Assignment 1 - Finals

What Would You Do?

1.      As the information system manager for a small manufacturing plant, you are responsible for all aspects of the use of information technology. A new inventory control system is being implemented to track the quantity and movement of all finished products stored in local warehouse. Each time a fork-lift operator moves a case of product, he or she must scan the UPC code on the case. Not only is the product information captured, but also the day, time, and fork-lift operator identification. This data is transmitted to LAN to the inventory control computer that then displays information about the case and where it should be placed in the warehouse.

      The warehouse manager is excited about using the case movement data to monitor the productivity of the workers. He will be able to tell how many cases per shift each operator moves, and plans to use data to provide performance feedback that could result in pay increases or termination. He has asked you if there are any potential issues with using the data in this manner, and, if so, what should be done to avoid them. How would you respond?

               Answer:

In this case they are advantage and disadvantage. For the goods of company it should be, because through this case movement data it can monitor the productivity of the worker and the production if it is in progressive stage but it is against to all workers because this privilege can harm their privacy in every act they did unless they have illegal doing. Because once you are in the company you are responsible in every act you will do.

2.      As a young and highly successful member of your company’s marketing organization, you have been asked to take on the role of your company’s first ever CPO. What questions would you ask before accepting this role? Assume that you have agreed to become the CPO. One of your first actions is to develop a comprehensive data privacy policy. How would you go about doing this?

Answer:

I will ask if I have also privacy and they can protect my privacy like what I need to do as CPO?. If I become CPO first I will assure that their privacy will be protected and protect the company initiatives, because through this I will develop and manage the customer privacy dispute through verification process. Through the help of my work we should be briefed on planned marketing programs, information systems/database that involve the collection or dissemination of consumer data.

3.      You are a new marketing manager for the Ford Motor Company. You are considering the use of spam to promote the latest and greatest automobile model that is targeted to young, affluent adults. List the advantages and disadvantages of such a marketing strategy. Would you recommend this means of promotion? Why or  why not?

Answer:

The advantages are it is easy to promote the product and the companies can be  offset by the generally negative perception of the public has of receiving unsolicited ads. The disadvantages are there’s no privacy protection for the recipients, for those who pay for their own advertisement, and for those who pay for internet connection charges on an hourly basis, this cost can add up.

For me, I should not go on spamming because as I am, I don’t want also to harm my privacy. I will respect their privacy even though Internet is the easiest way to promote one’s  product, I will not go, I’ll better to choose advertisement. Because a lot offer in a cheaper price and some are for free.

4.      You are the CPO of a medium-sized manufacturing company with sales of over $250 million per year with almost $50 million coming from internet-based sales. You have been challenged by the vice president of sales to change the company’s Web site data privacy policy from opt-in to opt-out and to allow the sales customer data to other companies. The vice president has estimated that this change would bring in at least $5 million per year in added revenue with little additional expense. How would you respond to that request?

Answer:

For me I will not change the company’s web site data privacy because once in for all this is generally known to all users and subscribers and I don’t care if it get cost $50 million as long as my profit is not affected.

Case Study # 1

1.      HIPAA and the Upcoming Furor over Medical Records

The goal of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is to require health care organization to implement cost-effective procedures for exchanging medical data. Health care organizations must employ standard electronic transactions, codes, and identifiers designed to enable them to fully “digitize” medical records and make it possible to use the internet rather than expensive private networks for electronic data interchange . the Department of Health and Human Services developed over 1500 pages of specific rules (see www.hhs.gov) governing the exchange of such data with compliance deadline of April 2003. The regulations affect 1.5 million health care providers, 7,000 hospitals and 2,000 health care plans.

Under the HIPAA provisions, health care providers must obtain written consent from patients for the use or disclosure of information in their medical records. Patients are also guaranteed the right to inspect and copy their medical records and suggest changes to correct inaccuracies. Health care providers must keep track of everyone who received medical information from patient’s medical file. Patients can demand that doctors and hospitals provide an accounting of all disclosures spanning the past six years. These provisions will affect every doctor, patient, hospital, pharmacy, and insurer.

