By: Sonny Zulhuda*
Information is the lifeblood of today’s business, and the corporate citizens cannot agree more on this in the present fiercely competitive world, where the source of power has to be redefined, and wealth creation needs to be re-identified. The raw data that in the past just remained in the archives had now become the goose that lays the golden eggs. These golden eggs are in the form of valuable information assets from which the companies exploit and generate their wealth.
Bunch of those raw data, however, do not exclusively belong to the companies who retain them. The customers database, for example, may be a collection of personal, financial and commercial information that originally belong to individuals – either of those internal parties such as employees and shareholders; or of external stakeholders including customers, business partners, and vendors/suppliers.. Can companies regard them as their own property? This may be a contentious issue, depending on how the data was initially obtained: where, from whom, and in what manner or circumstances.
The current paper seeks to examine what information-based companies need to caution themselves when dealing with their corporate data especially those relate to personal information of individuals. It views this issue using the framework of internationally-accepted information security principles that include the aspects of data confidentiality, integrity and availability. It also examines the ethical and legal concerns on the rights of data subjects whose personal information are retained, used and exploited by the companies.
The thesis on which this paper starts with is that corporate behavior on the personal data of stakeholders depends so much on the pressure of law or authorities. Without which, the misuse is increasingly rampant due to the potentially lucrative gains recoverable from information assets. More specifically, this paper proposes to do certain tasks. First, it examines the rise of information assets and their significance for corporate organizations. Secondly, it observes consumers’ concerns over the misuse of their personal data retained by the companies. And subsequently, it analyzes various attempts by the governments –notably in the US and European jurisdictions– to control corporate behavior on dealing with personal information. In this respect, Malaysian state of affairs will also be discussed briefly.
* This paper was presented at the 6th International Conference of Corporate Social Responsibility, 11-14 June 2007, Kuala Lumpur.