Describe four ethical issues that arise when storing electronic information about individuals. 

Now a days everything you do on the internet there is information is being stored. That information may range from basic session information such as IP addresses, protocols, etc, to personally identifiable information, health information, payment card information, and other sensitive information. This raises many different ethical questions about the collection and management of that specific information, especially sensitive data. 

Another ethical issue we should go over is how much information should companies collect? In my eyes the only data companies should collect is information that is needed to use their service. Now a days we see more and more companies being sued because of the overcollection of customer data. This makes the risk bigger for consumers to use that service because more information about them is being used. That is why companies should only collect information that is needed. 

How should information be stored? Information should obviously be stored securely, but what does that mean. There are many categories of information such as PII (Personally Identifiable Information), PHI (Protected Health Information), credit card information, etc. Those types of information all have legal rules when it comes to storing that information, these are called compliances. Companies should be following these compliances are they are fined a hefty amount. In general, if a customer needs to provide information such as a credit card number but they don’t need to save it with the provider then it is good practice to not even store that information because it puts the customer less at risk and the company less at risk. 

What control do individuals and companies have over their information? It depends on the location of where the information is stored, and the location of whose information is being collected. For example, in Europe they have this thing called GDPR. This is a regulation on all European citizen data whether it is stored in Europe or outside, it allows for data minimization, storage limitations, and security. In the United States we don’t have that. The closest law we have right now is the California Privacy Rights Act which only applies to Californians, which I think should be spread across the whole country. 

Lastly, I want to ask the question, should sensitive data be stored with homomorphic encryption? Some of you might not know what homomorphic encryption is, but in short, it is the encryption of data that can be used and worked with as if it were unencrypted, without ever actually unencrypting the data. This takes out the risk of data being seen in plaintext and lowers the risk of the entity that is storing the data. The short answer is yes, I believe for a safe cyber world all sensitive information should move to being stored with homomorphic encryption even if it uses more resources to use.