Exam 15: Information Security Privacy in E-HRM

Correct Answer:

Verified

o With fundamental changes in business models, technology trends, increasingly sophisticated cyber-attacks, followed by complex statutory regulations, information security and privacy have become critically important. What is more, as Morgan (2014, p. 2) states, 'the new rule for the future is going to be, "anything that can be connected, will be connected". This raises the frightening possibility of the information economy becoming extremely vulnerable to criminal mischief with individuals, firms, nations and the global economy having to pay a heavy price in the quest for a connected world.
$\bullet$ Changing business models
$\bullet$ Rapid technology changes
$\bullet$ Rising sophisticated cyber-attacks
$\bullet$ Increasingly complex regulations

Correct Answer:

Verified

o Privacy principles are safeguards to be followed while collecting, using, storing, transferring or deleting the personal data. These privacy principles should be used to guide the design, development and implementation of privacy controls.
$\bullet$ - Consent and choice: PII principals should be given an opportunity to choose how their PII is handled and to allow them to withdraw consent easily and free of charge. There are two types of consent and choice: "Opt-in" and "opt-out". Opt-in consent occurs when PII principal affirmatively and explicitly indicates his/her desire to have their data processed by the organization. Opt-out consent occurs when PII principal implicitly consents by not indicating their disapproval of requested processing. Opt-in consent is generally required for more intrusive processing like handling sensitive personal information, While opt-out consent is appropriate for less intrusive forms of processing like signing up for marketing emails.
$\bullet$ - Purpose legitimacy and specification: Organization should have a legitimate reason to collect personal data and use it only for that purpose. The purpose for which personal data is collected should be specified at or before the time of data collection and subsequent use should be limited to the fulfilment of that purpose or compatible purpose.
$\bullet$ - Collection limitation: There should be limits to the collection of PII data and any collected data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the PII principal.