Causes of Unethical Behavior: Case 2
Is the action illegal?
道德行为代写 She is partly right and partly wrong. She is right because it is her legitimate responsibility to access overdue accounts.
She is partly right and partly wrong. She is right because it is her legitimate responsibility to access overdue accounts. However, she is mistaken for going against the professional confidentiality that is needed by her role when she views, trail, and disclose client credit card information without consent.
Undeniably, the client information database is surrounded by many ethical issues related to the collection, storage, and protection of the data (Milne, 2000). It is legitimate for a company dealing with credit cards to have their customers’ data, especially on how they use a credit card. The ethical issues that arise in this legitimate action by companies fall in three perspectives, including Ethical responsibilities of a company to its customers, moral obligations of employees to the company and its customers, and ethical responsibilities of customers to the company.
In this case, the ethical responsibility of an employee to the customers and the company is in question. The roles of Julie and the company are intertwined and hence evaluated together. The company collects and store customer credit card data, which Julie has a privilege to access. Upon collecting and storing customer data, the company should maintain data privacy and confidentiality.
Cases for and against necessary access to customer data
There are situations where the need to collect customer data is essential than personal data privacy issues that it carries. Customer or client data in e-commerce and other economic transactions are necessary (Victor, 2013). Their choice of data privacy lies in the balance between benefits and costs of collecting, storing, and accessing client data. The goal of unrestricted access to some private data arises from the potential effect on the stakeholders in case of nondisclosure that can be harmful such as economic loss. For instance, if Julie has no authority to collect the data of overdue accounts, it would not be possible for the company to continue offering credit services to its customers, and it would run on losses.
However, disclosure is done with restriction because, when done in absolute can be harmful to itself and against fundamental rights of privacy (Mueller-Langer, & Andreoli-Versbach, 2018). Personal privacy ensures the protection of self and personhood through autonomous preferences. As such, Julie was not supposed to access and trail the spending behavior credit cardholders. The action was both illegal and unethical and violated individual autonomy. When customers become aware that their expenditures are tracked and leaked, they would lose trust in the company can withdraw from its credit services.
然而，披露是有限制的，因为绝对披露可能对自身有害并违反基本的隐私权 (Mueller-Langer, & Andreoli-Versbach, 2018)。个人隐私确保通过自主偏好保护自我和人格。因此，朱莉不应该访问和跟踪信用卡持卡人的消费行为。该行为既非法又不道德，侵犯了个人自主权。当客户意识到他们的支出被跟踪和泄露时，他们将失去对公司的信任，可以退出其信贷服务。
Ethical practices in the case
In so doing, figure 1 below shows privacy practices that needed to be observed by the company. First, the company should assign a specific person who ensures that the company observes all the laid down framework of maintaining privacy. In this case, Julie is the person responsible for privacy management. Secondly, the company should notify its customers of the privacy practice, the reason for collecting the information, and how the company intends to use the data. Thus, credit card companies have government authorization to obtain limited customer as long as privacy and confidentiality of the data are guaranteed. Thirdly, a customer can reject or accept the privacy terms. In instances where a customer refuses collection, retention, and use of his/her data, the company has no right to collect, store, or use the data.
In the case of Julie, the access of credit card data must have been under the authorization of the customers because the company could not have collected and stored the data in the absence of informed consent. Fourth, it is within the ethical practice for the company to collect relevant customer information to facilitate transactions. Notably, the company could not have offered credit facilities without access to customer data such as history on expenditure. In such a case, customers must have been provided with implicit and explicit consent before data collection.
译文：在这样做时，下面的图 1 显示了公司需要遵守的隐私惯例。首先，公司应该指派一个特定的人来确保公司遵守所有规定的维护隐私的框架。在这种情况下，朱莉是负责隐私管理的人。其次，公司应通知其客户隐私惯例、收集信息的原因以及公司打算如何使用数据。因此，只要保证数据的隐私性和机密性，信用卡公司就拥有获得有限客户的政府授权。第三，客户可以拒绝或接受隐私条款。在客户拒绝收集、保留和使用其数据的情况下，公司无权收集、存储或使用该数据。
就 Julie 而言，信用卡数据的访问必须在客户的授权下进行，因为在没有知情同意的情况下，公司无法收集和存储数据。第四，公司收集相关客户信息以促进交易符合道德规范。值得注意的是，如果无法访问诸如支出历史等客户数据，该公司就无法提供信贷便利。在这种情况下，必须在收集数据之前向客户提供隐含和明确的同意。 道德行为代写
Fifth, the company should only use and retain the data in the manner that the customer has authorized in the notice. In the case of Julie, it is assumed that the credit card company had customer consent to retain and use the data to facilitate advancing credits. As such, Julie’s access to client data is within customer authorization. The information is used to track the credit card activities of customers whose accounts fall overdue for follow-up. Sixth, it can be assumed that customers were allowed access to the information they provide so that they can opt-out when they can. However, for the case of credit card, although customers can have access to the information provided, it might not be economically rational for them to be allowed to opt-out, especially if they have been advanced credit by the company.
