Friday, February 7, 2020

Data Breaches, Transparency and Ethics


Transparency is a term thrown around as a buzzword in the tech industry, usually to describe the principle that companies will inform you about what happens to your data. Terms like data transparency provide you with the sense that companies that conduct business online will keep your information secure and inform you if your data happens to be compromised in some way. This does not always reign true for most companies and brings up the question of what, if any, ethics are involved in the transparency of information in the digital age. Everybody’s information, ranging from photos of you posted on Facebook all the way to location information from your phone’s GPS and credit card information, is online in some fashion and has the possibility of being compromised at any time. This is where ethics comes into play. Is it more ethical to immediately inform people of their data begin compromised or potentially hide the fact data was compromised and try to fix it behind the scenes?
 
An example from recent history is the largest data breach so far, the 2017 Equifax breach. “Equifax on Sept. 7 announced the cybersecurity incident, one of the largest in history. Unauthorized data access occurred from mid-May through July 2017. The breach was discovered on July 29.”1 How come it took Equifax over a month to disclose to the public that there was a data breach that affected almost half of the country, roughly 149 million people?

Turilli and Floridi say in their paper titled, The Ethics of Information Transparency, “For these companies, it is crucial to disclose information about how they manage the flow of personal and Internet usage information, in order to prove to their customers that there is no correlation between their identity and their activities online.”2 Both authors bring up the idea that it is crucial to disclose this type of information, however most data companies that discover a data breach will wait to disclose it. I believe this is unethical as much damage can be done with the stolen data, such as fraudulent purchases on your credit card, in a short amount of time. Companies should be more inclined to notify people of a breach immediately once it is discovered as well as work to improve security.




Sources:
1. Symanovich, Steve. “Equifax Data Breach Affects Millions of Consumers. Here's What to Do.” LifeLock Official Site, www.lifelock.com/learn-data-breaches-equifax-data-breach-2017.html.

2. Turilli, Matteo, and Luciano Floridi. “The Ethics of Information Transparency.” Ethics and Information Technology, vol. 11, no. 2, Oct. 2009, pp. 105–112., doi:10.1007/s10676-009-9187-9.

1 comment:

  1. Good post! I agree that companies should be more proactive about notifying their users, especially if they're such an important company like Equifax. A lot of these big companies don't think transparency is important, and they might announce a data breach late because it's economically strategic. Your reference to the Floridi article was good, but I think you could have referenced it earlier and continued to build on it. Maybe if you reversed the post a bit, having the references at the beginning and your current opening paragraph as the concluding one, this post could be really great.

    ReplyDelete

Note: Only a member of this blog may post a comment.