Management Information Communication Systems

Introduction

The world has witnessed tremendous development in the information technology sector that has in turn transformed life for the better in general. With constant innovations that the IT sector is synonymous with, the quality of life has been improving proportionally with virtually all sectors of life benefiting. The internet in particular has been integral in this transformation as its immense capabilities and interconnectivity have ensured that the entire world shares in these benefits. Communication has been fast and reliable while the physical barrier of distance has been completely eliminated as the world has typically become a tiny global village. However, the information age does not lack its challenges to the very users who enjoy its benefits. One area that has been sighted as facing a huge risk owing to IT is individual privacy. Computers and other communication technologies in the working environment continue to threaten individual privacy as details which might be considered confidential sometimes end up in the custody of wrong and unintended parties. This paper seeks to fully evaluate and analyze this situation and offer practical solutions and suggestion that can be helpful in dealing the situation as a whole.

Privacy and its changing landscape

The United Kingdom, like any country in the world has continued to witness a dramatic change as far as individual and corporate privacy are concerned. Both the private and public sectors have fully exploited the benefits and use of the information technology such that they have been able to collect, process, and share their client’s and customers’ personal information.

As such, the public has all over a sudden developed interest in privacy, resulting in a growing anxiety over the possibility of the UK eventually transforming to become a ‘surveillance society’ (Ford, 2004). These developments and trends have made it mandatory for the general public to begin analyzing the various ways through which they can begin protecting their personal information. A majority of the UK citizens believe they have little control over their own personal data as this could be accessed by other parties without the individual’s consent (Bellamy et al 2008).

There have been incidents of serious data loss reported across the UK in the recent past with the loss of HM Revenue data stored in computer discs in 2007 being the most astonishing. Personal details of individuals, including their contacts, account numbers and insurance numbers, and those of their families, who were at the time claiming benefits got lost as the said computer discs were being sent to the National Audit Office via courier. However, revelations later determined that only the senior management at HRMC was supposed to access the data manual yet a junior civil servant had handled it in the ensuing confusion that led to its loss. In September 2010, a memory stick which contained crucial personal information got lost from the Forth Valley NHS Board. It was later discovered that a member of staff had uploaded the information onto a personal memory stick which got lost (Bennett & Raab, 2006).

In July 2010, two unencrypted laptops were stolen from Birmingham’s Medical Day Centre Children’s Hospital which contained confidential information about 17 patients. Among the information stolen in the laptops included the respective diagnoses of the patients, recordings on video, as well as information about the individual health situation of the affected patients. In the following month of August, a compact disc device that contained up to 112 scans of patient records from New Cross Hospital’s intensive care unit was misplaced. The CD was later discovered abandoned near the hospital while encrypted without a password protection (Black, 2011).

These incidents and many more which continue to be reported on a regular basis have heightened the public’s call for reforms and changes in the manner in which the whole issue of privacy is being handled. However, the present day’s ‘information economy’ as well as the contemporary ‘information-age government’ makes it difficult for privacy to be upheld in the manner in which many people would have wished it to be (Travis, 2010). The advanced information technologies that have been integrated into the communication sector have the capabilities of collecting, processing, and sharing information concerning various aspects of an individual’s life. This information is later used to derive profiles on our behavior and habits, track our movements and physical location, evaluate opportunities and risks, as well as shape business plans and policies. In other words, surveillance has become an inescapable for UK nationals and anyone living in the country. As people go about their normal day to day duties such as making phone calls, sending emails, browsing the internet, or walking down a local a street, these actions may closely be monitored and even recorded (US Department of Commerce, 1997).

The UK government is known to have spent quite a considerable amount of resource in establishing an extensive, technologically advanced system of surveillance owing to the ever growing threat of terrorism and general crime. The private sector has equally been spending a lot on ICT, making it almost mandatory for them to collect and process personal data (Gillespie, 2009). Despite this continued practice, it is worth noting that most of the people who are subjected to this magnitude of surveillance seldom know that this is actually what happens to them or in their surrounding. Additionally, the potential consequences of such actions are also not fully known (House of Lords, 2009).