In some cases of debt collection, customers have to relinquish some rights to privacy. Lastly, the data can only be shared with the third party through the implicit or explicit consent of the customer. It is, therefore, unethical for the company or an employee to the company to share such information that otherwise needs prior consent or confidentiality. Julie acted unethically by disclosing some spending behavior of famous people against their will and in breach of privacy.
Notably, in most organizations, employees must have access to private data about their customers. Access comes with ethical responsibility to ensure the privacy and confidentiality of the data and avoid its misuse. When Julie collects overdue accounts, should not browse through, or disclose the information to the third party. It is both a legal and ethical duty to manage these accounts and keep them safe from third-party access.
译文：第五，本公司应仅以客户在通知中授权的方式使用和保留数据。在 Julie 的案例中，假设信用卡公司已获得客户同意保留和使用数据以促进信用额度。因此，Julie 对客户数据的访问权限在客户授权范围内。该信息用于跟踪账户逾期未跟进的客户的信用卡活动。第六，可以假设客户被允许访问他们提供的信息，以便他们可以选择退出。然而，就信用卡而言，虽然客户可以访问所提供的信息，但允许他们选择退出可能在经济上并不合理，特别是如果他们已被公司提前信贷。 道德行为代写
Does the action violate company or professional standards?
Julia’s access to the credit account database is legitimate because she is working for the company. However, her checking and trailing of credit card activities violate both company and professional standards. All companies, especially those dealing with client data, are required to adhere to data compliance standards in the industry. By implication, Information Technology professionals are supposed to observe professionalism and subscribe to data privacy and confidentiality both as workers and as professionals. Julie’s actions amount to being both unethical and illegal.
译文：Julia 对信用账户数据库的访问是合法的，因为她在公司工作。然而，她对信用卡活动的检查和跟踪违反了公司和专业标准。所有公司，尤其是处理客户数据的公司，都必须遵守行业的数据合规标准。言外之意，信息技术专业人士应该以工人和专业人士的身份遵守专业精神并订阅数据隐私和机密性。朱莉的行为既不道德又违法。 道德行为代写
Violation of company standards
All companies, especially those that deal with client data, are supposed to observe a high standard of data compliance. It refers to any regulations that a company must follow to ensure the protection of private data in its possession. The most sensitive data is personally identifiable information and financial details.
The rules that companies follow comes in forms of industry standards, states, and federal laws or even international regulations such as GDPR (Phillips, 2018). There are general data standards that most companies, such as one Julie, works for subscribing. Company standards are internal and depend on the nature of the company. First, the company promises to protect clients’ data. Credit card customers provide sensitive information that is highly sensitive. As such, the company has a role in keeping such information confidential and informing the customer in case the company inadvertently collecting or violates the terms of service.
Julie violated this company standard when she opened and tracked client credit card usage. Secondly, the company promises its clients that I will never collect unnecessary data that does not relate to the terms of service. It is conventional that credit card companies collect, store, and use client data on credit card use. The data is collected only when necessary, for instance, when the credit account is overdue. However, it is unnecessary and illegal to track client movement through credit card expenditure. Tracking client credit card use is not necessary for collecting overdue accounts. These two standards were broken when Julie opened and disclosed the client’s information to the third party.
公司遵循的规则以行业标准、州和联邦法律甚至 GDPR 等国际法规的形式出现 (Phillips, 2018)。大多数公司（例如 Julie）都订阅了通用数据标准。公司标准是内部标准，取决于公司的性质。首先，公司承诺保护客户的数据。信用卡客户提供高度敏感的敏感信息。因此，公司有责任对此类信息保密，并在公司无意中收集或违反服务条款时通知客户。
Additionally, Julie’s action was against the regulations that the company seek to observe.
