Ethical and Legal Obligations Regarding Customer Data Breach- Recommendations for Reporting and Framework Implementation
Ethics is defined as a philosophical branch that seeks to answer the question ‘what should I do?’ As people reflect on this question, they tend to make decisions based on their values, beliefs, principles, and purpose. These elements dictate the good and the bad for most individuals. These are used as points of reference for various courses of action from which one could choose. Therefore, an ethical decision is one that is made following a reflection on the most important yet consistent with personal beliefs. The process of deciding may be hectic or daunting for some people. This means that morality plays a valuable role in providing a sort of reference point that informs their decisions. Moral principles have been evaluated over time, and are dependable and applicable to daily lives. Most individuals take on morality from their families, cultures, or communities (Ethics Center, 2016).
The law is a different tenet altogether. It seeks to create basic and enforceable standards of behavior. These behaviors are intended to create order in the community, facilitate equal treatment, and enable success. Thus, the law tends to have a narrower focus than ethics/morality does. The law and ethics are far apart, such that people may have to go against their ethics to abide by the law. In addition, the law applies to all individuals in a specific jurisdiction, while ethics varies on a person-to-person basis. In an organizational setting, codes of ethics are created to guide employees. These, however, are not superior to the law. In fact, the law sets the bar for minimum acceptable behaviors, which the organization builds upon (Ethics Center, 2016).
Corporate Social Responsibility (CSR) is gaining increasing interest from organizations. CSR revolves around the obligations that an organization has towards society. It involves activities that enable sustainability and spread positive change within the social fabric. In connection to business ethics, CSR merely dictates or guides an organization’s behaviors as a corporate citizen, while ethics broaden the emphasis to include all stakeholders (Adda, Azigwe, & Awuni, 2016).
Analysis
In the USA, there is not a single comprehensive law that guards consumers’ information. Instead, the current regulations are jumbled up. The Federal Trade Commission Act serves as the most reliable regulation that could protect U.S. citizens’ data. The Federal Trade Commission is empowered through the regulation to act against entities or individuals who use consumers’ data deceptively or unfairly. At the same time, organizations that fail to honor the privacy promises to protect consumers’ data can be held legally responsible (ICLG.com, 2021). Confidential data refers to all personal information that can be used to identify an individual.
Therefore, Mountain Top View had a legal obligation towards its clients. As an organization that uses a website to enable transactions, it has a published privacy promise for its consumers. This promise commits the company to protect consumers’ confidential information. The data breach is one of the elements that go against the company’s promise to the consumers. The hacking that led to the disclosure of clients’ phone numbers, addresses, and names is a breach of confidential data. Legally, the company could be sued for failing to protect personal data against malicious hackers. Suppose this information is used destructively, the company’s liability increases.
Ethically, the company should have informed the affected clients. Failure to inform clients about the data breach is unethical. Clients whose confidential data is obtained through the company’s website should be aware of how their information will be used. In case of a data breach, transparency is important because it alerts clients to potential misuse of their information. At the same time, the company should have utilized the opportunity to communicate to clients about the remedial action and assure them of safety. This should have led to the retention of clients’ confidence in the company’s ability to protect their information.
The main stakeholders in this situation include the company’s employees, clients, affected and unaffected, and the regulatory authorities. The company’s employee’s role and responsibility were to protect/secure confidential information obtained from clients. In a case where they failed at this, they were responsible for informing clients about any occurrences of breaches of the privacy of their data. The clients are entitled to information regarding their confidential data and its protection. In case of a breach, they should be informed within the law’s stipulated period, 60 days (ICLG.com, 2021). Further, clients have a right to information regarding actions that a company such as Mountain Top View intends to take to secure their data. The regulatory authorities should determine if the clients’ data is being used in any deceptive manner. Informing both the regulatory authorities and affected clients on the matter reduces the possible liabilities that could arise from the situation to affect other clients or the organization.
Potentially, the organization and the clients could be affected by the situation. Clients whose data has been obtained without authorization could be involved in unexpected issues if their data is used deceptively. The organization stands to face legal tussles if the clients choose to sue for a data breach. At the same time, a loss of confidence in the organization among clients is highly probable. As scandals regarding the issue build-up, the entity could lose current and potential clients due to insecurity. As a result of all this, the entity could lose financial resources in the form of damages to affected clients and lost revenue. On a more positive aspect, the entity is set to improve its ethical decision-making process due to the occurrence. This could occur through a review of the current strategies that are used during ethical decision-making. In addition, the company’s security as it pertains to clients’ data will be reinforced. Therefore, the situation has both positive and negative outcomes.
Recommendations
According to the Federal Trade Commission Act, Mountain Top View should report the breach within 60 days of occurrence. This should be the first course of action based on the assumption that 60 days have not lapsed since the breach occurred. In addition, the affected clients should be notified within the same period, involved data highlighted, remedial action to mitigate the risks, and a contact person. If the breach affected more than five hundred individuals, a media notice should be put up and individual notifications sent as well (ICLG.com, 2021). This recommendation covers the ethical and legal aspects of the issue. The main reason for taking the recommended action includes compliance with the law, protecting clients through publicizing the problem, which is an ethical element, and kick starting the remedial action or other activities that could help mitigate the risks. Secondly, the company should train its employees on data privacy and the regulations that govern the same. This ensures that all employees can make the right decision in the future.
Conclusion
Modern technologies offer value and bring along a moral responsibility of corporate citizens to address any problems that may arise proactively. These organizations that develop and commercialize technology need to avoid the social and ethical costs that other organizations, which use the technologies may incur (Martin, Shilton, & Smith, 2019). Similarly, other organizations such as Mountain Top View also need to exhibit ethical responsibility by understanding that the technologies are not fail-proof and could encounter issues that endanger the safety of information from clients and the entity itself. When this occurs, an organization faces legal and ethical dilemmas, which may have negative consequences if not managed appropriately.
References
Adda, G., Azigwe, J. B., & Awuni, A. R. (2016). Business Ethics And Corporate Social Responsibility For Business. European Journal of Business and Innovation Research, 4(6), 26-42.
Ethics Center. (2016). Ethics Explainer: Ethics, morality & law. Retrieved from https://ethics.org.au/ethics-explainer-ethics-morality-law/
ICLG.com. (2021). USA: Data Protection Laws and Regulations 2021. Retrieved from ICLG: https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa
Martin, K., Shilton, K., & Smith, J. (2019). Business and the Ethical Implications of Technology: Introduction to the Symposium. Journal of Business Ethics, 160, 307-317.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
Evaluate whether the company has an ethical and/or legal obligation to report the breach to its customers.
Your evaluation should be framed as a report for the owner, Clare, that includes the following sections and information. Cite your sources using APA style. Select a test or framework for all employees in this company to use. Demonstrate how it can be used when faced with an ethical dilemma. Cite your sources using APA style.