Week 9 10 Ethical, Legal Moral Constraints

Slide 17.
BISA301
Business Information
Systems Management
Week 9&10
Chapter 17
Ethical, Legal and Moral
Constraints on
Information Systems
Bocij, Greasley and Hickie, Business Information Systems PowerPoints on the Web, 5th edition © Pearson Education Limited 2015
Slide 17.2
Learning objectives
• At the end of this lecture, you should be able to:

– analyse decisions and courses of action from
professional, ethical and moral perspectives;
– select appropriate and legal courses of action in
keeping with professional codes of conduct;
– understand and respond to issues of concern, such
as personal privacy.
Slide 17.3
Management issues
• From a managerial perspective, this lecture

addresses the following areas:
– Managers must deal with moral, ethical,
professional and legal issues that often
conflict with one another.
– Responsible organisations must show an
awareness of issues that cause concern for
employees and the public such as monitoring
of employees.
– An understanding of legislation is required to ensure
that the organisation operates within
the law.
Slide 17.4
Constraints and potential areas of conflict related to the duties and

Figure 17.1
responsibilities of the IS professional
Slide 17.5
Context
• Professionalism: Acting to meet the standards set by

a profession in terms of individual conduct,
competence and integrity.
• Ethics: In general terms, this describes beliefs
concerning right and wrong that can be used by
individuals to guide their behaviour.
• Morality: Individual character or personality and
beliefs governing right and wrong.
Slide 17.6
British Computer Society (BCS)
• Code of conduct: Members of professional

associations are expected to abide by a set of
principles that set out minimum standards of
competence, conduct and behaviour.
• British Computer Society (BCS): Widely regarded
as the UK’s leading professional association for those
involved in the management and development of
computer-based information systems.
Slide 17.7
Information society
• Information society: Describes a modern population

that is conversant with – and reliant upon –
information and communications technology.
Slide 17.8
The digital divide
• Concern is growing that society may eventually

become divided into two distinct groups.
• One group will be made up of those who have
access to technology and are able to obtain
information via the Internet.
• The other will be made up of those who are
unable to gain access to technology and
information.
Slide 17.9
Privacy concerns
Two examples can be used to illustrate common concerns

related to privacy:
•The use of computer-based information systems enables an
organisation to combine or analyse data in ways not previously
possible with manual systems. As an example, a bank might build
up profiles of its customers by analysing their spending, borrowing
and saving habits. This information could then be supplied to other
organisations involved in marketing relevant goods or services.
•Communications technology allows organisations to share data,
allowing them to develop a comprehensive pool of information
regarding individuals. An insurance company, for example, might
gather medical information before deciding whether or
not to offer a policy to an individual.
Slide 17.10
Computer monitoring
• Computer monitoring: The use of computer and

communications technology to monitor the activities of
individuals.
• Echelon:
– Echelon is a global surveillance system that monitors
communications around the world. The project is
operated by the USA, the UK, Canada, Australia and
New Zealand. Each day, millions of telephone calls,
faxes and e-mail messages are intercepted and
scanned for key words and phrases. Messages
matching the search criteria used are collected and
sent to the United States for further analysis.
Slide 17.11
Computer criminals
• Computer criminals: Make use of technology to

perform a variety of criminal acts, ranging from
vandalism and sabotage to hacking and fraud.
• Information warrior: Seeks to obtain data by any
means necessary. Such people may resort to illegal
methods, such as hacking, in order to obtain the
information they require.
• Hacker: Individuals who seek to break into systems
as a test of their abilities. Few hackers attempt to
cause damage to the systems they access and few
are interested in gaining any sort of financial profit.
Slide 17.12
Hacking motivation
(a) Some hackers hold the belief that all information should be
free. Such individuals feel a duty to ensure free access to
information held by government departments and private
companies.
(b) Many hackers believe that they provide an important service
to companies by exposing flaws in security.
(c) Some people believe that hacking serves an educational
purpose by helping them to improve their knowledge and
skills. Since no harm is caused to any systems accessed,
their actions are acceptable and should not be considered
threatening.
(d) A final motive for hacking is simply for enjoyment or
excitement. Many hackers find stimulation in the challenge of
defeating the designers of the security measures used by a
given system.
Slide 17.13
Theft
• Theft: In terms of computing, theft normally, but not

