All computer systems and management information systems are faced with issues to do with the security and privacy of the data stored in them. Privacy concerns computer users due to the fact they store personal information in computerised records which may be accessible to the public if no privacy measures are put in place. Such personal information if obtained by fraudulent persons may be used to the detriment of the owner. Privacy therefore deals with the legal rights of individuals as all persons are entitled to privacy of their personal information. Security on the other hand are the technical and procedural measures that are normally put in place to ensure that there is no unauthorised access or use of data installed in a computer system. It is very important to ensure there is security particularly when it comes to shared computer systems and networks where several users are served at the same time and therefore it is possible for one user to tamper with the information of another user or gaining unauthorised access to data and programs belonging to another (Adam and Wortmann, 1989).
Privacy deals with the situation where an unauthorised person is able to access another person’s information in a computer network or system. This puts the owner of the person in a vulnerable position due to the fact that the person who has accessed the data may use it for purposes that are not in the best interest of the owner. Most organisations collect personal information from individuals for particular reasons. This therefore means that both the organisation and the individual owner of that particular information are normally concerned with the proper use of the information. This has the implication that both the parties are concerned with the privacy of this information in order to ensure that it does not get to the hands of the wrong people who may use it for the wrong reasons (Sweeney, 2002).
Another dimension of privacy is the case where invasion of privacy of an individual’s information may happen when the holder of such information uses it for the wrong purpose. This may lead to the detriment of the individual owner of such information. The holder of the information may also use the information for a purpose other than the one that was intended and this will also amount to invasion of the privacy of the owner of such information. In such a case, there is need to establish an agreement between the owner of the information and the holder of the same that it will only be used for a stated purpose. This means that if the holder uses the information for any other purpose then that will amount to infringement of privacy and therefore the holder will be liable to legal action. This will therefore ensure that the holder is not tempted to use another person’s information for unauthorised purposes (Sweeney, 2002).
The growth of information technology has led to a situation where there is growth of cyber crime such as credit card fraud, manipulation of records, data corruption as well as other computer related crimes. This means that the security of people using computers and those who have their personal information stored in computer networks is compromised. This is due to the fact that other people who are not authorised to access their personal data are able to access it and to use it in ways that may harm the individual owners. In this scenario, security is compromised in terms of the fact that private information may be used for fraud purposes without the consent or knowledge of the owner. This information may also be used to commit crimes where criminals may pose as imposters for example by using their personal information to create fake Identity cards and credit cards. This will lead to a situation where the owner of the information will be labelled a criminal due to criminal acts that they are not even aware of (Taipale, 2003).
Another form of computer security is a case where people, especially programmers, are able to create programs that if they access an individual’s computer, they are able to corrupt the data contained there and therefore cause loss of the same data. These programs are commonly referred to as malware, viruses, worms, or Trojans. These programs normally appear like genuine programs and are disguised in such a way that it is difficult to know they are malware. This means that if a user has not installed any anti-malware or anti-virus programs in their computer then they are prone to attacks by such security threats. This therefore means that it is very important for users to install such programs in their computers in order to avoid such attacks (Alberts and Doroffe, 2003).
It is clear that as development of information technology continues at the current rate, there are increased threats to both the privacy and security of information systems. This is due to the fact that people increasingly store private data in computer networks and therefore they are likely to be affected.
Adam, N.R. & Wortmann, J.C 1989, ‘Security-control methods for statistical databases: A comparative study,’ ACM Computing Surveys (CSUR), vol. 21, no.4, pp. 515 – 556.
Alberts, C. & Doroffe, A 2003, Managing information security risks: the OCTAVEsm approach, Addison-Wesley, Boston, MA.
Sweeney, L 2002, ‘K-anonymity: A model for protecting privacy,’ International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems, vol.10, no.7, pp. 557-570.
Taipale, K.A 2003, ‘Data mining and domestic security: connecting the dots to make sense of data,’ The Columbia Science and Technology Law Review, Vol. 5, no. 2, pp. 5-83.