Information & Management 36 (1999) 213±220

Applications

Personal information privacy: implications for MIS managers
Sandra C. Henderson, Charles A. Snyder*
Department of Management, College of Business, Auburn University, 415 W. Magnolia, Auburn AL 36849, USA Received 23 April 1998; revised 14 January 1999; accepted 20 March 1999

Abstract Recent media attention to information privacy issues has shown that citizens are increasingly concerned about information privacy and their right to it. Governmental and other organizations have been collecting data about individuals at an increasing and, to many, alarming rate. The ability to gather so much information on individuals is largely because of advances in information technology (IT). It is important for IS managers and professionals to understand the issues surrounding personal information privacy in order to protect the rights of those from and about whom they collect data. A model is presented to provide managers guidance in dealing with privacy policy. Taking a proactive stance against privacy invasion could help stave off government intervention in passing legislation to create tighter controls over what can be done with an individual's personal data. # 1999 Elsevier Science B.V. All rights reserved.
Keywords: Personal information privacy; Information privacy; Personal data; Privacy; Ethical issues; Right to privacy; Privacy policy

1. Introduction Privacy is a fundamental right recognized in the United Nations Universal Declaration of Human Rights, the Council of Europe's Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, the International Covenant on Civil and Political Rights, and many other international and regional treaties. Privacy has been de®ned as the `right of individuals to control the collection and use of personal information about themselves.' The right to privacy has become one of the most important ethical issues of the information age [19]. Nearly every country in the world recognizes the right to privacy in their constitutions or laws. While some only provide provisions for such rights as inviol*Corresponding author. Tel.: +1-334-844-4071; fax: +1-334844-5159; e-mail: snyder@business.auburn.edu

ability of the home and secrecy of communications, many recently written constitutions, such as South Africa's and Hungary's, include speci®c rights to access and control one's personal information. In many countries such as the United States, Ireland, and India where privacy is not explicitly recognized in the constitution, the courts or new laws have identi®ed the right to privacy. In addition, international agreements that extol the right to privacy, such as the International Covenant on Civil and Political Rights or the European Convention on Human Rights, have been adopted into law by many countries. Privacy, as a right, has roots deep in history. Evidence of the protection of privacy Ð with a focus on the right to solitude Ð can be found in early Hebrew culture and ancient China. Other cultures have recognized the right of privacy as a formal concept for centuries: the Greek `contumelia,' the Roman `injuria,' the German `Personlichkeitsrecht,' the Swiss

0378-7206/99/$ ± see front matter # 1999 Elsevier Science B.V. All rights reserved. PII: S - 0 3 7 8 - 7 2 0 6 ( 9 9 ) 0 0 0 1 9 - 1

