Professional, Legal and Ethical Issues

CPSC 356 Database

Ellen Walker

Hiram College

(Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)

Data is Valuable

• Clickstream data (terabytes)– Data mining for business advantage

• Financial transactions (petabytes)• Personal information

– Open to identity theft and fraud

Ethical vs. Legal Behavior

• Ethics– A set of principles of correct conduct or a theory or

a system of moral values

• Law– A set of rules enacted by and enforced by a

government

• Not all ethical behavior is legal• Not all unethical behavior is illegal

Sample (US) Laws with Implications

• Sarbanes – Oxley Act• Health Insurance Portability and

Accountability Act (HIPAA)• Family Educational Rights and Privacy Act

(FERPA)

Sarbanes Oxley Act (SOX)

• Goal is to tighten requirements on how companies form boards of directors, interact with auditors and report finances

• Created in aftermath of Enron scandal• To comply, companies must consider how

data is collected, processed, secured, and reported

Complying with SOX

• COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.

• COSO is a framework that focuses more narrowly on internal controls, including culture, risk assessment, control activities, reporting and monitoring

Health Insurance Portability and Accountability Act (HIPAA)

• Release of patient information requires consent forms– “We can’t tell you anything – we can’t even tell you that we

know anything” – Lynn Taylor

• Standards for electronic health/medical records and insurance claims

• Establishing a nationally recognized identifier (NOT SSN) to be used by all employee health plans

• Standards for security of patient data and transactions

• Need for a nationally recognized identifier for healthcare providers

Family Educational Rights and Privacy Act (FERPA)

• Protects privacy of student educational records

• Parents have rights until age 18 or until student graduates from HS, then rights transfer to student

• Schools must have written permission from student (or parent if pre-college) to release any information

FERPA Exceptions

• Directory information– Name, address, date & place of birth, honors

• Designated parties– School officials with legitimate need to know– Other schools to which student transfers– Specified officials for audit or evaluation– Whoever needs to know for financial aid

• Compliance with a judicial order or state law• Health and safety emergencies

Codes of Ethics

• ACM Code (see www.acm.org)• BCS code (www.bcs.org)• Areas covered

– Public interest– Duty to relevant authority– Duty to the profession– Professional competence and integrity

Intellectual Property

• IP = The product of human creativity in the industrial, scientific, literary and artistic fields

• Examples:– Invention– Program– Play– Painting– Musical composition

Protecting IP

• Patent– Very strong protection for limited time, requires

disclosure

• Copyright– Protects the expression of an idea

• Romeo & Juliet vs. “boy loves girl with tragic ending”

– Much longer term than patent

• Trademark– Protects a word, symbol, image, sound, etc. with

regard to a specific company (type of goods)

Trade Secret

• A trade secret is protected not by law (no disclosure), but by secrecy

• If you can figure it out (by reverse-engineering), you can legally use it in your own product– Not by “reading the source code”– Not by theft– Clean room reverse engineering technique

Software

• Generally, protected by copyright, but there are software patents– Patent must be for the idea, not the program– Example: pull-down menu

• Copyright protects the expression, not the idea– “Look and feel” lawsuits

Software License

• Commercial software (perpetual use)• Commercial software (annual fee)• Shareware • Freeware

• Note: only some freeware is open-source; open-source software can still carry a license, e.g. GPL