The Charity organization has decided to move parts of their database onto the SaaS cloud environment. The NGO has an online portal called ‘MySupport’ on which their clients need to register to have their individual digital identity. These digital identities are directly linked with their corresponding personal data. Hence, it is obvious that the Charity organization is dealing with a huge volume of PII (Personally Identifiable Information) and stores it onto the distributed public SaaS cloud database. As a result, collection and use of client’s confidential information comes with a great deal of ethical responsibilities in terms of maintaining data privacy and security. In this context, the report focuses on the fundamental ethical implications related to privacy and security of client data, which in turn should lead to certain organizational process changes to ensure ethical compliance and protect the digital identities and PII.
Maintaining privacy is essential, as the Charity organization should concentrate on the legitimate concerns regarding the risks associated with client’s PII and digital identity protection. Privacy is a human right and the NGO is subjected to follow the relevant data privacy and protection laws and regulations. The NGO clients will provide their personal information through registering onto the MySupport portal. This data will be stored in the public SaaS cloud. The personal data of each client is directly linked with the digital IDs and thus, the chances of potential privacy and security breaches are significantly higher (Cavoukian, 2011). Therefore, the Charity organization needs to ensure proper ethical guidelines to protect the PII data privacy. The major ethical duties and responsibilities in this context are described underneath.
The organization should clearly define the exact purpose of collecting the personal data from their clients. Moreover, the NGO cannot change the purpose of data without specifying and justifying a sincere and legitimate cause behind it. Prior to the data collection, the organization should clearly state the purpose of collecting and use of such personal data to the clients (Subashini&Kavitha, 2011). In addition to that, the firm should ensure that the data is only accessible by the owners and individuals having legitimate interests. There are certain additional measures that the firm needs to adopt for safeguarding the digital identities.
Lawful collection, use and access of personal information is must in order to ensure ethical compliance for privacy. For this purpose, the NGO is subjected to be consistent with the General Data Protection Regulation (GDPR) 2018 in terms of collection and use of client data (Gray& Thorpe, 2015). It is the responsibility of the clients to maintain the highest standards of moral and ethical conduct by complying thoroughly with the data privacy and protection regulations.
The NGO should ensure that the amount of PII data collection along with its granularity is at the minimum limit. The NGO handles a great deal of sensitive data. Therefore, it needs to follow the basic ethical duties such as data retention, minimization, data de-identification, pseudoanonymization and anonymization (Catteddu, 2010). A thorough analysis conducted by authorized personnel of the critical factors associated with violation of privacy of sensitive information by known and unknown third parties is must.
Conducting a detailed privacy risk assessment is considered as an integral part of maintaining ethical compliance for privacy protection. The Charity organization ought to consider the probable impact and consequences of use of personal data. In this case, as the digital identities are directly linked with the client data, thus, the handling of this PII becomes highly vulnerable to potential privacy risks and threats (Sen, 2014). Therefore, the risk and benefits assessment to be conducted by the ethics team of the NGO should focus on the critical factors such as the severity and magnitude of the identified risks as well as the likelihood of occurrence of those individual risks.
In order to be ethically correct, the organization must adopt and implement secure and safe methods in terms of storing and processing the digital identities and PII data of their clients. It is crucial to protect the confidential information from unauthorized and unwanted entities. In order to serve this purpose, it is essential to employ appropriate encryption techniques (Pearson, 2013). Furthermore, the Charity organization should ensure that the external cloud service provider has clearly defined the measures taken by them to store and process the cloud data. Therefore, the NGO is obliged to maintain a safe and secure environment with adequate access control mechanisms.
The NGO is considering establishing third party partnership with a public cloud vendor for migrating to the SaaS cloud. Hence, it will require storing certain confidential data pertaining to the organizational clients onto the public cloud environment. For this purpose, the third party cloud vendor collaborating with the NGO should ensure appropriate compliance with the necessary and applications data privacy acts (DPA) (Kumar & Saxena, 2011). It is important in terms of conducting a process of due diligence for assessment and evaluation of privacy practices by the third party collaborators.