As organizations continue to exchange personal information between them with much ease and little restriction, there is an increasing danger that information could be misused, misunderstood and even get misplaced. For instance, people may, for the promise of own benefit, consent to offer information to a particular organization, yet this very same information could find its way into another organization. This very information could be used for other purposes which the person who provided it did not, in the first place, wish it to be used in such a manner (Goold, 2002). In some instances, the information could be combined with other personal details to construct an unauthorized or unwanted profile. Organizations make decision about individuals basing on personal information that the individuals did not, in the first place, authorize its use for such purposes. Some of the organizations obtain the data from a different organization yet when the individuals provide the information to the first organization; they are promised that the details will never be used for any other purpose other than the intended one unless they consent to such a plan (Rule, 2007). It is increasingly becoming challenging for individuals to learn about queer things that happen to their confidential information, or what action to take in the event that somebody misuses that information (Thomas & Walport, 2008).

Efforts made to enhance privacy in this age

The successive UK authorities have tried in varied instances to address these challenges although many of these efforts did not really bear tangible results and outcome. The Data Protection Act of 1998 was enacted for purposes of establishing a legal framework that could protect information privacy. The law laid down principles that clearly set out how information could be collected, processed, and used in case it was personal (Gross, 1967). A regulatory structure was designed that ensured public and private institutions complied with certain principles before they could be allowed access to such confidential information. This was mainly an attempt at trying to curb the runaway issues to do with individual privacy. Nevertheless, the Act’s failure to directly address widespread problems stemming from the sharing of confidential information, particularly within government, between the private and public sectors, as well as between organizations in the private sector, curtailed its effectiveness to a great extent (Harfield & Harfield, 2005).

The Regulation of Investigatory Powers Act, enacted into law in the year 2000 was similarly introduced for purposes of ensuring UK’s surveillance systems complied with the acceptable standards, did not meet its obligation as was expected (Schoeman, ed., 1984). Its system of authorization was largely unclear and there were flaws in the judicial oversight as well which made its implementation difficult. There was also too much room left that could easily be exploited by such bodies as the local authorities. It also left out certain surveillance aspects, like the CCTVs (Goold, 2006). The fact that a majority of the rules with the regulations included in DPA, RIPA, together with the Freedom of Information Act, FOIA which was enacted in the year 2000, are together interpreted, administered, as well as overseen by different regulators further complicates the matter (Rössler, 2005). The courts, which have also been charged with the responsibility of overseeing the regulations, have comparatively remained cautious in applying and developing the right. In general, the UK lacks a common approach to dealing with personal and confidential information. There is no legal consensus that is clear about individual privacy limits (Westin, 1967).

Personal analysis and evaluation of this practice

The issue of privacy in the information age is far fetched and is more of an illusion than a reality. We are living in an age where information can be used to greatly transform the quality of life for the better. Businesses are using their information and knowledge base to create competitive advantage against their rivals and generally the temptation to seek additional information from public or private databases is very high. Even attempts by governments and other authorities to establish credible systems that fully address these challenges have remained unsuccessful to a very large extent (Goold, 2009). Although organizations and individuals who use these information pieces gain in terms of their operations and general profits, this practice is unethical and above all demeaning. It shows the extent at which societies have become selfish so much so that they are willing to use dubious means to achieve their own selfish goals and objectives. The growing prominence in the use of such social websites as Facebook and Twitter, and the adoption of new trends, such as online shopping, further makes the divulgence of personal information more rampant. Some of these organizations involved are international and their privacy policies can either be fictitious or, if they truly exist, do not conform to those of the UK

(Crossman, 2007).

