Ethical Code Of Conducts Assignment Investigating Sundance Resources' Mbalam Operations
Part 1 Three case studies are described and uploaded on vUWS in the Ethics case study folder. You select any one case study and answer questions related to the selected case study.
Q1. In the context of the case study provided discuss what went wrong in your own words. (150 words)
Q2. In the context of the case study provided, discuss what you would suggest as best practice for such industry and scenario. Meaning, how should those involved demonstrate best practices. (250 words)
Q3. In the context of the case study provided, provide your personal reflection on such a case study. For instance, what do you take away from such a case study? What have you learnt? (250 words)
Part 2: Select a case study from the given list. The case study is an event or an occurrence of a situation related to ethics and code of conduct issues. You need to research information related to the selected topic on Internet. The research material can be publications, news articles, research papers, books, etc.
Prepare report on the selected case study. The maximum length of the report is 2000 words. Your report should discuss following:
“Describe selected case study in your own words. Discuss ethics and code of conducts associated to the selected case study. Identify what went wrong in the case study which has resulted in the ethical failure. Provide your judgement and analysis of the resulting outcome and relate them to the relevant industry sector’s ethics and professional code of conduct”.
List of Topics on Case Studies (Select any one):
- Issues of Opal tower in Sydney
- Toxic dumping in the environment
- Breach of Information system security
- Facebook Cambridge analytical
- Internet Fraud
- Internet Hacking
- Cabrini hospital business
- Driverless car companies
- Carry dangerous goods by road
- Spill of oil in the sea
- Australian Banking Scandal
- The Space Shuttle Challenger Disaster
- Management of data in a legal firm
- Granville rail disaster
- Waterfall train accident
- Bangladesh train accident
- Collapse of Quebec bridge
- Collapse of Silver bridge
- Carry dangerous goods
- Disposal of mobile phone
- Disposal of battery
- Disposal of toxic waste
1. What Went Wrong?
In the Ethical Code of Conducts assignment, two cases are discussed, both the Australians firm that is Sundance Resources' Mbalam and SMEC are involved in the bribery scandals with political leaders of other nations. The deals were secretly made amongst the parties which were later investigated by the Fairfax Media, Australian Federal Police, and World Bank. The agents of Sundance Resourcesbrokered million dollars dealwith the son and nephew of the President of Congo for securing mining licenses for plantation covered land near the border of Cameroon. In the second case, SMEC was involved in bribery in the aid-funded sewerage project in the regions of Colombo. It had paid approximately 1.82$ to Sirisena then the minister of Agriculture in Sri Lanka (McKenzie, Freudenthal, Bachelard and Baker, 2016). The managers took the wrong way for obtaining deals in other regions. They conducted illegal code for doing business as they bribed the powerful signatories for obtaining license and permission in the international boundary. If the deals required bribery, the cases should have reported to the Federal police or the vigilant officer of the region. This bribery not only destroyed the brand name but also suffered a loss of public trust and confidence. They should not have supported the criminal activity while taking necessary actions against it.
2. Best Practices for Industries identified on this Ethical Code of Conducts assignment
The mining industry involves several clearances documents for operating in the time-consuming regions. These procedures ensure that the company is conducting ethical and sustainable practices. However, compliance with environmental laws is expensive thus; the managers bribe the government officials for obtaining a license and avoiding time-consuming procedures. In the above-mentioned case, the companies should have reported the alleged bribery to the Vigilant Officer in the region. It is unadvisable for bribing as this practice will be continued when the officers are transferred or suspended. In other words, the managers will have to continue bribing the officials as they would be threatened of revealing the deal or halting the operations. This also increases the cost of the company. The companies need to follow corporate social responsibility for developing the company and uplifting the community as a whole. The commercial units work in collaboration with the society, thus, it should involve in best practices and not indulging in the scandals.Additionally, several anti-corruption frameworks and criminal branches have been established for eliminating illegal activities. Thus, both the companies should have documented the illegal demands in the form of videos or mails and forwarded the same to the anti-corruption bodies. This would expose the criminal activity of the political leaders and the saved community as a whole.
3. Personal Reflection
The Case Study helped in evaluating the ethical business dealings of Australian Companies. It helped me learn that unethical practices only help in gaining short term gains. Thus, it gave me insight that going through long procedures will help in sustaining for a longer time. Bribing is unethical and it is a continuous process. I also understood that business units are established for fostering prosperity in the economy. If they indulge in illegal practices, public confidence in these companies is reduced which also threatens the existence of other commercial units. The managers bribed officials for the benefits of companies but they were expelled by the firms for involving in the scandals. Therefore, companies will also not support their employee when they are exposed to unethical practices. It gave me insight that legal procedures help in eliminating criminal activities and corruption that might destroy society as a whole. Corruption is a form of unethical conduct that develops several inequalities and injustice in the community. The case study helped me to understand whom and how to report when we as employeesor managers are demanded bribes by the government officials. The managers could have reported the case to the crime branch and other lawsuits. This would help the company to prosper while building a good image on the public. I also understood that the environment and individual welfare should also be considered while operating the units for commercial purposes.
