Question

Discuss how failure to implement the OECD privacy principles when collecting data could cause a business to act unethically. Include specific examples to justify your ideas.

Answer 1

OECD Privacy Principles:-

Introduction of computer in various areas of economic and society activity leads to boom in e-commerce and electronic data interchange. During this time period ,  there was a growing public perception that the greater need for information, and the introduction of computerized systems, would result in a reduction in the power of individuals to control the personal information collected and stored about them. Computers were seen as a technology for processing large amounts of data quickly and accurately and as a technology which concentrated enormous power in the hands of computer specialists and data processing managers.

The member countries of OECD discussed the matter related to privacy and security of information from unauthorised access and misuse.Guildelines are  related to the protection of privacy to promote the free flow of information across their borders and to prevent legal issues related to the protection of privacy from creating obstacles to the development of their economic and social relations. In 1970, OECD adopted the guildlines priciples.

The core OECD Principles are as follow along with the matter that how the failure to implement the OECD privacy principle when collecting data caused a business to act unethically:-

1. Collection Limitation Principle:- There should be limit to the collection of personal data and any such data should be obtained by the lawful and fair means and where appropriate with the knowledge or consent of the data originator.

2. Data Quality Principle:- Data should be relevant and comprises of all necessary characteristics such as accuracy, realiablity, timely, worth the user's need.

3. Purpose specific principle:- the purpose for which the data is to be collected must be clearly identified.

4. use limitation principle:- Data should not be disclosed, made available or otherwise used for purposes other than those specified.

5. Security Safeguard Principle:- Data must be proctected by reasonable security measures against the threat of misuse, unauthorised access, destruction.

6. Accountability principle:- It is the ultimzte resonsibility of the data controller for compliying with all the measures which give effect to all the above mentioned principles.

The failure to implement the above stated principle can cause harm to the business and cause a business to act unethically.

Privacy and security of the data is upmost responsibility of the business and business should use all necessary safeguard measure to maintain the characterstics of the data.

With the increasing use of computer-based systems in the enterprise, the complexity of systems and risk of errors, sabotage and fraud have increased manifold. In a network setup, a transaction is initiated in a physically different location, posted in the books elsewhere and the management information aggregated from the data viewed somewhere else. Because of the number of agencies involved and the increased risk exposure of mechanized systems, it is no longer sufficient to go by auditing of the book-based accounts. One has to see the vulnerability of the IT setup to external “crackers” and “hackers”. There is an example of a company which co hosted its server in the Data Center of a Service Provider. The necessary security precautions were not taken, as a result of which a cracker could get into the Mailing system and use the server to send unsolicited spam mail to tens of thousands of addressees all over the world. The identity of the server figured in the entire watchdog lists of the Internet. The result was, several sites blocked the server. Isolated from the rest of the world, the company was forced to request the service provider to give a new set of IP addresses. It had to hire experts on an emergent basis to reinstall the server after plugging the security loopholes. In the process it had to suffer a week of isolation from the outside world. After the reinstallation, another 72 hours for all sites to remove the name of the site from their blacklist.

The information so generated should be relevant to the context for which it is collated. Too much irrelevant information may confuse the intended user so it is necessary o generate only relevant information. No information should be generated only because it can be generated by Information System. A good way of ensuring relevance is to closely define the objectives of any information reports. Another way to improve relevance is to produce information that focuses on “exceptions” - e.g. problems, high or low values, where limits have been exceeded.

We can colcluse by saying that failure to implement OECD Principles while collecting data cause the harm to business such as loss, damage of data, privacy leakage, heavy cost and penalties.