Limited Time OfferFLAT 20% off & $20 bonus sign up. Order Now
Save Time and Improve Grade - Get Professional Help Now!
New! Hire Essay Assignment Writer Online and Get Flat 20% Discount!!Order Now
HomeFree Sample ICTICT418 Contribute to Copyright Ethics and Privacy in an ICT Environment
ICTICT418 Contribute to Copyright Ethics and Privacy in an ICT Environment
Published : 25-Sep,2021 | Views : 10
All staff and internal stakeholders at Infinite Horizons are required to safeguard customers’ information in order to maintain confidentiality and privacy. Staff with access privileges to confidential or sensitive data are restricted from sharing the information with any unauthorized personnel. If a staff member is asked to share information about a customer by a stakeholder who has not access privileges, the matter will be reported to the IT department immediately. If you find an employee discussing confidential information inappropriately, you will report the matter to the IT department. Infinite Horizons prioritizes the confidentiality and privacy of customer information and will take disciplinary action against any staff member who breaches this policy.
Breaches of confidentiality of information
A customer can sue any staff member who is responsible for data breach. Infinite Horizon has a duty to protect the client from any damage. To avoid legal claims by customers, Infinite Horizons will take the following steps to prevent a breach from occurring:
Train employees on confidentiality and privacy and information storage policy and procedures.
Quarterly staff training to reinforce company policies and inform staff of changes made to policies
Accurate procedures used to store information
Security systems installed to monitor information access
Security systems deployed to reinforce access control across the company’s systems
Staff members at Infinite Horizons have to sign a confidentiality agreement which defines their obligation to handling information in secure manner.
The staff members at Infinite horizons have a responsibility to:
Maintain privacy of customer’s details at all times
Safeguarding personal information that will be kept confidential such as address, age, date of birth, etc.
Protect family information and medical information. Any information that is personal will be discussed by authorized people in an appropriate manner.
Access to records
Records can be stored in different media including CDs, hard drives, papers, etc. Records that hold confidential or sensitive information will be secured to prevent data breaches. The following steps will be followed in securing the information:
Staff are given different level of access to information depending on their role
Security passes have to be issued when a staff member is working on a particular project and withdrawn when if level of access is changed.
Staff must have ID passes to access company data
The company monitors computer access to safeguard customer confidentiality
Staff members that seek to access their personal information can login into the company’s system with their email and password.
Storage of records
Records have to be correctly stored in accordance to legislations in place by authorized staff members who have to ensure that confidential, private, or sensitive information is not exposed to unauthorized people
Records have to be stored in a safe area where they are protected from physical damage caused by human, pests, or weather
Records have to be stored within registered organizational areas where they can be easily accessed and be secured from a range of security threats
The storage area has to be protected by security mechanisms. Access to data will be determined by a system to prevent access from unauthorized personnel or attackers
There will be a system for location of records to facilitate easy access of information by authorized personnel.
Records have to be transmitted securely to ensure they are not accessed by unauthorized people
Destruction of records
Any confidential, private, or sensitive information in papers will be shredded in locked bins before it recycled Digital media storing confidential information will be physically destroyed by crushing or burning to prevent data breaches The company will keep all records as long as they have value. Typically, records are kept for a particular period of time. However, if they are valuable to the company, they will be kept.
Collecting feedback from stakeholders has to be done by managers of various business units. First, stakeholders have to be identified and a plan developed to collect information. A set of communication tool will be leveraged to gather feedback and reactions to the policies and procedures. Feedback can be collected from key staff via formal meetings. Also, members can be questioned in one to one session. External and internal stakeholders that will be affected by the new policies have to be questioned to determine their opinions about the change. The feedback gathering process will involve many strategies and players. Once feedback is gathered, it has to be analyzed to determine the overall perception of the policies.
When gathering feedback, emphasis has to be placed on accurately identifying the needs of the stakeholders. One has to ensure that the staff members are receiving the right kind of questions that they can respond to. Some of the methods that can be leveraged to collect feedback include meetings, suggestion box, and surveys. Through one-on-one meetings, good feedback can be gathered as it is easier for stakeholders to express their views and opinions in a group setting. Using meetings to gather feedback can encourage employees to express their thoughts. A discussion topic has to be integrated into the meeting to influence more stakeholders willing share their views.
A suggestion box may be appropriate in collecting feedback especially in places where employees want to maintain anonymity. Suggestion box allows stakeholders to give their feedback without exposing their identity. It lets the stakeholders know that their opinions are required in the company’s decision-making process.