Suggestions on possible solutions to be adopted and implemented

Information privacy can be enhanced through putting in place principled foundations that adhere to fundamental human rights as well as being fully committed to equality. This can be put into effect by having principles-based regulations rather than those that are based more on rules (ALRC, 2008). It is worth noting that principles-based regulations often are shrouded in paradoxes which reduce their attractiveness but the flexibility with which it affords the highly dynamic IT sector and reduces chances of the over growing threats. Principles-based regulations will focus more on outcomes that can be achievable rather than concern the enforcement of mere prescriptive rules in a strict manner. A hybrid approach which emphasizes on clear rules that regulate each and every sector would be more appropriate in tackling the issue of privacy in the information age. This strategy will work effectively through the provision of rules for sectors that particularly require clarity on how the principles will be fulfilled (Schoeman, 1992).

Specifying individual subordinate regulations as well as offering enough guidance will make these regulations both effective and reliable. It can succinctly be argued that the data protection law in the UK needs specific redrafting as well as better implementation. It is clear that UK’s legal structure as well as its instruments of human rights involved in the protection of data, together with the translation into practice of varied principles should be considered in the whole restructuring program (Gellman, 1993).

The existing UK approach is a hybrid system that encompasses both omnibus and sectoral approaches as has been expounded by Nissenbaum in his work (Nissenbaum, 2010).

This system has particularly been less effective in its application in the UK due to complex and inconsistent system that is meant to provide legal protection. The fragmented approach has failed to effectively live up to its expectation as both the public and other private institutions cannot interpret correctly the existing relevant laws. Individuals cannot also determine whether or not they have been subjected to a surveillance system that is illegal, or one that collects information from them in a dubious and unwarranted way (Manson & O’Neill, 2007).

Another workable strategy would be to improve the existing regulatory regime. It is possible that privacy laws that govern particular sectors could turn out to be even more effective if they are inclusive of an overarching structure of regulation that is wholesomely grounded into law. A coherent and clear set of principles as well as enforcement mechanisms will provide the overriding framework and structure that is capable of sealing all the existing loopholes that are currently being exploited unfairly. This reform will enhance varied ways of protecting and promoting individual’s rights to privacy (Reidenberg, 1998). Desirable new legislations could also be instrumental in effectively eliminating the issue of privacy as far as personal and confidential information is concerned. Existing government databases containing sensitive personal information, for instance, require that they be put under statutory footing for the simple reason that it will help in defining their purpose. It will also assist in specifying their limits, as well as provide an effective oversight and the much needed remedies. However, this should be exercised with care to ensure the new legislation tallies with laws that have already been enacted, like RIPA and DPA. This approach will make it possible for varied instruments to accomplish what the law and other legal-compliance requirements have been unable to achieve (Marx, 2004).

Finally, the privacy control system can be strengthened further by strengthening the common law. This is particularly so because the UK courts are not likely to give a general tort adherence while specific legislations miss. Thus, common privacy protection laws have a high chance of developing haphazardly, further worsening the situation (Royal Academy of Engineering, 2007). There is a risk that increased judicial activism will injure the whole issue of privacy owing to the highly fragmented law on privacy. Such activism may cause even more disparities in the various levels of privacy already being enjoyed by UK citizens in varied parts of the country. Going to the courts to seek legal redress is fairly a costly and time consuming venture that can be argued will represent the wealthy very well but leave out the have-nots (Solove, 2008).

Conclusion

The UK is facing a serious privacy challenge that has been exacerbated by the numerous advances in the information communication technology. At present, most individuals in the UK have their personal and confidential information at the disposal of third parties who are using this information for their own benefit much to the ignorance of those who are directly involved. The government as well as the private sector have invested heavily in ICT systems that constantly collect, process and store personal data for various reasons, including fighting insecurity and general crime. There have been many incidences reported of these data being misappropriated or getting lost and eventually ending up in the custody of other individuals and organizations who manipulate it for their own good. The government has taken part in trying to curb this serious and unethical practice but the related legal frameworks have been too fragile to effectively handle the concerns. However, there are still other avenues which can be followed to effectively stamp out the vice in UK. The existing regulatory regime needs to be seriously revised to seal any existing loopholes while more principled foundations need to be set up to check the magnitude of the practice. Even common laws can turn out to be instrumental in enhancing regulatory controls if they are also enhanced and strengthened.

