An Exploration of the Legal and Regulatory Environment of Privacy and Security Through Active Research, Guided Study, Blog Creation, and Discussion

An Exploration of the Legal and Regulatory Environment of Privacy and Security Through Active Research, Guided Study, Blog Creation, and Discussion

Volume 8, Number 52 http://isedj.org/8/52/ July 16, 2010 In this issue: An Exploration of the Legal and Regulatory Environment of Privacy and Security through Active Research, Guided Study, Blog Creation, and Discussion Alan R. Peslak Penn State University Dunmore, PA 18512 USA Abstract: One of the most important topics for today’s information technology professional is the study of legal and regulatory issues as they relate to privacy and security of personal and business data and identification. This manuscript describes the topics and approach taken by the instructors that focuses on independent research of source documents and cases. Posting and review of this research with a blog served as a successful springboard for discussion and analysis of relevant privacy and security issues. The course was piloted in the spring of 2008 and received strong positive feedback. The course was successfully run again in 2009. Review of the process and implications for educators is presented. Keywords: privacy, security, legal and regulatory environment of IT, ethics Recommended Citation: Peslak (2010). An Exploration of the Legal and Regulatory Environment of Privacy and Security through Active Research, Guided Study, Blog Creation, and Discussion. Information Systems Education Journal, 8 (52). http://isedj.org/8/52/. ISSN: 1545-679X. (A preliminary version appears in The Proceedings of ISECON 2009: §4352. ISSN: 1542-7382.) This issue is on the Internet at http://isedj.org/8/52/ ISEDJ 8 (52) Information Systems Education Journal 2 The Information Systems Education Journal (ISEDJ) is a peer-reviewed academic journal published by the Education Special Interest Group (EDSIG) of the Association of Information Technology Professionals (AITP, Chicago, Illinois). • ISSN: 1545-679X. • First issue: 8 Sep 2003. • Title: Information Systems Education Journal. Variants: IS Education Journal; ISEDJ. • Phys- ical format: online. • Publishing frequency: irregular; as each article is approved, it is published immediately and constitutes a complete separate issue of the current volume. • Single issue price: free. • Subscription address: [email protected]. • Subscription price: free. • Electronic access: http://isedj.org/ • Contact person: Don Colton ([email protected]) 2010 AITP Education Special Interest Group Board of Directors Don Colton Thomas N. Janicki Alan R. Peslak Brigham Young Univ Hawaii Univ NC Wilmington Penn State EDSIG President 2007-2008 EDSIG President 2009-2010 Vice President 2010 Scott Hunsinger Michael A. Smith Brenda McAleer George S. Nezlek Appalachian State High Point Univ U Maine Augusta Grand Valley State Membership 2010 Secretary 2010 Treasurer 2010 Director 2009-2010 Patricia Sendall Li-Jen Shannon Michael Battig Mary Lind Merrimack College Sam Houston State St Michael’s College North Carolina A&T Director 2009-2010 Director 2009-2010 Director 2010-2011 Director 2010-2011 Albert L. Harris S. E. Kruck Wendy Ceccucci Kevin Jetton Appalachian St James Madison U Quinnipiac University Texas State JISE Editor ret. JISE Editor Conferences Chair 2010 FITE Liaison 2010 Information Systems Education Journal Editors Don Colton Thomas N. Janicki Alan R. Peslak Scott Hunsinger Professor Associate Professor Associate Professor Assistant Professor BYU Hawaii Univ NC Wilmington Penn State Univ Appalachian State Editor Associate Editor Associate Editor Associate Editor Information Systems Education Journal 2009-2010 Editorial and Review Board Samuel Abraham, Siena Heights Mark Segall, Metropolitan S Denver Brenda McAleer, U Maine Augusta Alan Abrahams, Virginia Tech Patricia Sendall, Merrimack Coll Fortune Mhlanga, Abilene Christian Ronald Babin, Ryerson Univ Li-Jen Shannon, Sam Houston St George Nezlek, Grand Valley St U Michael Battig, St Michael’s C Michael Smith, High Point Univ Anene L. Nnolim, Lawrence Tech Eric Breimer, Siena College Robert Sweeney, South Alabama Monica Parzinger, St Mary’s Univ Gerald DeHondt II, Grand Valley Karthikeyan Umapathy, U N Florida Don Petkov, E Conn State Univ Janet Helwig, Dominican Univ Stuart Varden, Pace University Steve Reames, American Univ BIH Mark Jones, Lock Haven Univ Laurie Werner, Miami University Jack Russell, Northwestern St U Terri Lenox, Westminster Coll Bruce A. White, Quinnipiac Univ Sam Sambasivam, Azusa Pacific U Mary Lind, NC A&T University Charles Woratschek, Robert Morris Bruce M. Saulnier, Quinnipiac Cynthia Martincic, St Vincent C Peter Y. Wu, Robert Morris Univ This paper was in the 2009 cohort from which the top 45% were accepted for journal publication. Acceptance is competitive based on at least three double-blind peer reviews plus additional single- blind reviews by the review