Upload
frederica-holt
View
215
Download
0
Embed Size (px)
Citation preview
Professional, Legal and Ethical Issues
CPSC 356 Database
Ellen Walker
Hiram College
(Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
Data is Valuable
• Clickstream data (terabytes)– Data mining for business advantage
• Financial transactions (petabytes)• Personal information
– Open to identity theft and fraud
Ethical vs. Legal Behavior
• Ethics– A set of principles of correct conduct or a theory or
a system of moral values
• Law– A set of rules enacted by and enforced by a
government
• Not all ethical behavior is legal• Not all unethical behavior is illegal
Sample (US) Laws with Implications
• Sarbanes – Oxley Act• Health Insurance Portability and
Accountability Act (HIPAA)• Family Educational Rights and Privacy Act
(FERPA)
Sarbanes Oxley Act (SOX)
• Goal is to tighten requirements on how companies form boards of directors, interact with auditors and report finances
• Created in aftermath of Enron scandal• To comply, companies must consider how
data is collected, processed, secured, and reported
Complying with SOX
• COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.
• COSO is a framework that focuses more narrowly on internal controls, including culture, risk assessment, control activities, reporting and monitoring
Health Insurance Portability and Accountability Act (HIPAA)
• Release of patient information requires consent forms– “We can’t tell you anything – we can’t even tell you that we
know anything” – Lynn Taylor
• Standards for electronic health/medical records and insurance claims
• Establishing a nationally recognized identifier (NOT SSN) to be used by all employee health plans
• Standards for security of patient data and transactions
• Need for a nationally recognized identifier for healthcare providers
Family Educational Rights and Privacy Act (FERPA)
• Protects privacy of student educational records
• Parents have rights until age 18 or until student graduates from HS, then rights transfer to student
• Schools must have written permission from student (or parent if pre-college) to release any information
FERPA Exceptions
• Directory information– Name, address, date & place of birth, honors
• Designated parties– School officials with legitimate need to know– Other schools to which student transfers– Specified officials for audit or evaluation– Whoever needs to know for financial aid
• Compliance with a judicial order or state law• Health and safety emergencies
Codes of Ethics
• ACM Code (see www.acm.org)• BCS code (www.bcs.org)• Areas covered
– Public interest– Duty to relevant authority– Duty to the profession– Professional competence and integrity
Intellectual Property
• IP = The product of human creativity in the industrial, scientific, literary and artistic fields
• Examples:– Invention– Program– Play– Painting– Musical composition
Protecting IP
• Patent– Very strong protection for limited time, requires
disclosure
• Copyright– Protects the expression of an idea
• Romeo & Juliet vs. “boy loves girl with tragic ending”
– Much longer term than patent
• Trademark– Protects a word, symbol, image, sound, etc. with
regard to a specific company (type of goods)
Trade Secret
• A trade secret is protected not by law (no disclosure), but by secrecy
• If you can figure it out (by reverse-engineering), you can legally use it in your own product– Not by “reading the source code”– Not by theft– Clean room reverse engineering technique
Software
• Generally, protected by copyright, but there are software patents– Patent must be for the idea, not the program– Example: pull-down menu
• Copyright protects the expression, not the idea– “Look and feel” lawsuits
Software License
• Commercial software (perpetual use)• Commercial software (annual fee)• Shareware • Freeware
• Note: only some freeware is open-source; open-source software can still carry a license, e.g. GPL