Case Analysis on CSR: The Equifax Data Breach

The Equifax data breach, which happened in 2017, led to the leakage of personal data of around 147 million consumers in America, including social security numbers, birth dates, addresses, etc. This breach revealed significant shortcomings in Equifax’s security controls and incident management (Lieber, 2017). The damage was done, and millions became anxious about their financial and physical well-being. Throughout this process, Equifax failed to address the situation promptly and adequately actively, such as charging consumers to freeze their credit and not alerting individuals affected themselves. Furthermore, the fact that most of the company’s senior officials sold their stocks before the breach was made public contributed to the insider trading scandal accusations, diluting its image even further. While people were exposed to identity theft, the violation demonstrated how much influence credit agencies have in people’s lives, as they decide who gets loans, mortgages, etc. In the Case Analysis, I will explain that when applying a deontological ethical lens, it can be seen that the breach committed by Equifax was hurtful since it violated individuals’ moral rights to privacy and security and was, therefore, ethically wrong due to the failure to observe the duties of respect, fairness, and accountability owed to customers.

Analysis Using Friedman’s Concepts

According to the theory of Corporate Social Responsibility (CSR) espoused by Milton Friedman, the chief responsibility of a corporation is to maximize shareholder value as far as possible in a legal manner. He opines that firms should refrain from behaving in habits beyond making profits if they do not contribute to the business’s financial performance (Muldoon et al., 2023). Friedman supports the idea that only market forces and legal constraints should influence corporate management decisions, regardless of their impact on society.

According to the analysis in light of Friedman’s framework, it could be asserted that Equifax’s behavior before and after the breach met the contemporary requirement of benefiting shareholders, thereby serving the company’s interests. For example, Equifax’s decision to disregard data security could have been perceived as cutting costs and boosting profits. However, this leads to an economical concept of profit maximization devoid of the comprehensive ethical considerations that pertain to the consumers and their duties to society. Even though Friedman’s approach appears justified to maximize profit, there are drawbacks, especially harm to consumer trust and invasion of their rights to privacy due to the handling of personal data. In this case, the company failed to set up adequate security measures for their client’s information, and their poor handling of the breach goes beyond a simple business mistake—it compromised individuals’ safety and potential financial identity thefts.

In light of deontological theory, the breach entailed a failure to respect what is imperative in the corporate world, specifically privacy, security, and disclosure. Deontologists assert that an action is right or wrong because it conforms and fails to conform to moral obligations and horn, regardless of the outcomes. In this regard, Equifax was obligated to safeguard its customers’ information, notify them about the breach, and proactively manage damages. Thus, by disregarding these obligations, the company was financially irresponsible and immoral.

As deontological analysis exemplifies, Equifax acted unjustifiably because it breached the primary obligation to safeguard consumer data and guarantee that its operations caused no harm. The attack subjected individuals to identity theft, and some were left without any recourse after the breach. Thus, even if Equifax thought it was within its rights to act as it did because of the profit interests involved, the company failed to consider the ethical responsibilities it inherently has towards its clients.

Analysis in Light of Anshen’s Concepts

However, unlike Friedman, who paints instead a narrow picture of business ethics, Dorothy Anshen propounds an extended philosophy of CSR whereby businesses bear responsibility for the well-being of all the parties involved, including consumers, employees, and society at large. Anshen also stresses the concept of social responsibility, which indicates that companies have to take responsibility for analyzing the impact of their activities on society. Anshen believed that corporations are responsible for making a profit and acting in ways that would benefit affected populations.

From the perspective of Anshen’s theory, Equifax’s actions are considered a significant violation of morality. First, through the company’s negligence in protecting the consumer information and their management of the data breach, the company acted in a manner that was unfair, violating the ethical principle of fairness, an essential aspect of CSR, as analyzed by Anshen. Consumers were not only left vulnerable to an identity theft risk but also to the ethical violation of being socially exploited as a means of purely capitalistic financial gain, ignoring their concerns as well as their safety worth. In addition, the breach highlighted the absence of accountability and disclosure, which is essential in increasing confidence in corporate organizations.

If Equifax had adopted Anshen’s framework, it would have been required to consider the welfare of stakeholders rather than shareholders only. This would have required spending more money on data protection and ensuring that those impacted by the breaches were informed and assisted as soon as possible (Salman & Ishak, 2023). Equifax failed to take these measures and thus weakened its position as a responsible company that protects consumer information and contributes to their safety.

The ethical failures in this case are further magnified by the peculiarities made by Anshen, who dwells on the corporate responsibility to the community. This was evident due to the company’s lack of consideration for the rights of individuals whose data were compiled and utilized for monetary purposes. By not protecting this information and not following accountability policies, Equifax put the shareholders first, which is against Anshen’s CSR principles.

Conclusion

The data breach belonging to many individuals through Equifax was a direct adverse impact of the data breach in addition to the indirect damage. From this deontological lens, one would observe that the breach violated pertinent ethical responsibilities of privacy and data security, which rendered the act ethically wrong. Anshen supports this view, adding that the company’s decisions violated the concept of trust and fairness for all stakeholders. In this case, Equifax should have come up with better measures to protect the customers; it should have provided better security measures and been more forthcoming to its customers regarding the breach. Regarding the latter, Friedman’s model would neglect the moral responsibilities a company has towards the public while focusing solely on the company’s profit-making motives. Thus, the proper course of action for Equifax would have involved behaving in a manner that supported the best interests of its market stakeholders, which can be considered congruent with established values of acting justly and responsibly for the greater good.

The case shows that management and enterprise operations should be based on ethical considerations rather than on the primary motivation of making a profit. Even though it is evident that corporations such as Equifax may be primarily focused on the enhanced generation of income, consumer duties as a principle ought not to be disregarded by adhering to deontological ethics and CSR.

References

Lieber, R. F. (2017, September 22). Why the Equifax breach stings so bad. The New York Times. https://www.nytimes.com/2017/09/22/your-money/equifax-breach.html

Muldoon, J., Gould, A. M., & Yonai, D. K. (2023). Conjuring up a bad guy: The Academy’s straw-manning of Milton Friedman’s Corporate Social Responsibility Perspective and its Consequences. The American Economist68(2), 171-188. https://journals.sagepub.com/doi/abs/10.1177/05694345221145008

Salman, N. A., & Ishak, N. (2023). Enhancing Corporate Social Responsibility (CSR) Communication and Stakeholder Engagement: Strategies for Building Trust and Fostering Social Impact. The Asian Journal of Professional & Business Studies4(1). https://journal.uptm.edu.my/index.php/ajpbs/article/view/68