CASE ANALYSIS ON CSR

Posted by on Mar 23, 2022 in Uncategorized | 0 comments

Case Analysis on CSR

Stephen Antwi

Old Dominion University

Cybersecurity Ethics

Professor Garnar Andrew

2/20/2022

Case Analysis on CSR

In his article “Why the Equifax Breach Stings So Bad,” Ron Lieber explored the Equifax data breach and its implications. First, the author noted that in the 2000 enraged messages he received about the data breach, most of them called for the kick out of Richard F. Smith, Equifax’s chief executive (Lieber, 2017). Lieber also pointed out that these messages revealed that the consumers were helpless. The credit rating industry was making money off their data, treated them with condescension, and was not answerable to anyone (Lieber, 2017). Therefore, some people like Brian Schill claimed that the company had sold their information to earn a profit. Furthermore, Schill asserted that none of the data was safe, and he felt that the consumers were trapped and could not opt-out. Similar sentiments were shared by Amanda Steinberg, the CEO of DailyWorth, who described the credit rating system as an entrapment (Lieber, 2017). When people tried to contact Equifax after the data breach, the company’s representatives claimed that they had no information about what had occurred. So, the people were frustrated by Equifax’s response. In addition, Lieber noted that the consumers were frustrated by Equifax’s persistence in charging them for freezing their credit files, yet it had promised to stop charging fees for the freezes. Moreover, Lieber (2017) posited that the chief financial officer and president of Equifax’s information solutions sold stock after discovering the data breach prior to its disclosure to the public. In this Case Analysis, I will argue that contractarianism shows us that the Equifax breach harmed consumers by selling their information and was morally bad.

The primary concept in Melvin Ashen’s article “Changing the Social Contract: A Role for Business” is the changing relationship between businesses and society – the development of the social contract. As per Anshen (1970), businesses are forced to take social responsibilities. She opined that the need to adjust or abandon the conventional responsibility to devote energy and talent to managing the resources to maximize the return on the investment is among the problems facing top organizational officers (Anshen, 1970). This need can seem to pressure corporate managers to engage in different forms of corporate social responsibility. Anshen further claimed that the pressures imply that society is struggling with a redefinition of the responsibility and duty of the private sector. However, two developments support this outlook. First, Ashen (1970) observed that the visible success of the private sector in applying technology and science begged the question that the wealth created could be used to eradicate poverty and social inequality. Ashen pointed out that the increased recognition of the concept of quality of life is the second underlying factor for developing the social contract.

Besides, Anshen articulated that the concept of implied social contract development stemmed back to the 17th century. In this connection, she asserted that society would face the threat of anarchy without the implicit contract. Thus, the states ought to force obedience to the implied contract terms. However, later John Locke changed this perception of compulsion by calling for consent. Ashen delineated that the private sector viewed the drive for profits as the pillar for economic growth under the old rationale. Also, the businesses could carry out their operations freely as long as they observed the rules. That way, society only benefited by receiving the goods the consumers needed. Pertinent to mention is that the businesses had no strong obligation to protect the environment. Instead, the primary role of the businesses was safeguarding economic growth (Anshen, 1970).

Nevertheless, the businesses have to revise the social contract terms under the new deal. More specifically, they had to redefine the scope and nature of the management of profit goals and responsibilities. Therefore, the management concern under the new dispensation would be revising some of the policies of the behavior of the private business. For example, the rules dealing with product packaging, automobile safety, consumer credit terms, and water and air contamination would be revised. Essentially, this would imply that the expenses linked to contamination of the environment would be transferred to the businesses. In addition, this would mean that the organizations judged to establish safety hazards would be forced to internalize the expenses of minimizing the perils by complying with the specified acceptable risk levels.

The development of the social contract applies to the Equifax data breach case. Equifax had an implied contract with its clients (society) to protect their data. However, it breached the implied contract terms by pursuing the profit-maximization goal. It was alleged that Equifax took the consumers` data and sold it to realize a profit. Therefore, Equifax could be described as an unfettered, private enterprise pursuing the goal of profit maximization. Also, Equifax was not ready to accept the external cost resulting from failing to safeguard the consumer’s interests adequately. When some consumers contacted the company representatives concerning the data breach, they were frustrated by their responses. In fact, the responses revealed that Equifax believed that it had no responsibility for society. Even after promising to stop charging fees for freezing the consumer’s credit files, it continued to charge them. Furthermore, some top managers engaged in insider trading after discovering the data breach. So, they were pursuing self-interests at the expense of other investors in the company. As such, the harm caused to the public was morally bad because it exposed their data to third parties without their consent. Thus, the affected people were exposed to cyberattacks since the criminals could use their information to exploit them.  

The contractarianism ethical tool may be applied to the Equifax data breach case. This ethical tool holds that individuals are typically self-interested, and realizing the maximization of self-interest would make them act ethically. The consent to governmental authority and maximization of the shared interest determine the moral norms. Accordingly, I think the right thing Equifax should have done is maximize the joint interest (engaging in social responsibility) and comply with the government regulations requiring corporations to protect consumer data. That way, the contracting parties (Equifax and consumers) could reach a binding remedy.

