an ethical analysis of the customer data breach

All the Target stores are selling products at discount, from clothes to shoes, toys to electronics, home furniture to cosmetics etc. , almost cover everything in people’s daily life. Target’s biggest competitors are Walter and Smart. However, the competitive advantage of Target is that Target provides not only low price, but also upscale and fashionable products, which is also coincided with the slogan: Expect More, Pay Less. 2012 Target Annual Report shows that Target annual sales is $71,960 million U. S. Dollars, and net earnings $2,999 million U. S. Lars (Target, 2014). With the business expansion, more and more loyal customers applied for Target’s Redcap. This debit/credit card gives loyal customers rather benefits, including 5% extra discount and everyday free shipping. Details of the Scandal In the late of 2013, we start hearing the scandal that our customers’ personal information is leaking. The customer private information including customer’s name, phone number, home address, and even credit card information. Our customers entered their private information when purchasing our products online at target. Mom, and registering for our loyal reward card Redcap. According to the latest customer survey in United States, there are around 189. 4 million digital shoppers in 013 and will be expected 210. 2 million digital shoppers in 2017 (Satanist, 2014). From the feedback in stores, about 20% customers use Redcap to pay for their purchase (Target, 2014). Therefore, the scandal would directly affect a very large number of our customers. Besides our customers, the scandal will also negatively influence on other related parties, such as shareholders, suppliers, prospective investors, etc.

This scandal is also destroying our reputation. Furthermore, in legal circumstance, after the first breach notification law passed and took effect in California in 2003, other dates also followed up and set up laws to prevent data breach (Clan & Williams, 2009). If we treat the scandal inappropriately, we may face legal liability as well. Since we have not announce any confirmation about the scandal, we need to analyze the issue and come up with feasible action plans as soon as possible to prevent further worse-off.

Relevant Stakeholders According to Freeman (2001) stakeholder theory, the wide-definition of stakeholder is any individual or group “who can affect or is affected by the corporation”. In this scandal, I listed all the stakeholders groups which will affect our corporation or get effected by the scandal. Management: Management team is appointed by board of directors and make decisions in operations. Shareholders: Shareholders are the owner of the company. They invested money in the business and expected some kind of financial return from the business in some way.

We basically pay quarterly dividends to the shareholders. The profitability of our company affects the ability to pay dividends, and other kinds of return to shareholders. The shareholder who has the voting rights will vote for the board of directors. Customers: Customers exchange their money with our products. This exchange results is the main source of business income. They trust our business, so they are willing to give us their private information when purchasing products. In this scandal, the most influenced group is our customers.

Some of them may have suspicious credit expenses. The customers whose information leaked would be anxious about suffering financial losses or other loss. The uninvolved current customer would worry their information safety in Target. Furthermore, our prospective customer may avoid their first purchase in our stores. Suppliers: To be a successful retailing business, suppliers are vital to our company. The well-established and well-retained relationships will help us continue getting good quality goods in low price. We need our suppliers have confidence on our business.

Employees: Employees who work in our business is the main supporting productive forces. Their productivity is also affected by their confidence on the company. If they have “bad faith”, it may lead “mock participation” to poor productive behaviors (Freeman, 2001). Retail industry: Target is one of the largest retail companies in America. As a leader in the industry, if the scandal were been proved to be true, it may destroy stakeholders’ faith in the industry. They may question on smaller retail companies who may not have sufficient fund investing in the subjectivity system.

Local government and legal organization: The scandal may lead concern from local government. They may put pressure on us to research on the scandal as soon as possible in order to avoid panic market. We may be penalized by the related legal organization if it is our fault. On the other hand, we do need these sectors support us in forensic investigation. Reporters and Media: Reporters’ opinions are very important to us. Their views will be spread through all kinds of media, especially websites and social media like wildfire.

We want to make sure they state the truth instead of spreading rumors. Identified Ethical Issues and Support Theories The major ethical dilemma in this event is: Should Target take action on the data breaching scandal? To analyze this complex issue, we need start looking at different ethical theories in order to get a clear answer. I will examine the scandal from Cant’s perspective and Utilitarianism perspective. Cant’s Demonology: In Cant’s perspective, the moral individual or group should follow the rules.

Any actions break the law would treated as immoral (Charles, 2009). Furthermore, Kantian non-consequential philosophy is focused on the intention of actions, instead of consequence. If the intention of an action is morally and legally good, then the action is moral. In Cant’s further study, he brought up the theory of categorical imperative, which guide us evaluate any actions is right or wrong in three maxims. The first maxim is whether the action has universality. If it is universally right and DOD, the action can be treated as moral (Murphy, 2013).

