Decisions regarding information assurance and IT security can affect individuals’ rights and obligations and thereby acquire a moral quality. The same can be said for questions of privacy. This chapter starts by showing how and why information assurance and privacy can become problems worthy of ethical consideration. It demonstrates that there is no simple and linear relationship between ethics and information assurance or between ethics and privacy. Many decisions in the area of IT, however, affect not only one, but both of these subjects. The ethical evaluation of decisions and actions in the area of privacy and security, therefore, is highly complex. This chapter explores the question whether individual responsibility is a useful construct to address ethical issues of this complexity. After introducing a theory of responsibility, this chapter discusses the conditions that a subject of responsibility typically is assumed to fulfill. This chapter will argue that individual human beings lack some of the essential preconditions necessary to be ascribed responsibility. Individuals have neither the power, the knowledge, nor the intellectual capacities to deal successfully with the ethical challenges in the tension of privacy and information assurance. This chapter ends by suggesting that the concept of responsibility, nevertheless, may be useful in this setting, but it would have to be expanded to allow collective entities as subjects.