Chapter 21 Professional, Legal, and Ethical Issues in Data Management
Review Questions
21.1 Define
21.2 Describe bus
considered:
(a) illegal and unethical;
(b) legal but unethical;
(c) illegal but ethical.
Suppose that IBM shares are selling for $80.15 with buyers available for 50,000 shares on the
21.3
a law.
21.4 Describe the importance of IT governance and its relationship to legal and ethical practice in
organisations.
IT Governance – used for specifying the decision rights and accountability framework to
encourage desirable behavior in the use of IT.
IT governance became an important issue in the wake of large corporate scandals in 2002 that
21.5 Explain how an international business can be influenced by laws from a foreign land and how
it may face liability to its customers for reasons beyond its control?
A firm may find that it is subject to the stricter laws of a foreign country in which it does
business, and as a result may have to adjust its entire operations according to the most
21.6 Explain the legal risks to an international business in data management.
21.7 Describe how an entity or individuals outside and within organisations can have legitimate
power to access corporate data and, therefore, influence how it is managed.
For example, some governments have established laws that provide them with unrestricted
access to corporate or individual private data. The USA Patriot Act 2001, established as a
3
21.8 Describe some of the legal challenges faced in protecting Intellectual property and promoting
innovation with emerging technology.
In the 1970s and 1980s, there were extensive discussions on whether patents or copyright
should provide protection for computer software. These discussions resulted in a generally
Exercises
21.9 Suppose that you are a data administrator in a large European pharmaceutical manufacturer
that has significant sales and marketing efforts in Europe, Japan, and the United States. What
data management issues would you have to be most concerned with?
In this situation the data administrator would be responsible for adhering to data protection
4
21.10 Suppose that you have just joined a large financial services company as the head of IT and
are asked to create a formal code of ethics for IT. What steps would you take to research this
task, and what resources would you consider?
21.11 cle archives for the Communications of the ACM
(visit www.csl.sri.com/users/neumann/insiderisks.html). Summarize, in a few paragraphs, a
recent article from these archives dealing with legal and/or ethical issues related to IT.
21.12 Access the ACM Code of Ethics and Professional Conduct and the BCS Code of Conduct and
Code of Good Practice. When comparing the two, discuss elements that are emphasized more
(or less) in one code than another.
This is a short student project comparing the following:
21.13
(www.scs.org.sg/code_of_conduct.php). Compare this code with either the ACM or BCS code
and note any differences.
21.14 Consider the DreamHome case study described in Chapter 11. Produce a report for the
Director of the company outlining the legal and ethical issues that need to be considered and
make any recommendations that you think are appropriate.
21.15 Consider the case studies described in Appendix B. Produce a report for each case study
outlining the legal and ethical issues that need to be considered and make any
recommendations you think appropriate.
5
21.16 Suppose you are the Chief Information Officer for a public University institution in Europe.
What data management issues would you have to be concerned with and what governance
policies and procedures would you have to consider putting in place to ensure you comply
with legal standards?
21.17 Describe the IT governance mechanisms that could be implemented in your organisation to
improve how IT and data is managed?
21.18 Describe with examples how legal frameworks in place to support transnational management of
data can prove ineffective in protecting the privacy or business or consumers.