278   Chapter 10 • Global, Ethics, and Security Management

              around the special attributes of information itself and the means by which it is transmitted. There
              are also very few institutions that can protect intellectual property rights globally. Thus, ethics
              play a crucial role in governing the use of information. ERP system facilitates easier access to
              vast amounts of corporate data from a single source, thereby making them vulnerable. Very little
              corporate governance exists on how to use or share this information. As such, the principles of
              ethics should influence the development and operations of ERP systems.


              Ethical Principles
              As shown in Figure 10-3, information technology can impact ethics in four ways, which can be
              summarized by means of an acronym, PAPA, which stands for privacy, accuracy, property, and
                         19
              accessibility. Privacy is concerned with how personal information is safeguarded in the system.
              Accuracy requires systems to validate the correctness of the data in the system and who is
              responsible for this accuracy. Property governs who has ownership rights to the information.
              Accessibility is concerned with who has access to what information. The PAPA principles of
              ethics have been tested in a variety of systems in the last 20-plus years and are an important
              influence on the development of information systems. 20
                   What does PAPA have to do with ERP? “If an ERP team leader says ‘I’ve never faced an
              ethical issue,’ they’re not living in the real world,” said Larry Ponemon, chairman and founder of
              the Ponemon Institute, a security and privacy research think-tank based in Tucson, Arizona. 21
              ERPs have the capability to access and provide detailed information on various aspects of
              business and customers from the databases. PAPA can provide some guidelines for implementa-
              tion and operation of ERP in organizations. The TJX example that follows highlights how a
              small security breach can create havoc with the privacy of millions of users in today’s digital
              economy.  Unless  ERP  users  are  knowledgeable  with  privacy  regulations  and  take  active
              measures to protect their privacy, frauds like identity theft will keep rising.

                                                   Privacy






                              Access                                   Accuracy







                                              Property Rights
                              FIGURE 10-3 Ethical Framework.




              19  Mason, R. (1986). Four Ethical Issues of the Information Age. MIS Quarterly, 10 (1), 5–12.
              20  Peslak, A. R. (Spring 2006). PAPA Revisited: A Current Empirical Study Of The Mason Framework. The Journal of
              Computer Information Systems, 46 (3), 117.
              21  Levinson, M. (March 1, 2005). Ask the Ethicist, CIO Magazine. www.cio.com/archive/030105/ethics.html (accessed
              January 15, 2007).