Summary
The present paper offers an ethical analysis of a security breach reported by BBC on February 27, 2019. The author of the article is not mentioned. According to the article, the contact information of many adoptive parents was disclosed due to human error. A member of the post-adoption support team in Kent County mistakenly copied a mailing list into the carbon copy instead of the blind copy section (“Adoption Families”). As a result, more than 300 email addresses protected by privacy laws were disclosed (“Adoption Families”). Even though some of the parents considered the matter a minor mistake, some expressed concern (“Adoption Families”). In addition to the possible legal implications of the matter, the Council faces ethical issues that need to be addressed.
Ethical Issues
Security breaches are a major concern in modern society, as they are usually associated with unwanted access to personal data. Security breaches pose ethical questions in front of the parties, including how and when the information about the breach should be disclosed and what the remedies should be offered to the victims. Despite the moral obligation of companies to attend to the matter, corporations are often reluctant to take steps to react to the problem since the laws concerning the issues are lagging (Buttrick et al. 9). The disclosure of security breaches is vital for preserving companies’ accountability and the trust of stakeholders. Moreover, companies are to perform necessary preventative measures to avoid the occurrence of such events. However, Buttrick et al. state that corporations “appear to ignore the contribution they make to data breaches by being primarily reactive rather than proactive” (10). An action plan is to be elaborated by every organization to address the matter, considering possible ethical issues.
Responsible Action Plan
As soon as a data breach is detected, an employee who uncovered the situation is to follow a responsible action plan. Below is a sample guideline to address the possible ethical issues:
- The information about the security breach is to be immediately disclosed to the information technology (IT) officer for further revision.
- The IT manager is to evaluate the potential harm, including the number of victims and the reason for the breach, and create a short report on the matter. If needed, the information should be disclosed to government authorities through appropriate means. The elaborated report should be presented to the upper management in the shortest possible time.
- The upper management is to assess the appropriate method and extent of further disclosure of the information. Additionally, potential remedies should be discussed and offered to the victims.
- Preventative measures are to be reviewed by the concerned personnel to avoid further data breaches.
Assessment of the Situation
The Kent County Council’s authorities adequately addressed the situation described in the present paper. The information about the data breach was immediately reported to the parents with apologies (“Adoption Families”). The investigation was organized to understand the reasons for the incident, and other relevant internal procedures were followed. Even though no remedies were offered to the victims, the decision seems to be adequate since it was a minor data breach. In short, even though the situation described in the article touches upon a concerning matter, the organization followed all the necessary steps to address the ethical implications.
Works Cited
“Adoption Families in Kent County Council Data Breach.”BBC. 2019, Web.
Buttrick, Hilary G., et al.. “The Skeleton of the Data Breach: The Ethical and Legal Concerns.”Richmond Journal of Law & Technology vol. 23, no. 1, 2016, pp. 1-21. Web.