Professional, Legal and Ethical Issues CPSC 356 Database Ellen Walker Hiram College (Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
Data is Valuable Clickstream data (terabytes) –Data mining for business advantage Financial transactions (petabytes) Personal information –Open to identity theft and fraud
Ethical vs. Legal Behavior Ethics –A set of principles of correct conduct or a theory or a system of moral values Law –A set of rules enacted by and enforced by a government Not all ethical behavior is legal Not all unethical behavior is illegal
Sample (US) Laws with Implications Sarbanes – Oxley Act Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA)
Sarbanes Oxley Act (SOX) Goal is to tighten requirements on how companies form boards of directors, interact with auditors and report finances Created in aftermath of Enron scandal To comply, companies must consider how data is collected, processed, secured, and reported
Complying with SOX COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. COSO is a framework that focuses more narrowly on internal controls, including culture, risk assessment, control activities, reporting and monitoring
Health Insurance Portability and Accountability Act (HIPAA) Release of patient information requires consent forms –“We can’t tell you anything – we can’t even tell you that we know anything” – Lynn Taylor Standards for electronic health/medical records and insurance claims Establishing a nationally recognized identifier (NOT SSN) to be used by all employee health plans Standards for security of patient data and transactions Need for a nationally recognized identifier for healthcare providers
Family Educational Rights and Privacy Act (FERPA) Protects privacy of student educational records Parents have rights until age 18 or until student graduates from HS, then rights transfer to student Schools must have written permission from student (or parent if pre-college) to release any information
FERPA Exceptions Directory information –Name, address, date & place of birth, honors Designated parties –School officials with legitimate need to know –Other schools to which student transfers –Specified officials for audit or evaluation –Whoever needs to know for financial aid Compliance with a judicial order or state law Health and safety emergencies
Codes of Ethics ACM Code (see BCS code ( Areas covered –Public interest –Duty to relevant authority –Duty to the profession –Professional competence and integrity
Intellectual Property IP = The product of human creativity in the industrial, scientific, literary and artistic fields Examples: –Invention –Program –Play –Painting –Musical composition
Protecting IP Patent –Very strong protection for limited time, requires disclosure Copyright –Protects the expression of an idea Romeo & Juliet vs. “boy loves girl with tragic ending” –Much longer term than patent Trademark –Protects a word, symbol, image, sound, etc. with regard to a specific company (type of goods)
Trade Secret A trade secret is protected not by law (no disclosure), but by secrecy If you can figure it out (by reverse- engineering), you can legally use it in your own product –Not by “reading the source code” –Not by theft –Clean room reverse engineering technique
Software Generally, protected by copyright, but there are software patents –Patent must be for the idea, not the program –Example: pull-down menu Copyright protects the expression, not the idea –“Look and feel” lawsuits
Software License Commercial software (perpetual use) Commercial software (annual fee) Shareware Freeware Note: only some freeware is open-source; open-source software can still carry a license, e.g. GPL