Data privacy is an issue that has raised concern in the technological world. The advancement in technology has resulted in the extensive use of technology in undertaking various processes. Information is an essential asset in the performance of every organization. It is critical to safeguard information and data from those individuals with malicious intention of using the data and information. All individuals and organizations hold the information they have dearly, and thus, there is a need to protect it accordingly. Information should be guarded against exposure to the unintended parties. This study analyzes the issue of information security in regard to the various measures put to safeguard this information.
Governments and states have undertaken several measures with the objective of safeguarding the information they hold. Individuals provide their personal information to the government and organizations with the trust that the information will be held private. The individual’s hope is that the provided information serves the intended purposes. The United States is considered the leading country in the information technology development. The state has enacted laws and policies that help in safeguarding the security of information provided by individuals. It is a critical step that has to be taken by the leading country in order to direct others in adopting measures to curb security threat. Other states, like India, have also developed measures and policies in the effort of safeguarding the information provided.
Businesses highly indulge the use of information technology in undertaking their activities. Customers provide personal information to the business to enhance their operations. The process of safeguarding information is critical in ensuring the details given by the customers are used for the intended purposes. Individuals with malicious intentions may access the personal details and use them to propagate crime. There has been increasing cases of identity theft; thus, there is a need to hold information with care. Businesses also interact with other businesses through the process of outsourcing. They end up sharing sensitive information. If this information leaks to the competitors, the concerned business may suffer harm in terms of its operations.
The Health sector department makes use of technology in storing data. Patients give information to the health providers that allow for effective service delivery. Certain laws have been developed to guide the use of personal data provided by the patients. The information provided by patients is supposed to be maintained in confidential and should be released with the consent of the patient. It is according to the ethics of the profession. However, the developed laws indicate the circumstances by which information may be released to the public domain. The use of information released should be used for the interest of the public, and the controllers are held liable for the information.
This study recommends several steps that should be taken to improve the security measures in safeguarding information. The study provides measures to improve the effectiveness of the strategies provided in securing the information. Organizations should consistently improve their security measures according to the advancement in technology.
My gratitude is to the Almighty for enabling me to undertake this core assignment and achieve the objective of completing my dissertation. The determination that has been portrayed in this study, and consequently, the success of my efforts is attributed to God. I sincerely acknowledge the assistance granted to me by my colleagues in the research and development of this dissertation. This is in regard to their tireless effort and sincere contribution towards my study. I appreciate every person whose assistance to this study has been paramount. The guidance and support given to me by my lecturer have been highly valuable in the accomplishment of this work. The lecturer has consistently assisted me in the learning process, and I sincerely value the assistance given to me. I also express my gratitude for the support that my family members have given me.
Most organizations lack a well-established architectural security. This leaves the network of these organizations exposed to the vulnerability of exploitation. The lack of developed security architecture within these organizations puts the Personally Identifiable Information at risk. Also, the lack of experts in the field of information technology within various organizations puts the data management system at risk. Networks in these organizations are often connected directly to the internet or are left open to default configuration without any additional protection. Network safety cannot be identifiable by solely using a firewall. More other measures should be put in place to ensure the security of information and data are safeguarded. This is in line with the proposals provided. There is an increased vulnerability of data where security concerns are not taken into considerations in the implementation of the operations of an organization. Software and hardware used for the purpose of data storage is susceptible to the risk of hacking and viruses (Solove 2011). It is a security concern that has seen that most organizations have lost critical and vital information, due to lack of security measures put in place. Most organizations have experienced the loss of data with the information stored in their software being attacked by viruses. The risk of losing the Personally Identifiable Information is prevalent among individuals who store information in the portable storage devices, such as personal computers and flash disks. The portable storage devices can easily get lost or stolen. This means that the Personally Identifiable Information contained in these devices can be retrieved by an unintended personality. It is, thus, necessary to take critical measures and develop viable means of protecting information contained in the portable storage devices.
The rate of prevalence of cyber threats in the EU is becoming unpredictable and sophisticated. These risks associated to the use of the internet are exposing data and personal information to the substantial risk. With the increased rate of the internet use, most people ranging from students to researchers result in the use of cyber in their effort to retrieve the information required. They end up downloading information from the internet some of which are not secured and may be carrying security threats. Researchers who do not use the necessary information protection mechanism carry the biggest share of the threats associated to Cyber use (Salomon 2003).
Departments dealing with financial accounting and the preparation of financial statements have also had a fair share of the risks associated with security threats. The information and data stored in portable devices may find access to the unintended parties. This may lead to distortion of information and data. The reflection of financial statements in such cases may not portray the true value of the organization. This may lead to the shareholders losing trust in the accountability and transparency of the accounting body of the organization. Investors may also lose trust in the operations of such organizations and may withdraw their investments from them. This may lead to dismal performance and, consequently, collapse of the organization (Axelrod, Bayuk & Schutzer 2009).
