DeVry ETHC 232 Accidental Exposure of Information Presentation

Zip file

DeVry ETHC 232 Accidental Exposure of Information Presentation

 

This assignment is straight forward on the directions. Make sure you do not plagiarize and cite your source. Only paying for good quality writing. This assignment is due Saturday before 10pm pacific time.

Your assignment this week is to create a 4- to 5-minute training presentation based on your ethical dilemma essay. It should consist of approximately 10 well-designed, informative, and engaging slides.

Assume that you are a manager of a business or industry who needs to develop a 4- to 5-minute training video on the topic you selected for your Course Dilemma Project. The video should address the ethical and legal problem you identified in your paper and educate new and/or existing employees on what is wrong and why they should do “_____” instead of “_____” to eliminate the problem or solve it when they face it. I will provide the document that has the topic of this project. Don’t worry about the speaking cause I’ll speak on behalf of what you create on the power point.

Prepare a presentation that clearly demonstrates “right” conduct concerning the issue and explains why this ethical-legal issue in the workplace matters. The training video should have entertainment value as well as educational value.

You will record audio and visual commentary to go along with the presentation using Kaltura, PowerPoint, or another tool of your choosing.

The presentation should contain the following content.

  • A title slide that features your topic selection, your name, DeVry University, and the course identifier (ETHC232)
  • A slide that defines the ethical term you chose in Week 2; include a citation on the slide for the definition you used
  • A slide that depicts the case you selected
    • This can be an image or visual only (a picture that is worth a thousand words) to show the case that you narrate in your presentation. Include a citation on the slide for the photo or image you used.
  • A slide that lists the ethical dilemma and the three theories; cite sources on the slide
  • A slide that shows which laws or codes apply; cite sources on the slide
  • A slide that gives possible solutions and impacts on stakeholders
  • A slide that gives your solution and your rationale for choosing it
  • A slide that shows where, how, when, or why the situation can occur in the workplace of the future
  • A slide that gives advice or tips on how to handle the dilemma when it does occur
  • References slide
    • Sources must be cited on individual slides and documented on a References slide using APA style.

Post your presentation to the discussion area by Wednesday and make comments to the presentations of at least two other students. You are to act as a trainee or newly hired employee.

Please refer to the Ethical Dilemma Project Overview in the Introduction and Resources Module for details. You will be graded on your demonstrated understanding of the ethical dilemma, overall slide quality (visual appeal, grammatical correctness, accuracy), and overall audiovisual presentation quality (clear voice, smooth delivery).

 

Ethical Dilemma – Accidental Exposure of Information

Ethical dilemma refers to the situation whereby a problem is faced in the decision making process between two unacceptable options which are unacceptable ethically. People are likely to be faced with such situations in their day to day lives or even in the execution of their duties in their work places. Different people from different careers usually have different guidelines and principles that are meant to guide them in the execution of their duties. Organizations usually handle information that concerns the many clients they attend which puts them at risk. The information might get into the wrong handles or be exposed to people who were not supposed to see the information. Ethical dilemma in our case involves issues to do with cybersecurity and may be analyzed using the different theories, laws and code of ethics that may have been interfered with and have been developed which deal with ethical dilemma. In this paper, we shall analyze various aspects involved in an ethical dilemma that arises from an accidental exposure of client’s information through a data breach and the decision to be made.

The Case

Our case study involves an accidental exposure of client’s private information through a data breach that occurred in the First American Corporation in 2019.In May the year 2019, Brian Krebs reported the First American Corporation breech which had led to the exposure of a large amount of records involving the data from different people. It had led to an exposure of roughly 885 million records. The company’s website had leaked documents with information concerning mortgage agreements, the bank account details, and the social security numbers for clients, transaction receipts, taxation records, and other documents which had data for their workers and customers (Forziati, 2019, para 4).

It was confirmed that it only required one to modify the URLs and any person would access all informational records and emails from 16 years ago (Shah, 2020, para 5). The agency collected these documents from various buyers and sellers who usually include social security details, which people give them expecting them to protect the consumer’s privacy.

The company’s spokesman had to address the concerns raised and confirmed that there was a design defect in First American operations. He went ahead and commented on the security issues, privacy, and confidentiality status of customer’s information. The company went ahead to shut down all the external access to its site which was too late since the privacy policy had already been breached. The spokesperson had to apologize for the inconveniences caused and pledged to enhance security to avoid the occurrence of such events in the future.

The United States of America’s Securities exchange Commission (SEC) had to step in and conduct investigations to investigate whether the company had breached any federal security rules and regulations in place, and later, the New York Department of Financial Services (NYDFS) was also tasked to conduct investigations concerning the cyber security status and issues that the company was facing. The company failed to uphold the required ethical and moral obligations which had raised an ethical dilemma for the company as well as customer trust with the private data.