Universal Declaration of Human Rights provided a modern privacy benchmark.N. used only for the original speci®ed purpose. Television shows have included exposes . In 1890. Over 20 countries have adopted these documents as the core as their data protection laws [14]. the European Commission of Human Rights and the European Court of Human Rights were created to oversee the enforcement of privacy rights.C. Snyder / Information & Management 36 (1999) 213±220 `Geheimsspare. adequate. Individuals also have the right to access and correct or amend their data [7. many more countries around the world adopted data protection laws. family. Privacy laws can be traced as far back as 1361 when the Justices of the Peace Act in England provided protection from peeping Toms and eavesdroppers. not attacks upon his honour and reputation.' and the French doctrine of `la droit de la personnalite. American lawyers Samuel Warren and Louis Brandeis published a paper that quoted Judge Thomas Cooley's claim that the individual has `the right to be let alone. thereby prompting the rather stinging commentary by Warren and Brandeis: ``Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life. At the international level. Similar provisions can also be found in Article 8 of the 1950 Convention for the Protection of Human Rights and Fundamental Freedoms. Article 12 states: ``No one shall be subjected to arbitrary interference with his privacy. articles have appeared in newspapers and  magazines.' At this point. In 1970. from collection to storage and dissemination.' The English allowed limited protection only if a collateral property right or breach of a con®dential relationship was involved [16]. The Swedish Parliament enacted the Access to Public Records Act in 1776. the whole issue of the right to privacy was the direct result of technology and lifestyle. National laws soon followed in several countries: the Swedish Data Act of 1973. relevant and not excessive to purpose. the Declaration of the Rights of Man and the Citizen proclaimed that private property was inviolable and sacred. and the 1978 French Act on Data Processing Data Files and Individual Liberties [22]. Henderson. the 1977 German Federal Data Protection Act (BDSG). In 1792. accurate and up to data. the ®rst data protection law in the world was enacted in the Land of Hesse in Germany. two crucial instruments evolved in the 1980s: the Council of Europe's (COE) Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and the Organization for Economic Cooperation and Development's (OECD) Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data. the United States Privacy Act of 1974. personal information must be:      obtained fairly and lawfully. the 1978 Austrian Datenschutzgesetz (DSG). The 1948 U. The advent of information technology (IT) increased interest in the right of privacy issue in the 1960s and 1970s. Based on Article 5 of the COE Convention. Largely due to increased surveillance potential and record-keeping abilities of computer systems. A renewal of the interest in information privacy occurred in the late 1980s as a result of increased database marketing and telemarketing [8]. 23]. and destroyed after its purpose is completed. Information privacy issues remained at the forefront of consumer concern into the 1990s. C. During the following centuries. During this period. This Act required that all government-held information be used for legitimate purposes. From this Convention. Stiff ®nes were invoked in 1858 as France prohibited the publication of private facts about individuals. laws governing the collection and handling of personal information were demanded. This attention has been brought about by the increasing impact of IT on daily life [28] and by recent media attention. several countries developed privacy laws. The rules contained within these two documents call for the protection of personal information at every step. In 1965. As evidence of the renewed interest. the Organization for American States called for the protection of privacy in the American Declaration of the Rights and Duties of Man. the Danish Private Registers Act of 1978. home or correspondence. and numerous mechanical devices that threaten to make good the prediction that `what is whispered in the closet shall be proclaimed from the house-tops''' [32]. The American Convention on Human Rights Article 11 de®nes the right to privacy in a manner similar to the Universal Declaration.214 S. Everyone has the right to the protection of the law against such interference or attacks'' [31].A.

