Privacy Policy and Security

Question: Write a report about the implications of the current privacy policy of a relatively new company names net movies that is planning on competing with the movie rental services like the Netflix and big pond movies. Answer: Introduction The report is about the implications of the current privacy policy of a relatively new company names net movies that is planning on competing with the movie rental services like the Netflix and big pond movies. So the importance of privacy policy and the implications of hasty or incomplete policies is the most important part of the report. There is also the suggestion of the experts regarding the proper privacy policy and the wording and spirit of the current legislation that is to be maintained by the company to remain legal. Thus the company needs to review their privacy policy and make sure that it is in accordance with all the national legislation and the information on the privacy policy is provided to the customers so that they are aware of the security of the information about their details that they submit to the site to rent a blu ray or DVD. So the importance of the proper privacy policy that is in accordance with all the legislation and the reassurance of the company to th e customers through their website about the security measures that are employed to protect the information of the clients. So this report is an accounting of the current system of information security of the website and the suggestions for the betterment of the security and to make sure that the changes that are required are according to the law (Bennett and Raab, 2003). So this report can be roughly divided in two parts one of which is the accounting of the current system employed by the company and the current law and legislation regarding the matter. And the next part is the possible changes to the company statement and the policy that is employed by the company. So the current policy and the shortcomings of the same is described below. Assessment 1 Legislation regarding personal information The current privacy policy of the company net movies is a hastily drawn up paragraph about the information security of the customers so it is wholly inadequate to make sure that the privacy policy is in accordance with the current legislation of the country. Privacy act 1988- is the main basis of the way any information of the personal variety is handles in Australia and it is handled by any individual or an organization and this law prevents the use of the personal information of the clients for advertising purposes and other gain of the company or individual and to use the information to benefit the customer and provide them with more help in informing them of the facilities offered by the company prior information from the individual is necessary (Internet privacy, 2000). But the current movement of the government to implement some changes the in the privacy protocols of the country will affect significantly the privacy policy of the company and the way the information about the clients is handled by the company. These changes in the law will enable the government to observe the internet activities of the citizens and in effect the companies will be helpless to protect the privacy of the clients. So this step will definitely force all the company including net movies to change their privacy policy to inform the customers that their personal information is accessible by the government. So according to the new law or changes to the privacy act 1988 the information security of the citizens of Australia will become nonexistent. So the company should take steps to inform the customers of the implications of the new government policy and also at the same time reassure them if they are not taking part of any illegal activity in the internet they should not w orry as the government will not release the browsing history or the other personal information to the public. Assessment 2 Training methods Addressed to CEO The distribution of the current procedures of the privacy of the customers should be first given as a form of instruction to the billing and call centre staff to make sure that the queries and of the customers are answered correctly and the different billing systems of the website and the administrators are aware of the changes in the policy to make sure that the customers are informed about them after making the choice of availing the product of the company (Nissenbaum, 2010). The coordination of the training of the different personnel is also very important as the customer care executive and the billing staff who are responsible for interacting with the customers are main component of the company who need to become aware of the changes first and they need to have this done by them in the way of the training course where the basics of the new procedures are hammered into them and any additional information given to them in forms of information sheets. The rest of the staff can be given information but they do not need the intense training as they do not directly interact with the customers. The supervisor or the managerial staff need to keep close watch on the operations of the organization for some time after the training on the new procedures are done to make sure that the training has taken root and the employees are having no difficulty in the implementation of the new policies. The customer responses and queries need to be kept track of to make sure that the customers are informed correctly about the new procedure. Assessment 3 Policies and procedures The copyright policy is one of the most important parts of the equation for the net movies company as they rent movies and the unauthorized transfer of said movies can harm the movie company and the reputation of the renting company as the renting company has the duty to make sure that the security of the intellectual rights of the movie makers and the company is not violated by the customers. So the customers need to be informed in clear terms about the policy of the company to make sure that the rented movie is not shared with anyone else (Privacy policy, 2001). Company ethical policy is comprised of the companys responsibility to make sure that the information given to the company by the customers is not misused in any condition. So the job of the company is not only to ensure that the data or the personal information of the client but also make the customer aware of the companys efforts to protect their privacy which is bound to increase faith in the customer and the relationship between the customer and the company will benefit from the move (You, your privacy policy and COPPA, 2002). There is need of a code of ethics that needs to be implemented to reassure the customers to make them aware of the efforts of the company on their behalf. The data security act makes the keeping all the information hidden impossible but except from the government intervention the privacy should be secure and this should be the first point of the code of ethics. Except for cases of national security the information of the customers will not be shared with any organization or individual. The access to the payment information will be limited to the customer only. The