Ethics and Legal Considerations in Handling Confidential Consumer Information: 899334

Ethical and legal responsibilities of a company in designing and implementing security protocols to its systems

            Information security is fundamental within any organization since it ensures the safety of customers information from access or use by unauthorized persons, disclosure and destruction. In order to ensure the safety of customer information a company has legal and ethical responsibilities in designing and implementing security protocols to its systems. The legal and ethical responsibilities include, the company has the responsibility to secure its wide area network (WAN). By doing so the company is able to secure connections within all of its branches. Similarly, the restriction ensures that data get to the intended recipient avoiding access by unauthorized persons. In addition, the company has the responsibility to use virtual connections (VPN). The connections are routed through the internet to connect the company with its customers. The virtual connections help the company to reduce chances of being exposed to virus threats as well as hackers’ threats, by securing the network between the companies and their consumers (Kaidry & Khaled, 2008). The companies also have the right to use the local area network (LAN). LAN allows for offices to work in a systematic manner ensuring data organization, security and protection of data communication. The systematic analysis allows system protection since the process ensures care of computers, servers and control of systems such as Active Directory (AD) and Windows Server Update Services (WSUS).

Ethical and legal issues for consideration in determining the response to compromised confidential consumer information

            The company should consider several factors while determining the response to develop concerning the confidentiality of their consumer information. Among the key consideration include, the privacy of the customers data. Governments have developed legal guidelines to protect consumer information from being used for marketing services maintaining consumer information confidentiality. The company should therefore assure the customers of the confidentiality of their information in accordance with the law (Miltgen, 2009). In addition, the company should assure the customers the security against identity theft. The company must assure that the customers data is free from access by unauthorized who might misuse the data by committing crime using the information obtained. Similarly, the information security professionals should be aware of laws and regulations of various states on information security to avoid contradiction and ensure compliance. The knowledge is necessary since the use of internet makes the company services to be global and should comply with global regulations on data management and security. In consideration of ethical issues, the information security team should consider ethical differences among various cultures. The response should comply with various cultures and ethical behaviors. Furthermore, the company should consider the misuse of corporate resources for personal use. The company should develop measures to curb the misuse of corporate data for personal use as a way of avoiding manipulation of customer information.

Effects of breaching laws that mandate disclosure of any loss of consumer


Positive effects

            Breaching laws have been developed that demand that consumers be notified upon the loss of confidential or following theft of their information. The laws do have several positive impacts as follows, one the laws allow the consumers to take action following their lost or stolen information. The knowledge also helps the customer to lower the effect of the lost information (Romanosky, Sharp & Acquisti, 2010). The reduction of the effect developed by the leaked information lowers the cost incurred by the company while trying to adjust the mistake made. The breaching laws also ensures that a company improves its information security following cost incurred following information loss. As a result, the company enacts safety measures to prevents the possibility of information loss or theft in future.

Negative effects

            The breaching law also have negative effects on the other hand. The effects are as discussed below. The law leads the company to incur unnecessary costs resulting to losses. The cost develops from the notification being made to the customers and in catering for the fines developed following the lost or stolen information (Ablon, Heaton, Lavery & Romanosky, 2016). In addition, the disclosure of the information loss may cause psychological effects to the customers preventing them from making rational decisions on how to coup with the problem at hand. The disclosure may also lower the market value of a company since customers would develop doubts on the company transparency declining their loyalty to the company. The decline in market value would result to further losses within the company. In addition, the development of the information loss within the media platforms damages the company reputation resulting to financial loss due to poor market performance (Yildirim, 2016).


Ablon, L., Heaton, P., Lavery, C. & Romanonsky, S. (2016) Consumer attitudes towards data      breach             notifications and loss of personal information. Rand Corporation, pp. 1-57

 Kardry, S. & Hassan, W. (2008). Design and implementation off system and network      security for an enterprise with worldwide branches. Journal of theoretical and applied            information technology, pp. 111-118. Retrieved from

Miltgen, L. (2009). Online consumer privacy concern and willingness to provide personal data on the internet. International journal of networking and virtual organization, Vol.     6 Issue 6, pp. 574-603

Romanonsky, S., Sharp, R. & Acquisti, A. (2010). Data Breaches and Identity Theft: When is      mandatory disclosure optimal? pp. 2-34.

Yildirim, Y. (2016). The importance of risk management in information security. Proceeding        of the IIER international conference, Rio de Janeiro, 29th-30th November 2016, pp. 5-   8