Managing and Using Information Systems:

A Strategic Approach – Sixth Edition

Keri Pearlson, Carol Saunders,

and Dennis Galletta

© Copyright 2016
John Wiley & Sons, Inc.
 Chapter 13
Privacy and Ethical
Considerations in Managing
Information
 Three Breaches: TJX, Target,
Home Depot
• TJX Co: largest security breach of its computer system
in the history of retailing: 90 million customer records
were stolen
• Target: 40 million; Home Depot: 56 million
• All had to decide between notifying their customers
immediately, or waiting the 45 days allowed by the
jurisdictions.

© 2016 John Wiley & Sons, Inc. 3

 Outcomes
• Target:
• Stock fell 9% a few days after disclosure
• Profits fell 46% in the following quarter
• TJX:
• Stock fell 8%

© 2016 John Wiley & Sons, Inc. 4

Cybersecurity Bill, 18 Dec,
2014
• Supports R&D to develop best practices
• Supports education in the area
• Prepares the workforce
• Federal agencies need a cybersecurity plan:
• Guarantee individual privacy, verify software and
hardware, address insider threats
• Determine the origin of messages
• Protect cloud information and data transmission

© 2016 John Wiley & Sons, Inc. 5

 Normative Theories of
Business Ethics
• Managers must assess initiatives from an ethical
point of view
• Most managers are not trained in ethics, philosophy,
and moral reasoning
• Difficult to determine or discuss social norms
• Three theories of business ethics are useful for
assessing an initiative

© 2016 John Wiley & Sons, Inc. 6

 Figure 12.1 Three normative theories of business ethics.

Theory Definition Metrics

Stockhold Maximize stockholder
er wealth in legal and
non-fraudulent
manners.
Stakehold Maximize benefits to
er all stakeholders while
weighing costs to
competing interests.
Social Create value for
contract society in a manner
that is just and
nondiscriminatory.
© 2016 John Wiley & Sons, against
Will this action maximize
stockholder value? Can goals
be accomplished without
compromising company
standards and without breaking
laws?
Does the proposed action
maximize collective benefits to
the company? Does this action
treat one of the corporate
stakeholders unfairly?
Does this action create a “net”
benefit for society? Does the
proposed action discriminate
Inc. any group in particular,
7
and is its implementation
 Stockholder Theory
• Stockholders advance capital to corporate managers
who act as agents in advancing their ends.
• Managers are bound to the interests of the
shareholders (maximize shareholder value).
• Manager’s duties:
• Bound to employ legal, non-fraudulent means.
• Must take long view of shareholder interest.

© 2016 John Wiley & Sons, Inc. 8

 Stakeholder Theory
• Stakeholders are:
• Any group that vitally affects corporate survival and
success.
• Any group whose interests the corporation vitally
affects.
• Management must balance the rights of all
stakeholders without impinging upon the rights of
any one particular stakeholder

© 2016 John Wiley & Sons, Inc. 9

 Social Contract Theory
• Corporations are expected to create more value to
society that it consumes.
• Social contract:
• 1. Social welfare – corporations must produce greater
benefits than their associated costs.
• 2. Justice – corporations must pursue profits legally,
without fraud or deception, and avoid actions that
harm society.

© 2016 John Wiley & Sons, Inc. 10

 The Three Normative
Theories
• How do they apply to TJX, Target, Home Depot?
• What are the advantages of notifying customers
early?
• What are the advantages of waiting as long as
legally permitted?
• What are the advantages of finding a way to avoid
notifying customers?

© 2016 John Wiley & Sons, Inc. 11

 Big Data
• Can guess income from zip code
• Therefore, can identify targets from zip codes
• Should you pass up the opportunity to alert
potential customers of your products?
• If not, your competitors will get there first!

© 2016 John Wiley & Sons, Inc. 12

 Interesting Outcomes
• Pregnant daughter – Target knew and accidentally
alerted her dad. How?
• Buying habits were shared by other pregnant
women:
• Unscented soap
• Cotton balls
• Vitamins
• How did Target reveal this to the dad?
• Target sent her some ads for diapers and
maternity clothes

© 2016 John Wiley & Sons, Inc. 13

 New Study in Science
• Take a file from a credit card agency, with
disguised credit card numbers: 1.1 million records
• 90% of the identities can be found by connecting
three things
• Information easily found on Instagram, Facebook,
FourSquare

© 2016 John Wiley & Sons, Inc. 14

 Ethical Tensions with
Governments
• UAE tried to require RIM to disclose confidential
information for national security
• Sony Pictures had a project ruined by North Korean
threats
• Google’s features are restricted in China

© 2016 John Wiley & Sons, Inc. 15

 Mason’s areas of
managerial concern “PAPA”
Area Critical Questions

Privacy What information must a person reveal about one’s self to

others?
What information should others be able to access about you –
with or without your permission? What safeguards exist for
your protection?
Accuracy Who is responsible for the reliability and accuracy of
information? Who will be accountable for errors?
Property Who owns information? Who owns the channels of
distribution, and how should they be regulated?
Accessibility What information does a person or an organization have a
right to obtain, under what conditions, and with what
safeguards?