McKenzie, N., Freudenthal, E., Bachelard, M., and Baker.,2016, Australian companies linked to bribe scandals in Sri Lanka and Congo, The Sydney Morning Herald
Internet Fraud is the unethical usage of internet networks and software that are owned by commercial units, government, and individuals. The hackers earn money by unethical practice on the internet. In Australia, it is reported that approximately $340 million were lost due to frauds and scams in the year 2017. In the year 2017, the country witnessed a 33% increase in investment scams (Cross, 2017).
As per research doe o this Ethical Code of Conducts assignment, Banks are considered as one of the secure places where individuals can keep their deposits and other precious items free from theft and dacoit. However, a data breach in banking institutions has been increasing from the past decades. P&N bank is one of the largest banks situated in Western Australia has notified many of its customersabout the data breach due to which personal data from the bank’s CRM has been leaked. It was reported that "no sensitive" data of 96,000 members have been accessed by unauthorized users.CRM of the bank contains personal information of the customers like name, birth, age, bank account number, balance, phone numbers, and others (P&N Bank, 2020). The majority of the customers of the bank are police and nurses. The cyber-attack was conducted on 12 December 2019, while upgrading the server of the bank.However, until recent times, customers have not reported any loss due to its breach. The breach was terminated due to the immediate closure of the source by the bank officials.
Code of Conducts
In the era of digitization, digital storage of data has led to transparency in the marketplace while the consumers can be informed about the fair-trade practices of the companies. Multinational- corporations are majorly dependent on the internal server for storing their data.Digital storage of data reduces damages and costs from manual storage. This has increased the need for data privacy protection as digital storage is exposed to data breaching and unauthorized access. The Australian Privacy Act of 1988 lays several mandatory notifications for filing data breach by the individuals or the companies (Lee, Zankl and Chang, 2016).
Consent is one of the essential ethics that should be followed by the banks. The personal data and its usage should be done through the individual’s consent. According to GDPR consent is only confirmed through affirmative action and agreement. Therefore, inactivity and silence cannot be presumed as the consent of using the personal data of the clients.
Right to erasure, this right may also be termed as the right to be forgotten. In this scenario, the bank can take permission from the individuals to erase the data if the client is not an active member of the bank (Giurgiu and Lallemang, 2017, P4). The individuals also observe this right and request the banks to erase data that are not essential. The clients can also request erasure when the personal data has been unlawfully accessed or when the data subject withdraws their consent.
Accountability can be considered as one of the key roles of financial institutions. The banking sector should comply with the policies, measures, and mechanisms approved by the regulations(Giurgiu and Lallemang, 2017, P5). It should also demonstrate its compliance. Compliance is essential for meeting the challenges of data protection at present and shortly. Data protection to be embedded by the controller in the processing lifecycle of the personal data.Thus, the controller should meet the requirements of the regulation act while determining the process and during the processing of data in the financial hubs.
Ethical Code of Conducts assignment Case study
In Australia, the Australian Competition and Consumer Commission work with the cyberspace for protecting the data breaches in the country. In the technology-driven environment, business operations are dependent on information-intensive operations. The company’s server was upgrading in which the source of vulnerability was kept open. This open network allowed the hacker to enter the system and access the confidential data for criminal purposes. However, the core server that contains the credit card PIN and other sensitive data are secured and free from breaching (P&N Bank, 2020). It may beassumed that a third party would be involved in this security breach. The IT professionals and third parties have been working on finding ways to close the source of vulnerability while upgrading. It is questionable that should banks ever allow the source of vulnerability to be open as they act as an open network for a data breach. The banks should have designed and create a secured server and networks as the hiring servers from third parties can lead to stealing data similarly as in this case. It can be also assumed on this Ethical Code of Conducts assignment that the hosting provider was not secured due to which data breached. It is irresponsible of the organization and third party that led this scenario.
Investigations and recommendations
After the data breach has occurred in the organization, it becomes essential for the firms to investigate the source and implications of the data breached. It helps intaking precautionary measures for protecting the server from further breach. The investigation took place immediately after the bank found leakage of data. It informed the Western Australian cyber-criminal branch and shut down the system immediately. However, the source of data transfer and other details about the security breach has not been disclosed by the bank or the police. The bank has stated that customer funds, banking passwords, driving license number, and other details are stored in the core server that is isolated from the impacted one (P&N Bank, 2020). Thus, customer loss has been prevented from the immediate shutting down of the system. The company is working with the Western Australian Police Force and federal officers for further investigation of the incident. The CEO stated that digital financial systems are the risks but best practices and controls can reduce security breaches. The company is recommended to stop outsourcing servers from third parties. The third parties involved should comply with network and security standards IDPPs. The data breach should immediately be announced while personal data that are not needed should be eliminated be from the systems. Personal data should not be used or divulged without the consent of the customer and business client. The personal data shall only be obtained in a lawful manner relating to the functional activity or the purpose of the data user.