The Ethical Dilemma

The ethical dilemma comes in from how the data was obtained. The parties that shared information are not mandated to share private information that concerns the different citizens. The firms had not asked the different clients on whether or not they would share the information. The second ethical issue that arises is how the data was handled. The security policy in which the citizens had signed before they shared their information had been breached. The information is exposed from an organization that had not been mandated to the handle information. Clients are in a dilemma on whether they should leave the organization or not.Legally, they cannot sue the firm but those firms that shared their information which they shared in an illegal manner.

Application of Ethical Theory

There are different theories that have been developed by different scholars which are meant provide a theoretical framework to help in the proper understanding of the problem of ethical dilemma. These theories include;

Deontology Theory

According to deontology theory, the actions that people undertake may be considered as morally acceptable basing on the set standards and rules. All the actions that comply with these rules are considered to be ethical. Kant states that for an action, to have moral worth, it must be done from duty.” (Schefczyk n.d). Every human being needs to cultivate his or her own moral worth. This shows that the breach from the First American Corporation was as a result of an evasion of someone’s duty who did not put in place proper measures to protect their client’s information and data. Kant states that there are universal maxims which usually reflects on universal absolute laws.  Therefore, according to Deontology theory, American First Corporation ought not to have handled customer’s data without proper mechanisms to protect the data, and they should have ensured privacy of the data from any unauthorized parties.

The concept of “duty for duty’s sake” gives a significant guidance on the actions of American First Company in the way they were to protect their client’s data and assure customers of their data’s safety in the present and the future. Kant argues that one should act out of duty for the sake of duty. The duty given to the A.F.C was to protect people’s details which was to be carried out for the sake of the managerial duty. The accidental exposure of the information as a result of an error that arose from negligence of duty by the Corporation. When negligence of duty is not done perfectly, it leads to violation of the clients and the organization’s ethical value agreement.

Utilitarianism Theory

Utilitarianism theory upholds the principle of total human happiness. The theory states that actions that bring happiness to humanity should be encouraged while actions that limit happiness should be avoided and discouraged (Schefczyk n.d). First American Corporation should have protected the customer’s data which would have resulted in promoting the happiness of its consumers. The breach of data, either accidental or intentional reduces peace of mind and trust among the consumers. Major concerns on handling of the data that the First American Corporation should have considered were access, handling, collection, rights to privacy, and clients’ preferences.

First American Corporation should not have allowed their data to be accessed by third parties, as reported by Brian Krebs, it led to the reduction in happiness of the clients. The dilemma about those who would access the main administrator’s portal interface, the frequency of checking the system and its errors, and maintaining high-level control of the data access should have been among the issues that were prioritized by First American Corporation. The exposure of the data is a threat to the clients and both the corporation and the clients should seek to mechanisms that would ensure data sharing security is done and it would have benefitted both of them. The other cause of the alarm is on the clients’ side. Basing on the Corporation’s report, the spokesman commented on the satisfaction of customer’s service in the organization (Krebs, 2029, para 13). This means that due to factors to do with their happiness, they were in a dilemma about choosing First American Corporation. Therefore, utilitarianism focuses more on the outcome, or rather, consequences. The clients will be in a dilemma to choose the First American Cooperation because they fear the consequences of leaked information in the future and in the present. On the other hand, the company has experienced ethical issues that place it a crossroad on its operational safety and ethical validity.

Virtue-based Ethics

Aristotle suggests that most people assume virtues through practice. Herschel & Miori (2017, p.32) argue that large amounts of data are currently being used for various reasons, including ethical and unethical purposes. While the deontological approach addresses the ethical duties and rules, virtue ethics is concerned about the person or group carrying out the actions. The First American Corporation is experiencing an ethical dilemma because of virtues, subject to customer’s interests. When the breach happened in May 2019, questions were asked about the organization’s data management personnel’s virtues which led to the spokesperson attempting to respond to some of them. (Krebs, 2019, para, 13).

Some elements of virtue-based ethics include attitude and character whose disposition and traits attract certain decision making elements among a group. For instance, First American Corporation is in a dilemma because of not upholding its virtues that led to data, and information management. Customers will attempt to make decisions in the dilemma of the existing situation in the future. Therefore, the company’s employees in the department experiencing ethical issues should respond accordingly and assure their customers about better and secure programs will be provided, better cybersecurity systems will be installed, and privacy will be guaranteed. However, the agents’ behavior and attitude are very influential in addressing moral or ethical concerns.