always, involves altering computer records to disguise
the theft of money. The theft of services can include a
variety of acts, such as the unauthorised use of a
company’s information systems.
• Software theft: Software theft, also known as
software piracy, involves making unauthorised copies
of software applications.
• Data theft: Data theft can involve stealing sensitive
information or making unauthorised changes to
computer records.
Slide 17.14
Data Protection Act (1984, 1998)
• Data Protection Act (1984): Legislation setting out the rights of

organisations and individuals in terms of how personal information is
gathered, stored, processed and disclosed.
• Information shall be obtained and processed ‘fairly and lawfully’.
• Information shall be held only for one or more specific and lawful
purposes.
• Companies should not hold information that is excessive or not
relevant to the purposes the company has registered under the Act.
• Information held on individuals should be accurate and up to date.
• Information should not be held for longer than needed.
• Individuals have the right to see the data held on them and have
corrections made where necessary.
• Companies must take measures to protect information from
unauthorised access.
Slide 17.15
Difficulties with the DPA
• Conflicts with other legislation: For example, the adoption of the Human
Rights Act 1998 has provided UK citizens with a set of fundamental rights,
including a right to privacy.
• Difficulty in trading across international boundaries: EU regulations place
strict controls on the transfer of personal data to organisations based outside
of the EU.
• Lack of clear guidance: Many organisations have found it difficult to
incorporate new data protection legislation into existing company policies and
procedures. Although the amended Data Protection Act came into force in
2000, there have also been a number of new developments, such as the
introduction of the Human Rights Act in 2000. Unfortunately, clarification of
some of the issues raised by these changes has been slow to arrive.
• Monitoring staff e-mail and Internet use at work: Some people believe that
monitoring staff in this way breaches data protection principles since any
information gathered is not obtained and processed ‘fairly and lawfully’.
Slide 17.16
S.A. Laws
POPI - (Protection of Personal Information )
– The Protection of Personal Information Act
(PPI Act) was promulgated into law on 26
November 2013, following the President's
signature. The main objective of the POPI Act
is to protect people from harm and to protect
their right to privacy.
– POPI recognises the right to privacy enshrined
in the Constitution and gives effect to this right
by mandatory procedures and mechanisms for
the handling and processing of personal
information.
Slide 17.17
Purpose of the POPI Act

• To give effect to the Constitutional right to privacy by
safeguarding personal information when processed by a
responsible party
• To regulate the manner in which personal information
may be processed, by establishing conditions, in harmony
with international standards that prescribe the minimum
threshold requirements for the lawful processing of
personal information
• To provide persons with rights and remedies to protect
their personal information from processing that is not in
accordance with the act
• To establish voluntary and compulsory measures,
including the establishment of an Information Regulator,
to ensure respect for, and to promote, enforce and fulfil,
the rights protected by the act
Slide 17.18
POPI Rights of Protection

• When and how you choose to share your information (requires your
consent)
• The type and extent of information you choose to share (must be
collected for valid reasons)
• Transparency of, and accountability for, how your data will be used
and notification if/when the data is compromised
• Providing you with access to your own information as well as the right
to have your data removed and/or destroyed, should you wish
• Who has access to your information, i.e. adequate measures and
controls must be put in place to track, access and prevent
unauthorised people, even within the same company, from accessing
your information
• How and where your information is stored (adequate measures and
controls must be in place to safeguard your information to protect it
from theft and from being compromised)
• The integrity and continued accuracy of your information (i.e. your
information must be captured correctly and, once collected, the
institution is responsible for maintaining it)
Slide 17.19
Computer Misuse Act (1990)
• An Act to make provision for securing computer

material against unauthorised access or modification;
and for connected purposes.
• Offences:
(a) unauthorised access to computer material;
(b) unauthorised access with the intention of carrying out
or assisting others with the commission of further
offences;
(c) unauthorised modification of computer material;
(d) impairing the operation of a program or the reliability
of data;
(e) preventing or hindering access to any program or
data.
Slide 17.20
The Privacy and Electronic Communications