Recommendations

The UK government and all the other stakeholders need to move with speed and put elaborate systems and structures into place that will effectively address issues of credibility in the ICT sector. The government has specifically got a right to prevent and protect individual privacy of its nationals from being intruded into. One way through which this can be achieved easily and effectively is by strengthening the legal frameworks even further so as to provide very formidable laws and rules that will curb the vice. There are laws which already exist but their greatest undoing is that they are too fragmented and even the overseeing agencies are too many thus causing conflicts in the interpretation of law. Apart from strengthening the legal frameworks, promoting coherence in the varied laws that exist is very important so that it becomes easy to have one voice from the legal perspective or angle.

List of References

Australian Law Reform Commission, ALRC., 2008. For Your Information – Australian Privacy Law and Practice. Vol. 1, Report 108. Canberra: Australian Government, Australian Law Reform Commission.

Bellamy, C. et al 2008. Information-sharing and confidentiality in social policy: regulating multiagency working. Public Administration, 86(3), p. 56-61.

Bennett, C. & Raab, C., 2006. The governance of privacy: Policy Instruments in global perspective. Cambridge, MA: The MIT Press.

Black, G., 2011. Publicity rights and image: Exploitation and legal control. Oxford: Hart Publishing.

Cavoukian, A., 2009. Privacy by design. Toronto: Information and Privacy Commissioner of Ontario, Canada

Crossman, G., 2007. Overlooked: Surveillance and personal privacy in Modern Britain. London: Liberty.

Feldman, D., 1994. Secrecy, dignity, or autonomy? Views of privacy as a civil liberty. Current Legal Problems, 47(2), p. 30-76.

Ford, R., 2004. Beware rise of Big Brother state, warns data watchdog. The Times, 16 August PP. 36, 12.

Gellman, R., 1993. Fragmented, incomplete and discontinuous: the failure of federal privacy regulatory proposals and institutions. Software Law Journal, 6, p.89-105.

Gillespie, A., 2009. Regulation of internet surveillance. European Human Rights Law Review, (4), p. 552-65.

Goold, B., 2002. Privacy rights and public spaces: CCTV and the problem of the ‘unobservable observer’. Criminal Justice Ethics, 21(1), p. 102-111.

Goold, B., 2006. Open to all? Regulating open street CCTV and the case for ‘symmetrical surveillance’. Criminal Justice Ethics, 25(1), p. 89-134.

Goold, B., 2009. Surveillance and the political value of privacy. Amsterdam Law Forum, 1(4), p. 1-230.

Gross, H., 1967. The concept of privacy. New York University Law Review, 42, p. 96-116

Harfield, C. & Harfield, K., 2005. Covert investigation. Oxford University Press: Oxford.

House of Lords and House of Commons, 2008. Data Protection and Human Rights. Joint Committee on Human Rights, 14th Report of Session 2007-08, HL Paper 72, HC 132. London: The Stationery Office.

Manson, N. & O’Neill, O., 2007. Rethinking informed consent in bioethics. Cambridge: Cambridge University Press.

Marx, G., 2004. What’s new about the ‘new surveillance’? Classifying for change and continuity. Knowledge, Technology & Policy, 17(1), pp. 18-37.

Nissenbaum, H., 2010. Privacy in context: Technology, policy, and the integrity of social Life

Stanford, CA: Stanford University Press.

Reidenberg, J., 1998. Lex Informatica: the formulation of information policy rules through technology. Texas Law Review, 76, p. 34-44.

Rössler, B., 2005. The value of privacy. Cambridge: Polity Press.

Royal Academy of Engineering, 2007. Dilemmas of privacy and surveillance: challenges of technological change. London: Royal Academy of Engineering.