perspectives for Information Systems Management. In M. Whitman & H. Mattford (Authors), Readings and Cases in the Management of Information Security. Mason, OH: Course Technology.