Several laws have been developed with the objective of ensuring information security. The development of federal laws on privacy in the United States, for instance, is a clear indicator of the essentiality of information and data (United States 1994). The right to access information should also be guided by the application of the aspect of the privacy laws. The development of information technology has increased prevalence of the security threats, thus necessitating critical measures to be taken. This will assist in curbing the security threat and in the protection of Personally Identifiable Information.
This study provides a guideline regarding the Data Protection Act and the contents thereof. It is based on the EU reforms proposed on guiding the data security. It is fundamental in finding out whether there exists fairness in the establishment of these laws considering the rights of all parties. In this sense, a guide to compliance with the contents of the Act is analyzed. The content of every individual or organizational detail should be kept in a secure and safe place to allow access only on the intended parties. A lot of issues have emerged regarding the disclosure of information to the public domain that is supposed to be held in private. Organizations have often found themselves in a fix when information they hold private is exposed to the public. This has often had serious implications on the performance of the organization (Raggad 2010). It has been critical, especially in situations where the information is accessed by the competitors of the given firm. Hacking of information has also been identified as a major threat in the achievement of effective communication and performance. The hackers of information always distort the information and totally alter it to meet their needs. The hacking of information and data has significant implication on the performance of organizations. In some instances, the financial statements of organizations are inflated to give a contrary view to the correct information that is supposed to be relayed. This may be done with the intention of implicating the management with the attempt of defrauding the organization (Laudon &Laudon 2003).
Data dissemination is very vital in the world, and hence, its security should be provided. The security of data needs to be improved in the storage systems. Currently, information is being stored in electronic devices. Different forms of organizations store their data in electronic forms. All the details of employees and clients of various organizations are kept in an electronic data system. This improves the efficiency of operations since data required can be retrieved within a short period of time. The storage of these data in computers is more efficient than the paper based storage system. The computer system is less robust as compared to the paper storage system. The handling of computer storage is sensitive and need to be handled with care. The computer system is more sensitive and has high exposure of risk. The data stored in computers can be destroyed by various external factors, such as virus. Data stored in computer systems should be handled with a lot of care in environments that are highly and carefully controlled. The use of computers reduces the bulkiness associated with the paper based storage system. Organizations should ensure proper measures are employed to safeguard data privacy (Salomon 2003).
Recently, the European commission has introduced a proposal that gives a comprehensive transformation of the EU 1995 rules on protection of data consumers, it provides privacy digitally. This proposal requires that in cases of any breaches, the organizations involved report about the matter to the relevant authority within 24 hours. The dissertation looks at the aspect of information in the digital age. Dissemination of information has been simplified by the existence of technology. The systems of communication and information play a critical role in enhancing the effectiveness of operations, as well as the efficiency in the daily life. The various aspects of information technology are used in facilitating the undertakings in various fields. The advancement in Management Information System (MIS) is a haven for operations in different institutions like schools. In increasing the management autonomy, the use of MIS is critical for the administration. MIS has also varied uses in clerical activities alongside the strategic uses. In the school context, the use of information technology is profound and its finding is used even in the classroom settings. The wide application of MIS in administrative purposes has been dominant. It is a reflection of information technology developments and its effectiveness in enhancing operations by administrators. There has been concomitant awareness of the information technology application, particularly in the software design. Even the localized institutions have driven their operations to be technology intensive (Vacca 2009). The increased use of information technology requires an improved mechanism to safeguard sharing of information.
The changes that have been proposed aim at providing consumers with great control over their information and data stored. The application of computers enhances communication and transfer of data networks. For instance, the Local Area Network is applied on a single site within an institution. Several pieces of equipment are interconnected by the use of the local area network. This interconnection facilitates the intercommunication between various parties within the organization. The efficiency of data sharing and transfer of information from one source to the other is necessitated by the use of the local area network. The computers are interconnected with each other by means of cables and the enhancement of computer control units. Sharing of information occurs through these networks. There should be a clear guideline regarding which data should be transmitted through these networks and who should access the information shared. This calls for proper security mechanism (Vacca 2009).
Information plays a critical role in the effective performance of duties. The transfer of data from the source to the recipient allows effective communication to take place. The information serves the intended purpose if the recipient receives the information sent without any distortion in a timely and efficient manner (Markota & Raic 1997). To ensure the achievement of this objective, it is necessary to have in place strategies and policies that safeguard this information. If the information is supposed to rich only the intended personality, the laws of privacy need to be enhanced. This amounts to data protection, and thus, the security of information is disbursed. The Data Protection Act of 1998 has an established framework that guarantees the existence of rights and duties designed with the objective of safeguarding personal information (Regan 2003). The various frameworks set to safeguard information should take into consideration the legitimate measures and the needs of different organizations in the use of personal information. The rights of individuals in guarding and protecting their private information should be used as the framework for designing the privacy rules and policies. The handling of personal data should always be guided by a set of principles developed in the privacy laws.