Health care companies must appoint a privacy officer to develop privacy policies and procedures as well as to train employees in how to handle sensitive data. These actions must address the potential for unauthorized access to data by outside hackers as well as the move likely threat of internal misuse of data. It is the employee within the health care organization who is much more likely to compromise confidentiality, either intentionally or accidentally. For example, during an upgrade to one company’s information systems, hundreds of e-mail messages containing sensitive information were accidentally sent to members of a large HMO. Not only was there a potential loss of privacy due to the messages being intercepted by people who were not the intended recipients, but also each recipients lost some personal privacy by simply having his or her name appear on the distribution list for the message. Health care companies must also guard against the prospect of personnel with authorized access using data inappropriately-such as  a cardiologist reading a patient’s psychiatric records online and telling her that her chest pains are not real but related to her psychosis.

HIPAA assigns responsibility to health care organizations, as the originators of individual medical data, for certifying that their business partners (billing agents, insurers, debt collectors, research firms, government agencies, and charitable organizations) also comply with HIPAA security and privacy rules. This provision of HIPAA has health care executives especially concerned as they do not have direct control over the systems and procedures that their partners implement. Those who misuse data may be fined $250,000 and serve up to 10 years in prison.

As the full details of HIPAA have become better understood, many experts have become concerned. Some fear that between the increasing demands for disclosure of patient information and the impending full digitization of medical records, patient confidentiality will be lost. Many think that the HIPAA provisions are too complicated and will miss the original objective of reducing medical industry costs and instead increase costs and paperwork for doctors without improving medical care. All agree that the medical industry must make a substantial investment to achieve compliance. Government experts estimate that it will cost each hospital between $100,000 and $250,000 to comply with HIPAA’s data privacy and security regulations. Meanwhile, a study by Blue Cross/Blue Shield puts the costs much higher - $775,000 to $6 million per hospital.

The Agency for Healthcare Research and Quality (the research arm of the Department of Health and Human Services) states that HIPAA will require computer systems that can greatly reduce. If implemented correctly, the adverse reactions caused by medication errors. The agency estimates that hospitals will save $500,000 in direct costs annually.

Questions:

a.      What are the potential benefits from full implementation of HIPAA – from a patient’s perspective and from a health care organization’s perspective?

Answer:

               For the benefits of the patient’s perspective it is guaranteed the right to inspect and copy of their medical records and to suggest changes to correct inaccuracies and for health care organization on perspective its implement the cost effective procedures for exchanging medical data and have the privacy policies.

b.     What actions could a privacy officer take to be able to certify that a health care organization’s business partners also comply with HIPAA security and privacy rules?

Answer:

Health care companies must appoint a privacy officer to develop privacy policies and procedures as well as to train employees on how to handle sensitive data.

c.      What do you see as the likely negative effects of HIPAA? How well do you think these effects balance against the benefits?

Answer:

The negative effects of HIPAA are they do not have direct control over the systems and procedures that their partners implement and through this it can affect the balance against the benefits if it is happened to individual.

2.      Echelon – Top Secret Intelligence System

Echelon is a top-secret eavesdropping system managed by the National Security Agency (NSA) of United States and known to be used by the intelligence agencies of England, Canada, Australia, and New Zealand. It is capable of intercepting and decrypting almost any electronic messages sent anywhere in the world via satellite, microwave, cellular, or fiber-optic telecommunications, including radio and TV broadcasts, phone calls, computer-to-computer data transmission, faxes, and e-mail. It may have been in operation since as early as the 1970s, but it wasn’t until the 1990s that journalist using the FOIA were able to confirm its existence and gain insight into its capabilities. Although Echelon is the world’s  largest and most sophisticated surveillance network, it is by no means the only one Russia, China, Denmark, France, the Netherlands, Russia, and Switzerland operate Echelon-like systems to obtain and process intelligence by listening in one electronic communication.

Which electronic transmission are captured and what Echelon is able to do with messages is subject to much conjecture. Even if all electronic messages worldwide were unencrypted, finding those messages that warranted further attention would be an enormous, computer-intensive task. As a result, it is likely that Echelon targets communications to and from specific individuals and organizations rather than trying to assimilate all electronic messages. Thus, some subset of all possible messages is forwarded to the massive United States intelligence operations at Fort Meade, Virginia, where powerful computers look for code words or key phrases among the messages. Intelligence analysts peruse any conversation or document thus flagged by the system, and significant messages are then forwarded to the agency that requested the information.