Most companies dealing with client data subscribe to the General Data Protection Regulation (GDPR) that lay down the rules regarding the rights of customers to know what data the business collect from them, how the data is processed and used, and handling of issues related to a data breach (Phillips, 2018). If Julie’s company deals with individuals subject to the EU’s jurisdiction, it was required to abide by the GDPR guidelines. Generally, the regulation is centered on three fundamental principles, including obtaining consent, minimizing the amount of data you hold, and ensuring the rights of data subjects. Julie bleached all the three fundamental principles that the body protected.
Most importantly, it is subject to abide by the Payment Card Industry Data Security Standard (PCI DSS, 2018). The body regulates companies that deal with clients’ financial information. It sets out how the company was supposed to handle and protect credit cardholder data. PCI DSS is not a government-mandate rule. It is used in the industry and companies that are not compliant risk facing hefty fine or termination of connection with bank payment processing. Julie violated this industry-standard, which constitutes the company standard that an employee is supposed to observe. The violation of the set rules applies even if the company uses third-party to handle card payments.
译文：大多数处理客户数据的公司都签署了通用数据保护条例 (GDPR)，该条例规定了有关客户有权了解企业从他们那里收集哪些数据、如何处理和使用数据以及处理与以下内容相关的问题的规则。数据泄露（菲利普斯，2018 年）。如果朱莉的公司与受欧盟管辖的个人打交道，则必须遵守 GDPR 准则。一般而言，该法规以三个基本原则为中心，包括获得同意、尽量减少您持有的数据量以及确保数据主体的权利。朱莉漂白了身体保护的所有三个基本原则。 道德行为代写
最重要的是，它必须遵守支付卡行业数据安全标准（PCI DSS，2018）。该机构监管处理客户财务信息的公司。它规定了公司应该如何处理和保护信用卡持卡人数据。 PCI DSS 不是政府强制规定。它用于不合规风险面临巨额罚款或终止与银行支付处理连接的行业和公司。 Julie 违反了这一行业标准，该标准构成了员工应遵守的公司标准。即使公司使用第三方来处理卡支付，违反既定规则的行为也适用。
Violation of professional standards
Although it is not apparent that Julie was bound to follow standards set by a professional body, she is entitled to adhere to the generally accepted privacy and security standards in client data handling (Erwin, 2011). Even she did not bleach the professional body standards, today, professional conduct is a blend of law and ethics meaning she cannot escape being responsible (See figure 2). First, she was supposed to promote ethical practices and never encourage or suggest anything that could be construed criminal or unethical. Like any other company employee, she was supposed to strive to provide competent services at all times. Secondly, it is assumed that the company believes in values and the importance of integrity and honesty at all customer dealings. Julie failed to observe the integrity and honesty that her position required.
译文：虽然朱莉必须遵守专业机构制定的标准并不明显，但她有权在客户数据处理中遵守普遍接受的隐私和安全标准 (Erwin, 2011)。 即使她没有漂白职业身体标准，今天，职业行为是法律和道德的结合，这意味着她无法逃避责任（见图 2）。 首先，她应该提倡道德实践，从不鼓励或建议任何可能被视为犯罪或不道德的事情。 与任何其他公司员工一样，她应该始终努力提供称职的服务。 其次，假设公司相信价值观以及在所有客户交易中正直和诚实的重要性。 朱莉未能遵守其职位所要求的正直和诚实。 道德行为代写
Source: Scott, (2008)
Thirdly, all professions require workers to behave and portray a high level of transparency. Julie violated the professional code of transparency. It needs the employee to be open to the clients how they are using the data and seek to obtain prior authorization before any collection, storage, and use of such data. The standard is embedded in Article 5.1 of the GDPR as one of the principles to the processing of personal data (Bartolini, Lenzini, & Santos, 2018). As such, Julie was required to handle private data lawfully, reasonably, and transparently. She was supposed to proficient information to the client as for the reason to access or track their credit card spending.
译文：第三，所有职业都要求工人的行为举止和表现出高度的透明度。 朱莉违反了透明度的职业准则。 它需要员工向客户公开他们如何使用数据，并在收集、存储和使用此类数据之前寻求获得事先授权。 该标准嵌入在 GDPR 第 5.1 条中，作为处理个人数据的原则之一（Bartolini、Lenzini 和 Santos，2018 年）。 因此，Julie 被要求合法、合理和透明地处理私人数据。 她应该向客户提供有关访问或跟踪其信用卡消费的原因的信息。
Additionally, Julie portrayed conflict of interest when accessed and tracked the client’s credit card usage.
