BLA FINAL PRESENTATION

Between Weeks 2 and 6 while preparing your final research paper, you will also prepare a five (5) to seven (7) slide narrated PowerPoint presentation to explain what the issue was and how you would incorporate/ explain the changes you would make to resolve the ethical issue to the company owner.  This information should come from the law vs ethics section of your paper discussing liability vs. responsibility.  The final slide of your presentation will be your sources.

Students will be expected to include three (3) to four (4) scholarly resources which will include at least one business journal and two named companies or legal cases that have dealt with the selected topic. Wikipedia and private law firms are not scholarly sources.

1
Banking Industry – The Ethics of Protecting Customer Information vs the Cost
Roughiatou Diallo
Wilmington University
Legal and Ethical Environment of Business BLA303
Professor Law
August 11, 2024
2
Abstract
Today, banks must address numerous ethical dilemmas regarding customers’ data
safeguarding with reasonable expenditures on maintaining entrée-level cybersecurity measures.
The paper will discuss the legal and ethical considerations of this problem; Morgan Stanley,
Capital One, and Equifax will provide examples based on the boundaries between ethics,
customer trust, regulation cost, and the challenge of protecting customers’ sensitive information.
3
Banking Industry
Introduction
Banking has always been one of the critical factors for a stable and developing economy.
Despite this, with advancements in technology that see the application of social media and the
internet, banks have often become victims to hackers and identity thieves, thus leading to the
compromise of clients’ records. Therefore, it is inherently unethical to compromise the
customer’s data while simultaneously, the cost of practical cybersecurity application and
enhancement is relatively expensive. The paper discusses the ethical dilemmas, legal concerns,
and the correlation between accountability and responsibility in safeguarding consumer
information in the banking industry.
Ethical Issues in the Business Environment
Ethical issues in the banking sector can be viewed in three broad categories:
responsibility concerning the customers’ data, responsibility in building trust, and the
responsibility to adhere to the laws of the land. Banks hold large volumes of customers’ personal
and financial details, making the institutions a holy grail for cybercriminals. The main ethical
issue emanates from the fact that implementing measures to ensure that such information is well
protected incurs a certain amount of cost; hence the conflict between the amount to be spent in
ensuring necessary measures have been put in place and the moral demand to protect such
information.
Ethical Analysis
In extending the ethical analysis of protecting customer information in the banking
industry, one will consider the banking industry in its worst and best forms, as well as the virtues
and vices of the banking industry. This part of the text aims to analyze cybersecurity in banking
4
based on utilitarianism, deontology, and virtue ethics theories, which pay much attention to
social responsibility and ethical behavior in the behavior system.
Utilitarianism
Consequentialism mainly focuses on the outcome of the action, and this theory was
propagated primarily by Bentham and Mill, among others. Regarding the banking industry and
cybersecurity, a bent towards moral utilitarianism requires banks to embrace actions that will
generate the most considerable good, or happiness, on the least amount of evil. The first and
foremost ethical consideration in this regard is to avoid experiencing disastrous data leaks and
consequent adverse impacts on the customers and society.
Regarding utilitarianism, one must understand that investments to strengthen the
cybersecurity environment offer great value compared to damages caused by cybercriminals. For
instance, the data breaches by hackers in Morgan Stanley, Capital One, and Equifax instigated
the loss of monetary values, identity clamor, and strangest and stern customer mistrust. These
incidents show what can go wrong when cybersecurity is not reinforced enough. Thus, through
the discussed investment in security, the banks can prevent such incidents, which advances the
greatest good to the most significant number of people.
Deontology
Relative to deontological ethical theory, which is enshrined in the works of Immanuel
Kant, it is concerned with the right and wrong of specific actions rather than the output of
actions. Deontology means that some behavior is inherently good or bad, and people and
organizations are to do what is right, which is a privilege for them. For instance, in the banking
sector, it is a fundamental responsibility to guard customers’ data regardless of the consequences.