Protection of archived data is a necessary aspect in ensuring the protection of privacy. It ensures safety of previously archived data like email copies in the email provider. The attacks to these data may be legal, malicious, or accidental. Whichever the attack is, the threat posed to the data is significant and requires specific attention in the protection policy. A system of self-destructing data is essential in curbing the exposure of archived messages by the email service providers to the third party. Most of messages become useless to both the recipient and the sender after a given time. Destructing these messages would avoid the risk of exposure to the third parties. A system of self-destruction of the archived messages should be developed to ensure the automatic destruction of archived messages after lapsing of a given time. Thus, EU has promised to offer in the near future. Email providers should be wary of the archived messages since they pose a threat of exposure. This principle can be used in trash bins found in the desktops. This will ensure the documents and information stored in the trash is destroyed after a given time. This will prevent the exposure of such unwanted information to the unwanted parties. This system is more efficient in safeguarding data as compared to encryption. Forensic examiners cannot access the destroyed data, but they can get access to encryption passwords (Raggad 2010).
There exists a loophole within an organization when coordination of the various resources is not established. Technology, people, and processes within an organization need to work in coordination in ensuring proper performance of an organization. The use of technology in today organization has become intensive. The organizations need to develop a mechanism that will ensure there is a proper coordination of the various resources within the organization in line with the advancement in technology. The loophole created due to lack of coordination among the various resources within an organization leave a blind spot which the attackers exploit. The training on the use of technologies is vital for the staff as it ensures proper measures are put in place to curb the risk associated with advancement in technology. The presence of experts in the field of communication and technology is a positive step by the organization in fighting security threats to information and ensuring privacy of data.
The era of improved technologies has resulted in the use of various technological services in the performance of various operations ranging from formal to social. The era of cloud adoption, mobile computing, social technologies, and information technology applicability has increased the efficiency of operations in the given organizations. Staffs within various organizations prefer to use the advanced technology in executing their duties. Most employees will prefer to work at the comfort of their home rather that travelling to their formal offices. The presence of computers and internet enables the sharing of information by the various employees within an organization. The management relays information to their employees by use of technological services such as emails. The varied information is relayed to different recipients, and thus, management should be wary of the information sent in regard to the privacy. Data sent through emails and the social sites may be accessible to other personalities if it is not encrypted. In this regard, the secrets of a company may be exposed to personalities that are not intentioned to receive information. This may deter the effective operations and the execution of strategies and policies outlined by the management. Private information should be protected from the risk of exposure to parties that are not intended to be the recipients of the information relayed.
Governments keep details regarding personal information of the legal states. It is a practice performed by many states all over the world. In the USA, the federal agency is mandated in keeping records of all the citizens who are legally in the country. The development of the Privacy Act in the United States helps in safeguarding the personal information of the various individuals against the risk of exposure to the public domain (Solove 2011). This information is, however, released on request by members of the public. The use of such information should be identified before it is released to the public. It should be determined whether the use of the information is in the interest of the public before its release can be authorized. The personal information kept by the federal agency assists the government in undertaking its operations. The personal information assists in the service delivery, and equitability is ensured in the allocation of resources by the government. Accessibility of such information may be used for ill-intentioned services if it is exposed to the public without establishing the real need of such information.
In the context of organizations and institutions safeguarding of information, it is necessary to avoid distortion of the values promoted by the institution. Conveyance of information in the learning institutions is achieved through the application of technology. The learning process in the world of advanced technology has shifted to the use of technology. Nowadays, online learning becomes prevalent in most institutions of higher learning, especially in the developed economies. The automation of services in the banking sector has left a lot to be admired in the application of technology. Individuals do not require traveling to physical institutions and organizations to make enquiries or access certain information. The field of the health sector has also received radical changes in the performance of their operations. The introduction of the epic system in the field of health sector facilitates delivery of services in an efficient and effective manner. All these services involve the storage, processing and releasing of information to the various parties. The information stored or delivered should be accessible only to the intended parties. Effective communication occurs when information relayed reaches the intended party without any distortion and in a timely manner. In this sense, the information contained in the use of any technologies should be protected from exposure to the unintended parties. Policies and measures should be developed to ensure security measures regarding data storage and dissemination are observed.
This study gives an analysis of security in regard to the privacy laws and the protection of information that is personally identifiable. The advancement in technology is a threat to the privacy of information, despite the improved operation efficiency associated with its application. Security is a prime concern in any field of operations. It is, thus, necessary to develop strategies and policies that guide data privacy and protection of personal information. The application of technology in the performance of various roles will also be analyzed in relation to the various threats they pose (Moore, Pym & Loannidis 2010).