As a professional, she was required to maintain a high level of trust with the company and clients. She was supposed to protect the interests of the company and that of the client as well as maintain professional integrity when engaging with client data or information that may elicit conflict of interests. To remain within the confines of conflict of interest, Julie was required to adhere to and advocate the use of published policies of benefits that government the company. She was supposed to refrain from using her position and data manager for personal, material, or financial gain. Equally important, Julie should have refrained from giving or seeking preferential treatment in the human resource processes.
Lastly, it is a professional obligation for all employees to maintain some level of confidentiality, especially with sensitive data from clients. Julie breached this code when she trailed and divulged client information to the third-party. It is related to the disclosure and nondisclosure of data. Employees have to honor not to disclose client respect the boundaries set by the company standards and law. In such relationships as a credit card company and client where the company holds sensitive data, it should be based on strict adherence to data privacy.
Who is affected, and how, by the action?
Julie’s actions have an impact on both the company and the client. The company will lose its reputation because it may be dragged to lawsuits and face disciplinary action from the government and the regulatory bodies. On the other hand, the client will suffer damages of privacy and, in worse cases, especially the entertainers and politicians will suffer reputation loss and embarrassment. Besides, credit card holders may cause identity theft depending on the information with the company.
Impact on the company
The credit company will be affected in various ways when the data breach occurs. First, the company will lose revenue because customers will run away, competitors will take advantage, and it may have to pay for damages and legal suits. Studies show that 29 percent of businesses where data violations occur to end up losing revenue (Layton, & Watters, 2014). When customers learn about the data breach, they distrust the company and may discontinue services with the company. As a result, it will lose income and present and future customers. Some customers like politicians and entertainers may file a legal suit for damages, which may cost much for the company. Also, the company, if found culpable, may be fined heavily by the regulatory bodies. If the situation escalates, the company may end up losing business.
译文：发生数据泄露时，信贷公司将受到各种影响。首先，公司将损失收入，因为客户会逃跑，竞争对手会从中获利，并且可能不得不支付损害赔偿和法律诉讼。研究表明，发生数据违规的企业中有 29% 最终会损失收入（Layton 和 Watters，2014 年）。当客户得知数据泄露时，他们不信任该公司并可能停止与该公司的服务。结果，它将失去收入以及现在和未来的客户。一些客户，如政客和演艺人员，可能会提起法律诉讼，要求损害赔偿，这可能会给公司带来很大的损失。此外，如果发现该公司有罪，监管机构可能会对其处以巨额罚款。如果情况升级，公司可能最终会失去业务。
Secondly, the credit company will lose its brand reputation.
Although reputation is difficult to measure, it certainly has a financial impact in one way or another. It is more than short-term revenue. Customers are finding it challenging to trust credit card brands because of numerous data breaches that are happening around the world. Research shows that, in the case of a data breach, 65 percent of victims report losing trust in the company any longer (Baker et al., 2011). Julie’s violation of client privacy may make the company lose its loyal customers. Unless the company finds ways to make it up for them and assure such an incident will never happen in the future, most politicians and entertainers cannot continue risking their private data. The lost confidence, negative media, associated identity theft, and potential customer’s view views towards the company can leave a dark mark in the company reputation that I difficult to wash.
Ultimately, the company will be involved in class-action lawsuits. Julie exposed client data, and clients have legal rights to sue the company of negligence. There are companies in the past that have paid their customers millions of dollars as damages for violation of private data. Facebook is one of the companies that was involved in legal ramifications due to data exposure. The cost can be too high than the company can handle, leading to loss of cashflow or closure.
