P5 â€“ Explain the legal and ethical issues in relation to the use of business information
P5 – Explain the legal and ethical issues in relation to the use of business information For this assignment I will be explaining the legal and ethical issues in relation to the use of business information, and will be referring to my chosen organisation, Boots. Legal Issues Legal Issues are various items of legislation (law, rules, and regulations) to protect the use of business information. In order to uphold these items of legislation, some Acts have been put in place: Many businesses store and use information about people, especially their customers. For example, Boots stores information about their customers who are signed up to their Advantage Card scheme. They store personal details such as their name, address and telephone number, and also store information about their typical buying habits, so that Boots know what kind of promotions and offers may interest specific customers. This is an example of good customer service and shows how Boots try to keep their customers happy by only sending them information that they may be interested in, and avoiding contacting them for irrelevant reasons. The Data Protection Act (1998) protects the information held about people from being misused. The information stored by businesses on databases must be:
Obtained fairly and lawfully Used only for the purposes stated during collection Adequate, relevant and not excessive in relation to the intended use Accurate and up-to-date Not kept for longer than necessary Processed in line with your rights Subject to procedures to prevent unlawful processing, accidental loss, destruction and damage to personal data Protected from transfer to an area outside the European Economic Area (EEA) unless adequate protection exists for that data in the area
An example of a business who has breached the Data Protection Act is Sony. In April 2011 they were fined £250,000 when the PlayStation platform was hacked, putting millions of customers’ personal details at risk. Customers’ names, addresses, emails, account passwords, payment card details and dates of birth were all comprised. An ICO investigation discovered that the attack could have been avoided if Sony had updated their software. Also, Sony were scrutinised for not immediately exposing what happened; the company shut down its PSN but did not disclose to customers what had happened.
The Freedom of Information Act 2000 came into effect in 2005. It provides individuals or organisations with the right to request information held by a public
Business Communications – P5
authority. For example, if Boots was holding someone’s personal details without their consent, Boots would be in breach of the Freedom of Information Act 2000. The public authority must tell the applicant whether it holds the information, which it must supply within 20 working days, in the requested format. There are some exemptions to this Act. For example, if the cost of a request for information exceeds an appropriate limit, the public authority may decide whether a greater public interest is being served by denying the request or supplying the information. If there is a dispute between an applicant and a public authority about a request for information, the Information Commissioner’s Office may investigate and deem whether the information should be released or not. A council has been told it breached the Freedom of Information Act in May 2010 by failing to provide an AM details about the cost of employing education consultants. The authority spent £46,000 on two consultants but did not say how many days they worked or what each was paid.
The Computer Misuse Act 1990 is a law in the UK that legislates against certain activities using computers, such as hacking into other people’s systems, misusing software or helping a person to gain access to protected files on someone else’s computer. This Act is split into three sections and makes the following actions illegal:
Unauthorised access to computer material Unauthorised access to computer systems with intent to commit another offence Unauthorised modification of computer material
A BBC program me has broken the Computer Misuse Act by acquiring and using software to control 22,000 computers, creating a botnet capable of bringing down websites. A technology law specialist has said that the activity is illegal. Some online gangs use botnets to launch distributed denial of service (DDoS) attacks which bombard a website with traffic until it becomes blocked. Some threaten website operators with DDoS attacks in bids to extract pay offs. The programme has said that the activity would only be illegal if those behind it had 'criminal intent', but Struan Roberrtson, a technology lawyer with Pinsent Masons and editor of OUTLAW.COM, said that this is not true.
Ethical Issues Business ethics are moral principles concerning acceptable and unacceptable behaviour by businesses. These have to be monitored – in order to do so, codes of practice exist in organisations like Boots to maintain business ethics on the use of email & internet, whistle-blowing, organisational policies and information ownership. Use of Email Many organisations today have a code of practice on the correct use of email. Some typical features of a code of practice for Boots may be:
Correct use of email Business Communications – P5
Incorrect use of email
As a memo, (text must be short and to the point) – the email is the electronic memo As a reminder or an advance notice or flag of important meetings, information etc To ascertain availability for meetings, (providing electronic diaries are not being used) To give standard information to a large group of people, e.g. to promote a new product to a group of customers To flag where important / lengthy information is being stored / being distributed, e.g. a public folder, intranet, hard copy circulation when and from whom To gather views / initial reactions quickly (using a voting button facility) To disseminate urgent news rapidly – email would be useful for this because any amount of information can be sent as flagged / high priority to a large amount of people across the world instantly As a telephone substitute (when an explanation is not necessarily needed
To send large documents / attachments, especially to large numbers of people (these are better stored in folders) To distribute committee papers (except for last-minute urgent late papers) as bulk reprography of papers needed in hard copy form is cheaper As a substitute for formal documents where construction, language and presentation are particularly important For long-term storage (save to networked or hard drives or delete) For complicated queries / ongoing dialogues / explanations (this often takes longer than oral or face-to-face contact and misconceptions can arise) As a substitute for face-to-face / telephone communication with colleagues (it is very important to maintain interpersonal relationships) To shrink responsibility, especially for difficult personal communications
For really confidential information (hard copy delivered direct to the addressee in a sealed envelope is more secure)
Boots often use email to keep in touch with their customers and also keep in touch with people who wish to apply for jobs within the organisation. Boots occasionally email their registered online customers about new products that they may be interested in, and any new deals, special offers or promotions. Boots also keeps track of their customers’ typical buying habits, which enables them to have a better understanding of each individual customer’s needs / wants / interests and allows Boots to provide their customers with only relevant information that they care about. Boots also use email to keep in contact with job applicants; they send emails to people who have applied for jobs within Boots to tell them when and where their interview will take place, and also to inform them of whether their application has been successful or not.
Business Communications – P5
Business Communications – P5
Boots explain on their website how they are registered under the Data Protection Act 1998. They state how they will not use any customersâ€™ data for marketing offers or share their information with other businesses. Boots try to reassure the customers that their information is safe with them and will not be passed on to unauthorised viewers or lost in any way.
Organisational Policies Businesses usually have many policies to make sure that their company does things in more ethically. This could include anything from how they manage information to ensuring marketing and other business practices are fair and just. Policies are described as courses of action, guiding principles, or procedures considered expedient, prudent, or advantageous.
Information Ownership The concept of information ownership is simple â€“ the person who creates the information becomes the owner of the information, and is therefore responsible for it. It is their duty to protect the information and keep it safe and hidden from unauthorised viewers. The information should remain confidential and should only be viewed by certain people.
Business Communications â€“ P5
Sources Used / Bibliography: http://news.bbc.co.uk/1/hi/wales/8680412.stm http://www.boots.com/en/Help/Privacy-Cookies/ http://www.cbronline.com/news/sony-fined-250000-after-breaching-data-protectionact-240113 http://www.boots.com/en/Help/About-Boots-com/
Business Communications â€“ P5