The ethical implications for security deals with several aspects that include server and client security, password security and cryptographic mechanisms. The Charity organization is subjected to provide a safe and secure environment for the client’s personal information. The PII and its associated digital identities are highly vulnerable to damage, corruption and data loss due to various reasons such as theft, faulty disks, power outages, distortion and deletion of data as well as unauthorized access by hackers, outsider and insider attackers. Therefore, the third party cloud vendor needs to develop their SLA (service level agreement) in such a way that clearly defines the ethical implications and security policies for protecting against security threats. In this context, the thorough identification, assessment and evaluation of security threats should encompass the major ones such as eavesdropping, distributed denial of service (DDoS) attacks, data fabrication, Man in the Middle (MitM) attacks and so on (Taylor, 2012). Hence, the NGO must consider and address the major ethical duties for maintaining data security. These are discussed as follows.
If there should arise an occurrence of server security, SSL sets up secure communication between on premises and cloud servers. Nevertheless, the servers ought to be shielded from hackers and other security dangers. In this manner, it is the obligation of the third party cloud vendor to proclaim their SLA (Service Level Agreement) in a way so that the client organizations can totally confide in its corresponding cloud service provider with its confidential and private data (Rivers& Lewis, 2014). The ethical duties of server security should command regular security audits and reviews on the public SaaS cloud merchant to guarantee server security. It is a fundamental piece of the ethical obligation of the Charity firm to request proof from the cloud service vendor before entrusting their private information for storage, use and processing.
The Charity organization has decided to outsource some of their data management duties such as backup and restoration, disaster recovery and server level security to a third party cloud vendor through public SaaS cloud adoption. On the other hand, the client side security typically deals with providing a safe and secure environment to the clients in terms of laptops and desktop use by the organizational clients. The NGO clients will require registering on the MySupport portal and accessing the SaaS cloud. In this context, the organization ought to ensure that the computers and desktops being used by their clients are appropriately secured with strong security mechanisms such as firewalls, antivirus protection as well as recent security patches and Windows updates, latest secure patches and updates for web browsers and operating systems installed on the client systems (Subashini & Kavitha, 2011). Another part of client security is the physical security. The firm is entitled to ensure physical security of the clients by regulating mandatory screen locks and log offs from computers if a user is out of the system for a certain period. In addition to that, the firm should ensure system protection with strong administrative passwords. Hence, ensuring client side security is a major part of information security ethics. It closely associates with all the required tools and techniques implementation in order to protect the client’s personal data from security breaches and provide a secure environment for operating the desktops and computer systems.
Password security also comes under information security ethics. The Charity organization needs to develop their ethical guideline in such a way so that it includes a strong password policy. A strong password policy deals with several rules for security purposes. Firstly, it is mandatory to change server and system-level passwords after a certain period (usually after every 90 days). In addition to that, the firm should be aware that the cloud vendor is strong all the passwords in encrypted files (Von Solms & Van Niekerk, 2013). Moreover, the password policy should demand highly complex password that must contain special characters, numeric values and small and capital letters. Remote network access is typically vulnerable to security breaches. Therefore, the organization ought to use advanced security mechanisms such as two factor and multi factor authentication, public key infrastructure (PKI), tokens, zero knowledge password proof (ZKPP), one-time passwords (OTP) etc. (Takabi, Joshi&Ahn, 2010). More importantly, in case of remote server access, implementing virtual private networks (VPN) should be essential for ensuring proper protection from network security threats.
Implementation of cryptographic techniques is an integral part of ethical compliance in maintaining data security. Secure API is must and thereby, the implementation of Secure Hypertext Transfer Protocol (HTTPS) with SSL certificate can ensure adequate security to the MySupport portal (Whitman & Mattord, 2011). The Charity organization may consider Secure Socket Layers (SSLs) to deploy industry standard transmission of data through a public communication medium. It utilizes strong encryption techniques for ensuring protected communication environment between on premises and public cloud servers. Moreover, SSL TLS (Transport Layer Security) may be implemented to ensure a stronger security control to transfer client data through un-trusted and unprotected public cloud network.
Fundamentals Of Management Assignment Help, Marketing Management, Performance Management Assignment Help, Innovation Management Assignment Help, Hotels Management Assignment Help, Management Failities Assignment Help, Improvement Management Assignment Help, Cosmetic Management Assignment Help, Management People Assignment Help, Risk Management Assignment Help