译文：尽管声誉难以衡量，但它肯定会以某种方式对财务产生影响。这不仅仅是短期收入。由于世界各地发生了大量数据泄露事件，客户发现信任信用卡品牌具有挑战性。研究表明，在发生数据泄露的情况下，65% 的受害者表示不再对公司失去信任（Baker 等，2011）。朱莉侵犯客户隐私可能会使公司失去忠实客户。除非公司找到办法弥补他们并确保此类事件将来永远不会发生，否则大多数政客和演艺人员不能继续冒险使用他们的私人数据。失去信心、负面媒体、相关的身份盗用以及潜在客户对公司的看法可能会在公司声誉中留下难以洗刷的阴影。 道德行为代写
最终，该公司将卷入集体诉讼。朱莉暴露了客户数据，客户有合法权利起诉公司疏忽。过去，有些公司因侵犯私人数据而向客户支付了数百万美元的赔偿金。 Facebook 是因数据泄露而卷入法律后果的公司之一。成本可能太高，超出公司的承受能力，导致现金流损失或关闭。
Impact on clients
The impact of data violation ranges from identity theft to embarrassment (Martin, Borah, & Palmatier, 2017). The private data such as names, addresses, and birthdates can be used to come up, build up identity theft. Julie can use the information she has access to launch phishing attacks in the bid to get the client to give up their additional personal information. If the information with the company is enough, she could use it for identity theft. Also, the access to credit card numbers and personal details of the clients can facilitate her to create a new credit card that replaces that of the client. When identity is lost, the person in possession may commit crimes of defrauding the victim’s money. A replaced card, on the other hand, can be used to make further credits and malicious spending.
Moreover, prominent customers, such as politicians and entertainers, may be exposed to reputational and security risks. For instance, people have different ways of spending their money and time, and most keep it as a secret. If a customer learns that such secrets have been leaked, it might be humiliating and embarrassing because the data may not be respectable to close people. Security risk, on the other hand, comes from the leak of credit card location and usage. Julie can disclose such information to criminals who can use the information to trail the client to steal.
Overall, Julie’s action amounted to a violation of data privacy and hence illegal and unethical. It is unlawful because it is against the law access and leaks someone else private information without consent. It is immoral because she was supposed not supposed to open the details or disclose to the third-party. Her actions, therefore, have negative repercussions on the company and its customers.
译文：数据违规的影响范围从身份盗窃到尴尬（Martin、Borah 和 Palmatier，2017 年）。诸如姓名、地址和生日之类的私人数据可用于提出、建立身份盗窃。朱莉可以使用她有权访问的信息发起网络钓鱼攻击，以让客户放弃他们的额外个人信息。如果与公司的信息足够，她可以将其用于身份盗用。此外，访问客户的信用卡号和个人详细信息可以帮助她创建一个新的信用卡来代替客户的信用卡。当身份丢失时，占有人就有可能实施骗取受害人财物的犯罪。另一方面，更换的卡可用于赚取更多信用和恶意消费。
此外，政客和演艺人员等知名客户可能面临声誉和安全风险。例如，人们花费金钱和时间的方式各不相同，而且大多数人都将其保密。如果客户得知此类机密已泄露，可能会感到羞辱和尴尬，因为这些数据对于亲密的人来说可能不值得尊重。另一方面，安全风险来自信用卡位置和使用情况的泄漏。 Julie 可以将此类信息披露给犯罪分子，犯罪分子可以使用该信息追踪客户进行窃取。 道德行为代写
Baker, W., Goudie, M., Hutton, A., Hylender, C. D., Niemantsverdriet, J., Novak, C., … & Tippett, P. (2011). 2011 data breach investigations report. Verizon RISK Team, Available: www. Verizon business. com/resources/reports/rp_databreach-investigation report-2011_en_xg. pdf, 1-72.
Bartolini, C., Lenzini, G., & Santos, C. (2018). A legal validation of a formal representation of GDPR articles. In Proceedings of the 2nd JURIX Workshop on Technologies for Regulatory Compliance (Telecom).
Industry, P. C. (2018). Data security standard. Requirements and Security Assessment version, 3.
Mueller-Langer, F., & Andreoli-Versbach, P. (2018). Open access to research data: Strategic delay and the ambiguous welfare effects of mandatory data disclosure. Information Economics and Policy, 42, 20-34.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance. Journal of Marketing, 81(1), 36-58.
Milne, G. R. (2000). Privacy and ethical issues in database/interactive marketing and public policy: A research framework and overview of the special issue. Journal of Public Policy & Marketing, 19(1), 1-6.
Phillips, M. (2018). International data-sharing norms: from the OECD to the General Data Protection Regulation (GDPR). Human genetics, 137(8), 575-582.
Scott, R. W. (2008). Promoting legal and ethical awareness: a primer for health professionals and patients. Elsevier Health Sciences.
Victor, J. M. (2013). The EU general data protection regulation: Toward a property regime for protecting data privacy. Yale LJ, 123, 513.