Report
Introduction
Laws and ethics guide businesses to ensure they operate responsibly and sustainably and promote stakeholders’ trust and confidence. Ethics involves the study and practice of decisions about the morality and correctness of some actions (Kubasek et al., 2020). Business ethics requires the application of ethical principles to the challenges and opportunities businesses face (Kubasek et al., 2020). In addition to compliance with laws and ethical standards, businesses also have to comply with corporate social responsibility – the company’s actions aimed at the benefit of society.
Corporate social responsibility and ethical business conduct are intertwined as they aim to do business in a manner that protects the interests of stakeholders and maintains the organization’s reputation. The reputation of a responsible company that understands the parties involved attracts more buyers and investors. Therefore, although sales and profits are essential to the business, its other aspects must be considered – ethics, the impact on society, and legal conduct.
Analysis
Mountain Top View faced a data breach issue when the names, phone numbers, and addresses of clients who made online orders at the beginning of the year were hacked. However, the company did not report it to its customers, which entails several legal and ethical issues. From a legal point of view, all states have passed a law that obliges businesses to report a data breach to their clients (Federal Trade Commission [FTC], 2021). Moreover, more significant measures are needed after the incident to protect data and prevent new possible problems (FTC, 2021). The company must take the necessary measures to avoid legal problems.
From an ethical point of view, the incident that occurred means a violation of customers’ privacy, and a failure to report it also means insufficient transparency. It is worth noting that the Mountain Top View website declares a commitment to protecting its clients’ data. Failure to meet the stated value can lead to a loss of trust that stakeholders have in the company (Kubasek et al., 2020). Therefore, the organization has ethical and legal obligations to notify its clients about the incident and recommend the measures to take.
Deciding on needed measures also requires attention to stakeholders’ interests, which could be affected by a data breach. Firstly, the data breach directly impacts customers who place online orders in the year’s first quarter. Access to their data increases the risk of fraud and even identity theft. As the company’s sole owner, Clare Applewood can experience financial losses if the organization’s reputation suffers and its profits decline.
Company employees may also be affected if the company’s reputation deteriorates and job cuts are needed. Moreover, the response to the incident demonstrates their professional qualities, as employees are responsible for data protection and the quality of the company’s services. Finally, the company’s reputation affects its relationships with partners and suppliers – an absence of adequate response to the problem may demonstrate the lack of trustworthiness of Mountain Top View. The breach’s impact is significant, highlighting the need for action to respond to the incident.
Recommendation
Given the severity of the problem, as well as the legal and ethical issues that accompany the incident, the following action plan is proposed.
Notification of Affected Stakeholders
The company needs to send a message to affected customers informing them that the data was hacked. Following US laws, customer notification is mandatory in case of a data breach (FTC, 2021). The letter should report the incident, the measures taken by the company, and the measures that users can take to protect their data. Since the information accessed is less sensitive than credit card numbers or social security numbers, the company needs to check laws and regulations applicable in its jurisdiction to determine its obligations to notify law enforcement agencies in this case (FTC, 2021). Notifying users is also necessary for ethical reasons to maintain transparency of the company’s actions.
A Case Investigation
While Steve quickly fixed the code, leading to the hack, more substantial measures are needed to prevent the situation from re-occurrence. It is necessary to check the system for factors that led to the error and find other vulnerabilities (FTC, 2021). An enhanced cybersecurity system will provide additional protection and help avoid similar problems with data breaches in the future.
Creating an Action Plan for Cases of Cybersecurity Issues
Steve’s actions demonstrated that Mountain Top View has no policy or protocol guiding action during critical situations. Therefore, the company needs an action plan that staff can follow in a similar case.
Conducting Additional Personnel Training
Once the incident has been reviewed and fixed and crisis management policies have been implemented, employees must be informed of the innovations. Moreover, business ethics training is needed, including possible frameworks to guide decision-making (Kubasek et al., 2020). As a result, with another potential critical situation, the reaction will be fairer and more transparent.
Conclusion
Modern technologies offer small businesses many opportunities to expand their activities and effective organization. However, they also require additional duties and guarantees of protection to customers. The use of technology entails such legal and ethical issues as the protection of customer data to support their privacy, the ethics of communication in social media, the protection of intellectual property, and other concerns.
Mountain Top View did not effectively deal with the problem of a data breach, which could lead to risks to the privacy of customers and the loss of their trust in the company. Therefore, additional protection measures and protocols are needed that will be able to guide the actions of employees in a crisis. They will help support the ethics of the business and its compliance with legal requirements.
Ethical Test
Types of Ethical Tests
As the incident with Mountain Top View demonstrates, employees of companies may face an ethical dilemma and make decisions that may not comply with ethical standards. In this case, they can apply ethical tests or frameworks designed to help assess the consequences of a specific action and thereby guide a fair and moral choice. Examples of tests include The Golden Rule Test, the Public Disclosure Test, and the Universalization Test (Kubasek et al., 2020). Although all tests can apply to the Mountain Top View problem, the Public Disclosure Test should be most effective when the company makes decisions in ethical dilemmas.
Public Disclosure Test
The Public Disclosure Test is based on what the company needs to be critical about what its actions look like in the public eye and what they think about it. The test suggests imagining which decision would be best if the company’s actions were widely covered as if they were broadcast on television (Kubasek et al., 2020). The task of this test is to remind people that although ethics and adherence to moral principles can be challenging, they are necessary since business operates in society, depends on it, and affects it (Kubasek et al., 2020). The test helps to consider whether the company would be proud of the action publicly and encourages businesses to act transparently and to be accountable.
Pros and Cons of Public Disclosure Test
Public Disclosure Test has several advantages and disadvantages in its application. It encourages transparency and accountability for the company’s actions. In this case, the community will be more aware of the company’s decisions and be able to trust its actions. Moreover, by avoiding stealth in crises, companies can avoid problems if the truth is revealed. The test is also easy to apply and can be relevant for solving problems of various types. However, disclosure may also be prohibited by legal obligations, and the test is not applicable.
The disadvantage of the test is that it relies on a person’s subjective opinion to make a decision. Individuals may make a choice that they consider correct even in the case of public disclosure, but the measures taken as a result may still be unacceptable. Therefore, the company’s official policies and regulations are also needed in addition to the ethical framework.
Application of Public Disclosure Test
Applying the Public Disclosure Test to the Mountain Top View situation, the owner and employees should consider the incident and the issue of its disclosure as if it had become known publicly. The news that a case of data hacking was concealed would have damaged the company’s reputation and resulted in customers not trusting Mountain Top View or shopping here. Therefore, a decent reaction, which includes notifying the affected parties and taking measures to prevent an error from re-occurrence, will be the best solution.
References
Federal Trade Commission. (2021). Data breach response: A guide for business. Web.
Kubasek, N. K., Browne, M. N., Dhooge, L. J., Herron, D. J., & Barkacs, L. L. (2020). Dynamic business law (5th ed.). McGraw-Hill Education.