Consumer attitudes about information privacy. in order to perform this oversight function effectively and to provide justi®cation for increased information security to policy makers. 30]. with respect to the processing of personal data in the telecommunications sector'' and to ensure free movement of data. This paper presents a normative model designed to aid information system (IS) professionals and managers protect the personal information of their customers and other individuals. In the 1990s.C. There were two reasons: (1) to ensure protection of the `fundamental right' to privacy with respect to the processing of personal data. As computerization increased. C. IS managers and professionals must understand the driving forces surrounding individuals' concern about personal information privacy. The main threats include computer matching. All have contributed to the growing concern about information privacy. making the provision of security a greater problem. and books have been published on privacy. and (3) confusion surrounding the de®nition of what is ethically right and what is wrong [20]. Organizations are being held liable for the improper use of information technology and personal information. IS professionals and managers should be aware of information privacy issues Ð especially the potential impact on existing IS and on future systems development. . documents can still be ®led in ®ling cabinets. and electronic surveillance [26. However.S. concurrent with the increased media attention and the European Union Data Protection Directive. computation. corrupt or careless medical records clerks. e-mail monitoring. more documents were stored on magnetic media. Driving forces There are three main forces driving the growing focus on personal information privacy: (1) new technological capabilities. there is increased concern that privacy will be harder to maintain. However. In 1995. Control over personal information is lost and any data errors are exacerbated as the data move from one computer to another. the European Union adopted the Directive on Data Protection designed to establish minimum standards for the processing and use of personal data. and retrieval has given personal information privacy and the right of privacy new meaning [12]. control over the information was relatively easy to maintain. Henderson. These capabilities come at a high price for personal information Ð an increased threat to an individual's privacy. busybodies in hospitals. Snyder / Information & Management 36 (1999) 213±220 215 involving loss of personal data. when documents were kept in ®ling cabinets. As organizations rely more on electronic communication. Technological capabilities Highly sophisticated technology with its enhanced capacity for communication. have brought about a signi®cant increase in the potential legal liability for misuse of an individual's personal information [29]. Therefore. organizations need to be constantly aware of the issues surrounding personal information privacy and any repercussions that can occur if they do not take precautions to protect the information they collect on individuals. because physical access to ®les could be limited by the use of locks and guards. insurance companies accessing medical records.A. and in particular the right to privacy. 2. This Directive provides for protection to ensure the ``fundamental rights and freedoms. and (2) to prevent restriction of the `free ¯ow of personal data' among EU Member States on grounds of privacy protection [9]. but most are stored on electronic media and transmitted over networks in an electronic format. 2. storage. (2) increasing value of information. The ability to cross-correlate and share information is now relatively easy and cheap. perhaps the major impact on information privacy and data protection concerns in many countries will come from the two European Directives that provide their citizens with a wider range of protection of their data. IS managers have the oversight responsibility for information liability as they have the most extensive knowledge of their organization's systems and programs.1. The Telecommunications Directive was adopted by the Council and Parliament of the European Union in 1997. In the 1950s. hackers seeking passwords or the challenge of breaking a security code. The proliferation of Enterprise Resource Planning (ERP) and client±server systems has allowed organizations to pull data from a number of internal and external sources. and an intimate understanding of the data [27]. telecommunications equipment and services among Member States [10].

A. Henderson. is made possible because of increased processing speeds and decline in storage costs. Organizations are faced with completely new policy decisions. However. Increasing value of information As computing and data management continue to become more decentralized and control is diffused. Privacy policy The publicity surrounding privacy issues has led to some action. With the massive amounts of data being collected by business and government. The trend toward decentralization has contributed to the threat to personal information privacy. Therefore. for instance.S. improve customer satisfaction and retention. 4. Which actions can be deemed damaging to an individual's privacy and which are merely inconvenient? Some inconvenient results of increased information gathering Ð such as mailbox clutter Ð may be acceptable as the price of progress. C.C. the Cable Communications Policy Act of 1984. For example. the U. The use of such capabilities for this unauthorized secondary use of personal information has caused the largest outcry from the public about personal information privacy violations.Thus.'' Currently. Snyder / Information & Management 36 (1999) 213±220 New developments in computer technology have enabled organizations to downsize and distribute their computing platforms. the Family Educational Rights and Privacy Act of 1978.3. Use of corporate Intranets has also become widespread and data control has become more dif®cult. 3. the European Union. are far behind the developmental trajectory of information technology [18]. privacy laws in the United States and many other countries do not provide the protection of. 2. For instance. and the Video Privacy Protection Act of 1988. mainly because it is harder to manage data and keep tight control when it is spread out over several computers. private organizations are exempt from privacy legislation with the exception of the Fair Credit Reporting Act of 1970.2. Privacy Act of 1974 offers only protection against data held in government databases about U. privacy could easily be compromised by persons with authorized access [3]. citizens. Organizations have found that the data collected about customers can be used to target prospects.216 S. In order to do this. the Privacy Protection Act of 1980. Right and wrong IT has changed the public's perception of privacy. Its origins date back to common courtesy and social more that respected the need for private spacesF F F. companies are increasingly targeting certain consumer segments instead of all potential buyers.S. the value of information is increasing with new ways of using it for strategic and competitive advantage. Where does this leave the protection an individual's personal data from private sector organizations in the United States? For the most part. ``privacy law consists primarily in the protection of that private space surrounding one's person into which outsiders should not be permitted to penetrate. they propose that the legality of gathering and using an individual's personal information is largely dependent upon the individual's perception of who is gaining value for the use of the information Ð the organization or the individual. especially if there is an error in the database containing the records: the individual may be wrongly denied insurance coverage.privacylawsdonotprotect privacy well and. in fact. often from several sources. Hagel and Rayport [15] suggest that this outcry is more the result of consumers becoming aware of the value of the information that they have freely divulged in the past. Therefore. The main limitations of these laws is that enforcement is entirely in the hands of the individuals who must recoverdamagesincourt. 2. and identify opportunities for new products or services. Rights of information privacy According to Branscomb [4]. Applications once run on mainframes can now run on PCs with data stored on the individual hard disk drives and on LAN ®le servers. our . ``Our awareness has been raised. The ability to gather this information. companies need to know speci®c purchasing characteristics of individuals. an insurance company accessing an individual's medical records to help in determining insurability may be potentially damaging to the individual. it is necessary to store and share information with other organizations Ð usually without user knowledge or permission. However.

