BACS3033 Social and Professional Issues

TUTORIAL 6
Answer all the questions:
Tutorial 6: Privacy and Surveillance
Part 1
1. “We have no privacy nowadays. We just have to get over it.”
Do you agree? Debate on the statement above.
Yes, I agree on the statement because everyone able to retrieve someone’s information via the Internet.
Human are social animals so they have a strong need to interact with other people therefore social
media is created. There are a lot of terms of conditions before the individuals are allowed to use that
social media apps like Facebook and most of the people will not read and just proceed. So, they will
not know that what kind of data will be exposed for the Facebook to use in advertisement or selling
the data to other parties. It cannot be avoided therefore individuals just have to get over it by keeping
the security programming be updated. This is because cyberattacks will also cause the individual’s
data from being theft.

2. Do an online research, discuss the following:

i. How our privacy will be exposed when we perform online activities.
Our privacy will be exposed by agreeing the policy in online activities. Before we able to
access to any website or even social medias, they will provide the agreements that require
users to accept in order to proceed. By agreeing these policies, the vendors are able to know
the users’ personal information for another purposes.

ii. Privacy preserving techniques/methods that can be used for big data analytics. (No technical
details required. Discuss the general concepts/approaches of the techniques for preserving
privacy)
- The data should be allowed to stay in its native form without need of transformation and
data analytics can be carried out while ensuring privacy preservation
- New techniques apart from Anonymization must be developed to ensure protection
against key privacy threats which include identity disclosure, discrimination, surveillance
and others.
- Scalable and robust techniques to be developed to handle large scale heterogeneous data
sets

Part 2
3. Read the scenarios below and answer question 2:

Max Brown works in the Department of Alcoholism and Drug Abuse of a north-eastern state. The
agency administers programs for individuals with alcohol and drug problems and maintains huge
databases of information on the clients who use their services. Max has been asked to take a look at
the track records of the treatment programs. He is to put together a report that contains information on
the clients who use their services. Max has been asked to take a look at the track records of the
treatment programs. He is to put together a report that contains information about such factors as
number of clients seen in each program each month for the past five years, length of each client's
treatment, number of clients who return after completion of a program, criminal histories of clients,
and so on.
In order to put together this report, Max has been given access to all files in the agency's mainframe
computer. It takes Max several weeks to find the information he needs because it is located in a
variety of places in the system. As he finds information he downloads it to the computer in his office;
that is, he copies the information from the mainframe onto the hard disk of his office microcomputer.
Under pressure to get the report finished by the deadline, Max finds that he is continuously distracted
at work. He decides that he will have to work at home over the weekend in order to 2
finish on time. This will not be a problem. He copies the information (containing, among other things,
personal information on clients) onto several disks and takes them home. He finishes the report over
the weekend and decides to send it to his office computer by email and fax. He leaves the disks at
home and forgets about them.
Was Max wrong in moving personal information from the mainframe to his office computer?
Yes

Was Max wrong in leaving the disks containing personal information at home?
Yes

What might happen as a result of Max's treatment of the data?

It might be session hijacked by the hacker when sent by email. Max should not copy data from
mainframe to personal property as the data is private and confidential.

Should the agency for which Max works have a policy on use of personal information stored in its
system?
Limited the access control which only let certain staff can be login to mainframe
Set the permission as no copy and paste privilege or transfer files function in the mainframe.
Any staff who uses the mainframe, their activity will be recorded and logged.

What might such a policy specify?

T protect and secure all the private and confidential information.
(i) Describe opt-in and opt-out choices. How were they worded?
Opt-in Opt-out
User will take an affirmative action to offer User will take action to withdraw their
their consent consent
Checkboxes Pre-emptive opt out
When presented with a checkbox, the user Users can uncheck a marked box or undo a
must take action to check the box which confirmation in order to indicate that they are
denotes their consents not interested in the activities that showed to
them

(ii) Why is information about individual so important to organizations? Give example of the uses
of personal information by private and public organizations.
- Improve the quality of products
- Increase profit
- Awareness about competitor
- Control the management
- Improve decision making
- Find the opportunities in market
Private record: It consist of information about the customers which allows the organization to
identify their behaviour for the data mining and marketing purposes. E.g., Credit card
purchase.

Public record
It consists of information about an incident or action reported to a government agency for
purpose of informing the public. E.g., birth certificates, marriage certificates.
(iii) In Malaysia context, briefly explain one legal act in place to protect users’ privacy.
i. Personal Data Protection Act 2010 (PDPA 2010)
- An act to regulate the processing of personal data in commercial transactions and to
provide for matters connected there with an incidental issue.
ii. Malaysian Communication and Multimedia Commission Act 1998
- An act to provide for the establishment of the Malaysia Communications and Multimedia
Commission with powers to supervise and regulate the communications and multimedia
 activities in Malaysia, and to enforce the communications and multimedia laws of
Malaysia and for related matters.

(iv) Identify and proposed TWO (2) methods for protecting privacy in Malaysia.
- Do not reveal personal information to strangers
- Do not use public WIFI
- Do not click on suspicious email or websites

4. Compare and contrast between personal information rights and intellectual property rights. Are they
the same?
Personal information rights Intellectual property rights
A right to protect personal information which is A right that is had by a person or by a company to
defined as any recorded information have exclusive rights to use owns plans and ideas.
Example: Examples:
Copyrights of books and literary works Trademarks
Written and recorded music Patents
Works of art Copyrights
Photographs and images Trade secret

5. Identify the current weaknesses of Malaysia’s Personal Data Protection Act (PDPA).
Authoring and security possible failures
Additional work for teacher to generate tests
Possible technical failures and difficulties to carry out
Automatically mark certain types of exams