1. Describe briefly the spirit and rationale of the “Fair Information Practices (FIP)” that discussed in class. (20 marks)
FIP (Fair Information Practices) is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy. And FTC Fair Information Practice Principles are the result of the Commission’s inquiry into the manners in which online entities collect and use personal information and safeguards to assure that practice is fair and provides adequate information privacy protection.
The core principles of privacy addressed by these principles are:
1. Notice and Awareness
Customer should have right to know the related organizations’ information practice before their personal information being collected. This requires that companies explicitly notify of some or all of the following:
* Identification of the entity collecting the data;
* Identification of the uses to which the data will be put;
* Identification of any potential recipients of the data;
* The nature of the data collected and the means by which it is collected;
* Whether the provision of the requested data is voluntary or required;
* The steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.
The Essay on Nokia Information System
An information system is a set of formal procedures by which data is collected, processed into information and distributed to users. A constant flow of information triggers the need for a system to organize information flow therefore there is a need for information system. Information system transform facts and figures in raw form also known as data into information which are data presented in a ...
2. Choice and Consent
This point means giving consumers options to control how their data is used. Specifically, choice relates to secondary uses of information beyond the immediate needs of the information collector to complete the consumer’s transaction.
3. Access and Participation
Consumers have ability to view the data collected but also to verify and contest its accuracy. Additionally, this access must be economic and timely.
4. Integrity and Security
Collected data should be accurate and safe. Information collectors can improve the integrity of data by cross-referencing it with only reputable databases and by providing access for the consumer to verify it. Collected data should be protected from two side of threats that are internal and external threats.
5. Enforcement and Redress
In order to ensure that companies follow the Fair Information Practice Principles, there must be enforcement measures. The FTC identified three types of enforcement measures: self-regulation by the information collectors or an appointed regulatory body; private remedies that give civil causes of action for individuals whose information has been misused to sue violators; and government enforcement, which can include civil and criminal penalties levied by the government.
——————————————————————————————————-
2. What are the advantages and disadvantages to the opt-in versus the opt-out approaches to collecting personal information from the viewpoint of: (30 marks)?
a) The customer?
b) The organization desiring to collect such information?
The two typical types of choice models are ‘opt-in’ or ‘opt-out.’ The ‘opt-in’ method requires that consumers surely give permission for their information to be used for other purposes. If the consumers do not take this step certainly in an “opt-in” system, the collected information cannot be used for any purpose.
The ‘opt-out’ method requires consumers to affirmatively decline permission for other uses; without the consumer taking these affirmative steps in an ‘opt-out’ system, the information gatherer assumes that it can use the consumer’s information for other purposes.
The Essay on Information Technology: Structures of Data
The home page of the ITPRC Web site introduces it as “The Information Technology Professional’s Resource Center” (ITPRC, 2007). Originally created in 1999, the avowed purpose of the Web site is to provide a one-stop shop for IT professionals for technical information on data networking. The purpose is laudable because data networking is a vital function which underlies many of the devices and ...
According to the concept above about opt-in and opt-out, we can define following advantages and disadvantages:
* Advantage:
Customer:
* Customers have ability to filter the advertisement and business information which will be sent to their email. It is better than receiving nothing or receiving all.
* It also increases the customers’ control on whether exposing their personal information to the public.
Organization:
* It helps organization to avoid some complaints from customers about their disturbing promotion.
* It also helps organization optimize the resources and use these resources on those customer who are really interested in or have potential in what organization promotes.
* It increases the efficient because the email address will be the real.
* Disadvantage:
Customer:
* Some interested customers may have chance to miss the related information.
* Some customers may think the opt process is too complex because many boxes need to be checked and many option need to be read.
Organization:
* Limits of customer size will be conducted. In this case, many potential customers will be loss because they choose to reject to obtain the links.
——————————————————————————————————-
3. Theoretically, a control procedure should only be implemented if the benefits it provides exceed its costs. How can you estimate the costs and benefits for the following controls? (30 marks)
a) Input validation routines
b) Data backup procedures
c) Segregation of duties
Input validation routines:
Benefit:
When input data is validated detailedly and carefully, data will become very accurate and useful because little wrong data will exist. So, it brings benefit that useful and accurate data make the work easily and efficiently.
The Essay on Cost benefit analysis CanGo
VIA Consulting has been hired in CanGo’s behalf to assist its management group in the decision making of the implementation of the new operating ASRS system, and we came out with the following financial information and data. CanGo started operating as a small company in 2006. In 2008 the company reported a net profit of $7,000,000 and $15,000,000 for the 2009. The company’s most profitable ...
Cost:
More careful validation always followed more complex process. Input validation need labor force, time investment and other resource spend. So, in this way, cost will conducted.
Thus, organization should balance both cost and benefit at the same time. When calculate the benefit, elements about how much can be speeded up after validation or how much labor force can be saved if there is not mistake in input data etc. Similar to benefit calculation, organization should consider the mistake correction cost including labor, time etc.
Data backup procedures
First of all, data backup has three different types:
* Full backup: is a totally copy of the entire database.
* Incremental backup: involves copying only the data items that have changed since the last partial backup.
* Differential backup: copies all changes made since the last full backup.
Benefits:
When a huge damage both on software and hardware occurs, if the original data has a backup one, the recovering project will be much more easily and quickly. Besides, backup data help record the changes. When problem appears, old data can be used to detect the reason of the problem.
Costs:
Full backup: it absolutely will take a lot of time cost and space cost. And for other type of data backup, it also requires time and multiple locations to store data. And, data also has risk that another one data is leaked.
Data backup requires multiple location storage, so the remote sites have to be built.
Segregation of duties
Benefits:
When the duties are divided clearly, each part of the task will become much easy easier and more certain. In this way, it has reduced the pressure and standard for each employee and also each employee can be allocated to certain task that he or she is good at. So, the duties can be finished in a higher quality. Additionally, when mistakes are made, it is easy to find who the conductor is and where the problem is.
The Business plan on Ratio and Financial Statement Analysis
This paper analyzes tools used in financial analysis such as ratios. Financial ratio analysis is a judicious way for different stakeholders to use for different goals. This paper demonstrates that financial ratio analysis is an important instrument to estimate resources and their used. It also demonstrates that despite the fact that financial ratio analysis is an excellent tool, it does have ...
Costs:
In this way, organization may need more labors to finish one task, and also, because the duty is done dividedly, the duty may not be very comprehensive or integrated.
————————————————-
4. Your current system is deemed to be 90% reliable. A major threat has been identified with an impact of $3M. Two control procedures, A & B, exist to deal with the threat. (20 marks)
i) Implementation of control procedure A would cost $0.1M and reduce the likelihood to 6%.
ii) Implementation of control procedure B would cost $0.14M and reduce the likelihood to 4%.
iii) Implementation of both control procedures would cost $0.22M and reduce the likelihood to 2%.
Given the data and based solely on an economic analysis of costs and benefits, what
approach(es) that you will recommend?
Effect ratio = Benefit/Cost
Case 1:
Benefit = (10% – 6%) * 3M = 0.12M
Cost = 0.1M
Effect Ratio = 0.12M/0.1M=1.2
Case 2:
Benefit = (10%-4%) * 3M = 0.18M
Cost = 0.14M
Effect Ratio = 0.18M/0.14M= 1.29
Case 3:
Benefit = (10% – 2%) * 3M = 0.24M
Cost = 0.22M
Effect ratio = 0.24M/0.22M = 1.09
According to the calculation above, the choice 2 should be chosen because its effect ratio is the biggest one.