Outcomes identified on this Ethical Code of Conducts assignment
The financial institution should be extremely alert while storing and managing their data. The banks receive highly sensitive data that can be used for illegal advantages by hackers. The increasing concern on data breach, the banks should usebiometricalaccess for the business clients and their customers while accessing their accounts. The banks should not keep the personal data of ex-customers.The governments and banking sector are encouraging users to access accounts through mobile applications. The governments are developing secure storage capacities so that the citizens can use the internet without fear of data breach or fraud. However, the use of biological data for accessing confidential data has been in the infant stage in the banking sector (Agidi, 2018, P92). On the contrary, in fields like airport ticketing and immigration, the centers have been using biometrics for verifying the passports and owners.This type of verification is authentic and cannot be breached. Thus, this method of verification can be developed in the financial institution while operating transactions through the desktops and mobile devices. As per the Ethical Code of Conducts assignment research findings, this method will ensure the following of ethics by the bank employees and the clients as well. It is said that that the banking and accounting firms should take proactive approaches for protecting the data. It is often seen that the banking institutions collaborate with the third party for server related requirements. It should be ensured that the third party has been using adequate security and testing measures for protecting the data.
To protect the data, business units should comply with privacy or national protection data law. Compliance with security standards and national privacy laws helps in protecting the data from unauthorized or illegitimate access. In this view, the company should not source the customer data to third parties and other partners (Lee, Zink, and Chang, 2016). The ethical code of conduct refers to the confidentiality of data between the commercial units and clients. Hence, the company should not divulge customer data illegally or use its purpose related activities of the firms. It was said that ethics filling the control gaps that is prevalent in the current information system. Since the information system is larger, it has become essential to construct individuals' control mechanisms under an ethical framework. Lee, Zink, and Chang, 2016suggested that employees and other stakeholders can be provided with refresher courses on the code of conduct. The multinational banking institutions conduct scenario-based training for following the information security principles in the financial industry.
The banking profiles of the customers are compared to social media profiles. The banking profiles high customizable. In the bank's system, as data is added, it is problematic to migrate data from one platform to another. This is known as the lock-in effect which involves times while personalizing the interface but it enhances the security and customer service of the bank. GDPR notifies that data subjects shall observe the rights of transmitting the information from one controller to another. Shortly, the developments by GDPR will allow the individuals to port their IBAN similarly the way mobile numbers are ported(Giurgiu and Lallemang, 2017, P6). The bank will also allow the individuals to transfer payments from one bank to another. While following the code of conduct, the banks should inform the data breach to itscustomers as it generates alert and reduces the risk and losses due to the data breach. Once the customers are aware of the data leakage, they can necessarily action like changing the banking passwords or blocking/ closing potential bank accounts. As per the Ethical Code of Conducts assignment findings, banks should appoint data protection officers as they help the processors and controllers to fulfil technological gaps. Thus, the officers would monitor the activities of the controllers while they process operations that require systematic supervision of data subjects. The data protection officers monitor customer profiles thus, reducing criminal offenses. However, the companies and researchers are still finding secured connections to provide 100% data security until then the data protection will be a concern for banking and other sectors.
Recommendations and Conclusions
As mentioned, data security has been major concerns in the technology-driven world. Financial companies can be majorly impacted by data breaches and potential attacks. This report mentions, data breach attack on P&N bank in Dec 2019, and approximatelypersonal data of 96000 members were accessed. However, customer loss has not been recorded yet but the company still investigating the source and implications of the attacks. This Ethical Code of Conducts assignment recommends the company to discard third-party involvement while providing hosts and servers. The bank should build its server that can be upgraded without third party involvement.Both the bank and third party should create an alternative to upgrading the server without opening the source of vulnerability. The bank is also suggested to appoint a Data Protection Officer for monitoring customer profiles and controller activities within the banking server. It canbe concluded that use and high dependency on technology will pertain to risks until the ultimate anti-hacking solution is discovered. It is also advisable that banks can implement the use of biological data in the processing, operating, and migrating data by the controller and the client.
Agidi, R.C., 2018, Biometrics: The Future of Banking and Financial Service Industry in Nigeria, International Journal of Electronics and Information Engineering, 9(2),Ethical Code of Conducts assignment pp.91-105.
Cross, C., 2017, A record $340 million lost to fraud in Australia, says latest ACCC report, The Conversation, (viewed 14 May 2020)
Giurgiu, A. and Lallemang, T., 2017, The General Data Protection Regulation: a new opportunity and challenge for the banking sector, Ace Magazine et Archives Online: Fiscalité, Comptabilité, Audit, Droit des Affaires au Luxembourg, (1), pp.3-15.
LEE, W.W., ZANKL, W. and CHANG, H., 2016, An Ethical Approach to Data Privacy Protection, Isaca Journal.
P&N Bank, 2020, Statement from the CEO – information breach, P&N Bank,Ethical Code of Conducts assignment(viewed 14 May 2020)