(EC Directive) Regulations 2003
• This legislation came into force in December 2003
and brought the UK into compliance with the rest of
the European Union regarding issues such as e-mail
marketing and telesales.
• For industry, this legislation regulates the use of
publicly available electronic communications services
for direct marketing purposes. The legislation also
covers unsolicited direct marketing activity by
telephone, fax, e-mail and automated calling systems
and even text messages.
• Now requires consent (opt-in) and opt-out.
Slide 17.21
Copyright, Designs and Patents Act 1988
• Provides organisations and software developers with

protection against unauthorised copying of designs,
software, printed materials and other works.
• Copyright legislation allows a company to safeguard
its intellectual property rights (IPR) against
competitors and others who might wish to profit from
the company’s research and investment.
• Patent: Provides its owner with a monopoly allowing
them to exploit their invention without competition.
The protection offered by a patent lasts for a number
of years but does not begin until the patent has been
granted.
Slide 17.22
Regulation of Investigatory Powers Act

2000
• Although many people felt that the Regulation of
Investigatory Powers Act 2000 – known as the RIP
Act – would have a profound effect on business
organisations, its impact has not been as serious as
predicted. The Act introduced measures that allow
electronic communications to be monitored by
government agencies.
Slide 17.23
Other laws applying to information
• The Obscene Publications Act (1959) and the Protection of

Children Act (1978) prohibit the publication of material
considered pornographic or excessively violent. This legislation
would deal with issues such as copying pornographic materials
from the Internet.
• The Malicious Communications Act (1988) makes it an
offence to send any message that might be considered obscene
or threatening.
• The Defamation Act (1996) is concerned with slander and libel.
This legislation extends to comments made in e-mail messages
and material displayed on web sites.
• The Electronic Communications Act (2000) is intended to
support the growth of e-commerce in the UK. Amongst other
things, the Act serves to make electronic signatures legally
binding.
Slide 17.24
Other laws applying to information

(Continued)
• In the wake of the 11 September terrorist attack on the
United States, the Anti-terrorism, Crime and Security
Act (2001) was introduced in the UK as a means of
strengthening existing anti-terrorism legislation. Of
particular importance to the IS industry is a requirement to
make sure that certain companies retain data on
consumers’ Internet and telephone activities, and to make
sure the data are searchable. As an example, guidelines
from the Home Office suggest that ISPs should keep
telephone subscriber and call information for 12 months,
e-mail and ISP subscriber data for 6 months, and web
activity information for four days.
Slide 17.25
End of Chapter

Week 9 10 Ethical, Legal Moral Constraints

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Week 9 10 Ethical, Legal Moral Constraints

Uploaded by

Copyright:

Available Formats

Slide 17.

• At the end of this lecture, you should be able to:

• From a managerial perspective, this lecture

Constraints and potential areas of conflict related to the duties and

• Professionalism: Acting to meet the standards set by

British Computer Society (BCS)

• Code of conduct: Members of professional

• Information society: Describes a modern population

The digital divide

• Concern is growing that society may eventually

Two examples can be used to illustrate common concerns

• Computer monitoring: The use of computer and

• Computer criminals: Make use of technology to

• Theft: In terms of computing, theft normally, but not

Data Protection Act (1984, 1998)

• Data Protection Act (1984): Legislation setting out the rights of

Difficulties with the DPA

Purpose of the POPI Act

POPI Rights of Protection

Computer Misuse Act (1990)

• An Act to make provision for securing computer

The Privacy and Electronic Communications

Copyright, Designs and Patents Act 1988

• Provides organisations and software developers with

Regulation of Investigatory Powers Act

Other laws applying to information

• The Obscene Publications Act (1959) and the Protection of

Other laws applying to information

You might also like