How Cyber Laws & Principles are Essential in Preventing Cybercrimes (Term Paper Sample)

Final Project
Student’s Name
Institutional Affiliation
Course Code: Name of Course
Instructor’s Name
Due Date
Final Project
Information Technology is currently part of every person’s life. People share information about their private lives with organizations offering various services. As such, it is essential to formulate laws and principles that guide any organization involved in the collection, storage and disposal of people’s private information. Cyber laws and security principles are essential for the protection of not only people who share their personal information in the course of an e-commerce but also organizations involved. Additionally, the laws and principles protect e-communications against possible breach of confidentiality. Therefore, cyber laws and security principles are essential in preventing any form of cybercrime by providing the basis upon which to prosecute anyone involved in illegal access or use of information belonging to other people or organizations without their permission.
Sony Corporation, one of the world’s successful electronics company, was caught up in an incident that involved data breach. This company has its headquarters in Japan but with branches in different parts of the world including the U.S. As such, the company has many customers, employees and other stakeholders worldwide. In 2014, hackers broke into the company’s data base computers and released various employees’ personal data kept by the company’s (Solove & Citron, 2017). The employees argued that the release of their personal information affected them economically. In addition to personal information of employees, private emails were distributed online after the incident. Consequently, Sony Corporation was sued and made to pay $ 8 million as compensation for the employees whose information leaked to the public.
Case Analysis
Hacking of Sony Corporation in 2014 raised concerns over various ethical issues related to the protection of private data by organizations. One of the ethical issues is breach of trust and confidentiality. Usually, for such a big organization, passwords to systems with sensitive information about employees are kept by top ranking officers in the organization (Craig, 2013). Such officers are expected not to share the passwords with anyone else who is not authorized. In this instance, however, one of the employees might have shared the passwords with the hackers thus exposing the company to losses. Therefore, breach of the ethical duty to keep the company’s private information confidential resulted in the hacking. The other ethical issue which might have occurred, in this instance, is delays in notifying the employees and other stakeholders that their information had been hacked so that alternative measures are instituted to prevent the damage. Also, it is possible that the computer systems with the employees’ data were not properly logged off leaving passwords accessible by people who are not authorized. Therefore any of these ethical issues might have contributed to the incident.
Legal compliance issues might have as well resulted in the hacking of the company’s computer systems. Usually, organizations have rules or policy guidelines which require employees to handle certain things in a particular way. For instance, organizations of this size have rules on how to access, store and disseminate private data kept in the company (Holt & Bossler, 2015). In this case, there are possibilities that rules on data safety were violated by the people in charge of the data. Usually, most companies’ data safety rules require employees not share their passwords with unauthorized persons. In addition, people are required to keep changing their passwords from time to time to enhance data security. In this instance, the passwords to the company’s sensitive information might have been used for so long without being changed thus compromising data safety.
Failure to comply with the rules in the organization might have resulted in the company losing a lot of money following a law suit by employees who were affected. The corporation was ordered to pay about $ 8 million to employees whose information had leaked (British Broadcasting Corporation News, 2015). Additionally, the company lost some customers who felt that their information was not being safely kept by the company. Being a large corporation, one could not imagine that hacking the company was easy. As such, the incident shocked many clients and stakeholders who had shared their private information with the company for commercial purposes. The company had to come out clear on the matter and explain to the public about the incidence (Solove & Citron, 2017). Therefore, other than losing financially, the company lost its public image.
The compliance issues led to serious societal implications. The release of the employees’ personal information affected them socially. Usually, people provide very sensitive information about their personal lives to their employers. Such information includes their marital, health statuses, their bank details, dates of birth and other very private information. The hackers possessing the information posed serious personal security threat to the employees. In addition, customers were affected by the release of their personal data. For instance, financial status of some of the clients was exposed to the public thus affecting their social standing (Holt & Bossler, 2015). Therefore, the hacking had serious societal impacts, especially on employees and clients. In addition to the societal impacts, the organization’s culture was affected. Organizational values such as confidentiality, trust, honesty, and security were watered down by the incident. The level of trust that existed before among employees and the management staff was negatively affected.
Incident Impact
The incident is likely to impact the legal as well as ethical regulations within the organization. The obvious impact is that the company might have to revise its rules and regulations on data safety. The organization introduced safer data storage equipment and highly protected data security codes (Sullivan, 2015). In addition, all employees in the organization are required to keep changing their passwords as regularly as possible. Every password should be long, extremely unique and not easy to guess by hackers. The organization called upon all employees not to share their passwords with anyone unless the person is authorized. Failure to observe these provisions would attract punishment by the company’s management. Furthermore, it is a requirement for employees to be on alert and report any people they suspect to be engaging in illegal activities within the organization. According to Holt & Bossler (2015), the incident would have been prevented had it not been for delays in reporting the incidence. All these measures aim at making sure that such an incidence does not occur in future.
There is a distinction between industry standards and standards that exist for information technology. While industrial standards regulate an industry like the computer industry, information technology standards are those established to specifically deal with standards and practices involved in creation, storage transfer or even dissemination of information through computer assisted means (Craig, 2013). Although there are established standards on data protection, Sony Corporations either made little efforts to implement the standards or simply ignored them. Standards are established through laws, policies or regulations. For instance, the Computer Fraud and Abuse Act (CFAA) makes it a crime for anyone to share unauthorized data (Holt & Bossler, 2015). Additionally, the Cyber Intelligence Sharing and Protection Act (CISPA) requires that should an organization detect hacking then it should report the same to relevant government agency for immediate investigations (Solove & Citron, 2017). The organization failed to comply with CFAA since the hacking was most likely due to shared passwords by one of the employees. Also, the company failed to report the incidence to the relevant government in time thus failing to comply with the CFAA.
The incident impacted heavily on the cultural attitudes towards e-communication, and e-commerce. Some people started perceiving e-communication and e-commerce as susceptible to manipulation by hackers (Sullivan, 2015). Clients started perceiving e-activities as an opportunity for hackers to violate other people’s rights to privacy and confidentiality. Some people started being careful with what information they will share with any service providers so that should any hacking occur, they will not lose a lot (Sullivan, 2015). Furthermore, some people started insisting on the need to sign a contract with companies offering e-services to the effect that should their personal data leak then the company shall be liable. Sony Corporation lost a considerable number of its customers after the incidence.
Recommendations
The organization should have had multi-approval levels for anyone to access private data. Sensitive passwords should not be left in the hands of a single person. Systems with sensitive information should be secured with many passwords and each of these passwords should be kept by different people so that a one man’s mistake does not cost the company (Craig, 2013). Additionally, the company should have efficiently trained its employees on data safety rules and regulations. Apparently, the employees had little understanding of what to do in cases of hacking. As a result, the incidence was not reporte...