Employee surveys is also an effective method for collecting feedback from stakeholders. Surveys with over-arching questions will be used to invite clear responses from participants (Poncheri, 2008). A survey that addresses specific topics with key questions is effective in evoking knowledgeable answers. By leveraging on these three methods to collect feedback, managers can collect adequate feedback that is crucial in making informed decisions.
To distribute the new policy and procedures developed, communication strategies have to be leveraged to keep the stakeholders and staff informed. Once the policies are developed, the managers will inform stakeholders. This will let them know that the company has developed new policies and procedures. Managers have to explain why the new policies are important and relevant in the workplace and their impacts on the stakeholders. This will not only inform stakeholders but also help them understand the significance of the policies to the company.
To encourage stakeholder buy-in, managers have to ask stakeholders about their thoughts and views about the new policies and what they can suggest to be included in the policy manual. The feedback given can be incorporated into the policy manual to ensure it aligns with both company and stakeholders’ needs. Involving the stakeholders in reviewing the policies can be key in informing them.
It is essential to organize a meeting with all stakeholders and staff to introduce the new policies and procedures. The meeting provides an opportunity that can be leveraged to reinforce the significance of the new policies and procedures. In the meeting, employees will be given the chance to ask questions about the policies. Managers will respond to any questions regarding the new policies. Additionally, a complete policy manual will be distributed to the stakeholders in hard copy or soft copy to ensure every stakeholder has the policy document.
Some of the policies and procedures developed may need training to ensure staff and stakeholders understand how to apply them. Thus, it would be critical for managers to develop a training program based on the new policies developed. Training sessions can be scheduled to avoid work disruptions but enable the staff to gain an insight into what they are expected to do and how they will conduct themselves.
It is critical for the IT department at Infinite Horizons to implement an access control system to ensure that only authorized access to data. An access control system that incorporates various authentication mechanisms will be implemented to authorize people who can access the data. The system will have an access control list which is used to determine the level of access for each stakeholder. Staff members added to the list are given privileges depending on their roles in the workplace. For example, managers have the privilege to write and modify data while employees have the privilege to read and write data. The access control system is configured to allow access based on the clearance of a user. The system will use various authentication mechanisms including password and PIN. Users have to supply these details to be allowed to access data stored in the company’s servers. Additionally, emphasis has to be placed on logging user activities to determine their operations. With a log system, the management can track people who make changes to the system which is essential in determining attackers.
Physical security mechanisms have to be put in place to safeguard company equipment where customer data is stored. The company will have a secure room where all portable devices such as laptop can be kept. Only authorized people will be allowed to access the room. All portable devices will be kept in the room after work hours. A logging system will also be considered to track people who access the room.
Data encryption is a critical security mechanism for safeguarding data stored in digital media (Chan, 2012). The company will encrypt hard drives and computers that store customer data. Strong encryption programs will be used to protect confidentiality of data. With modern encryption algorithms, the company can safeguard the privacy of the data. Even when hard drives or computers are stolen, encryption can be key in protecting customer information against data breaches.
Revised code of ethics
Public interest: Employees have to work in accordance with the interest of the public.
Client and Employer: Employees have to act in a manner that serves the best interests of their clients and employer.
Product: Employees will deliver the software product with the quality desired by the client.
Treating others: Employees will not give preference to any person.
Privacy: Employees will access private information on computers only when it is necessary. Confidentiality of information is important.
Communication: Employees have to keep clients informed about various IT issues that may affect them such as security maintenance, legal obligations, system monitoring, acceptable use, and sharing of common resources.
System Integrity: Employee has to strive to system integrity by using all appropriate means such as regular software and hardware maintenance, preventing unauthorized access, analyzing levels of system performance, and activity.
Honesty: Employee will be honest about his/her competence and will seek help from others when necessary. He/she will be impartial when providing professional advice and will avoid conflicts of interest. If they arise, he/she will declare them.
Education: Employee has to update his/her technical knowledge and management skills by studying, sharing information with professionals, and training.
Workplace Quality: Employee will focus on achieving and maintaining a safe and conducive workplace for all users.
It is critical for employees to deliver a product that meets the quality standards established by the client. As such, employees will focus on providing a quality product. In the workplace, every staff member is equal. To retain cohesiveness, it is essential for the team members to treat each equally and avoid preferring some members over others to prevent disharmony.
