This chapter will deal with issues of privacy, societal, and ethical concerns in enterprise security. Security for a company is defined as protecting a company from attack. Yet, the soft side of this attack deals with protecting the privacy of those clients, vendors, and employees from invaders. Privacy of individual’s data must be considered both internally and externally. Laws protecting corporations and individuals need to be understood to keep a company from being liable for infringements of unprotected data. Companies who are not up-to-date on the laws will find themselves facing litigation in various forms. The ethical side of security is a much more nebulous area for an enterprise to deal with. Companies need to understand where ethics fits into the processes for security protection. This chapter will briefly discuss these ethical and privacy issues that an enterprise must address and processes that need to be in place.
There have been many definitions of privacy over the years. One of the early definitions of privacy was forwarded by Louis Brandeis and Samuel Warren in a Harvard Law Review article. They concurred that the right to privacy was different from legal rights. They believed that it measured the amount of solitude in one’s life. They believed in the “…right to be let alone” (Brandeis & Warren, 1890). Their definition, however, is rather broad and nebulous. In a more recent journal, Ruth Gavison (1984) defines privacy as the limitation of other people’s access to individuals. Her definition has three points: secrecy, anonymity, and solitude. Spinello states that “Anonymity is protection from undesired attention; solitude is the lack of physical proximity to others; and secrecy (or confidentiality) involves limiting the dissemination of knowledge about oneself” (Spinello, 2006).
Many authors have begun to re-examine the concept of privacy itself. Tavani and Moor have stated that the control of personal data is insufficient to establish or protect privacy. They believe that “…the concept of privacy itself is best defined in terms of restricted access, not control” (Tavani & Moor, 2001). Nissenbaum has also defined privacy with aspects of “privacy in public” (Nissenbaum, 1998). As can be seen from this short account of author’s statements, privacy is a very complex issue. Companies must begin to understand and appreciate this complexity in order to deal with privacy within the enterprise.
Most of the general public regards privacy as a “right.” Charles Fried expounded the concept of control theory stating that “…one has privacy if and only if one has control over information about oneself” (Fried, 1894). Most philosophers have viewed privacy as essential in society as a mechanism for individuals to pursue relationships, work, and play. Individuals in society are limited if there is a fear of a loss of privacy. Individual behavior that is controlled by others through information collected without permission can cause an extrinsic loss of freedom. This kind of control can deprive individuals of jobs, job promotions, raises, refusal of loans, and other similar actions.
Intrinsic loss of freedom comes about when people behave in a different manner when they are being monitored, watched, or spied upon. The public normally responds to these types of actions with anger, suspicion, and loss of spontaneity. Where does privacy fit in an information age? Privacy is therefore, considered to be a social idea Mason, 2006.