Snyder / Information & Management 36 (1999) 213±220 217 resistance. However. technical. In order to ensure data con®dentiality: (1) computer security procedures should include physical.A. and administrative security measures. IS managers and general managers need to implement controls to ensure that the information collected is done so in a manner that protects the individuals' personal information privacy. private persons. However. laws.S. (3) the ®le should be made available so that the individual can ensure that the data are correct. the appropriate level of privacy protection that should be afforded to public ®gures. According to Rotenberg [25].S. This includes taking precautions to ensure the accuracy of data. there is still a need to develop national privacy policies that address: the balance between the right to privacy and the right to access. or standards apply to any given situation? Who enforces these rules or codes [13]? Four principles should be followed in data collection: (1) data should be collected on individuals only to accomplish a legitimate business objective. with databases containing sensitive personal data should establish adequate policies and ensure that they are properly promulgated to those workers who have responsibility for the protection of privacy. Internal Revenue Service (IRS) revelation of sensitive private data from taxpayer records in response to telephone inquiries for which the caller only had to provide name. industries and individual organizations should consider other methods. social security number. incomplete or unenforceable. ``The essential framework for privacy protection Ð a code of fair information practices. (2) third parties should not be given access to data without the individual's knowledge or permission. kept up to date.'' As an alternative to government regulation. (2) data should be adequate. other than the most routine. where necessary. Henderson. and not excessive in relation to the business objective. The manager of any organization. The Association for Computing Machinery (ACM) has included a section on privacy in its Code of Ethics and Professional Conduct. for it is a right that affects every individual with an identity and a personal history'' [11]. the individual's version should be noted and included in any disclosure of the ®le. and (4) data should not be disclosed for reasons incompatible with the business objective for which it was collected [2]. relevant. (2) data should be accurate and. and address. Whether governments enact more privacy laws or organizations follow self-regulation. and (4) if there is a disagreement about the accuracy of the data. the expectations of individuals and the needs of society. . Their code states that ``It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. The importance of having adequate policies in effect is hard to overestimate. Despite privacy laws that have been enacted in many countries. setting out the obligations of companies that collect personal information and the rights of individuals that give personal information Ð is often missing. C. (3) disclosures of data. We must act with vigor and vigilance to ensure our privacy.C. privacy policies are notoriously weak Ð often reading more like a simple disclaimer. In an investigation. increased. and (4) individuals must give their consent before data pertaining to them can be gathered Ð such consent may be implied from the individual's actions. as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals'' [1]. 5. Several issues should be addressed by both managers to ensure they are knowledgeable about the latest developments in information privacy. clear guidelines as to what information an individual can be compelled to reveal to bene®t society and what should be under his or her control [33]. public or private. An example of loose policy was the U. the IRS found that their auditors (and other individuals) could easily secure tax and income data without the IRS verifying the caller's true identity. governments and other organizations. one potential problem with this concept or any other privacy rule or standard is enforcement: Who decides what privacy rules. Four principles also apply to data accuracy to ensure that misleading information will not be distributed: (1) sensitive data gathered on individuals should be veri®ed before it is entered into the database. (3) data should be obtained in a lawful manner. should be noted and maintained for as long as the data are maintained. Self-regulation and policy Self-regulatory policies and procedures may be a way to handle information privacy issues. except as required by law.