The central concept in Milton Friedman’s article “The social responsibility of business is to increase its profits” is social responsibility. He highlighted that business people think that they are protecting free enterprise when they argue that their businesses are not only dealing with profit maximization but also promoting some desirable social ends (Friedman, 2016). Further, Friedman observed that these businessmen also claim that they take seriously their duties of avoiding environmental pollution, eliminating discrimination, and providing job opportunities. However, Friedman asserted that these businessmen had undermined the foundation of the free society. So, in reality these businessmen were not engaging in social responsibility. As per Friedman, since the shareholders employ the corporate executive, he is accountable to them. He is supposed to conduct the business as per the desires of the business owners. Nevertheless, the corporate executive has to ensure the business operations conform to society’s basic rules. Basically, this requires engaging in social responsibility by protecting the environment and upholding the employee’s rights as well as avoiding engaging in activities that undermine the consumers.

In addition, Friedman explained that to pursue social responsibility, the corporate executive had to engage in social responsibility by promoting the interests of society members. Freidman emphasized that the manager should ensure he is not taking money from the consumers or employees. However, exercising social responsibility is complicated because it compels individuals to be accountable for their deeds and makes it cumbersome to exploit others for unselfish or selfish purposes (Friedman, 2016).

As presented by Friedman (2016), the concept of social responsibility applies to Equifax data breaches. Interpreting the Equifax case in light of social responsibility, it can be argued that Equifax failed in exercising its corporate social responsibility. It had a social responsibility of protecting the interests of the public by choosing to avoid its self-interest of growing its profits at the expense of the consumers` data. Although Equifax had the right to increase its profits, it should have ensured it conformed to society’s rules. In particular, the top management should have refrained from selling consumers’ information as purported to safeguard the consumers. At the heart of Equifax managers` decisions should have been the need to keep the information they receive from financial institutions safe. Unfortunately, Equifax’s executive decided to negate the responsibility of protecting the interests of the public. More disturbingly, when some affected consumers tried to reach out to Equifax for explanations for the data breach, the company frustrated them by giving vague answers. Liebel (2017) elucidated that Equifax’s big data trapped the individuals with no option to get out. Arguably, Equifax being an oligopoly felt no need to be socially responsible because it had a significant market share.

Equifax had entered into an implied contract with the consumers to protect their data. Nonetheless, it breached the contract by acting unethically. Undeniably, Equifax’s actions were harmful to the consumers because they exposed their data. Liebel pinpointed that some individuals feared losing their reputation or money. Also, other people were concerned that they were vulnerable to attacks because Equifax had exposed their information. Therefore, the harm caused by Equifax was morally bad. Based on the contractarianism tool, I think the right thing Equifax should have done is respect the consumers` information by not exposing it to other parties. Also, Equifax should have apologized to the affected people instead of pretending that it had no information databases about the data breach. The two top managers of Equifax’s information systems who engaged in insider trading should have restrained themselves from acting on the discovery of the data breach to sell their stock. Their actions were immoral since they exposed others to the adverse effects of the discovery.

Based on contractarianism theory, Equifax’s decision to sell the consumer’s data for profit was not the right thing. This can be attributed to the fact that contractarianism presents that the best approach for maximizing one’s interest is engaging in an activity that maximizes the joint interest. Since Equifax’s action only benefitted the company, it means its action was not the right thing. The right thing that Equifax should have done is to engage in corporate responsibility. Typically, this should have required Equifax to maximize its interests as well as those of its customers. In this case, it should have protected their data by not selling it to third parties since such an action exposes the consumers` personal information. Equally, Equifax should have consented to the government authority because contractarianism calls for legal persons (companies inclusive) to adhere to the government regulations. The wrong Equifax committed could be corrected by the company acknowledging its mistake and committing to keeping the consumers` information confidential.

It was immoral for Equifax to pursue self-interest by selling consumers’ information for profit. Such an action exposed the affected people to different types of attacks. Based on the contractarianism ethical tool, it is apparent that these actions were immoral. The right thing Equifax could have done was to respect the consumers by ensuring they protect the information financial institutions submit to them. Equifax had an implied contract with the consumers to protect their data. Also, since individuals are self-interested, as presented by contractarianism, Equifax should have acted morally by aiming at maximizing the joint interest and consenting to the government authority. Typically, this would mean that Equifax should have pursued an action that was justifiable to each party. Since selling information to third parties only benefitted Equifax while exposing the consumers` information, the company acted morally bad. Even some of its employees acted morally bad by engaging in insider trading. It was unethical for these employees to sell their stock because they acted based on the discovery of the data breach. Eventually, Friedman reminded us about the need for corporate executives to engage in social responsibility. Relating this to the Equifax case, it can be claimed that the company owed the public a social responsibility of ensuring it promoted their interests. In this case, it should have protected the consumers’ data by choosing not to pursue the profit motive.

References

Anshen, M. (1970). Changing the social contract: A Role for Business. Columbia Journal of World Business5(6), 6-14.

Friedman, M. (2016). The social responsibility of business is to increase its profits. Business in Ethical Focus: An Anthology.

Lieber, R. (2017, September 22). Why the Equifax Breach Stings So Bad. The New York Times. https://www.nytimes.com/2017/09/22/your-money/equifax-breach.html

Leave a Reply

Your email address will not be published. Required fields are marked *