My Choice

Consequently, the deontology approach can effectively solve the dilemma of accidental exposure to the client’s data and information. There are several deontological concepts that can be used to solve the dilemma and make more informed decisions for the First American Corporation. One of them is “duty for duty’s sake,””virtue is its reward,” and “let justice be done though the heavens fall.” This implies that there are rules and standards expected for individuals and organizations to follow. First American Corporation has rules and set policies on managing and ensuring that ethics and good morals are practiced within the institutions. Elements of missed data, leaking information about the customers and exposing the company’s private details indicate that rules on entering data, access, and sharing of information need to be controlled.

Another perspective to look at the deontological approach in solving an organizational problem is that actions are good or bad according to the set of rules and guidelines. There is bad ethics with no code of duty and rules, and with a code of duty, rules, regulations, and guidelines, there are good or bad morals or actions. The rules act as an indicator or a check of conformity. Whereas people in the organizations follow the rules objectively, they will deliver good results.

In this regard, First American Corporation should have a mechanism to define issues relating to ethics and handling all its dilemmas. For example, the U.S Security Exchange Commission (S.E.C.) indulged in investigations to determine the breach of the land’s criminal laws or civil laws. The state’s body already has organs to determine the changing dynamics in the data and information management. Brook (2020) also addresses the criminal part of the cybersecurity caused by a data breach. The ethical case suggests that the company should adopt the deontological approach and develop strong terms to control its operations.

However, the mixed approach would also work efficiently to ensure that utilitarianism elements such as pleasure, joy, happiness, desire, and satisfaction are included in the deontological systems. Mixed theories can also be used interchangeably or a few at a time. The mixed approach tries to accommodate the dynamism of the organizational environment. For instance. The First American Corporation has a problem with securing its data systems. In as much as rules to control access and clients’ data privacy strategies are employed, the organization will also need to examine the customer’s satisfaction levels. Also, the virtue-based approach can be added in solving the problem alongside deontology theory. Virtue based approach is concerned with the character and attitude of the ethical agents. Rules and regulations suggested by deontological theories determine the behavior and attitudes composed in virtue theory. Thus, in the application, most of the ethical theories are closely linked, and they can be used interchangeably or in correspondence to solve the errors and mistakes of accidental data and information breach in the First American Corporation. For this case, utilitarianism, deontology, and virtue based ethics can explicate the case study of organizational ethics and dilemma.

The Law and the Code of Ethics

            In the current situation, the corporation has found itself in a civil law suit. The laws broken fall under the las of torts. The corporation can be sued for the invasion of privacy, the disclosure of information even though it was public led to people being exposed to threats and the privacy of their data was exposed. Whichever judgement is passed on the company, it will result into the company being in a position to defend itself as per the definition of privacy, it has already broken the law. The enforcement act which requires that existing laws to be followed and additional measures to be put in place to help ensure that data that is handled pertaining the clients is upheld and ensured was also not followed as per the requirements.

A code of ethics demands that there are different principles that should be selected and used in helping to ensure that employees work towards a common goal and objective. The general code of ethics which includes integrity, confidentiality, professionalism competence and behavior as well as objectivity were not observed. The corporation broke these principles and ethics which will lead to people questioning the ethical standards of the firm. The corporation should conduct its operation and handle clients in a manner that recognizes the right to privacy of clients. Only the personnel who are recognized by law should be allowed to handle such information and engage in exercises meant in maintenance of the information. The corporation should adopt policies that ensure that in the event that information is threatened or compromised what is to be done should be known.

In this case, the corporation is the only party with the information on which activity happened first when the threat was recorded, when it was compromised or when the exposure occurred or whether the information was being used for the right reasons under the law or not. There are various decisions and issues to be determined by the legal officers in charge.

Potential Solutions and Impacts

In the recent years, electronic waste has significantly grown.  People often dispose off electronic devices when they feel they are out of use. In some cases, people need an upgrade of their current versions. Poorly disposed electronic waste leaches in the environment and in the soil to produce toxic fumes which are harmful to humans, animals and the environment. Those who are professionally involved have a role in controlling the amount of electronic waste (Wilson, 2011).

Some of the efforts being made by those in the profession so as to solve the electronic waste dilemma include reevaluating the importance of an extra gadget. If a gadget is not needed that much, there is no need to purchase it. People should be encouraged to properly maintain electronic devices for them to last longer. The users may also recycle these item, and for instance, most corporations should repair their devices instead of replacing them with new ones. According to Gemperline (2019), companies should have proper set of rules on the disposal of electronic waste. The Federal government should put in place policies that will ensure companies dispose off electronic wastes properly.

There are various solution on the electronic waste dilemma. One solution is the recycling of the products by the individual companies that built them. However, the company wastes a lot of time, and capital which results in losses to the companies. The corporation should come up with proper data systems that ensure that there are different mechanisms that will ensure that the data for the different people will be handled properly. Devices which have be used to secure or handle the data should be properly disposed and they should limit the number of devices that can access such information. This will help ensure that control mechanisms for the data handled is perfect and will help protect the consumer’s data.

