Unit 5: Database Management System
DBMS 2: Security, Privacy, Ethics & Business Impact
ICT 110: IT for Business
🎯 Session Overview (1 Hour)
This session covers the critical challenges and responsibilities of managing business data securely, privately, and ethically.
- ✅ 0-15 min: Why Data Security & Privacy Matter to Business
- ✅ 15-30 min: The CIA Triad & Common Threats
- ✅ 30-45 min: Data Privacy, PII, & Regulatory Compliance
- ✅ 45-60 min: Ethical Frameworks & Department Responsibilities
The Big Data Paradox ⚖️
Promise: Big Data transforms business through insights, efficiency, and innovation.
Challenge: More data = More risk to privacy, security, and ethical boundaries.
The Question Every Business Must Answer:
How do we harness data power while protecting people and maintaining trust?
Why Data Security Matters to Business 💼
Protecting Core Assets 🏦
- Finance: Fraud prevention, account security
- Operations: Intellectual property (formulas, designs)
- HR: Confidential employee & payroll data
Cost of Breach: Financial loss + legal penalties
Maintaining Trust & Reputation 🤝
- One breach can destroy years of loyalty
- Ethical data handling = Competitive advantage
- Ensures business continuity
Cost of Breach: Lost customers, brand damage
The Foundation: The CIA Triad 🔐
A framework for all information security policies within an organization.
Confidentiality 🤫
Data accessible only to authorized individuals.
Example: Only HR managers see salaries.
Integrity ✏️
Data accuracy & consistency throughout its lifecycle.
Example: Financial transactions can't be altered without audit trail.
Availability ⚡
Data is accessible when needed by authorized users.
Example: Inventory systems online 24/7 during peak season.
Common Security Threats 🚨
The Threats
- Phishing & Social Engineering
Tricking employees into revealing secrets.
- Ransomware
Encrypting data and demanding payment.
- Insider Threats
Employees misusing authorized access.
- Weak Passwords
Easy-to-guess credentials.
Business Impact
- 🎯 Finance: Access to bank accounts, fraud.
- ⚙️ Operations: Production shutdown, supply chain halted.
- 👥 HR: Employee records leaked publicly.
- 📊 All: Strategic plans, customer lists, financial reports exposed.
Defense Strategies 🛡️
How organizations protect the CIA Triad:
- 🔑 Access Control: Limit access based on "least privilege" principle. Only those who need it, get it.
- 🔒 Encryption: Convert data into code to prevent unauthorized access (in transit & at rest).
- 🔄 Backups & Recovery: Regular copies ensure restoration if data is lost or stolen.
- 👁️ Monitoring & Audits: Track who accesses what and when; detect anomalies.
- 📚 Employee Training: Most breaches are human error; awareness prevents many threats.
Example - Role-Based Access: A Finance person can edit ledgers but only view HR data. An HR Manager can edit employee records but only view budgets.
Transition: Security vs. Privacy 🔄
These terms are related but different:
- Data Security: Protecting data from unauthorized access.
- Data Privacy: Who has authorized access and how they can use it.
You can have security without privacy (a bank secures customer data, but uses it freely). You cannot have privacy without security.
Understanding Data Privacy 🔐
Personally Identifiable Information (PII): Any data that could identify a specific individual.
Examples Across Business Functions:
Human Resources 👥
- Citizenship Number
- Home Address
- Bank Details
- Performance Reviews
Marketing 🎯
- Customer Name
- Email Address
- Purchase History
- IP Address
Finance 💰
- Credit Card Numbers
- Loan Application Data
- PAN Number
- Investment Details
Legal vs. Ethical: The Key Distinction ⚖️
Critical: Just because you can use data doesn't mean you should.
Legal ✅
Following regulations (Nepal's Privacy Act, GDPR, NRB rules).
Scenario: A 20-page privacy policy allows selling customer data. Legally compliant. ✓
Ethical 💬
Moral principles: transparency & fairness with people's data.
Scenario: Is it ethical if customers don't understand they're being tracked? Trust erodes. ✗
Best Practice: Be transparent and fair. Ethical behavior builds trust and long-term value.
The PAPA Ethical Framework 📋
Use this framework when making data decisions:
- Privacy: What information do people have to reveal about themselves?
- Accuracy: Who ensures information is authentic and faithful?
- Property: Who owns the data and can transfer it?
- Accessibility: Who has a right to access this information?
Finance Example: A bank uses AI to approve loans. AI learns from historical data and starts denying qualified applicants from a specific neighborhood.
PAPA Violations: Accuracy (biased learning) & Accessibility (unfair lending).
Big Data's Ethical Challenges 📊
More data doesn't just mean more opportunity for insights — it means more ethical responsibility.
Technical Challenges
- Data quality (Veracity problem)
- Integrating diverse sources
- Storage & security costs
Ethical & Privacy Concerns
- Privacy: How is personal data collected and used?
- Bias: Does analysis reinforce social biases (hiring, lending, marketing)?
- Transparency: Do people know how their data makes decisions about them?
Data Governance: A Team Sport 🤝
Every department has data responsibilities:
Finance & Accounting 💰
- Ensure integrity of financial reports
- Implement fraud prevention controls
- Comply with financial regulations
Human Resources 👥
- Protect sensitive employee PII
- Ensure fairness in AI recruiting tools
- Manage access on need-to-know basis
Operations & Supply Chain ⚙️
- Secure supplier & partner data
- Protect proprietary processes
- Ensure system availability
Marketing & Sales 🎯
- Be transparent about data collection
- Respect customer consent & preferences
- Secure the CRM database
Real-World: Nepal Companies Data Management 🇳🇵
eSewa (FinTech)
Focus: Confidentiality & Integrity
Protects user transactions, KYC details, and bank links per Nepal Rastra Bank compliance. Security is their business.
Daraz (E-commerce)
Focus: Privacy & Availability
Secures millions of customer records, payment details, purchase histories. Ethical use of recommendation data is critical.
CG Foods (Manufacturing)
Focus: Integrity & Property
Protects trade secrets (Wai Wai formula), distribution network data, and supplier contracts from competitors.
Case Study: A Data Dilemma 🤔
The Scenario
A junior marketing analyst asks an HR contact for a list of all employees who took maternity/paternity leave in the last year. She wants to send them a parenting product promotion.
Discussion Points:
- Security Risk: Unauthorized access by non-HR staff?
- Ethical Problem: Using HR data (intended for HR use) for Marketing (different purpose)?
- Privacy Violation: Did employees consent to receive ads based on their leave status?
- Your Response: How would you handle this as a manager?
📌 Session Takeaways
- 1️⃣ CIA Triad Foundation: Confidentiality, Integrity, Availability are the basis of all data security policies.
- 2️⃣ Threats Are Real: Phishing, ransomware, and insider threats cost businesses millions every year.
- 3️⃣ Security ≠ Privacy: You can be secure but not private, but never private without security.
- 4️⃣ Legal ≠ Ethical: Regulations set the floor. Ethical conduct builds trust and long-term value.
- 5️⃣ Team Responsibility: Every department (Finance, HR, Operations, Marketing) has a role in data governance.
- 6️⃣ PAPA Framework: Use Privacy, Accuracy, Property, Accessibility when making data decisions.
The Big Picture 🎯
Data is Power. But power comes with responsibility.
Organizations that:
- ✅ Store data securely (CIA Triad)
- ✅ Respect privacy (transparency, consent)
- ✅ Make ethical decisions (PAPA framework)
...build trust, comply with regulations, and gain competitive advantage through responsible data use.