A Question of Ethics: Equifax’s ‘Sorry’ Data Breach Response
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Include any grant/funding information and a complete correspondence address.]
A Questions of Ethics: Equifax’s ‘Sorry’ Data Breach Response
All the companies which take the responsibility to take care and use the personal information of the public have an obligation to protect the public data as one sensible person protects his or her own personal information. Errors are relative to human beings, but some errors where the public interest is at stake, errors are unacceptable and unjustifiable (Ryen, 2004). If we allow some relaxation in this regard because hackers are unpredictable, even then Equifax’ is unjustifiable because the case study reveals that Equifax had no proper setup to protect the information and they kept the information in easily readable plaintext format. The CEO of the company also deserves more criticism and punishment than mere resignation because he hardly showed any serious behavior dealing with the issue. He was unaware of the hacking for five months and he committed a crime to keep the concerned masses unaware for more than five weeks.
If I were the public relations director of the company, I would have suggested taking precautionary measures before the formal announcement of the security breach, but I would have asked the experts to trace the hackers before the announcement of the data. Moreover, I would have suggested announcing the day after the breach was identified that the public should stop sharing their sensitive information as we have noticed some security issues regarding the protection of their information. To keep the masses unaware for more than five weeks was double offense (Slade, & Prinsloo, 2013). Authors of the book Ethical issues in business agree that companies that deal with public information have more obligation to responsibility than they think. Thomas Donaldson claims that such companies should be sued and punished for such negligence.
Being a member of the company’s working committee, I would have suggested to first make a public apology but in a sensible way unlike Smith who just fulfilled a formality saying a simple 'sorry' and get away with that (Donaldson, Werhane, & Cording, 1983). I would have suggested assuring the affected masses that we have updated our saying presenting the updates and to assure them that their information will be recovered along with the hackers. It is true that no explanation could have satisfied the masses, but Smith's attitude was less responsive to deal with the Breach-Issue that I might have suggested to manage in a better way.
Donaldson, T., Werhane, P. H., & Cording, M. (1983). Ethical issues in business (pp. 153-165). New Jersey.
Ryen, A. (2004). Ethical issues. Qualitative research practice, 230-247.
Slade, S., & Prinsloo, P. (2013). Learning analytics: Ethical issues and dilemmas. American Behavioral Scientist, 57(10), 1510-1529.
If you have any queries please write to us
Join our mailing list