Four ethical issues that arise when a company or organization stores electronic information about individuals are: Who within the organization should have access to that information? How long should that information be retained within the company? Should any or all of that information be made available to third parties for sale or public use? And how highly should the holding organization prioritize the protection of that information? Organizations that charge customers for a good or service will have that customer’s name, payment card information, and shipping address on hand, as well as additional details depending on what that customer purchased. Clothing size, gender, marital or relationship status, and number of children could be assessed by what that customer purchases from analysis of shopping data retained by a retail business over time. Credit and income/employment details could be assessed from information stored by a lending organization. Personal interests and political views could be assessed from information stored by social media companies. These different categories of electronically stored information about individuals will also aggregate over time, painting a more detailed personal picture as more data about an individual is stored.

     As businesses become more global due to the internet allowing for a worldwide customer base, it has become increasingly necessary for U.S.-based businesses to rely on international supply chains. Domestic businesses must not only safeguard their own operations from cyber threats, but the operations of the dependent organizations within their international ecosystem, as well. Physical security threats to infrastructure and electrical power exist in the U.S. but that physical threat to infrastructure would dramatically increase within a nation undergoing civil turmoil or war. A foreign company impacted by an electrical grid attack could cause disruption for U.S. companies that rely on them for parts or services. This would also hold true for natural hazards on infrastructure. Additionally, the threat of being targeted by Advanced Persistent Threats (APT)s likely differs from country to country. Companies within the U.S. are targeted by a state actors from several adversarial nations, while a smaller country such as Liechtenstein or Vanuatu may not have as many adversaries seeking to gain from exploitation on companies there, so the APT threat to the companies or infrastructure there may not be as great, and therefore may not weigh as heavily in organizational framework considerations.