PAPA MODEL – Information Technology
PAPA Model: Today, the massive use of computer science & information technology in the business world and other intuitions has brought many ethical issues and concern. Mason introduced four most crucial ethical issues of the information era on 1986: which are Privacy, accuracy, property and accessibility abbreviated to PAPA. Mason’s PAPA model focused on the individual impairment which could arise from the unethical or misuse of information and information technology. Based on the Framework developed by Mason we can analyse and reach the conclusion on ethical issues emerged by the unethical use of information technology. PAPA model enlightens depth knowledge on what the Privacy, accuracy, property and accuracy means, how they are interrelated, what are their differences and how they help us to reach the conclusion on ethical issues.
Privacy: In general understanding, privacy means the right to be free from secret scrutiny and to determine whether, when, how and to whom, one’s personal or organisational information is to be revealed. The privacy Act 1988 regulates how personal information is handled. The Privacy Act defines personal information as
…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who us reasonably identifiable. There are two main factors which threaten our privacy today, firstly growth of information technology with its capacity of scrutiny, communication, computing, retrieval and storage, and secondly the increased value of information in decision making.
Accuracy: It is the condition or quality of being true, correct or exact; free from error or defect. Inaccuracy may cause detracting situation on person’s life, organisations and business values. Here arises some question: who should be responsible for accuracy and authenticity of collected information? How can one believe that the data will be correctly inputted, processed properly and presented to users? On what basis should we believe bugs in database or system and processing are not done with intention and occurred accidently. Who takes the responsibility for glitch in information and how the victim will be reimbursed.
Property: Property issues are concentrated on ownership and value of information. It also seeks the answer of few questions like, who is the owner of the information. What is the value of the exchange, and in which way the access to information or the recourses should be allocated? Here property means the intellectual property and its right. Once the intellectual property is provided somewhere or transmitted, it is complicated to keep the person as it becomes communicable and more difficult to be reimbursed.
Accessibility: its issues are concerned on who has the permission to access the information, who holds the rights or keys to access it, what data an individual or organisations are privileged to acquire with which safeguards and under what terms and conditions?
After going through the scenario provided and from my own research I consider, all four areas have given rise to ethical issues for Joseph where some have higher level of the issue whereas other has a low level effect. Most importantly it gives rise to privacy issues followed by others.
Privacy issues: Joseph’s personal or we can say the very confidential information was compromised which could lead to very disastrous consequences, identity theft makes life miserable. If Joseph had given attention on lecture’s warning to them to be careful and vigilant while providing personal information to companies over the internet, he might be on safe side but rather he thought him old-fashioned and never thought some issues may arise while providing information to a company like Sony. How can one decide on whom to trust? How much information can one give to others?
Accuracy Issues: Being the customer of Sony Joseph had right to get accurate and timely information, to whom he had provided his personal information to credit card details with trust. Accurate information of personal information and credit card details being hacked was provided only after a whole week of the incident following by other misleading and fake information. Though, the hackers couldn’t do any misuse of data they might have destroyed everything in a week time customers could take precaution to
Property Issues: When Joseph could not restore the backup file it gives rise to property issues. He bought games from Sony he collected trophies but did he really own that? Did Sony own the data that customers provided?
Sony’s data breach is one of the biggest data breach to date which has given rise to various concerns in the Sony’s privacy policy and security measures. Though, other issues also marked a question to Sony’s management especially it has fueled to Privacy concern. When an organisation gathers personal information of its customers, employees and other stakeholders they must assure the safety and security of those. Breach of personal information can be proved very dangerous and it has been proved in many cases, for example, Jessica’s Story of the mail scam. The main issue and the question arise to Sony is where they really serious on Privacy issues, had they meet all the privacy measures and followed the protocol. If they had done so how someone could hack and enter into their system. Breach of over 77million accounts including all the personal details and credit card of the customer was not a small issue. This issue gave a big question mark to Sony. The management took a whole week to inform its customer of the actual reason for shutdown of its network, which is questionable. If a breach does occur, effective handling of the response is a key.This means planning and preparing for such an event in advance. A policy should be drawn up, under which it is suggested that prompt notification is made to both the customers and the regulators. All staff should have data protection training appropriate to their role, and appropriate compensation, support and remedial plans should be prepared. Though it was Sony violated the privacy of its customer “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
I find some statements made by Privacy commissioner Timothy Pilgrim questionable. He stated that Sony did have a case to answer as they “did not intentionally disclose any confidential information” is not surprising, simply put Australia has no real commercial Privacy or security legislation for Sony to breach. The fact that Sony did not show a duty of care and/or displayed a complete lack regard for the personal information entrusted to them by their clients is completely ignored by the commissioner. Sony’s duty of care is to maintain appropriate IT security systems, policies and procedures to maintain client data confidential, private and available whether at rest, in transit or in a process. It is obvious that they did not take these duties of care obligations seriously until “that proverbial substance” hit the fan. Statement by Pilgrim “Sony has now extra security measures to strengthen protection around the network platforms” highlights its historical disregard for client confidentiality in their corporate culture and I do not think that any Australian Government officials should comment and try to forgive such obvious laissez-faire behaviour. Can he answer us, what reasonable steps Sony took to protect individual’s credentials? Now, they actually created a CSO role. They didn’t have this before? What fines were handed down for this breach? How can he show that legislation protects individual’s information to overseas organisations? “I opened this investigation because I was concerned that Australians’ personal information may have been compromised,”
Pilgrim said. However, his concerns were unfounded, with Pilgrim finding that the company hadn’t breached the Act. Seriously, just why does Sony Corporation require our full date of birth? Year only should be adequate to verify a customer is over 18 – probe further only if the year reveals someone turning 18 that year. As such, Sony should be 100% liable for any loss plus damages for emotional distress to any customer, their spouse and immediate family, in respect of any customer who has their identity was stolen and fraud committed. And also it has to be made clear that whether it identified a culprit in the intrusion. Guilty must be punished.
Order Now