Assumption University of Thailand

Graduate School of Business and Advanced Technology Management

(GSB-ATM)

Management Information Systems

Ethical and Social Issues in

Information Systems

Dr. Poonphon Suesaowaluk

Objectives
• To describe the ethical, social, and political issues raised by
Information Systems.
• To describe specific principles that can be used as a guide
for ethical decisions.
• To explain the description of the moral dimension of
information systems and their related ethical issues.
• To enable students to analyze the possible ethical policy to
be implemented for an organization.
Topics
• Ethical and Social Issues Raised by Information Systems
• Ethics in an Information Society and its Principle
• Protection of Individual Privacy and Intellectual Property:
The Moral Dimensions of Information Systems
Ethical and Social Issues
Raised by Information
Systems
Ethical and Social Issues are Raised by Information Systems
• Ethics
– The principles of right and wrong that individuals, acting as
free moral agents, use to make choices to guide their
behaviors.
• Information systems and ethics
– Information systems raise new ethical questions because
they create opportunities for;
‣ Intense social change, threatening existing distributions
of power, money, rights, and obligations
‣ New kinds of crime
New Technology and Issues
• Technological innovations can be a double-edged sword.
• The ability of IT systems to support decision making.
• Progressive predictive modeling to identify individual customers
that fit risk or vulnerability profiles.
• Opportunities from new technology
– Big data strategy, predictive models, and data mining
technology development
– Develop privacy policies
• Problem: Undeveloped legal environment
Ethical and Social Issues are Raised by Information
Systems
• Computing power doubles every 18 months
• Data storage costs rapidly decline
• Data analysis advances
• Networking advances
• Mobile device growth impact
Ethical and Social Issues are Raised by Information
Systems
Advances in Data Analysis Techniques
• Profiling
– Combining data from multiple sources to create dossiers of
detailed information on individuals.
• Non Obvious Relationship Awareness (NORA)
– Combining data from multiple sources to find obscure
hidden connections that might help identify criminals or
terrorists.
 Non Obvious Relationship Awareness (NORA)

NORA technology can take the information about people from disparate sources and find it
obscure, nonobvious relationships.
Source: Laudon K. C. and Laudon J.P. 2022
Five moral dimensions of the information age
1. Information rights and obligations
• Protect information right for possessor.
2. Property rights and obligations
• Protect intellectual property, tracing, accounting for ownership
3. Accountability and control
• Who is responsible in case harmful of using information systems?
4. System quality
• Standard of data and system, protect individual rights, safety of society
5. Quality of life
• Value preserved in an information and knowledge-based society
Relationship between Ethical, Social, and Political Issues in an Information Society

