Whenever a user travels the cyber space, (s)he leaves his/her identity at almost every step of the way (Privacy Rights Clearing House, 2006). Whether one is signing up for internet service with Internet Service Provider (ISP), sending emails, browsing internet sites, or using a search engine to locate required information, the identity of the machine is being shared, and it can be misused by someone masquerading as someone else (Webliminal.com, 2007). There is a growing concern about the security of personal and private information over internet and web based applications; spy-ware, viruses, worms, trojans and information leakage through social engineering are all evils generated one way or the other by internet. In addition, many businesses gather and store personal information of the potential new and existing customers in their systems which give rise to privacy and information security issues. When anyone attempts to make a payment online using credit cards and other instruments, the security and confidentiality of the transaction is perhaps, the biggest concern.
As a result, the consumers' trust on the web based applications has declined. ...
Several techniques have been developed to ensure security of private information over the internet and to mitigate the risk of personal information misuse. A formal security policy governs the management's ideology, direction and operating procedures towards ensuring security and privacy of information. Many organisations now employ encryption mechanism like Secure Socket Layer (SSL) for transmission security and Digital Certificates to ensure non-repudiation and third party assurance in the form of digital certificate (Newmann, 2003). Several privacy laws and regulations have been developed to regain customers' trust over e-commerce systems and online information sharing. The most accepted standard for ensuring information security and privacy is the British Standard Institute (BSI) guidelines called ISO27001 Information Security Management Systems. This standard deals with the applying adequate controls to ensure confidentiality, availability and integrity of information; and protection of legal, privacy and security rights of the customers. Other regulations include copyright infringement laws and related policies that address the issues of information theft.
1.4 Computer Ethics
In addition to security and privacy laws and regulations, companies also adopt information ethical standards to strengthen their systems of internal controls. An ethical problem can be defined as the argument with regard to one's values, in selecting one of the two paths based on the pressure and demands of a situation (Charlesworth Sewry, 2002, p.163). Some examples of ethical issues might include disclosing customers' information in return of a favor for the company, compromising on system's quality and security due to budget constraints etc. In 1992, the Tem Commandments for