Page 323 -
P. 323
Chapter 10 • Global, Ethics, and Security Management 281
PROPERTY The property principle of ethics makes organizations realize that they are not the
ultimate owners of the information collected on individuals. Consumers give organizations their
information on a condition that they will be guardians of this property and will use it according
to the permission granted to them. Organizations do not have a right to share information collect-
ed without getting explicit permission from the user. Sharing information in the digital economy
is very easy with the advent of data warehouses, networks, and Internet. In addition to informa-
tion sharing, property rights extend to issues of piracy that can involve copyrights, trademarks,
and other intellectual rights issues.
Although a comprehensive look at property rights is beyond the scope of this book, ERP
systems can be a double-edged sword when it comes to information property rights. On the bad
side, ERP systems facilitate the process of sharing information easily by integrating information
within the organization and across organizations. If implemented without proper controls, ERP
can make it hard to safeguard information. On the good side, ERP systems can enforce corporate
policy on data sharing consistently and embed best practices that can highlight the property
rights issue in an organization.
With the vast ability to store data in corporate databases, and with the growth of online
transactions, organizations are tested on data property rights by various stakeholders. For exam-
ple, in 2006, the U.S. Department of Justice wanted to compel Internet search giant Google to
share records that detail millions of Internet searches. 25 Google denied requests for the data
under the Child Online Protection Act (COPA), which protects children from online pornogra-
phy. Given revelations about illegal wiretaps and state spying on American citizens, Google
refused to share this data because the government was planning to use the data to conduct an
experiment to show that Internet porn filters were ineffective. Access to data held by Google and
the other main search engines was not going to target named individuals, but a data mining
operation to detect pornographic activity against children. With the passage of the Patriot Act the
U.S. government has gained access to vast databases of telephone records and e-mails provided
to it by airlines and telecommunications companies, and the government was not doing the same
with Internet search engine companies. The user data collected by Google is among its greatest
assets due to the revenue it raises from targeted advertising and other services.
ACCESSIBILITY The accessibility principle of ethics forces organization to have proper
controls for authorization and authentication. ERP implementation teams must ensure that infor-
mation stored in the databases about employees, customers, and other partners is accessible only
to those who have the right to see and use this information. Adequate security and controls must
be in place within the ERP system to prevent unauthorized access. More details on authorization
controls will be covered later in the security section, but an organization needs to develop a wide
policy on accessibility before implementing ERP.
In the information society, organizations need to balance the needs of the workers who need
access to vast amounts of data to make good decisions with the needs of society, which is increas-
ingly hostile when data privacy rules are violated. In addition, hacking, snooping, and other
fraudulent access to data are a big concern to organizations. There has been a recent surge in iden-
26
tity theft crimes to $55.7 billion in the United States, where hackers steal individual profile data
to open bank accounts and credit cards, apply for loans and driving licenses, and conduct
25 Hafner, K., and Richtel, M. (January 20, 2006). San Jose Mercury News.
26 Identity Theft Resource Center. www.idtheftcenter.org/ (accessed February 10, 2007).