Next. 3. Promulgation of policy Disclose information to individuals concerned a. Implications for managers Careful consideration of the implications of personal information privacy issues should be a priority in organizations. Assume responsibility for personal information a. Snyder / Information & Management 36 (1999) 213±220 6. (3) the information collected or used is relevant to the transaction. Identify use of personal information (1) Applications requiring use (2) Applications not requiring use (3) Protection afforded an individual's personal information Ascertain extent of personal information a. an organization does not need to store information that it does not need nor information that could cause public backlash. Designate responsible managers Take action to limit damage if procedure breaks down 2. Educate appropriate personnel on privacy policy Map privacy sensitive data a. Close contact with the functional area managers would help the desigTable 1 A proposed normative model for privacy issues in the organization 1. Relevance for business objective c. If they do not do so. Designate one individual responsible for information liability b. control. With the proliferation of data warehousing and data mining. C. levels of concern about information will continue to rise and citizens will look to the government for solutions [21]. Obtain permissions for internal and third-party use Document use a.C.218 S. Non-excessive data collected for business objective Ensure data sources and controls a. 7. Assure security of data c. Resolve in favor of individuals b. This practice would help ensure that privacy policies are maintained and legislation monitored and that the information reaches the appropriate personnel. Third. the vulnerability of organizations to accusations of misuse of personal data is likely to increase. in many industries self-regulation works better. There are several areas in which IS managers should be particularly cautious. Second. Currently. and hard copy and oral data need to be protected just as much as computerized data [24].A. proper human judgement should be used in making decisions concerning an individual's personal information. and (4) they believe the information will be used to draw reliable and valid inferences about them. 5. Finally. An IS manager should also keep in mind the fact that individuals are less likely to perceive practices as privacy-invasive when (1) information is collected under the umbrella of an existing relationship. nated person keep up with the organization's practices concerning personal information. the organization should have approval of the individuals concerned or knowledge that the individuals would approve of the sharing. One person should be designated responsible for information liability and to maintain a close connection with functional area managers. While there is not necessarily anything wrong with government intervention. First. Managers should identify any potential underlying privacy-related problems and be prepared to take corrective actions and appropriate measures to protect the individual's privacy. 4. IS managers also need to take into consideration the following points: access to data should be limited to only those who actually need access to the data. Accurate information in databases c. if information is shared electronically. Managers need to be aware of new developments. Verified information databases d. internal controls and procedures should be in place to prevent and/or correct any errors in an individual's personal information. A manager should also be cautious when pieces of personal information are pulled from different sources to make a more complete ®le. Conscious and deliberate decisions must be made by upper management on the operation. (2) they feel that they have control over future use of the information. Table 1 contains a normative model that could be embraced by organizations who are concerned about privacy issues and are ready to take a stance to help ensure individuals' rights to privacy. IS managers need to think through potential information problems within their ®rms and take action to reduce the risk that their information systems might be used to invade an individual's privacy. Record all disclosures and purposes (provide an audit trail) b. and management of information services [17]. 6. Identify databases with personal information b. there is a need for IS managers to take a proactive stance regarding information privacy management issues. Some organizations have reported the . Adequacy for business objective b. Most data warehouses re-orient data to have a customer focus. Lawful collection of personal information b. Henderson. information should be used for the purposes for which it was collected or for which individuals believe it was collected.

