Gaps between Policy and Practice in the Protection of Data Privacy
Cockcroft, Sophie, JITTA : Journal of Information Technology Theory and Application
Poor information security can have a severe impact on an organisation. The major risk in consumer to business e-commerce is that security concerns will result in a lack of consumer confidence resulting in a loss of business. Information security is defined by Parker (2001) as: "The preservation of confidentiality and possession, integrity and validity, and availability and utility of information".
With reference to the definition above, privacy is incorporated in the first two items; confidentiality and possession. A recent report suggested that only one in three businesses implement formal privacy policies (Computer Economics 2001). Even when policies are in place they are often not rigorously applied until a significant security breach forces management to focus on them (Fonseca 2000; Milberg, Smith et al. 2000).
This study is confined to privacy abuses relating to computerised data assets of an organisation or an individual, and any channels through which this data is transmitted.
Laws, regulations and ethics
Laws and regulations
Balancing different privacy perspectives within the realm of increasingly connected global e-commerce presents a significant challenge to managers. Whilst privacy as an individual right is a very old concept, the information age has brought confusion about what is ethically right or wrong in the realm of privacy. Many privacy abuses do not break any law - it depends under which jurisdiction they occur. Even at the ethical level, opinions differ about what constitutes an abuse of privacy. Henderson (1999) gave the example of mailbox clutter or spam as something that could be seen as merely inconvenient rather than damaging to an individuals privacy. Eliminating spam was, however identified as one of the top five objectives for assuring privacy in a recent study (Dhillon and Moores 2001). …