The legal and technical landscape in the current society presents challenges that are formidable in relation to the privacy of personal data. There is increased reliance on the services from the web poses the personal data to the risk of being cached. This information can be copied and consequently archived by third parties without the knowledge and control of respective individuals. Carelessness is another factor attributable in enhancing the disclosure of information to the third parties. The disclosure may also be attributed to legal actions and vices, such as theft. It is necessary to protect the private data from exposure to the unintended personalities.
The existence of weak security in information and technology raises a lot of concern on the risks associated with the data. This is despite the improvement in the field of information technology. There is increased virus vulnerability, compromising of network systems and malware. All these pose a considerable threat to the existence of data and information that is free from the security threat. Practices regarding information security should be developed and implemented to ensure the security of personal information. Integrity and confidentiality are compromised by the lack of adequate security on information technology. The threat of data is evolving with the advancement in technology. This requires the education community to indulge diligence in anticipating and understanding the risk. There exist a lot of threats that are critical to information systems and education data. Threats may be technical and nontechnical. The existence of these threats has a significant impact on the operations of an organization.
Purpose of the Study
There are various risks associated with the disclosure of personal information to the public domain. Personally Identifiable Information is critical and should be released to the public with the consent of the owner. In certain exceptions, the information should be released to the public upon request by a given entity. The use of the information should be identified before such information is released. The purpose of the information should be in the interest of the public. The sensitiveness of any information and data should be identified and observed for the better and effective correlation in the dissemination of information. There is an increased intensive use of technology in the various fields of operations within organizations and institutions. Effective communication is vital for effective performance of the company. Since most organizations and institutions use technology in the disbursement of information, care should be taken in the process. The information disbursed should reach the intended party in a timely manner and without distortion. The means through which such information is relayed should be safeguarded to avoid exposure of the information to unintended parties.
The storage of information and data in the current world is achieved through the electronic means. The electronic devices, such as flash disks and personal computers, are used to store information. Such devices have the risk of exposure to other parties, and thus, personal information contained therein may be exposed to the external threats. This study seeks to provide a platform for the guidelines to be applied in safeguarding personal information. The study purposes to analyze the various possible mechanisms of protecting stored information and data from exposure to the third parties. The study will also outline the recommendations regarding the best mechanism that can be used to safeguard personal information. The study takes data privacy as an essential aspect, and thus, much emphasis is placed on this concept.
i What is the reason behind data privacy and protection of information?
ii Which are the policies that safeguard data privacy?
iii What is the effectiveness of the measures taken to safeguard information in the running of an organization?
iv How are the policies developed in safeguarding the privacy of information effective in their application?
v Does the advancement in technology increase the risk of exposure of personally identifiable information?
i To ascertain the purpose of data privacy as well as the protection of Personally Identifiable Information.
ii To determine the various policies and strategies developed in safeguarding the privacy of data.
iii To establish the effectiveness and efficiency of information protection measures in running an organization.
iv To find out whether the various policies developed in safeguarding data privacy are effective in their operations.
v To determine whether the increased information technology increases the risk of exposure of personal information.
Null hypothesis: Advancement in technology does not pose any threat to the concept of data privacy and protection of personal information.
Alternative hypothesis: Advancement in technology is a catalyst to the threat of data privacy and protection of personal information.
Justification of the Study
Undertaking this study is essential, especially in the digital world. All aspects of operations in various fields have been enhanced through the application of technology. Individuals and business entities engage each other in their operations via technologies through the use of the internet. Every organization or institution is making use of technologies in delivering of services. The experts in the information technology continue developing new aspects of technology that make service delivery even easier. The application of modern technologies has increased the effectiveness and efficiency of operations in various sectors.
Modern technologies, however, carries certain risks and threats that act as a hindrance to the efficient and effective performance of organizations and institutions. This study is essential since it tries to provide measures that improve the efficiency and delivery of information. The measures proposed also enhance better operations and performance of the organizations and institutions where these technologies are applied. The study will indicate the implication of the various threats to the storage of data and information as well as the dissemination of the same information. It broadens the mind of management on the value of the information they store and the necessary measures that need to be undertaken to protect information. The study gives an insight on the best mechanism that can be applied in curbing the threats of information exposure to the public domain. It also gives an insight on the best practices to preserve data privacy and, hence, improve the value of the information they possess. The mechanisms proposed to protect information and safeguard data privacy is vital to the holder of the information being protected. This study, therefore, has much significance in its application in the running of the various organizations. It is more essential in the departments that manage and store information for use in the operations of an organization.
Limitation of the Study
The study involves a rigorous process, and thus, a lot of energy is devoted to the research. The development of mechanisms and proposals on the best mechanism to fight the threat of data privacy involves rigorous research into performance of the existing security measures. The performance of the various security measures put in place requires the guidance of technical experts. The technical expertise must be sought in undertaking this study.