© 2016 John Wiley & Sons, Inc. 16

 Privacy
• The right to be left alone
• Possessing and using the “best” information helps
an organization win
• High priority: Keeping it safe and secure
• Regulations cover the authorized collection,
disclosure and use of personal information
• But is it clear enough?

© 2016 John Wiley & Sons, Inc. 17

 Privacy Paradox
• Convenience vs privacy
• Make it harder for criminals to steal information, it
will be less convenient for genuine users
• 15,000 customers in 15 countries:
• Overall, 51% said they wouldn’t trade off privacy for
convenience; 27% said they would.
• India: 40% wouldn’t; 48% would
• Germany: 70% wouldn’t; 12% would

© 2016 John Wiley & Sons, Inc. 18

 What about Actual
Behavior?
• Teens repeatedly demonstrate a lack of concern about
privacy
• Often they regret their decisions
• 70% of recruiters have rejected candidates for postings
they found online
• But only 20% strengthened their privacy settings when
Facebook began allowing it
• Privacy is valued more in Europe than in the US

© 2016 John Wiley & Sons, Inc. 19

 Software or Site Terms of
Service
• Ignored widely, often due to length and legal
language
• Pen Pal’s Terms of Service are longer than Hamlet
• Fewer than 2% read the terms
• A UK site included selling a person’s immortal soul
and thousands accepted it.

© 2016 John Wiley & Sons, Inc. 20

 Cookies
• Can access only the cookie it created!
• So what’s the concern?
• Easy. Have a third party place content on your
page
• Widespread practice: DoubleClick has content on
thousands of sites
• But back to convenience: Without cookies, you
could not have a “shopping cart”

© 2016 John Wiley & Sons, Inc. 21

 Accuracy
• Controls are needed to ensure accuracy
• Data entry errors must be controlled and managed
carefully
• Data must also be kept up to date
• Removing data after needed or when legally
mandated is not easy

© 2016 John Wiley & Sons, Inc. 22

 Bank of America Example
• What did Bank of America do to the couple near
Christmas?
• Just from checking out refinancing rates,
appearance of risk rose
• B of A admitted error but neglected to report this
to credit agencies

© 2016 John Wiley & Sons, Inc. 23

 Property

• Mass quantities of data are stored

• Who owns the data?
• Who has rights to it?
• Who owns the images that are posted in cyberspace?
Photographer? Subject? Facebook?
• Proper ownership implies legal rights but duties too

© 2016 John Wiley & Sons, Inc. 24

 Accessibility
• Access to systems and their data is paramount
• Users must be able to access this data from any
location (if legal and it can be properly secured)
• Major issue – how to create and maintain access to
information for society at large
• This access needs to be limited to those who have a
right to see and use it (to limit identity theft).
• Also, adequate security measures must be in place on
their business partners’ end.

© 2016 John Wiley & Sons, Inc. 25

 What Should a Manager
Do?
• Create a culture of responsibility
• Post policies
• Implement governance processes for information
control
• Avoid decoupling responsibility
• i.e., make Managers responsible for their decisions
that lead to privacy problems

© 2016 John Wiley & Sons, Inc. 26

 Green Computing
• The digital economy uses 10% of the world’s
energy
• In 2007, the 5 largest search companies used 2.4
gigawatts.
• Hoover Dam only generates 2.0
• Since then it has reduced thanks to “green”
efforts in data centers
• Virtualization
• Relocation for more natural cooling
• e.g., Google in Finland

© 2016 John Wiley & Sons, Inc. 27

 Triple Bottom Line Impact
• TBL (3BL)
• People: Being socially responsible
• Planet: Saving the environment
• Profit: Saving money

© 2016 John Wiley & Sons, Inc. 28

Managing and Using Information Systems:
A Strategic Approach – Sixth Edition

Keri Pearlson, Carol Saunders,

and Dennis Galletta

© Copyright 2016
John Wiley & Sons, Inc.