Professional Legal and Ethical Issues CPSC 356 Database

Professional, Legal and Ethical Issues CPSC 356 Database Ellen Walker Hiram College (Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)

Data is Valuable • Clickstream data (terabytes) – Data mining for business advantage • Financial transactions (petabytes) • Personal information – Open to identity theft and fraud

Ethical vs. Legal Behavior • Ethics – A set of principles of correct conduct or a theory or a system of moral values • Law – A set of rules enacted by and enforced by a government • Not all ethical behavior is legal • Not all unethical behavior is illegal

Sample (US) Laws with Implications • Sarbanes – Oxley Act • Health Insurance Portability and Accountability Act (HIPAA) • Family Educational Rights and Privacy Act (FERPA)

Sarbanes Oxley Act (SOX) • Goal is to tighten requirements on how companies form boards of directors, interact with auditors and report finances • Created in aftermath of Enron scandal • To comply, companies must consider how data is collected, processed, secured, and reported

Complying with SOX • COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. • COSO is a framework that focuses more narrowly on internal controls, including culture, risk assessment, control activities, reporting and monitoring

Health Insurance Portability and Accountability Act (HIPAA) • Release of patient information requires consent forms – “We can’t tell you anything – we can’t even tell you that we know anything” – Lynn Taylor • Standards for electronic health/medical records and insurance claims • Establishing a nationally recognized identifier (NOT SSN) to be used by all employee health plans • Standards for security of patient data and transactions • Need for a nationally recognized identifier for healthcare providers

Family Educational Rights and Privacy Act (FERPA) • Protects privacy of student educational records • Parents have rights until age 18 or until student graduates from HS, then rights transfer to student • Schools must have written permission from student (or parent if pre-college) to release any information

FERPA Exceptions • Directory information – Name, address, date & place of birth, honors • Designated parties – – School officials with legitimate need to know Other schools to which student transfers Specified officials for audit or evaluation Whoever needs to know for financial aid • Compliance with a judicial order or state law • Health and safety emergencies

Codes of Ethics • ACM Code (see www. acm. org) • BCS code (www. bcs. org) • Areas covered – – Public interest Duty to relevant authority Duty to the profession Professional competence and integrity

Intellectual Property • IP = The product of human creativity in the industrial, scientific, literary and artistic fields • Examples: – – – Invention Program Play Painting Musical composition

Protecting IP • Patent – Very strong protection for limited time, requires disclosure • Copyright – Protects the expression of an idea • Romeo & Juliet vs. “boy loves girl with tragic ending” – Much longer term than patent • Trademark – Protects a word, symbol, image, sound, etc. with regard to a specific company (type of goods)

Trade Secret • A trade secret is protected not by law (no disclosure), but by secrecy • If you can figure it out (by reverseengineering), you can legally use it in your own product – Not by “reading the source code” – Not by theft – Clean room reverse engineering technique

Software • Generally, protected by copyright, but there are software patents – Patent must be for the idea, not the program – Example: pull-down menu • Copyright protects the expression, not the idea – “Look and feel” lawsuits

Software License • • Commercial software (perpetual use) Commercial software (annual fee) Shareware Freeware • Note: only some freeware is open-source; open-source software can still carry a license, e. g. GPL