Significance of the Study
The study is relevant in the context of organization and institutions’ operations. The insight given to management on the application of technology is essential. It enables the top management in any organization to develop strategies and policies that help to curb the security threat. It helps in increasing the efficiency of the operations of an organization. This study goes further to provide a solution to the insecurity threat after the various mechanisms that exist have been analyzed.
Several researches have been undertaken to determine the extent of the threat posed to data and information by the various entities. In meeting the objectives of the study, it is worth analyzing the information by other researchers. Information is used to enhance the efficiency in the various levels of operations, and thus, it is critical to analyze the management of such information. The reviewing of other literatures helps in identification of an information gap, which the study seeks to analyze.
Need for Data Privacy
Solove and Schwartz (2008) stress the need of maintaining data privacy for the sake of establishing an integrated system that allows for proper governance and management of institutions. Scholars have undertaken studies regarding information technologies within the United States (Solove & Schwartz 2008). There has been an increasing demand for electronic services since they are effective and fast. This makes the use of technology diverse in several institutions for different purposes. Rittinghouse and Ransome (2010) argue that protection of privacy is essential, especially in the world of networked technologies. The researches done across various institutions within the United States depict the need of having an established system of data protection.
The United States enjoys the presence of one of the strongest privacy consumer framework (National Institute of Standards and Technology 2012). The fundamental values on privacy and flexibility are maintained by this framework. There exist common law protections that are adaptable and statutes on consumer protection that work in coordination to protect the privacy of data. The existence of other agencies, like the Federal Trade Commission (FTC), enhances the development of policies that influence the relationship between consumers and companies in regard to the use of personal information. The framework contributes in encouraging economic and social innovations based on the internet use. Also, it provides a platform for discussions regarding the improvement and protection of privacy in a society that is well-networked. The various players of the economy including the civil society and the government engage in these discussions in improving the interrelations between these players.
There is a lack of adequate measures in addressing the issue of privacy by the existing policy framework. There is a lack of sustained commitment by stakeholders in addressing the issues of data privacy associated to the consumers. The issues regarding the data privacy of the consumers arise from the advancement in technology and the changing business models. The privacy principles applied in a commercial world are not stated in this framework. It is another loophole that hinders the maintenance of an effective data privacy mechanism. In addressing the data issues, there is a need to indulge the consumer data privacy in a world that is highly networked. This framework provides a bill of rights regarding the privacy of consumers. This bill embraces the principles of privacy that are recognized worldwide. These principles should adapt well to the use of the commercial internet in an environment that is dynamic. The administration requested legislation of the bill of rights by the Congress to ensure the safeguarding of the consumer privacy. This was meant to cover the commercial sector that has never been included in the Federal Data Privacy Laws. The federal government plays a major role in ensuring that stakeholders convene to undertake the discussions. The stakeholders in this case include the consumer and privacy advocates, companies, state and attorneys general, law enforcement representatives, academics, and international partners. The stakeholders were mandated to establish the codes of conduct in the implementation of the Consumer Privacy Bill of Rights. If these practices are affirmatively and publicly adopted by companies within the jurisdiction the Federal Trade Commission, they become legally enforceable (White House 2012). The framework on consumer data privacy outlines the concept of protection of consumer data. The framework provides a tool for controlling and understanding the flow of personal data in a digitalized economy. The framework provides companies with a platform of engaging policymakers and consumers with the objective of improving the expectations of the consumers. The core expectation of the consumer regards the correct use of personally identifiable information provided to the companies. The engagement of policymakers and consumers increases the effectiveness of data control. This helps the company in identifying and distinguishing unobjectionable and invasive practices on consumers’ personal data. The Administration’s data privacy on the consumer’s framework enhances promotion of frameworks on international policies and in the improvement of global competitiveness. The application of networked technologies becomes efficient when guided by the privacy laws. Being the leaders of the world, the United States has the responsibility of establishing a framework that is effective in guiding the operations consumers and businesses, as well as safeguarding the rights of consumers (White House 2012).
The use of the United States as the focal point of the research analysis is due to the great role it plays in the advancement of information technology. The development of networked technologies has taken a centre stage within the United States. However, the need for data privacy has been given a lot of emphasis in some parts of the world. The success of any organization or institution depends on the management of the information it has at disposal. Consumers have turned to the use of the internet in expressing their needs, maintaining friends, joining political movements, and engaging in business activities. This is driven by the confidence the consumers have on the use and application of technology. The global connectivity of the internet means that the idea of an innovator can grow rapidly to a large service or product. It is necessitated by the presence of interconnectivity where an individual can reach out to many consumers of information all over the world. It is not shocking to find a single innovator’s idea being consumed all over the world by millions of consumers. These are the wonders brought by the advancement in technology. American companies rank the best in the provision of technological services (Solove & Schwartz 2008). The advancement in information technology helps in job creation and, consequently, the growth of the economy. These are the benefits that the United States has due to the extensive invention and use of technology. Maintaining trust among the consumers is critical towards better performance and penetration of the global marketplace (Rittinghouse & Ransome 2010).
