1. Describe briefly the spirit and rationale of the “Fair Information Practices (FIP)” that discussed in class. (20 marks)
FIP (Fair Information Practices) is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy. And FTC Fair Information Practice Principles are the result of the Commission’s inquiry into the manners in which online entities collect and use personal information and safeguards to assure that practice is fair and provides adequate information privacy protection.
The core principles of privacy addressed by these principles are:
1. Notice and Awareness
Customer should have right to know the related organizations’ information practice before their personal information being collected. This requires that companies explicitly notify of some or all of the following:
* Identification of the entity collecting the data;
* Identification of the uses to which the data will be put;
* Identification of any potential recipients of the data;
* The nature of the data collected and the means by which it is collected;
... by which data is collected, processed into information and distributed to users. A constant flow of information triggers the ... data the company collects. Nokia then considers the customer experience management products for subscriber profile information in order to get the information ... the subscriber behavior toward the different issues and collect these information and apply it to a problem. By ...
* Whether the provision of the requested data is voluntary or required;
* The steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.
2. Choice and Consent
This point means giving consumers options to control how their data is used. Specifically, choice relates to secondary uses of information beyond the immediate needs of the information collector to complete the consumer’s transaction.
3. Access and Participation
Consumers have ability to view the data collected but also to verify and contest its accuracy. Additionally, this access must be economic and timely.
4. Integrity and Security
Collected data should be accurate and safe. Information collectors can improve the integrity of data by cross-referencing it with only reputable databases and by providing access for the consumer to verify it. Collected data should be protected from two side of threats that are internal and external threats.
5. Enforcement and Redress
In order to ensure that companies follow the Fair Information Practice Principles, there must be enforcement measures. The FTC identified three types of enforcement measures: self-regulation by the information collectors or an appointed regulatory body; private remedies that give civil causes of action for individuals whose information has been misused to sue violators; and government enforcement, which can include civil and criminal penalties levied by the government.
2. What are the advantages and disadvantages to the opt-in versus the opt-out approaches to collecting personal information from the viewpoint of: (30 marks)?
a) The customer?
b) The organization desiring to collect such information?
The two typical types of choice models are ‘opt-in’ or ‘opt-out.’ The ‘opt-in’ method requires that consumers surely give permission for their information to be used for other purposes. If the consumers do not take this step certainly in an “opt-in” system, the collected information cannot be used for any purpose.
... by other consumers as reliable and truthful information and help a consumer to make a selection based upon their unconscious needs. Consumer organizations have proven ... buying products based upon strategies advertising agencies use to lure customers in. Public Relations firms that most people have never heard ...
The ‘opt-out’ method requires consumers to affirmatively decline permission for other uses; without the consumer taking these affirmative steps in an ‘opt-out’ system, the information gatherer assumes that it can use the consumer’s information for other purposes.
According to the concept above about opt-in and opt-out, we can define following advantages and disadvantages:
* Customers have ability to filter the advertisement and business information which will be sent to their email. It is better than receiving nothing or receiving all.
* It also increases the customers’ control on whether exposing their personal information to the public.
* It helps organization to avoid some complaints from customers about their disturbing promotion.
* It also helps organization optimize the resources and use these resources on those customer who are really interested in or have potential in what organization promotes.
* It increases the efficient because the email address will be the real.
* Some interested customers may have chance to miss the related information.
* Some customers may think the opt process is too complex because many boxes need to be checked and many option need to be read.
* Limits of customer size will be conducted. In this case, many potential customers will be loss because they choose to reject to obtain the links.
3. Theoretically, a control procedure should only be implemented if the benefits it provides exceed its costs. How can you estimate the costs and benefits for the following controls? (30 marks)
a) Input validation routines
b) Data backup procedures
c) Segregation of duties
Input validation routines:
When input data is validated detailedly and carefully, data will become very accurate and useful because little wrong data will exist. So, it brings benefit that useful and accurate data make the work easily and efficiently.
... and evaluate if the investment will benefit economically the organization. The cost for a new ASRS system is ... to keep up to date the inventory. Customers will receive their books faster when the ... conclusion, and taking into consideration the financial data of Divisional Revenues from 2009 for $58 ... came out with the following financial information and data. CanGo started operating as a small company ...
More careful validation always followed more complex process. Input validation need labor force, time investment and other resource spend. So, in this way, cost will conducted.
Thus, organization should balance both cost and benefit at the same time. When calculate the benefit, elements about how much can be speeded up after validation or how much labor force can be saved if there is not mistake in input data etc. Similar to benefit calculation, organization should consider the mistake correction cost including labor, time etc.
Data backup procedures
First of all, data backup has three different types:
* Full backup: is a totally copy of the entire database.
* Incremental backup: involves copying only the data items that have changed since the last partial backup.
* Differential backup: copies all changes made since the last full backup.
When a huge damage both on software and hardware occurs, if the original data has a backup one, the recovering project will be much more easily and quickly. Besides, backup data help record the changes. When problem appears, old data can be used to detect the reason of the problem.
Full backup: it absolutely will take a lot of time cost and space cost. And for other type of data backup, it also requires time and multiple locations to store data. And, data also has risk that another one data is leaked.
Data backup requires multiple location storage, so the remote sites have to be built.
Segregation of duties
When the duties are divided clearly, each part of the task will become much easy easier and more certain. In this way, it has reduced the pressure and standard for each employee and also each employee can be allocated to certain task that he or she is good at. So, the duties can be finished in a higher quality. Additionally, when mistakes are made, it is easy to find who the conductor is and where the problem is.
... ratio (ROE) ignores cost of capital investments required to generate earnings. Another limitation is that ratio analysis depends on accounting data ... The higher the debt ratio, the more debt the company has. Another benefit of using ratio analysis is that they ... full story. This paper will analyze the benefits and limitations of ratio analysis, explaining what factors impact the meaningfulness ...
In this way, organization may need more labors to finish one task, and also, because the duty is done dividedly, the duty may not be very comprehensive or integrated.
4. Your current system is deemed to be 90% reliable. A major threat has been identified with an impact of $3M. Two control procedures, A & B, exist to deal with the threat. (20 marks)
i) Implementation of control procedure A would cost $0.1M and reduce the likelihood to 6%.
ii) Implementation of control procedure B would cost $0.14M and reduce the likelihood to 4%.
iii) Implementation of both control procedures would cost $0.22M and reduce the likelihood to 2%.
Given the data and based solely on an economic analysis of costs and benefits, what
approach(es) that you will recommend?
Effect ratio = Benefit/Cost
Benefit = (10% – 6%) * 3M = 0.12M
Cost = 0.1M
Effect Ratio = 0.12M/0.1M=1.2
Benefit = (10%-4%) * 3M = 0.18M
Cost = 0.14M
Effect Ratio = 0.18M/0.14M= 1.29
Benefit = (10% – 2%) * 3M = 0.24M
Cost = 0.22M
Effect ratio = 0.24M/0.22M = 1.09
According to the calculation above, the choice 2 should be chosen because its effect ratio is the biggest one.