employees will be well informed to make sure to answer queries of the customers. Assessment 5 Grievance policy A proper grievance policy is required by the organization to meet with the demands of the customers about breach of contract by the employees of the company. The case that is described in the scenario where the employee of the organization made some clams about late fees without any proper advise from the company and the company in turn when enquired after the dispute the staff promptly refused to acknowledge the fact that he ever made such a claim (Roleff, 2011). So the company decided on a grievance policy that will take care of future problems of this type and many others with a proper set of guidelines. So the first point of the new policy is to not allow any such claims and advise customers to ask for written proof before they believe any such claim. The next step should be allowing the customer to avail the offer that has been offered by the staff of the company. So the issue of customer grievance is addressed and in case the order have been legitimately given by the company th e policy ends here. But if the staff had unlawfully given the offer to the customer then an investigation on the intent of the staff will be carried out and if the motivation behind the step is found to be personal profit then the disciplinary action should be taken against the staff (Ballentine and Nitzschke, 2003). Conclusion All the assessments concerning the company net movies have been addressed and the proper steps outlined where necessary. There is also the point of making sure the companys new policies are in accordance with the local and national law and the pertinent national law and the possible changes in the said law are mentioned in the report (Munro, 1982). Thus the report that is to be submitted to the CEO is complete. Assessment 4 Proposal for IT system This is a proposal of the seller of computer to the company freedom franchise that require the assistance of the different company to provide them with an IT infrastructure. The company that is making the offer is based on another store that has the availability of discounted items. Thus the offer should look like the following: The company has the need for three different systems of the computers with the different specifications one of them is to be the managers with full administrative rights and the computer should be the centre of the hub that is the office and the central data repository should be situated in this computer and the other computers should be connected to the system with wired or wireless network connection. The computer that we will supply the manager will be more powerful than that of the staff and will have considerably more computing power. The computers for the staff will be not as powerful but powerful enough to access the information stored and do word processing and document checking and editing. There will be need for the Microsoft office suite which will be most efficient and most used of the office tools and if one disk of the suite is purchased then the same can be used for the sales staff as the power point presentation is part of the office suite and the other additional software that needs to be bought are also part of the all three types of computers. For the sales staff the computers need to be of the same quality as the ADMIN computers as they will also need access to the same soft wares and the other additional features like power point. The following table is the specification of the computers and the numbers and the final p[rice of all the devices along with labour charges. Device name number specs Price(A$) Managers computer 1 4gb ram,1TB hard disk, intel processor mother board 199 Administrator computer 5 2 gb ram 160 gb HDD intel processor motherboard 159 Sales peoples computer 2 2 gb ram 160 gb HDD intel processor motherboard 159 Windows 7 1 ultimate 59 Adobe suite 1 14.9 MS office suite 1 2010 19 Assessment 6 A. security review The risk to a normal e commerce website is mainly concerned with the security of the clients and the security of the payment system. The payment information have a high chance of being abused by the staff members so the system of payment and approval of goods sold needs to be computerised to put the workers of the company out of the way of temptation. So there is the notion of not approved payment and most of the banks and finance companies take time to address the issue and make sure the client is eligible before making them part of the customer base. So there is the option of the taking help form the payers mode of payment to support the function in the site. B. Password policies The pass word policies in the organization needs to be strict and the organization is based on the different level of access that is based on the rank of the employee and the storage of sensitive information of the highest level on the basis of the distinction. So the password gives different level of access from guest to administrator and many steps in between. The manager of the company needs to give the staff only one password each and advice them to destroy the documentation to discourage copying. And thus every employee with their own password will be able to access the system and their activities can be monitor to ensure the safety of the organization. C. management review process The management risk review process is comprised of few necessary steps and the organization is based on the net movies which is the organization chosen. This review is divided in various steps which are: Assessment of the risks to the system. Segment them according to importance Plan mitigation strategy for the higher level risks first and then work to the lower level risks afterward. These steps are necessary to any organization under risk. In the case of the net movies the indiscripency of personal information sharing statement is the matter of dispute and it needs to be changed by alerting to the customers about the government intervention and make sure that all facets of the connected legislation is given for the reference of the customer. References Ballentine, K. and Nitzschke, H. (2003).Beyond greed and grievance. New York: International Peace Academy. Bennett, C. and Raab, C. (2003).The governance of privacy. Aldershot: Ashgate. Grant, R. and Bennett, C. (1999).Visions of privacy. Toronto, Ont.: University of Toronto Press. Internet privacy. (2000). Washington, D.C. (P.O. Box 37050, Washington 20013): The Office. King, D., Lee, J. (2000).Electronic commerce: a managerial perspective(Vol. 1). Upper Saddle River, NJ: Prentice Hall. Lawson, J. (1998).How to develop a personnel policy manual. New York: AMACOM. Munro, R. (1982).Grievance arbitration procedure. Tarrytown, NY: Associated Faculty Press. Nissenbaum, H. (2010).Privacy in context. Stanford, Calif.: Stanford Law Books. Privacy policy. (2001). [Topeka, Kan.]: [Consumer Protection/Antitrust Division, Office of the Attorney General]. Regan, P. (1995).Legislating privacy. Chapel Hill: University of North Carolina Press. Roleff, T. (2011).Privacy. Detroit, MI: Greenhaven Press. You, your privacy policy and COPPA. (2002). [Washington, D.C.]: Federal Trade Commission, Bureau of Consumer Protection.