5
Banks have what can be referred to as the deontological responsibility of protecting their
customers’ information. The duty is based on the virtue of people’s right to privacy and security;
it needs to be noted that the ethical responsibility of maintaining customers’ confidentiality
cannot be qualified by cost-benefit analysis or other financial factors; it is the task that banks are
to carry out. Cases like those of financial institutions where customer data was not adequately
protected would violate this moral obligation.
Virtue Ethics
Virtue ethics, another of Aristotle’s reasoning tools, concentrates on the moral attributes
of people and organizations. Ethics seem to prioritize developing good character and moral fiber
in people. Under virtue ethics, banks must protect customers’ information as an inherent value
and consistently maintain the practice of ethical conduct. A virtuous bank, according to the
research, means that the bank is honest, has integrity, and is responsible. Preserving customer
data is consistent with these values because it proves responsible actions and focuses on the
client’s best interest. The particulars of this culture that must be created in the bank are that each
employee, regardless of rank, would be conscious that the customer is protected and that their
actions are moral and legal. The approach also helps strengthen and cultivate the customer image
since most customers with such preferences seek long-term solutions.
Social Responsibility
Therefore, apart from theoretical approaches, the problem of ethical analysis of
cybersecurity in banking involves the concept of social responsibility. Corporal social
responsibility focuses on the idea that business people have to ensure that their business
initiatives enhance society’s well-being by utilizing initiatives beneficial to the public. Thus, this
means that several banks should aim to move a step further from merely meeting legal
6
obligations and ensuring the safeguarding of customers’ data and managing to avoid more
breaches. Banks, one of the pillars of the financial system, are strictly obligated to maintain
customers’ data safety and secrecy; this responsibility involves utilizing best practices in
cybersecurity and periodic security assessment and threat evaluation. In this way, banks facilitate
the stability and reliability of the financial systems that are paramount for society’s good
functioning and sustainable development.
Legal Analysis
The legal position of the protection of customer information in banks is complex in that it
is a matter of law and in the observations, rules, and court decisions. Banks face stiff
requirements that, if not met, result in severe penalties relating to the law.
Regulations
Lenders’ activities are regulated by strict qualifying measures aimed at safeguarding
customers’ data. Key regulations include:
General Data Protection Regulation (GDPR): This regulation was formulated by the
European Union and requires organizations such as banks to put in place measures for protecting
data. GDPR abounds with the rights of individuals concerning their data and entails strict
consequences for the non-observance of regulations, including fines of up to 4% of total
worldwide turnover or €20 million within 24 months, depending on the case.
Gramm-Leach-Bliley Act (GLBA): The GLBA dictates that financial organizations must
safeguard customer’s economic data in the United States. It requires the banks to develop and
implement privacy policies and to notify customers about the same, along with the steps that the
banks take to safeguard the customer data from hackers and cybercriminals.
7
California Consumer Privacy Act (CCPA): This state-level law provides California consumers
certain rights concerning their personal information, such as the right to receive confirmation of
collected information, the right to get their data deleted, and the right to opt-out from selling their
data. CCPA places specific responsibilities on companies such as banks to protect personal data
and contains provisions for penalties in the form of statutory damages if there is a data leak.
Legal Theories and Codes
Several legal theories and codes are relevant to the protection of customer information in
banking:
Negligence: Negligence theory reserves the institutional rights to claim for a bank’s failure to
deliver reasonable care in executing cybersecurity measures that lead to a data breach. To prove
negligence, the plaintiffs must show that the defendant, in this case, the bank, had a legal
obligation not to allow the information to be breached and failed in this obligation while the
plaintiffs suffered damages due to the breach of this obligation.
Breach of Fiduciary Duty: Banks have legal duties to their customers; these include the duty of
care and loyalty. Neglecting the customer’s information can amount to breaching these duties.
Thus, it is argued that this duty extends to the protection of customers’ data based on the legal
status of banks for their customers (Regulation, 2016).
