ITGS Syllabus

Thursday, April 06, 2006

Topic 50

Responsibility for the security of data stored in databases from different perspectives, for example, the developer, the user and the management of an organization by Akira

First of all, privacy is a big issue in the area of data security. These days, especially in Japan, I often see news reports about employees of companies accidentally revealing private information about their customers on the Internet. This is one example where responsibility for securing stored data was not met, and the privacy of the customers was violated. Another issue concerning this topic is trust. If the data is not secure and the information is taken or seen, the person or company responsible for the data would lose trust and customers would probably remove their data. Also, if the data is some kind of government secret and the security is easily breached, this would be an issue of national security. This is because if some type of terrorist group obtains data showing the schedule of the president or other high official they might plan an assassination.

Separating a computer from the Internet or any type of connection may solve the problem, but still there is a possibility that someone could sneak into your house and steal the computer. So the best way would be is to carry important data yourself on some type of memory card. Another way is to memorize all the significant data instead of storing it in a database, but this would be pretty hard to do. Also you can try to camouflage your data so no one would take an interest in it. People can also use encryption so the information cannot be deciphered easily.

The impact locally if the data is stolen from the database is great. First of all, if it is a company’s customer list, a lot of people’s private data would be seen without their permission, and this is a huge violation of privacy. Another example of impact locally is data taken from a company database. If the data were a company secret the company might lose profits if it contains useful idea for a new product and falls into a competitor’s hands. Also there would be many lawsuits against the database organizer because he did not secure the data well enough. The impact globally would be huge as well. This is because if one country breaks into another country’s database this is violating national security and would cause a huge conflict between the two countries, particularly if the information were related to defense capabilities. And depending on the data it might even cause a war.

The ethical issues concerning responsibility of securing databases are numerous. For example, if the organizer sells the data from the database it would be extremely unethical. This would not only be a problem of responsibility but would be a violation of the promise of security you give to the user using the database.

An alternative decision can be to store data yourself. In case of a company, the data can be stored by each employee that is responsible for the data instead of storing everything in one database. So the employees can take their work back home in a memory stick. If they do this, there would be no data that can be stolen from the database because each individual would have a part of the data.

The consequences of these decisions include the possibility that an employee might be paid to reveal their part of the company data. There is always the chance that the employee might turn against the company, but this would be more unlikely if the data that is taken shows who was responsible for maintaining it.


Post a Comment

<< Home