professional, legal and ethical issues cpsc 356 database ellen walker hiram college (includes...
TRANSCRIPT
Professional, Legal and Ethical Issues
CPSC 356 Database
Ellen Walker
Hiram College
(Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
Data is Valuable
• Clickstream data (terabytes)– Data mining for business advantage
• Financial transactions (petabytes)• Personal information
– Open to identity theft and fraud
Ethical vs. Legal Behavior
• Ethics– A set of principles of correct conduct or a theory or
a system of moral values
• Law– A set of rules enacted by and enforced by a
government
• Not all ethical behavior is legal• Not all unethical behavior is illegal
Sample (US) Laws with Implications
• Sarbanes – Oxley Act• Health Insurance Portability and
Accountability Act (HIPAA)• Family Educational Rights and Privacy Act
(FERPA)
Sarbanes Oxley Act (SOX)
• Goal is to tighten requirements on how companies form boards of directors, interact with auditors and report finances
• Created in aftermath of Enron scandal• To comply, companies must consider how
data is collected, processed, secured, and reported
Complying with SOX
• COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.
• COSO is a framework that focuses more narrowly on internal controls, including culture, risk assessment, control activities, reporting and monitoring
Health Insurance Portability and Accountability Act (HIPAA)
• Release of patient information requires consent forms– “We can’t tell you anything – we can’t even tell you that we
know anything” – Lynn Taylor
• Standards for electronic health/medical records and insurance claims
• Establishing a nationally recognized identifier (NOT SSN) to be used by all employee health plans
• Standards for security of patient data and transactions
• Need for a nationally recognized identifier for healthcare providers
Family Educational Rights and Privacy Act (FERPA)
• Protects privacy of student educational records
• Parents have rights until age 18 or until student graduates from HS, then rights transfer to student
• Schools must have written permission from student (or parent if pre-college) to release any information
FERPA Exceptions
• Directory information– Name, address, date & place of birth, honors
• Designated parties– School officials with legitimate need to know– Other schools to which student transfers– Specified officials for audit or evaluation– Whoever needs to know for financial aid
• Compliance with a judicial order or state law• Health and safety emergencies
Codes of Ethics
• ACM Code (see www.acm.org)• BCS code (www.bcs.org)• Areas covered
– Public interest– Duty to relevant authority– Duty to the profession– Professional competence and integrity
Intellectual Property
• IP = The product of human creativity in the industrial, scientific, literary and artistic fields
• Examples:– Invention– Program– Play– Painting– Musical composition
Protecting IP
• Patent– Very strong protection for limited time, requires
disclosure
• Copyright– Protects the expression of an idea
• Romeo & Juliet vs. “boy loves girl with tragic ending”
– Much longer term than patent
• Trademark– Protects a word, symbol, image, sound, etc. with
regard to a specific company (type of goods)
Trade Secret
• A trade secret is protected not by law (no disclosure), but by secrecy
• If you can figure it out (by reverse-engineering), you can legally use it in your own product– Not by “reading the source code”– Not by theft– Clean room reverse engineering technique
Software
• Generally, protected by copyright, but there are software patents– Patent must be for the idea, not the program– Example: pull-down menu
• Copyright protects the expression, not the idea– “Look and feel” lawsuits
Software License
• Commercial software (perpetual use)• Commercial software (annual fee)• Shareware • Freeware
• Note: only some freeware is open-source; open-source software can still carry a license, e.g. GPL