More specifically, if everyone else in the society would agree to do the same behavior as you do, then your behavior is right within the society circumstances. In our situation, all the customers and other stakeholders would believe that the Target Corporation have the responsible for the data breach, because customer put their personal information into our system with their trust on us. If we don’t take any further procedure, it violate the first maxim. The second maxim is that any individual or group never use others as means to the individual or group’s end (Murphy, 2013).

In other words, do not lie! For business circumstances, organizations and employers should not use others making profit without paying reasonable return to them. Target’s loyal customers put good faith and make purchase in Target, it is morally unacceptable for us to make any deception or coercion to them. Moreover, the mission of the United States Federal Trade Commission (FTC) also states to prevent deceptive or unfair to customers (2014). Therefore, any deception or coercion is not only moral matters, also could be legal liability.

The final maxim suggests that a moral person will be both “subject and sovereign” in the ideal moral society (Bowie, 2002). Bowie (2002) also indicates that any business groups are composed by people, like employees and customers, they are our responsibility to show respect on and should be treated with dignity. This is also connected with the first and the second maxim. In order to respect our stakeholders, we should not lie to them and hide inside information. Utilitarianism Perspective: The utilitarianism perspective is consequential idea that focus on consequence instead of intention of the action.

It main goal is to bring the great happiness for the greatest number of people. If any decisions are able to bring the great number of benefit to the great number of people, then it is morally right decision. The utilitarian views of Beneath agreed on that the end Justifies the means by government and laws. Anyone breaks the law should be punished by other people. Beneath Hedonistic Calculus: I brought Bantam’s Hedonistic Calculus (Murphy, 2013) and applied this method in the case. By this way, we are able to have more clear view of our decision making in thematic.

Morality of our decision is based on the impact of it. Hedonistic Calculus gives impacts a positive or negative value. When the positive consequences is greater than the negative consequences, the decision can be treated as moral. Since our decision would affect numbers of groups, we would use the full seven factors to analyze the situation. Firstly, the intensity of the decision of taking action on the scandal is high. It will bring more pleasure result from stakeholders since we take our responsibility and try to solve the problem.

Secondly, if we don’t take any action on the scandal, it will have growing publicity by the media. The duration would be unexpected long to wait the scandal fizzle out by itself. Thirdly, if we take actions on the scandal, our stakeholder will get accurate information directly from our company instead of hearing from others’ mouth. The action definitely will provide advantage for us to stop the scandal quickly. Fourthly, as soon as we take actions on the scandal, we will benefit from the actions.

Under current semi-efficient market, all the public available information will be transmitted as wildfire. Therefore, the benefit f action taking would come very soon from public. Fifthly, this pleasure action have great chance to be followed by pleasure at the end. Sixthly, the chance of this pleasure action followed by disadvantage is low. Finally, all our stakeholder and the public will be affected by the action. Overall, from Beneath Hedonistic Calculus, the number of positive consequences is much higher than the negative impacts.

Therefore, we should take actions right away on the scandal. Feasible Action Plan As we are now fully aware of the scandal of Target customers’ date breach. The main season of the data breaching is inadequate subjectivity implementation and internal control. Due to the broad influence on our stakeholders and public, it is likely that we need act sooner and try to prevent it in the future. Forensic investigation and audit: Hire third party companies to do the investigations in our company. We need subjectivity company help us investigate whether the customers’ data has leaked.

We would also like hire professional accounting firm to audit on the company with internal and external control (Clan & Williams, 2009). Release information updates to the public: During the process of forensic investigation, we would update the latest investigation information and our follow up actions to the public. Let our stakeholders have the first hand information. Internal weekly meeting: As Board of Directors, we need set up weekly meeting to redesign or reschedule our action plan according to the updated investigation and stakeholder feedback.

Inform each customer: Email our customer with updated research result. Provide designated hotlist for customers who have any questions or concerns. Prepare lawsuits against the slanderer or leaked: In the process of investigation, if it s proved that there is no customer information leak, we should prepare the lawsuit charge against the original slanderer who damaged our reputation. If there is customer information breech, we need to report it to public prosecutors for criminal charges, and we also need to press civil charges for damages.

Security breach response plan: According to this experience, develop security breach response plan, in order to react quickly when the incident happen again. Internal control: According to the United States Privacy Rights Clearinghouse (2013), it stated that organization just have installed appropriate internal and external control over the customers’ private data, which means that only specifically authorized staff can have the access to the data, and they must have segregation duties on access and supervision.

We should review our current internal control procedures, and make any necessary adjustments along the review. Government: Work with government to set up laws, regulations or amendment to prevent data breach happen again. Subjectivity system and data backup: Upgrade corporation’s subjectivity system and backup all the data, avoid secondary data leaking.

"Looking for a Similar Assignment? Order now and Get a Discount!