When handling information on the company’s customer systems, both privacy and confidentiality of the data will be considered. Thus, employees will focus on protecting the confidentiality and privacy of data accessed. It is important for the customers to know various issues that can affect them. As such, employees will update customers on the issues that may impact them. In the modern world, new technologies are emerging and are changing many industries. It is therefore important for an employee to remain updated by studying or getting regular training.
It is critical to ensure all stakeholders understand the code of ethics developed. Stakeholders will be required to read and sign a printed version of agreement form. A copy of the code will be given to all stakeholders. The agreement between the company and the employee serves to indicate employee’s commitment to the code of ethics. A digital version of the code will be posted on the company’s website to ensure that all stakeholders can view it. The codes will outline acceptable behavior in the workplace and use a specific language related to the types of stakeholders. A meeting with stakeholders will be conducted to give them a platform to express their opinions and view about the code of ethics. By leveraging on the meeting, the company can collect feedback and determine employee’s perception of the code of ethics established.
Has Infinite Horizons developed a comprehensive code of ethics that provides guidelines to employees?
The code of ethics developed focuses on different ethical aspects of the workplace.
Do you understand code of ethics and has it been applied in the workplace?
The code has not been implemented in the workplace.
Does Infinite Horizons punish employees who breach the code of ethics?
The code of ethics lacks a provision explaining the ramifications of breaching ethics.
Does Infinite Horizons train employees on ethical conduct outlined in the code of ethics?
The company has not developed a training program on ethical conduct.
The key areas that need training include education, privacy, and system integrity. Employees have to be continuously trained to update their technical knowledge as well as management skills which are key in maintaining productivity and improving performance. Training program on acceptable use will be implemented to teach employees how to safeguard the privacy and integrity of customer information when using company’s computer systems (Noe, 2010). Additionally, employees have to be trained to maintain system integrity.
Before conducting the survey, a decision has to be made on the topics that have to be included in the survey to provide information about the staff’s perception of the code of ethics. The questions will be effective in eliciting answers that provide most information (Rattray, 2007). The survey will involve a questionnaire that is anonymous. This will allow the staff members to provide unbiased information and clear opinions. A third party company can be used to conduct the survey to ensure the staff members are anonymous. Through the survey, staff can provide information indicating their level of understanding of the ethical conduct they are expected to adhere to. Generally, the company will collect non-personal information such as staff’s comments about the code of ethics and information about how the code can impact them as individuals.
Employees are required to report misconduct which they are aware of. It is critical for Infinite Horizons to ensure that staff members do this with the full support of their supervisors and colleagues. The company will focus on ensuring that a staff member who acts in good faith is not discriminated or harassed for reporting any misconduct.
Employees will make disclosures about misconduct or malpractice with:
Their department manager
Where a) is unavailable, director of department
Where a) and b) are unavailable, managing director will be approached
If issue is related to fraud, you will report to director of finance department
The procedure allows staff members to disclose malpractices without fear of harassment as a result. Infinite horizons will not allow employees who make disclosures to be harassed or victimized. The company will protect such employees when they disclose a malpractice within the workplace.
The staff member will first contact the department manager. If he believes the manager is involved in the malpractice, he will approach the director of department. This will rely on the sensitivity of the issues and staff members suspected to have been involved in the malpractice. If the director of department is involved, the staff member will approach managing director of the company. If the concern is related to fraud, the director of finance department will be contacted.
The staff member can disclose the issue either in writing or verbally. The disclosure will provide details of the issue including date of occurrence, location of the incident, etc. The staff member also has to explain why he feels concerned about the issue.
Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Noe, R.A., 2010. Employee training and development. McGraw-Hill/Irwin.
Poncheri, R.M., Lindberg, J.T., Thompson, L.F. and Surface, E.A., 2008. A comment on employee surveys: Negativity bias in open-ended responses. Organizational Research Methods, 11(3), pp.614-630.
Rattray, J. and Jones, M.C., 2007. Essential elements of questionnaire design and development. Journal of clinical nursing, 16(2), pp.234-243.
Our Amazing Features
No missing deadline risk
No matter how close the deadline is, you will find quick solutions for your urgent assignments.
100% Plagiarism-free content
All assessments are written by experts based on research and credible sources. It also quality-approved by editors and proofreaders.
500+ subject matter experts
Our team consists of writers and PhD scholars with profound knowledge in their subject of study and deliver A+ quality solution.
Covers all subjects
We offer academic help services for a wide array of subjects.
We care about our students and guarantee the best price in the market to help them avail top academic services that fit any budget.
Getting started with MyEssayAssignmentHelp is FREE