Source: Laudon K. C. and Laudon J.P. 2022

The introduction of new information technology has a ripple effect, raising new ethical, social, and
political issues that must be dealt with on an individual, social, and political levels.
These issues have five moral dimensions: information rights and obligations, property rights and
obligations, system quality, quality of life, and accountability and control.
 Ethics in an
Information Society
Basic Concepts for Ethical Analysis
• Responsibility
– Action element, accepting the potential costs, duties, and
obligations for decisions
• Accountability
– Feature of systems and social institution
– Mechanisms for identifying responsible parties, the person
who is responsible for decisions and actions
Basic Concepts for Ethical Analysis (Cont.)
• Liability
– Extension of responsibility to the law area
– Political systems feature
– Permits individuals (and firms) to recover damages done to
them by other actors, systems or organization
• Due process
– Related feature of law-governed societies and applied fairly,
correctly
– The process shows that Laws are well-known and
understood, with an ability to appeal to higher authorities.
Five-step Ethical Analysis
1. Identify and clearly describe the facts.
2. Define the conflict or dilemma and identify the higher-
order values involved.
3. Identify the stakeholders.
4. Identify the options with reasonably take.
5. Identify the potential consequences of selected options.
Ethical Principles
• Golden Rule
– “Do unto others as you would have them do unto you”. Kenneth
C. Laudon and Jane P. Laudon, Pearson, 2016
– Think that your desire as the other can help you decide the
fairness
• Immanuel Kant’s Categorical Imperative
– “If an action is not right for everyone to take, it is not right for
anyone”
– Ask yourself, if everyone did this could, the organization or society
survive?
Ethical Principles (Cont.)
• Descartes’ Rule of Change
– “If an action cannot be taken repeatedly, it is not right to take
at all”
– Accept an action if it bring a small change now. If it is
repeated it would bring Unacceptable changes in the long run
• Utilitarian Principle
– “Take the action that achieves the higher or greater value”
– Can prioritize values in a rank order and understand the
consequences of various courses of action.
Ethical Principles (Cont.)
• Risk Aversion Principle
– “Take the action that produces the least harm or potential
cost”
– Avoid high costs if the return on investment is low
• No Free Lunch Rule
– “Assume that virtually all tangible and intangible objects
are owned by someone unless there is a specific
declaration otherwise”
– Someone creates useful, valuable work, so he wants
compensation for his work
Professional Codes of Conduct
• Promulgated by associations of professionals
– American Medical Association (AMA)
– American Bar Association (ABA)
– Association for Computing Machinery (ACM)
• Promises by professions to regulate themselves in the general interest
of society
• ACM code of conduct: (www.acm.org) consisting of 24 imperatives
formulated as statements of personal responsibility, identifies the
elements of such a commitment
• Association of Information Technology Professional Code of Conduct:
AITP (http://www.aitp.org/?page=EthicsConduct)
Real-world Ethical Dilemmas
One set of interests pitted against another
• Examples
– Monitoring employees: The rights of a company can
maximize the productivity of workers versus workers' rights
to use the Internet for some short-term personal tasks.
– Facebook can monitor users and sell information to
advertisers and app developers.
Protection of Individual
Privacy and Intellectual
Property
The Moral Dimensions of Information Systems
1. Information Rights: privacy and freedom in the Internet age
• Privacy
– Claim of individuals to be left alone, free of surveillance or
interference from other people or organizations.
– Claim to be able to control information about yourself.
– Involved in the workspace
• In the United States, privacy protected by
– First Amendment (freedom of speech)
– Fourth Amendment (unreasonable search and seizure)
– Condition for handling information about individuals, credit reporting,
education, financial newspaper records, and electronic
communication.
– Privacy Act of 1974
Fair Information Practices, FIP
A set of principles governing the collection and use of
information about individuals is used to drive changes in
privacy legislation.
– Basis of most U.S. and European privacy laws
– Based on mutuality of interest between record holder and
individual
– The individual has an interest in engaging in a transaction,
and record keeper. The record may not be used to support
other activities without the individual’s consent.
Fair Information Practices, FIP
• COPPA, Children’s Online Privacy Protection Act 1998;
– Parental permission is required before collecting information on
children under the age of 13
• Gramm-Leach-Bliley Act 1999;
– Restriction on affiliation among banks, security firms, insurance
companies
• Health Insurance Portability and Accountability Act, HIPAA,
1996, 2003
– Privacy protection for medical records
• Do-Not-Track Online Act of 2011
Federal Trade Commission Fair Information Practice
FTC FIP principles: www.ftc.gov/privacy
• Notice/awareness (core principle)
– Web sites must disclose their information before collecting
data.
– Identification of the collector, data used, and other receipts.
• Choice/consent (core principle)
– Consumers must be able to choose how information is used
for secondary purposes.
Federal Trade Commission Fair Information Practice
• Access/participation
– Consumers must be able to review and contest the accuracy
of personal data in a timely, inexpensive process. Security
– Data collectors must take steps to ensure accuracy, security
of personal data
• Enforcement
– Must have mechanism to enforce FIP principles.
– It can involve self-regulation.
European Directive on Data Protection
• Companies must inform people when they collect information and
disclose how it is stored and used.
• Citizens have the right to know and deny the use of data for purposes
other than its original intention.
• People have the right to inspect and correct their data.
• Opt-in practice; business is prohibited from collecting any personal
information, collection data must be approved by an individual.
EU General Data Protection Regulation (GDPR)
• Requires unambiguous explicit informed consent of customer
• E U member nations cannot transfer personal data to countries without
similar privacy protection
– Applies across all E U countries to any firms operating in E U or processing
data on E U citizens or residents
– Strengthens right to be forgotten by allowing individuals to remove personal
data from social platforms and to prevent such companies from collecting
any new information
– Companies operating in EU are required to delete personal information once
it no longer serve the purpose (European commission 2016)
• Privacy Shield: All countries processing E U data must conform to G D P R
requirements
 Internet challenges to privacy
• Cookies
– Identify visitor browser and track visits to site
– Example: Amazon can recommend the new goods item for the
second visit
• Web beacons (Web bugs)
– Tiny graphics/objects are embedded in e-mails and Web pages.
– Monitor who is reading e-mail messages or visiting the site.
– Captures and transmits information, such as a user's IP address
and the time spent viewing a web page.
Internet challenges to privacy
• Spyware
– Installed on user’s computer, call to web site to send banner
ads to user
– Report the user’s movement to other computers through
Internet
– May transmit user’s keystrokes or display unwanted ads.
• Google services and behavioral targeting
– Using behavioral targeting advertisers to target ads based on
the search histories of users.
Internet challenges to privacy
• The United States allows businesses to gather transaction
information and use this for other marketing purposes.
• Online industry promotes self-regulation over privacy
legislation.
– Complex/ambiguous privacy statements
– Opt-out models selected over opt-in
– Opt-out practice; informed consent permitting the collection of personal
information until the customer specifically requests that the data not be
collected
– Online “seals” of privacy principles
How Cookies Identify Web Visitors