CIO. How did they get my name? An exploratory investigation of consumer attitudes toward secondary information use. Who Owns Information? From Privacy to Public Access. 1985.fr/eng/legaltxt/108e. K. Code of Ethics and Professional Conduct.html. Culnan.org/constitution/code. Information and Management 6. Harvard Business Review 75(1).W. Westport.echo. Basic Books. Hagel. Huttenstine. pp. Downloaded from http:// www2. The Right of Privacy in the Computer Age. M. pp. However. University of North Carolina. According to Bresnahan. MA. 1996. Agranoff. Downloaded from http://www. Managers contemplating such moves must be sure that they implement policies to protect the personal data they wish to exploit or tell their staffs that they are likely to face stiff rebuke and penalties if the data are misused. 108. Bresnahan. Thereby.C. Rayport. III. 15 March.html. M. J. C. J. ACM web [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] page. one long distance provider is said to have greatly increased the effectiveness of its telemarketing efforts to reduce loss of its most valuable customers. Branscomb. R. MIS Quarterly 17(3). The right to be let alone: A descriptive analysis of the right of privacy in the cases from 1880 through 1983.coe. W. Directive 97/66EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector. 1981.html. New York. Protecting individuals' privacy can help ensure the continued willingness of individuals to share their information. 15 May. Quorum Books. Downloaded fromhttp://www. R. 48±52. 77±81. pp. 1983. international. J.S. C. Bresnahan. 1993. 1985. Chapel Hill. 1991. Downloaded from http://www. Currently.org/resto®t/Directive/Directive_Contents. Auerbach. P. Henderson. Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. Gellman.org/privacy/survey/intro. Section 1. Global Internet Liberty Campaign. A methodological framework for formulating information policy.acm. Eder. 269±280. CT. The Business Case for Privacy. Con¯ict and overlap in privacy regulation: National. Another twist to this complex issue deals with individuals becoming increasingly aware of the value of their personal data.J. pp. pp. Downloaded from http://www. 1987. pp. When individuals have had enough of privacy-invasion issues. With the U.H. A Publication of the Harvard Infrastructure Project.lu/legal/en/dataprot/protection. 38±42. Strasbourg. such as their personal information being massaged by too many computers without their consent. 341±363. 53± 65. 1997. Privacy on parade: Your secrets for sale! Futurist 28(4). 1997.F.html. Cambridge. The coming battle for customer information. Privacy and Human Rights: An International Survey of Privacy Laws and Practice. 92±104. . A. `privacy protection pays' because `indifference can get you in trouble' [6]. The ability to amass personal data from multiple sources and generate `intimate' customer pro®les is likely to lead to widespread deployment of such systems. M. ETS No. governments worldwide will be forced to deal with the issue by enacting further legislation that will require the consent of individuals before marketing information about them. organizations collecting personal data about individuals appear to have the power of ownership of the data. Professional responsibility for information privacy. government's inept handling of previous legislative attempts to control the proliferation of personal information available due to information technology. Snyder / Information & Management 36 (1999) 213±220 219 ability to provide detailed personal data pro®les for their customers so that individuals can become market segments of size one. and private. A Division of Harper Collins. unpublished doctoral dissertation.S. individuals may soon reclaim ownership of their data and demand value Ð in the form of better service or even cash Ð in exchange for it [5].htm.odpr.L. I. Freedman.A.gilc. Kahin. The MIT Press. Communications of the ACM 39(9). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Laudon. 1994. A proactive stance against personal privacy invasion could help prevent tighter and possibly onerous legislation aimed at protecting individuals. Journal of Information Systems Management 2(1). CIO.F. self-regulation either by the industry or individual organization could be the best answer. Nesson (Eds.C. Up Close and Personal. Controlling the threat to personal privacy: Corporate policies must be created. Karni. Council of Europe. in: B. Journal of Information Systems Management 8.7. J. Borders in Cyberspace: Information Policy and the Global Information Infrastructure. References [1] ACM (Association for Computing Machinery). 1998.). Markets and privacy. 1997.L. This could have a major impact on the cost of collecting and maintaining consumer data. 1994.

