An Ethics-Based Remedy for Clamping Down Data Privacy Breaches

Data privacy breaches, the most sensational of cyberattacks and the most covered of data ethics issues in the media, amount a tripartite concern that traverses the domains of ethics, information security and law (Lee, W.W. (2014-15). Ethical, Legal & Social Issues. Lecture Notes, Postgraduate Diploma in eHealth Informatics, The University of Hong Kong). Data protection must helplessly go on (because rule is rule per information security policy of the organization or it will at least make data owners and data mangers feel better (perhaps just psychologically)) despite the disappointing or even futile return because hacking continues even with exorbitant spending on cybersecurity. The status quo is symptomatic of the exhibitive cybersecurity expenditure and the outrage aftermath of cyberwars, and caused by our indifference to ethics and our muddled view of the basic concepts central to the understanding of the problem.

A shift of view of ethics, privacy and risk is necessary: Ethics is not just about right and wrong but has a dual function: acting ethically brings benefits and acting unethically backfires. Privacy transcends being alone and it defines a zone of accessibility and is right – infringing that right of someone means affronting that someone’s dignity. Risk is more than physical, financial or legal damages; violating ethics amounts to a new type of risk – ethical risk. This nightmare status quo cries out for an effective remedy. An ethics-based framework is perceived, one that has the effect of lessening the incidence of hacking or making hacking exasperate. Its design is premised on that the result effect of the coupling of ethical doctrines (to persuade against wrong-doings) and ethical actions (to nurture trust). Its aim is to lessen the incidence of hacking or make hacking exasperate so as to relax or soften the demand on data protection and gradually reduce the information security budget and the cost of cyberattacks. Its implementation relies on Ethical Computing (Lee, W. W. (2015). Ethical Computing. In Khosrow-Pour, M. (Ed.), Encyclopedia of Information Science and Technology (3rd ed., Ch. 292, pp. 2991-9)), the practice of Computer Ethics (Johnson, D. G. (2009). Computer Ethics (4th Ed.). Upper Saddle River, NJ: Prentice Hall), and its tools for ethical analysis: Ethical Matrix (to provide an overview of the ethical concerns that the identified stakeholders have with respect to the ethical principles that the stakeholders value) and Hexa-dimension Metric (to enable the user to gain a feel of how the action taken measures up against the six efficiency principles).

This topic should of intrinsic value to lawyers just as much as the IT professionals and the general users.

Editorial Note: The full article appeared in the eNewsletter in June, and the topic was presented to a Hong Kong Academy of Law seminar on 25 June 2019.


President of the Computer Ethics Society

Professor Wanbil W. Lee is a cyberethics evangelist, Founder and President of The Computer Ethics Society, and Principal of Wanbil & Associates. He is also Co-founder of The Hong Kong Computer Society, Advisory Board Member of the European Centre of eCommerce & Internet Law, and Member of the Nous Global International Experts Network. Professor Lee sits on committees or advisory boards of several professional bodies, government agencies and editorial boards. His experience spans business, government and higher education; his education embraces Mathematics, Computing and Management. He evangelizes through publishing his work on Ethical Computing and Cybersecurity, teaching the subject Computer Ethics at undergraduate and postgraduate levels, consulting, training or speaking to various organizations including the Hong Kong Police Force, the Office of the Government Chief Information Officer, the Hong Kong Jockey Cub, Commonwealth Bank of Australia, the China Light & Power Co. Ltd. (CLP), the University of Vienna Faculty of Law, the University of Newcastle School of Electrical Engineering and Computer Science, Australia, the Institution of Engineering and Technology, the Hong Kong Institution of Engineers, the Hong Kong Computer Society, the Law Society of Hong Kong, and international conferences on Info-security, etc.