Secondly, the corporation should take it upon itself to come up with measures that will ensure that employees in the organization practice and observe the ethical code of conduct. This can be emphasized during that hiring process and that every employee should observe due diligence. In the event where concerns are raised, the relevant people authorized should be notified and action needed should be overseen. The impact of this will be that the likeliness of these errors leading to exposure occurring will be reduced.

 

Decision

There are different factors that need to be considered in the coming up with the decision concerning the events that occurred that led to the public disclosure of information. Even though there it is said that it was as a result of an error, investigations that are being conducted should be able to establish that these claimed allegations are true and beyond reasonable doubt. First it may be either accidental as the corporation claims or it may also be intentional. In some cases, some corporations may do so when they want to justify a certain course of action or when they want to cover up a given event. It is up to the relevant authorities to investigate these claims.

The second thing to be considered, is whether or not the claims that Brian makes concerning the corporation are true. It should be investigated whether it is true that anyone could be able to access the records and if this is true, they should also find out who was responsible for ensuring that privacy of the client data was upheld. It is important that people determine whether the leakage was planned or whether it was an error which nothing much could have been done to help prevent the damage that occurred. It is best for these issues are addressed so that whatever decision is made, it would ensure that justice is granted to the parties involved.

The different theories which provide a theoretical basis upon which the decision to be made need to be used. The utilitarian theory, the deontology theory and virtue based theory need to be used as guiding steps that will show which decision best suits the situation. Some concepts from each theory may be borrowed to help ensure that different aspects are covered in the decisions that would be made. These theories have great importance as they help in shaping the decisions that best suit the different situations people face when it comes to ethical dilemma.

On the issue of the application of the ethical code, it is certain that the corporation and the employees both failed to observe ethical principles such as confidentiality and professional. On the professional side the firm ought to have taken the issue of privacy of customer information carefully and put in place measures that would ensure that data privacy is handle and different data experts should have been consulted since the data handled was sensitive and involved records of very many people. Confidentiality has also been broken since it is the main issue that is being questioned.  On the legal part, the fact that there was an exposure shows that the company violated tort laws. It also failed to comply with Enforcement Act (CALEA) demands where they have been exposed that no such measures were put in place. This shows that the corporation ought to be found guilty. The decision to be reached should be both ethical and legal most of which will depend on the findings of the investigations being conducted.

Conclusion

Ethical dilemmas have become common issues that occurs from time to time and that the different organizations should come up with ways that will ensure that the employees and general staff comply with the ethical and legal issues that affect them whenever they are faced with such decisions. An organization that deals with private data of different people should be encouraged to follow the relevant rules and regulations which will help them avoid legal or ethical problems.

 

 

References

Brook, C. (2020, September 25). SEC Looking into First American Breach. Retrieved from: https://digitalguardian.com/blog/sec-looking-first-american-breach#:~:text=May’s%20massive%20breach%20at%20First,exposed%20885%20million%20records.&text=The%20data%20leak%20stemmed%20from,public%20personal%20information%2C%20without%20authentication

Forziati, A. (2019, June 20). The 5 biggest data breaches in 2019 so far (And how they could have been prevented). Retrieved from https://mytechdecisions.com/network-security/biggest-data-breaches-hacks-2019/

First American financial Corp. Leaked hundreds of millions of title insurance records — Krebs on security. (n.d.). Retrieved from https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

Ikeda, S. (2020, April 13). Security oversight at first American causes data leak of 900 million records. Retrieved from https://www.cpomagazine.com/cyber-security/security-oversight-at-first-american-causes-data-leak-of-900-million-records/

Gemperline, M. C. (2019). Responding to the Smallest Consequential Quantity of Soil Contamination. Journal of Hazardous, Toxic, and Radioactive Waste23(2), 04019002.

Herschel, R., & Miori, V. M. (2017). Ethics & big data. Technology in Society49, 31-36.

Krebs, B. (2019). First American Financial Corp. Leaked hundreds of millions of title insurance records — Krebs on security. Retrieved from https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

Schefczyk, M. (n.d.). John Stuart Mill: Ethics. Internet Encyclopedia of Philosophyhttps://www.iep.utm.edu/mill-eth/

Shah, V. (2020, February 17). 885 million mortgage documents exposed due to security gap. Retrieved from https://learnbonds.com/news/885-million-mortgage-documents-exposed-due-to-security-gap/

Wilson, C. B. (2011). The value of reflexivity in resolving ethical dilemmas research in care homes. Journal of Advanced Nursing67(9), 2068–2077