September 26th, 2024

Introduction

The Equifax breach (2017) impacted over 100 billion people, with the theft of private data and records. As a credit reporting agency, they held data for all users and promised confidentiality and protection. This data included social security numbers, birth dates, credit information, and more. The breach lasted over two months before it was detected, allowing the attackers to continuously access highly sensitive information and use it for their leisure. The prolonged exposure continued to increase the number of affected users – leaving millions more at risk of fraud and theft. 

The harm brought upon by this breach was morally unjust as it displayed the failure in their responsibility to protect the information of users and fortify their ethical responsibility. Furthermore, it showed the lack of defense and proper standards in order to prevent/detect cyberattacks. This breach is one of many that further indicates the dire need to hold organizations accountable for their actions for user and data security, as well as their lack of strategy and defense. Through moral principles like Ubuntu and other ethical/social theories, we view the emphasis on mutual responsibility and ensuring obligations and standards are being met. When applying these principles, businesses and organizations can set a level of overall priorities (Lieber, 2017). 

Ashen’s Social Contract

In Melvin Ashen’s “Changing the Social Contract: A Role for Business”, he argues that business can, and should be, handled with regard to the social perspective. He poses that organizations and businesses should dedicate themselves to ensuring social and ethical responsibilities are being addressed actively, beyond the focus on profits. The social contract is a theory that implies a mutual agreement between individuals and the government (including its institutions). Essentially, this order is an agreement of compliance in exchange for the security and protection of privacies and individuality. There were several federal regulations and laws that were broken within the Equifax organization, ultimately leading to their vulnerability to outside threats. Some of these are violations against the Fair Credit Reporting Act (FCRA), the Federal Trade Commission (FTC), and withholding/delaying the notifications of the data breach to the affected individuals. This broke the trust of millions as Equifax did not adequately address and protect user data. Their overwhelming concern over their profits over their customers, shed light on the growing disregard of the company’s ethical obligations and moral responsibilities. This suggested that the company was attempting to cover its liabilities before acting or responding. Ashen challenges the traditional views of business, instilling a sense of protecting individuals to promote fairness and corporate responsibility.

Looking at Ashen’s theories, the Equifax breach highlighted its negligence toward its social responsibilities. Instead of prioritizing these, they were focused on profitability – rather than upholding overall security. Equifax did not have the proper safeguards in place to protect themselves and those who entrusted their private and personal data in their services. The company’s blatant concern for their own recovery spoke against their core values and damaged their reputation with the public. It not only violated laws and regulations but also contributed to the stigma surrounding the use of companies to store confidential information and documents. There is no shortage of cyber policies that can be applied to adhere to the nation’s expectations of cybersecurity and safety. “Some imaginative business leaders are beginning to recognize that a passive response to such pressures may be dangerous” (Ashen, n.d.). It is becoming increasingly necessary to be proactive and act long before issues arise while maintaining order and preserving ethical reasoning. 

The Ubuntu tool for ethical reasoning implies that the Equifax breach could do damage far beyond harm against the individuals. The breach could reach broader levels, spreading to our social institutions with the idea that the people’s (and societies’) best interests are not at heart. The devastation that could be brought upon our institutions through the loss of trust would be detrimental. The philosophy of Ubuntu revolves around interconnectedness and collective responsibility, suggesting that we are all morally responsible for each other’s lives. More than legal compliance and rules, in the lens of Ubuntu, Equifax did not uphold its obligation to the well-being of its customers. Businesses that follow the social contract and the principles of Ubuntu and its framework will set forth to create systems that are compliant, continuously avoid harm, and go beyond the foundational regulations. The harm that came from the Equifax breach could have been reduced with the framework of the social contract and Ubuntu.

Friedman’s Social Responsibility

Friedman’s “The social responsibility for Business Is to Increase Its Profits” goes against Ashen’s theory. He suggests that the social responsibility within a business is simply to maximize financial gain over societal concerns, including our ethical reasoning. In this, the organization is prioritizing stockholders, not the well-being of their customers. “A corporation is an artificial person and in this sense may have artificial responsibilities, but ‘business’ as a whole cannot be said to have responsibilities, even in this vague sense” (Friedman, 1970). These ideas and values are followed by many businesses and were followed by Equifax at the time. A business has a responsibility to itself and its success, therefore prioritizing its profits. Friedman dives into the imposed reality that a corporation, in itself, is not capable of having responsibilities. This logic can directly undermine the idea that groups are responsible for the outcome of their shortcomings just as much as their successes. As it stands, many believe that the only responsibility of a company is to the shareholders/stockholders.

This approach likely influenced the actions of Equifax before and after the event of the breach – maximizing financial coverage rather than focusing their concern on the vulnerable data and variety of sensitive information that was compromised. Continuing to follow this route, businesses are likely to face hardships and drawbacks leaving them in a vulnerable position for civil lawsuits and disputes. The public views organizations and institutions as responsible for the data entrusted to them, whether or not the companies recognize this. Friedman insists that pursuing profit over everything else is the road to a successful business. However, a business is nothing without its customers. Without their trust of them, the business cannot surpass its goals or grow into an equitable element. The course of action taken in this perspective allows for a heavy divide between society and the corporate agenda. Like with Equifax, the role of the business comes into question. Where do the lines begin and end, and can we hold entities accountable?

With the philosophies of Ubuntu there is emphasis on protecting the well-being of the collective rather than acting for individual profit. The success of a business should not be measured solely by its profitability but also by its impact on communities and society. Ubuntu would argue that the harm caused by the Equifax data breach is a direct result of moral/ethical negligence and lack of proper principles. It challenges the idea that corporations have the ability to avoid financial delay by strengthening the connection between business and society. By restructuring the foundation of the corporate agenda, collaboration and social synchronization can take root. Public trust can elevate production and business operations, opening doors for growth and sustainability.

Friedman’s concepts on social responsibility can be used to understand the potential fallout of a business’s reputation and moral standing within society. This understanding can be a guideline for a nation’s institutions, showing the areas for growth and highlighting the path to long-term (attainable) goals. All organizations and institutions that store and access private information/data should follow the necessary checks and balances to satisfy both stockholders and customers. 

Conclusion

Overall, the Equifax data breach caused significant damage to society and individuals by failing to uphold ethical obligations, social connections, and moral standards. The breach exposed millions of unexpecting users to fraud, identity theft, and other violations. All due to a lack of provision and acknowledgment, the company (as well as other institutions with the same strategies) faced unexpected loss and stretched it out the those who had entrusted their service. This does not dispute the fact that organizations must also consider their profits and margins. Having bouts of short-term goals to enhance finances is part of a business plan, however this should not include disregarding potential consequences and vulnerabilities. An equal spread of priority can push a business to success. In this case success would be defined as a business that ensures profits, maintains healthy moral boundaries, and protects consumers and stockholders as one in the same. Through moral principles and strategic planning, businesses have the opportunity to grow exponentially, taking the trust of the people with them.

References

Ashen, M. (n.d.). Changing the Social Contract: A Role for Business . Columbia Journal of World Business. 

Friedman, M. (1970). The social responsibility of business is to increase its profits. New York Times Magazine. 

Lieber, R. (2017, September 25). Why the equifax breach stings so bad (published 2017). The New York Times. https://nyti.ms/2jRsnUr