Data privacy breaches, the most sensational of cyberattacks and the most covered of data ethics issues in the media, amount a tripartite concern that traverses the domains of ethics, information security and law (Lee, W.W. (2014-15). Ethical, Legal & Social Issues. Lecture Notes, Postgraduate Diploma in eHealth Informatics, The University of Hong Kong). Data protection must helplessly go on (because rule is rule per information security policy of the organization or it will at least make data owners and data mangers feel better (perhaps just psychologically)) despite the disappointing or even futile return because hacking continues even with exorbitant spending on cybersecurity. The status quo is symptomatic of the exhibitive cybersecurity expenditure and the outrage aftermath of cyberwars, and caused by our indifference to ethics and our muddled view of the basic concepts central to the understanding of the problem.
A shift of view of ethics, privacy and risk is necessary: Ethics is not just about right and wrong but has a dual function: acting ethically brings benefits and acting unethically backfires. Privacy transcends being alone and it defines a zone of accessibility and is right – infringing that right of someone means affronting that someone’s dignity. Risk is more than physical, financial or legal damages; violating ethics amounts to a new type of risk – ethical risk. This nightmare status quo cries out for an effective remedy. An ethics-based framework is perceived, one that has the effect of lessening the incidence of hacking or making hacking exasperate. Its design is premised on that the result effect of the coupling of ethical doctrines (to persuade against wrong-doings) and ethical actions (to nurture trust). Its aim is to lessen the incidence of hacking or make hacking exasperate so as to relax or soften the demand on data protection and gradually reduce the information security budget and the cost of cyberattacks. Its implementation relies on Ethical Computing (Lee, W. W. (2015). Ethical Computing. In Khosrow-Pour, M. (Ed.), Encyclopedia of Information Science and Technology (3rd ed., Ch. 292, pp. 2991-9)), the practice of Computer Ethics (Johnson, D. G. (2009). Computer Ethics (4th Ed.). Upper Saddle River, NJ: Prentice Hall), and its tools for ethical analysis: Ethical Matrix (to provide an overview of the ethical concerns that the identified stakeholders have with respect to the ethical principles that the stakeholders value) and Hexa-dimension Metric (to enable the user to gain a feel of how the action taken measures up against the six efficiency principles).
This topic should of intrinsic value to lawyers just as much as the IT professionals and the general users.
Editorial Note: The full article appeared in the eNewsletter in June, and the topic was presented to a Hong Kong Academy of Law seminar on 25 June 2019.