board and editors to assess final manuscript quality including the importance of what was said and the clarity of presentation. c Copyright 2010 EDSIG. In the spirit of academic freedom, permission is granted to make and distribute unlimited copies of this issue in its PDF or printed form, so long as the entire document is presented, and it is not modified in any substantial way. c 2010 EDSIG http://isedj.org/8/52/ July 16, 2010 ISEDJ 8 (52) Peslak 3 An Exploration of the Legal and Regulatory Environment of Privacy and Security through Active Research, Guided Study, Blog Creation, and Discussion Alan R. Peslak [email protected] Penn State University Dunmore, Pennsylvania 18512 USA Abstract One of the most important topics for today’s information technology professional is the study of legal and regulatory issues as they relate to privacy and security of personal and business data and identification. This manuscript describes the topics and approach taken by the in- structors that focuses on independent research of source documents and cases. Posting and review of this research with a blog served as a successful springboard for discussion and anal- ysis of relevant privacy and security issues. The course was piloted in the spring of 2008 and received strong positive feedback. The course was successfully run again in 2009. Review of the process and implications for educators is presented. Keywords: Privacy, Security, Legal and Regulatory Environment of IT, Ethics 1. BACKGROUND in the following courses general courses (they are a very small portion of each An area of rising importance for information course): technology professions is the growth of laws and regulations dealing with information and IS 2002.1 – Fundamentals of Information the use of information in society. This in- Systems (Prerequisite: IS 2002.P0) creased importance is mostly seen in rules information security, and regulations regarding the privacy and security of data. But with this increased im- IS 2002.2 – Electronic Business Strategy, portance there has come little guidance on Architecture and Design (Prerequisite: IS how to impart this knowledge to our infor- 2002.1) mation technology students. legal and ethical issues, information pri- One of the key templates for developing in- vacy and security, transborder data formation systems and technology programs flows, information accuracy and error has been IS2002. IS 2002 Model Curriculum handling, disaster planning and recovery, and Guidelines for Undergraduate Degree IS 2002.6 – Networks and Telecommunica- Programs in Information Systems is spon- tion (Prerequisite: IS 2002.4) sored by the Association for Computing Ma- chinery (ACM), Association for Information privacy, security, Systems (AIS), Association of Information Technology Professionals (AITP)and au- IS 2002.P0 – Personal Productivity with IS thored by John T. Gorgone, Gordon B. Davis, Technology Joseph S. Valacich, Heikki Topi, David L. security, Feinstein, and Herbert E. Longenecker, Jr. IS 2002.3 – Information Systems Theory The legal, regulatory, privacy, and security and Practice (Prerequisite: IS 2002.1) related issues are suggested to be covered c 2010 EDSIG http://isedj.org/8/52/ July 16, 2010 ISEDJ 8 (52) Peslak 4 to introduce the societal implications of our university, IST 452 - Legal and Regula- IS and related ethical issues tory Environment of Privacy and Security (3) The short course description is, IST 452 to introduce and explore ethical concepts Legal and Regulatory Environment of Privacy and issues relating to personal and pro- and Security (3) Exploration of legal, regula- fessional behavior tory, public policy, and ethical issues related to introduce, compare, and contrast ethi- to security and privacy for information tech- cal models and approaches nology professionals in public institutions, private enterprise, and IT services. (Penn to explore ethical and social analysis State University, 2008) skills The course is further described in Appendix to consider the nature and existence of A. power The text used for the course the first time it ethical and legal principles and issues; was taught was e-Commerce Law: Issues for ethical considerations of information sys- Business, 1st Edition , John W. Bagby - tems development, planning, implemen- Pennsylvania State University, ISBN-10: tation, 0324106793 ISBN-13: 9780324106794, 600 Pages. The text was used as a general IS 2002.6 – Networks and Telecommunica- guide for the course and also the source for tion (Prerequisite: IS 2002.4) some of the case analyses and discussion. security, privacy, Unfortunately this text is now out of print. We are searching for a new text. IS 2002.2 – Electronic Business Strategy, Architecture and Design (Prerequisite: IS The course was taught at our campus by a 2002.1) single instructor over two terms. The aver- age size of the c;lass

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    24 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us