1. The Web server reads the user's Web browser and determines the operating system,
browser name, version number, Internet address, and other information.
2. The server transmits a tiny text file with user identification information called a cookie,
which the user's browser receives and stores on the user's computer.
3. When the user returns to the Web site, the server requests the contents of any cookie it
deposited previously in the user's computer.
4. The Web server reads the cookie, identifies the visitor, and calls up data on the user.
Internet challenges to privacy
Technical solutions:
• E-mail encryption
• Anonymity tools
• Anti-spyware tools
• Overall, technical solutions have failed to protect users from being tracked
from one site to another
– Browser features
Ø “Private” browsing
• example P3P, Platform for Privacy Preferences; Only work with members
of World Wide Web consortium
Ø “Do not track” options
The Moral Dimensions of Information Systems
2. Property rights: Intellectual Property
• Intangible property of any kind created by individuals or
corporations, difficult to protect, easy to copy.
– Four legal protections
‣ Copyright,
‣ Patents,
‣ Trade Mark,
‣ Trade secret
The Moral Dimensions of Information Systems
2 Property rights: Intellectual Property
• Copyright:
– statutory grant protecting intellectual property from being copied for
the life of the author, plus 70 years after the author’s death
– 95 years after the initiate creation for cooperate-owned works
– Computer Software Copyright Act, protect software program
code and for copies sold in commerce; the right to purchaser
while the creator retains legal title
The Moral Dimensions of Information Systems
2. Property rights: Intellectual Property
– Patents:
‣ Grant creator of the invention an exclusive monopoly on ideas
behind an invention for 20 years
‣ To ensure that inventions of new machines, devices or method
receive the full financial and other rewards of their labor and make
widespread use of the invention possible by providing detailed
diagrams for those wishing to use the idea under license from the
patent’s owner
The Moral Dimensions of Information Systems
2. Property rights: Intellectual Property
• Trade secret: intellectual work or product belonging to a
business, not in the public domain.
– Example; Trade secret laws protect the actual ideas in a
work product for software systems.
• Trade Mark
– Marks, symbols and images
The Moral Dimensions of Information Systems
Challenges to Intellectual Property Rights
• Digital media different from physical media (e.g., books)
– Ease of replication, transmission, alteration
– Difficulty in classifying software and establishing uniqueness.