Legal Concerns on Information
The effective use of information requires proper management of the available data and information. This information requires protection to safeguard it from the malicious use. The law gives provisions regarding the use of information that is available within the public domain. The 201, CMR, rule gives provisions regarding the use of personal information that is destined for a commonwealth resident. The law provides a framework for establishing policies that guide the use of information. These policies provide a guideline on the use of information and the implications concerning the misuse of such information. The intention and will by any management to protect information is documented within the set policies.
Serwin, McLaughlin and Tomaszewski (2011) portend that organizations should have to define the role of security programs with the objective of enhancing the effectiveness of operations. Efforts on information security in most organizations are characterized by chaos and internal politics that hinder the proper securing of data privacy. The lack of proper articulation of roles and responsibilities hinders the proper actualization of security. This serves as an impediment to the information security even as the number of organizations increases. It is advisable that organizations should have documented roles for effective operations. This is the case with the information security department that advocates for data privacy (Serwin et al. 2011). Organizations often fall prone to missing documents and vital information due to the lack of proper mechanism set in place.
The research by the University of Pennsylvania indicates the importance of establishment of an office that coordinates the use and dissemination of information. The office deals with issues regarding the policies that are set in regard to safeguarding of information. The establishment of a privacy office ensures there is proper coordination of the various set policies in the process of information protection. Penn established its own office in 1993 with the objective of coordinating the operations of various entities in regard to protection of information. The Office of Information Security and Privacy (OISP) were developed in the quest of coordinating the efforts by the University of Penn in creating awareness and improving the security measures of their computer systems. In 2001, another office was set up under the auditing office dealing with the issue of the compliance to privacy (University of Pennsylvania 2012). The functions of the two offices seem to overlap. The information security is purposed to keep the system of the university and the data contained within the system safe. The privacy office deals with issues regarding the policy formulation and implementation that are aimed at safeguarding the privacy of information and data. The privacy office ensures the university’s compliance with the rules set by the host and federal state in respect to the issue of privacy. The two offices worked in coordination after their inception in ensuring the systems of the institution are safeguarded (Herold 2011). This reduces the risk of exposure of information that is personally identifiable to the public domain. Some people within the society tirelessly search for information that belongs to other parties with the objective of manipulating and misusing such information. The University of Penn focuses on the concept of information security mostly from the perspective of the technical aspects. The institution, thus, focuses on the development of software that prevents illegal entry into the data held personal (University of Pennsylvania 2012).
Governments have put considerable efforts to safeguard the use of information. The governments have embarked on sensitizing citizens on the use of information. The Department of Education in the United States instituted the Privacy Technical Assistance Centre (PTAC) as a platform to educate stakeholders on the sensitivity of security information. The education is based on the confidentiality and privacy of data. The security practices in relation to the data system in the student level were an essentiality of the centre.
In year 2009, in the Commonwealth of Massachusetts, a law was finalized with the objective of protecting residents against identity theft (CMR 2012). The problem was noticed to be growing at a high rate and, hence, required special attention. The law sets prescriptive requirements for a written program of information security that applies to organizations that process and stores information and data regarding the citizens. Under 201, CMR, the law requires that every person licensing or owning information that is personal regarding a commonwealth resident should maintain a program on information security that is comprehensive. The security program developed should cover several aspects of the information security. These include physical, administrative and technical safeguards. Written policies on information security form the foundation of any program on information security. The policies on information security provide rules that safeguard the protection of information assets by businesses. The written policies are essential in providing information regarding the responsibility of each member within an organization in regard to protection of information. The written policies avail documented evidence of intent to secure information by the management (United States 1994). It also acts as the primary source of information to both the internal and external auditors in validation of the security program of any given organization (CMR 2012).
Information protection ensures safeguarding of information that is sensitive to a company. The secrets of an organization are maintained where there are operational protection policies guiding the use of information. There exists a threat to the security of information that is within the system. The inside violations in regard to the data held by the organizations is the new threat to the security of information. The workforce in the current situation is heavily making use of technologies, such as emails, in undertaking their transactions. Employees easily transfer information and sensitive files by the use of emails or the portable storage devices. Organizations that do not have controls and policies regarding data protection may face the risk of exposing private information. Sensitive information owned by the organization should be held with due care and diligence to ensure information is only accessible to the relevant personalities. Many companies do not have necessary appropriate measures to prevent inadvertent loss of information. Companies have the mandate to develop measures that will mitigate the risk of loss of sensitive information. Several states have opened offices for the purpose of coordinating information protection activities.
