5-2 project BUS-206 TM PDF

Preview

Summary

5-2 project in business law at southern new hampshire university...

Description

BUS-206 5-2 Project Submission Two

Tausha Montgomery BUS-206 5-2 Project Submission Two Southern New Hampshire University

BUS-206 5-2 Project Submission Two

INTRODUCTION “Laws and Ethics are guidelines and regulations. Both relate to each other but are also different from each other. Ethics are the moral values and principles (right and wrong) that are adapted socially from the surrounding. Laws are the rules and regulations that are set by the authorities or government and are to be followed otherwise penalties and punishments may be the consequences.” (Harold G.) “Corporate social responsibility (CSR) refers to the self-imposed responsibility of companies to society in areas such as the environment, the economy, employee well-being, and competition ethics. Positive corporate social responsibility can also offer economic benefits.” (IONOS) It is my understanding that companies that enable (CSR) can be more profitable (increase market value), have less turnover rates with their employees, and reduce any and all systemic risks. ANALYSIS This is a difficult one to answer because it all depends on what state the company is in. There is no federal law mandating a company to reach out to customers when there is a data breach. There are some federal statutes that do protect personal information such as HIPAA, which would be handled at state level. Majority of states utilize obligations on businesses to offer reasonable security measures to defend personal information. Personal information includes social security numbers, credit card info, passwords, and first/last names. Management should be the first to be notified of a breach. Then the stakeholders such as the staff, law enforcement, insurance providers (if needed), customers/clients, and the public are to be notified. In 2020, it was estimated around 49% of businesses have dealt with a data breach.

BUS-206 5-2 Project Submission Two

The company does state, “We are committed to keeping customer information secure and protected,” but this can be seen as an implication because the company did not keep their promise and customers are now going to think they are not as secure. Of course, this would be concerning to customers; they would feel lied to and betrayed. It would be hard for the company to gain back the trust of their patrons. RECOMMENDATION The company would need to move quickly in order to secure the systems, especially the areas where the breach happened, by fixing any and all vulnerabilities. Changing passcodes and making sure all the affected equipment goes offline without delay can help reduce any more information being leaked. When speaking of laws, it is unclear which state the company is in to determine what certain laws there are. i.e. Indiana laws: “A state agency may provide notice in writing or by electronic mail about the data breach (if the individual has provided the email address). A state agency may use an alternate form of notification if the cost of sending notifications to Indiana residents is at least $250,000, the number of persons to notify exceeds 500,000 or the agency does not have sufficient contact information for each resident.” (Digital Guardian) My recommendations are simply to enforce that no other information gets leaked to whomever is hacking the system. It is important to make sure that any vulnerabilities are fixed right away to maintain security. It is imperative to contact all parties on the breach to let them know what information has been leaked. It is also important to interview those who discovered the breach in order to gain more information on how or why the breach could have occurred. In the case of Mountain Top View, Inc., Steve is the one who found the data breach but decided

BUS-206 5-2 Project Submission Two

against telling anyone. This is not how he should have handled the situation. It should not matter how big or small the breach is, he should have mentioned it to the manager. CONCLUSSION “Privacy has become a much larger concern in the modern technological age. Technology enables companies to have greater oversight over the ethical practices of their employees. Some companies include clauses in employment contracts that grant them the authority to monitor the electronic activity of their staff. By doing so, some ethical violations become readily apparent. However, this again raises the issue of privacy, and how much of it employees should be entitled to.” (Fredrick H.) With technology these days, data sharing is a big one. This makes it easier for third parties to get your information along with software. Software had a large impact on business ethics because of peer-to-peer file sharing and being able to obtain free software. When it comes to software nowadays, users and businesses alike have to sign a service agreement. As for privacy for employees, using the company phone or computer for your own personal use is not a great idea. This can cause serious data breaches if the employee were to get on a specific website. This should be done on their own personal time and their own personal phone/computer. Employees should never put the company at risk for their own personal use.

BUS-206 5-2 Project Submission Two

SOURCES G, H. (2020, May 11). Law vs. ethics: What is the difference? Retrieved April 04, 2021, from https://diffzi.com/law-vs-ethics/ IONOS, (2021) What is corporate social RESPONSIBILITY (CSR)? (n.d.). Retrieved April 04, 2021, from https://www.ionos.com/startupguide/grow-your-business/corporate-socialresponsibility/ Timothy J. Toohey, Beyond Technophobia: Lawyers’ Ethical and Legal Obligations to Monitor Evolving Technology and Security Risks, 21 J.L. & Tech. 1, 14 (2015) (explaining general state law requirements for data breach security in context of attorneys’ obligations to secure data). Federal Trade Commission, Data breach response: A guide for business. (2020, September 15). Retrieved April 04, 2021, from https://www.ftc.gov/tips-advice/business-center/guidance/databreach-response-guide-business D. (n.d.). The Definitive Guide to U.S. State Data Breach Laws [PDF] (2020). Digital Guardian. Fredrick, H. (2016, September 29). How does technology affect business ethics? Retrieved April 04, 2021, from https://yourbusiness.azcentral.com/technology-affect-business-ethics-16709.html...