Court Cases
Several high-profile court cases illustrate the legal consequences of inadequate data
protection in the banking industry. Several high-profile court cases illustrate the legal
implications of insufficient data protection in the banking industry:
Morgan Stanley Data Breach Settlement: Morgan Stanley, for instance, in 2020, admitted to
having exposed customers’ data; following failure to sequester two data centers properly, it
8
agreed to a $60 million fine; this case affirms that there are vital and mandatory guidelines to
follow regarding the disposal and destruction of data.
Capital One 2019 Breach: Capital One financial company also had a significant data leak in
2019, mainly involving over one hundred million customers. The breach was followed by many
class action lawsuits and closure attention from regulators, and eventually, Capital One accepted
a penalty of $80 million fine from the Office of the Comptroller of the Currency (OCC) for
failing to manage its risks and protect its consumers’ data effectively.
Equifax 2017 Breach: Equifax data breach 2017 released identifying details of about 147
million consumers. Equifax breach was involved in many lawsuits and regulatory penalties; it
had to provide a payment of $ 700 million to the Federal Trade Commission (FTC), The
Consumer Financial Protection Bureau (CFPB), as well as the 50 U. S. states and territories.
Law vs. Ethics: Risky Shifting versus Realignment
The difference between legal guilt and moral blame has to be noted. More than simply
the legal duty about customers’ data, the ethical responsibility of an organization entails the
moral obligation to manage customers’ information (Jung, 2021).
Liability: Legal consequences relate to sanctions, fines, and loss of reputation for protection
failure of customers’ data. For instance, Equifax suffered severe legal implications of the 2017
breach to the extent of paying hundreds of millions of dollars in fines and settlement cases.
Responsibility: Ethical responsibility, therefore, entails a pre-emptive approach to protecting
consumers’ information, cultivating a culture of security, and, most importantly, sustaining
consumers’ trust. Such means going the extra mile to improve practices that meet standards and
best cybersecurity practices.
Case Studies
9
Morgan Stanley
In 2015, the banking giant Morgan Stanley experienced a blow in its cybersecurity when
its former employees stole customers’ information from the company. Thus, it resulted in
significant penalties, a realization of extensive policies, and the unique sensibility of employees
as vital preventive tools against such violations.
Capital One
Knowing that Capital One Bank suffered from the data breach in 2019, it is also
established that this breach affected the data of the company’s customers, exceeding 100 million.
The incident arose from a misconfigured firewall, showing the need for proper security
evaluation and access rights (Scott & Tegunimataka, 2020).
Equifax
The Equifax data breach happened in 2017 and involved about 147 million people. Thus,
it could be categorized as one of the most significant data breaches ever. The breach was from a
web app, further expanding the necessity to update all software and installations on time (Mumu
& Aishy, 2023).
Conclusion
Ethical and legal issues of customer information protection in the sphere of banking
services are rather acute ones. Banks, in particular, face the problem of protecting customers’
information while keeping the expenses of invulnerable security systems in mind. The ethical
theories and legal judgments also help to discuss these issues, stressing the main principles of
compliance and moral conduct. Implementing strict measures to protect customer information
serves the noble purpose of ensuring that the customer’s data is safe from unauthorized use and
access, maintaining an ethical standard, and avoiding a legal battle with customers.
10
References
Altekruse, S. F., Cosgrove, C. M., Altekruse, W. C., Jenkins, R. A., & Blanco, C. (2020).
Socioeconomic risk factors for fatal opioid overdoses in the United States: Findings from
the Mortality Disparities in American Communities Study (MDAC). PloS one, 15(1),
e0227966.
Scott, K., & Tegunimataka, A. (2020). The demographics of an aging society–the role of
migration. Lund Papers in Economic Demography, 5.
Jung, K. (2021). Extreme data breach losses: An alternative approach to estimating probable
maximum loss for data breach risk. North American Actuarial Journal, 25(4), 580-603.
Mumu, M. H., & Aishy, T. (2023). Malicious URL detection using machine learning and deep
learning algorithms (Doctoral dissertation, East West University).
Regulation, P. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council.
Regulation (eu), 679, 2016.