A number of intelligence satellites in orbit are used to detect signals that normally dissipate into space – radio signals, mobile phone conversations, and microwave transmissions. In addition, at least six ground – based stations throughout the world are used to monitor the communication satellites of Intelsat, the world’s largest commercial satellite communications services provider.

Computer processing speeds and the science of speech recognition probably are not yet advanced enough for a real-time global listening system capable of transcribing the hundreds of thousands of calls that are happening at any instant in time. However, Echelon is capable of voice pattern matching and can identify who is speaking if their voice pattern is stored in its database. Also, it employs recording systems that are capable of automatically triggering tape recording based on “hearing” key words.

Echelon employs special software and speech recognition technology to convert any audio communication into formatted searchable text. A half-hour broadcast can be processed and stored in searchable format in 10 minutes. Currently the software understands only American English, but the CIA is enhancing it to handle Chinese and Arabic. Other Echelon software is used to alert intelligence analysts any time a new page goes up on a Web site of interest. CIA personnel use special software to perform searches in English of Web sites developed in Chinese, Japanese, Russian, and eight other languages. The software then translates the text of the Web site into English.

This immense, highly sophisticated surveillance system apparently operates with little oversight, and the various agencies that run Echelon have provided few details as to the legal guidelines governing the project. Indeed, the governments of the countries believed to be involved have failed to officially acknowledge the existence of Echelon. Because of this, there is no way of knowing its true capabilities and exactly how it is being used.

Echelon intercepts both sensitive government data and corporate information. It also provides the opportunity to illegally spy on private citizens. It is no wonder that privacy advocates are upset with the secrecy surrounding the system and its great potential for misuse. They feel that Echelon can be directed against virtually any citizen in the world with the full knowledge and cooperation of their government.

In the U.K. Echelon has already been accused of spying on organization such as Amnesty International – an International organization that seeks to ensure fair and prompt trials for political prisoners and that opposes human rights abuses. In addition, in September 1999, the European Union released a report highly critical of the operators of Echelon for using it to intercept confidential company information and divulging it to favored competitions to help win contracts. The report alleged that Airbus Industrie of France lost valuable contracts because information intercepted by Echelon was forwarded to the Boeing Company to help it obtain a competitive advantage.

In the United States, the ACLU and others are concerned that Echelon may be used without a court order to intercept communications involving Americans. The Foreign Intelligence Surveillance Act prohibits interception of certain communications for intelligence purposes without a court order unless the Attorney General certifies that certain conditions are met. These conditions include a limitation that “there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party.”

Echelon supporters know that communications surveillance is successful in gathering enemy intelligence and was a key to the success of the allied military effort in World War II. They also argue that tragedies such as the September 11,2001, attack and the bombing of the federal building in Oklahoma City are proof that such a surveillance system is necessary to forewarn authorities and potentially prevent major terrorist activities. In that regard, the United States agreed to share highly classified material from Echelon with the Spanish government to aid in its battle against the Basque separatist group ETA. As a result, the Spanish are now receiving decoded intercepts relating to the ETA’s plans for terrorist operations.

Questions:

a.      Are you for or against the use of the Echelon for eavesdropping on electronic communications? Why or why not? Is your opinion affected by the September 11,2001, terrorist attacks?

Answer:

I’m against on using Echelon for eavesdropping on electronic communication even though we all know that now a day we are in high modern technology but we should not depend on it, it’s better to use and have the human intellectual rather than electronic technology and all that happening today is a result by all what we did.  

b.     Develop a set of plausible conditions under which the directors of Echelon would authorize the use of the system to listen to specific electronic communications.

Answer:

Under the United States on which they use Echelon eavesdropping to intercept communications involving Americans. It is successfully in gathering enemy intelligence and was a key to success of the allied military effort in World War II.

c.      What sort of expanded or new capabilities might Echelon have 10 years from now as information technology continues to improve at a rapid pace? What additional privacy issues might be raised by these new capabilities?

Answer:

The new capabilities might Echelon have 10 years from now as information technology it’s continues to improve the modernization that surely can bring us to progressive stage through the help of technology, all problems can be easily solved but all of this can affect our privilege and privacy. Like in every act that we did we can never hide it out.