• Digital Millennium Copyright Act (DMCA), 1998

‣ The World Intellectual Property Organization Treaty makes it illegal to
circumvent technology-based protections of copyrighted materials.
‣ Copy right and Intellectual property law protect everything on the website,
so there is no need to carry the copyright symbol.
The Moral Dimensions of Information Systems
3. Accountability, liability, control
Computer-related liability problems
Who will be responsible If software fails?
Example:
a. If If a person is injured by machine control that is made by software,
who will take accountability? as part of machine that injures or
harms, software producer and operator may be liable.
b. What should the liability be if software is seen as a service?
The Moral Dimensions of Information Systems
4. System quality: Data quality and system errors
• System issues effect a consumers and business users
• Acceptable, technologically feasible level of system quality
• Sources of poor system performance:
– Software bugs, errors
– Hardware or facility failures
– Poor input data quality (most common source of business
system failure)
 The Moral Dimensions of Information Systems
5. Quality of life: Equity, Access, Boundaries
• Balancing power: Center Vs Periphery
computing power decentralizing, key decision making remains
centralized
• Rapidity of change: Reduced Response Time to competition
create efficient markets, national and international, and global market
• Maintaining boundaries: Family, work, computing,
computing, Internet use lengthens work-day, infringes on family,
personal time
• Dependence and vulnerability: public and private organizations ever
more dependent on computer systems
The Moral Dimensions of Information Systems
• Computer crime and abuse
– Computer crime: commission of illegal acts through the use of a
computer or against a computer system-computer may be an object
or instrument of crime.
– Computer abuse: unethical acts, not illegal, e.g., Spam
• Employment
– Reengineering work resulting in lost jobs.
The Moral Dimensions of Information Systems
Health risks
1. Repetitive Stress Injury (RSI)
• Muscle groups are forced through repetitive actions, often with high-impact loads
2. Carpal Tunnel Syndrome (CTS)
• Pressure in the median nerve through the wrist’s bony structure
• It is avoidable by designing workstations for a neutral position, using proper
computer sets, and seats for working.
3. Computer Vision Syndrome (CVS)
• Eyestrain and headaches that are caused by using a screen
4. Technostress
• Aggravation, impatience, fatigue
• Relief: Take a break from the computer, and understand the danger of isolation from
other humans.
Summary
 Summary
• Ethical, social, and political issues raised by Information Systems
• Technology trends raise ethical issues.
• Ethical considerations and guiding principles for making decisions
• Example of a professional code of conduct, ACM
• The Moral Dimensions of Information Systems
• Fair Information Practice
• Internet challenges to the protection of individual privacy and
intellectual property pose a threat to individual privacy and intellectual
property.
• Law, Policy of privacy and intellectual properties protection such as EU
and U.S.
 References
• Laudon, K.C., & Laudon, J.P. (2022). Management information systems (17th ed.). Edinburgh
Gate Harlow, London: Pearson.
• ACM professional code of conduct: http://www.acm.org/
• Digital Millennium Copyright (DMC), http://www.ala.org/advocacy/copyright/dmca
• Federal Trade Commission (FTC), www.ftc.gov/privacy
• The Child Online Privacy Protection Act (COPPA)
https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-
online-privacy-protection-rule
• Sarbanes-Oxley Act: http://www.soxlaw.com/
• Business Software Alliance: http://www.bsa.org/
• HIAPP:
– https://www.cdc.gov/phlp/publications/topic/hipaa.html
– https://www.hhs.gov/hipaa/index.html
Ethics in an Information Society
Professional Code of Conduct: AITP (http://www.aitp.org/?page=EthicsConduct)
“These standards expand on the Code of Ethics by providing specific statements of behavior
in support of each element of the Code. They are not objectives to be strived for, they are
rules that no true professional will violate. It is first of all expected that an information
processing professional will abide by the appropriate laws of their country and community.”
“In recognition of my obligation to society I shall:
• Protect the privacy and confidentiality of all information entrusted to me.
• Use my skill and knowledge to inform the public in all areas of my expertise.
• To the best of my ability, insure that the products of my work are used in a socially
responsible way.
• Support, respect, and abide by the appropriate local, state, provincial, and federal laws.
• Never misrepresent or withhold information that is germane to a problem or situation of
public concern nor will I allow any such known information to remain unchallenged.
• Not use knowledge of a confidential or personal nature in any unauthorized manner or to
achieve personal gain.”
 Assignment
Visit these websites, (important federal privacy law)

1. Federal Trade Commission (FTC), www.ftc.gov/privacy

2. Digital Millennium Copyright (DMC), http://www.ala.org/advocacy/copyright/dmca
3. The Child Online Privacy Protection Act (COPPA)
https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-
online-privacy-protection-rule
4. Sarbanes-Oxley Act: https://en.wikipedia.org/ or http://www.soxlaw.com/
5. Business Software Alliance: http://www.bsa.org/
6. Health insurance portability and accountability Act of 1996
https://www.cdc.gov/phlp/publications/topic/hipaa.html
7. General Data Protection Regulation (GDPR) : https://gdpr-info.eu/

Report content covers;

The history, Objective(s), General Policy (regulation, rule)