Several researchers have undertaken research in the field of health in regard to information management. O'Keefe (2008) fears the threat that exists to personal information that individuals leave behind with several web service providers. The development of the Health Insurance Portability and Accountability Act (HIPAA) during 1996 is one of the measures taken in safeguarding data privacy in the health sector. This law governs the use of personal data by the health providers, as well as the researchers. These laws may also regulate the use of data by business entities. However, these laws do not prohibit the use of health data by the researchers. The requirement set to the health investigators is to observe the security and privacy of information. Respect and protection should be awarded to the data provided by patients. The process of data mining poses serious problems, especially when the data is drawn from several sources. Physicians and hospitals are often required to release certain information in regard to their patients for the use by various departments. The data may be released to the census personnel or to the department of health sector. The information mostly contains personally identifiable information that is supposed to be held in private. The researchers that get access to such information should respect and preserve the law on data privacy in regard to the data they have. However, the advancement in technology makes the data released prone to access by unintended parties. With the increased use of web services, the trail of information that people leave behind can be identified and exposed to other parties (O'Keefe 2008). Organizations that are mandated in the delivery of health services have the management of health information as a core aspect in the operations. Data mining has a range of benefits to the medical community including the researchers. The extensive data mining has added value to the reduction of risk. According to Kaiser Permanente, the Northern California region has had a major reduction in the deaths resulting from cardiovascular. The research carried was intensive, and recommendations provided ensured this was no longer to be the leading cause of death in the country (as cited in Klosek 2000). The presence of the repository system on the clinical data supports the delivery of healthcare. The medical knowledge provided by the data guide the medical practitioners in providing quality services. The health sector continuously endeavored to provide services by making use of information technology. This has increased the data being produced. A lot of organizations seek to access the stored data in the process of knowledge discovery. Concerns exist when information is disclosed to the public domain without the intrusion, which is considered illegal, into the data. The revealing of a person's identity by the slight information released. This information can be merged by other information available in the web to clear out the identity of an individual. There is concern regarding the use of the information collected. When the information is left at the exposure of the public domain, it may be applied for purposes other than which it was aimed initially. Ways should be devised whereby a person’s data can be shared not revealing the identity of a person. The Federal Office of Management and Budget devised a strategy that limit the disclosure of personal information from the government.
According to Alexander (2008), the establishment of the HIPAAA gives provisions regarding the protection and disclosure of information. Authorization regarding access of information is necessary in ensuring that an individual or an entity’s access only the authorized information by the user. In the United States, the Department of Health and Human Services (HHS) developed a privacy rule in the quest of implementing the HIPAA rule. The standards on the privacy rule address the issue of disclosure of health information that is personally identifiable information. The Office for Civil Rights (OCR) within the HHS is bestowed the responsibility of enforcing and implementing the privacy rules (U.S Department of Health 2010). The fundamental goal under the privacy rule is to ensure proper protection of an individual’s information regarding health. The privacy rules also control the flow of information with the objective of ensuring proper facilitation of health services and improvement of livelihoods. The rule strikes a balance on the information stored. The rule allows certain information to be released within the interests of improving livelihoods. The rule also protects the privacy of health information that is personally identifiable. There is diversity in the marketplace of health services and, thus, the rules are designed to reflect the diversity and flexibility of the changing situations in the marketplace. These rules are developed to adapt to the changing needs of the health market. The privacy rules in the United States were developed in regard to the HIPAA. The HHS secretary was required under the HIPAA to publicize standards that guide the operations of electronic exchange, security and privacy of information regarding health. The privacy rules cover health plans, a provider of the health care, and health care. This is in line with the transmission of health care services through the electronic media. The health plans cover both individual and group of entities.
Markota and Raic (1997) outline the guidelines that should be complied with in the protection of information. The rules and bodies set govern the management of personal data and information. The Human Services and Health Department together with the Office for Civil Rights are mandated to ensure the enforcement of the standards. These powers also allow the two bodies to conduct research and reviews regarding the observance of the standards set. The Office for Civil Rights also guarantees cooperation of other entities in ensuring the provisions of the privacy rules are followed to the latter. Entities that fail to comply with the provisions of the standards are subjected to civil money penalties. Other extreme violations of the privacy rule may result in criminal prosecution (U.S Department of Health 2010).