Collins. R. Harvard Law Review. Her current research interests include information privacy. Sibley. Rotenberg.J.220 S. pp. and data integrity. [24] G. SAIS. Dr. TRW.W. He is currently a member of the Society for Information Management working group on knowledge management and is Alabama representative to the International organization. He holds an MS in Economics from South Dakota State University. [22] National Omnibus Laws. 82±85. and command positions as an officer in the USAF.html. and database systems development. She has presented at the SAIS conference. 1997. staff. and consulting experience. computerintegrated manufacturing. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.C. 2. 1990.A. [25] M. [28] H. His research interests include knowledge management. American Society for Information Science Bulletin 23(3). Downloaded from http://os¯. Rifkin. Coors. and software companies. information resource management. expert systems.htm. Snyder is a member of SIM. IEEE. He received a Ph. Before his academic career. E. pp. Privacy. The right to privacy. Values. CIO. [33] S. 4±12. Information Today 14(8). Brandeis. 1986. Snyder has consulted to such firms as AT&T. Burke. Dr.oecd. March 1890. His more than 100 refereed publications have appeared in leading journals such as The Journal of Management Information Systems. H. p. 1(23). Milberg. and individual rights to privacy. Snyder / Information & Management 36 (1999) 213±220 sheworked as a controller and IS coordinator for a light manufacturing plant. Data Management. Jr. New Laws. He serves as a director of five organizations. He has extensive management. Privacy and IT Use. Downloaded from http://www. pp.D. California Management Review. .gmu. Harvard Business Review 72. 65±74. technical reports. transborder data flows. She received a B. Warren. She holds an Master's of Accountancy with a concentration in Accounting Information System from Florida State University. 9±67. Kallman. [19] R. pp. Data Protection Summaries. L. security.D. BellSouth. The Academy of Management Review. Smith. [21] S. he served for 20 years in a variety of operations.S. 1998. [27] D. He has published many scientific Proceedings articles.. He is the past President of the Alabama SIM and the Southern MIS Association. Warwick.J. IEEE Transactions on Engineering Management. Communications of the ACM 38(12). and other major professional societies. pp. pp. [30] C. 1993.J. IS as a Threat to Privacy. Snyder is the Woodruff Endowed Professor of Management (MIS) in the Department of Management at Auburn University.H. an MBA from Ohio State University.hrweb. 8±9. proprietary databases.W. The Journal of Engineering and Technology Management. December 14±21. and regulatory approaches. Communications of the ACM 36(12). AIS. [23] Organization for Economic Cooperation and Development. Privacy policies and practices: Inside the organizational maze.D. DSI. ACM. The Data Game. pp. MIS Quarterly 14(2). [26] E. Mason. Tenopir.org/legal/udhr. Sandra C. Previously. published by Irwin McGraw-Hill. The Industry Standard. in Accounting from Albany State University. 105±122. Slater. Henderson is a doctoral stu dent of Management Information Systems in the Department of Management at Auburn University. MIS Quarterly 10(1). Production and Inventory Management Journal.org//dsti/sti/it/secur/prod/priv-en. C. 1990. 14±15. S. IRMA. South Central Bell. pp. systems analysis and design. 1 May 1997. 193±220. in Management from the University of Nebraska. Straub. [31] United Nations Universal Declaration of Human Rights. [32] S. and a BFA from the University of Georgia. Downloaded from. Four ethical issues of the information age. Information and Management. 41. He is co-author of The Management of Telecommunications. Chap. Key information liability issues facing managers: Software piracy. research. The International Journal of Man±Machine Studies. 143±156. For Privacy. McFarlan. 1994.W. 1995. Downloaded from http://www.edu/esibley/ch2.A. [20] F. 1997. Information technology: Privacy matters. Charles A. and book chapters.O.html. Henderson. The Academy of Management Executive. and Decision Support Systems.J. CIO 3. The Journal of Information Systems Management. Smith. Privacy and policy. personal information privacy. and telecommunications management. [29] D.

Sign up to vote on this title
UsefulNot useful