Cooney (Cooney 2007) notes that the process of outsourcing among businesses and organizations has been on the increase, especially in the digital age. Businesses have developed a culture of outsourcing back office functions to an external service provider. Outsourcing services, such as human resource functions, require the disclosure of personal information concerning the employees. If this information is not well-protected, it may be accessed for malicious use. The Data Security Council of India (DSCI) helped develop a culture of information management that is well-trusted across India (Cooney 2007). The DSCI emphasize on the security of information and the requirements of honoring the privacy obligations. The flow of information should only be intended to reach the relevant personality. The protection obligation of information applies to the data managed and reflects the commitments and obligations of the client’s company to the customers (Dawson, Clark & Boyd 2000). This follows the route of transaction. The implementation of the DSCI framework reflects the responsibility of the state across borders in respect to the continued privacy obligations. The DSCI is supposed to assist member companies in developing privacy policies relating to the use of information. The data privacy is vital, especially where the information flow is effected from abroad. The information that a given company releases across borders to another company should only be used for the intentioned purposes. Protection of information is, thus, critical in the field of business, especially in outsourcing. The improvement of security practices is essential in the observance of a smooth flow of data in the global outsourcing. A successful framework is supposed to agree with the international principles on privacy. These include the contents of a framework that was established by the Asian Pacific Economic Cooperation (APEC). This framework is founded on the longstanding issues of the data responsibility established in the 1980s by the Organization for Economic Cooperation Development (OECD). These organizations advocate for free information flow and addressing appropriately the issue of data privacy and protection of information. The policy framework by the APEC has outstanding principles that it addresses in regarding to data privacy and protection of information. This is in regard to the prevention of harm on individuals and the advocacy of business accountability. The major aspect of developing a framework on the safeguarding of privacy of data is to ensure that businesses across borders interrelate well in the undertaking of their operations. This ensures proper execution of the outsourcing practices. This helps in the demonstration of commitment, as well as competence in the application of accountability in the performance of duties. The aspect of protecting information plays an essential role in ensuring transparency and accountability in the performance of duties among various businesses. The obligations regarding information security and data protection should be observed in regard to the directions issued by the clients. A DSCI framework on accountability should recognize appropriate tailoring and balancing of protections. This assists the management in the companies to develop and manage data and information security system that is proportionate and well-established to meet the set objectives (Moore, Pym & Ioannidis 2010).
India has built an environment that capitalizes and promotes growth in the sector of information technology. It is worth stressing that the outsourcing process has been very prevalent in India. The information use is the one of the factors that has enabled India to maintain steady growth in the field of outsourcing. The establishment of the DSCI is a vital step in promoting business process outsourcing as it promoted the aspect of data protection and observance of privacy in data. The development in the various sectors of business depends on the proper use of the information released. The DSCI acts as an agent of trust in the security accountability and maintenance of data privacy in the process of business outsourcing. This is achieved through compliance, education and enforcement of management practices of information that is highly trusted. India in its current state has citizens and service providers who honor data security and privacy. The information that flow from customers to the businesses is handled with a lot of care to ensure practices that promote ethical handling of the data provided. India enjoys a system that is well-managed and with sophisticated programs dealing with the management of security of information and privacy of data. The framework that can serve as the benchmark for responsible businesses has not been put in place in India. This denies a platform for businesses to compare their achievements, expertise, and competence in their field of operations. The lack of the benchmark framework impairs to a large extent the credibility of competent companies within India in regard to their operation. The development of the accountability framework of businesses is fundamental for companies that are highly performing in India. This is the same case for the service providers as they may need awareness of the security and privacy issues, as well as capacity building. A DSCI can work best if the other players and agencies in the maintenance of privacy work with the same objective of improving efficiency in the preservation of personal data. All the parties involved, including the government, consumers, and businesses, must demonstrate trust in the framework developed for effective operations.
During the last fifteen years, advancement in information technology has played a great role in transforming the sector of commerce. The flow of information today can be described as ubiquitous, and it reflects extensive use of information technology and the internet to transact all over the world. Technologies in information communication are evolving, resulting in sophisticated software. This software is used in facilitating digitization of information that assists in the performance of the business processes. The software also contributes to the improvement of the business processes by companies in the quest to meet the expectations by the customers. The performance of business activities takes place all the time, either day or night, due to the presence of information technology. Companies always focus on the performance of their operations beyond their country borders. They do this by aiming to achieve the objective of optimizing customers’ services and improving their business operations. Many functions performed by businesses may be assigned to another business to deliver services on behalf of the core company. This process can facilitate business operations within and outside the country boundaries where a given company operates. The flexibility of carrying out business in the global economy facilitates the shaping of customer services by the companies to allow for better service delivery. The flexibility also allows for delivery of inventory and manufacturing with the objective of maximizing benefits and efficiencies in the operations of a business. The processes in businesses can be structured to meet the demands by the customers and to improve the value of a company.
The flow of information can be effectively leveraged with the aim of creating value in the process of outsourcing. In the same way, privacy practices and information security play a critical role in creating a company’s brand and reputation in the market. In a market that is increasingly competitive, companies will strive to leverage information that is trusted. This will help the company in maintaining its customers and acquiring new ones. The assurance that service providers use personal data in a responsible manner and safeguard the personal data add to the value of the company in terms of performance. Clients need to have confidence that their information will be saf