The chapter presented issues of data protection and considered the challenges it may present to a component-based development environment, particularly within contemporary business environments where electronic transactions are increasing.
In view of recent data protection legislation, information systems developers and users need to consider, on the one hand, the ways in which data protection legislation restricts information systems development and, on the other hand, the ways in which information systems development practices limit or enable data protection. In this respect, we have attempted to elucidate some of these issues with respect to component-based development.
We believe that our study of data protection in a component-based develop- ment environment contributes to the ethical discussion about the implications of new information technologies and development strategies. Importantly, it unveils a complex ethical debate, in which data controllers (i.e., those who determine the purposes for which and the manner in which any personal data may be processed), the supervisory authority that oversees data protection, and information systems developers need to be involved. This debate spans technical, organizational, and social issues. The ethical awareness and understanding that arises from such debate have strong implications. First, it is people that have to implement development practices and institutionalize relevant policy. This makes demands on the existing knowledge and education of component analysts, designers and architects. In particular, new and updated skills are required. Secondly, architectural and other mechanisms are required that implement ethical awareness and understanding. The aim of this chapter has been to raise the level of awareness. Given the level of interpretation that can be applied to the Data Protection Act, the ethics of new approaches to development is an area that clearly requires further research.
REFERENCES
Adler, R. M. (1995). Emerging standards for component software. IEEE Computer, 28(3), 68-77.
Anderson, R. E. (1993). Using the new ACM code of ethics in decision making.
Communications of the ACM, 36(2), 98-107.
Bainbridge, D. (1996). Introduction to Computer Law, 3rd edition, Pitman Publishing.
Barber, B., Leslie, D., Elbra, T., Green, N. and Gilbey, J. (1998). Data Protection–
Everybody’s Business. Prepared by a Working Party of the British Computer Society’s Data Protection Committee.
Bäumer, D. and Gryczan, G. et al. (1997). Framework development for large systems. Communications of the ACM, 40(10), 52-59.
Benassi, P. (1999). TRUSTe: An online privacy seal program, Communications of the ACM, 42(2), 56-59.
Bertino, E., Pagani, E., Rossi, G. P. and Samarati, P. (2000). Protecting information on the Web. Communications of the ACM, 43(11).
Beynon-Davies, P. (1995). Information systems ‘failure’: The case of the London Ambulance Service’s Computer Aided Despatch project. European Journal of Information Systems, 4, 171-184.
Bott, F., Coleman, A., Eaton, J. and Rowland, D. (1995). Professional Issues in Software Engineering. 2nd edition. UCL Press Limited.
Clarke, R. (1999). Internet privacy concerns confirm the case for intervention.
Communications of the ACM, 42(2), 60-67.
Data Protection Act. (1998). London: The Stationery Office Limited. Retrieved March 22, 2001 on the World Wide Web: http://www.hmso.gov.uk/acts/
acts1998/19980029.htm.
Data Protection Registrar. (1998). The Fourteenth Annual Report of the Data Protection Registrar, London: HMSO.
De Hondt, K., Lucas, C. and Steyaert, P. (1997). Reuse contracts as component interface descriptions. Second International Workshop on Component-Ori- ented Programming, Jyväskylä, Finland, June 9, 43-49.
Dhillon, G. (1997). Managing Information System Security. London: Macmillan.
EU Data Protection Directive. (1995). (95/46/EC). On the protection of indi- viduals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Community, 281, 31-50, November 23.
EU-US. (1997). Joint EU-US statement on electronic commerce 5th of Decem- ber 1997.
Fayed, M. E. and Schmidt, D. C. (1997). Object-oriented application frameworks.
Communications of the ACM, 40(10), 32-38.
France, E. (1998). An Introduction to the Data Protection Act 1998, October.
Hart, P. and Saunders, C. (1997). Power and trust critical factors in the adoption and use of electronic data interchange. Organization Science, 8(1), 23-41.
Helm, R., Holland, I. M., and Gangophyay, D. (1990). Contracts: Specifying behavioural compositions in object-oriented systems. ACM SIGPLAN No- tices, 25(10), 169-180.
Hunt, A. (1998). Data protection–Meet the new guard. In Accountancy Age 23, April.
Johnson, R. E. (1997). Frameworks = (Components + Patterns). Communications of the ACM, 40(10), 39-42.
Johnston, D. (1999). Global electronic commerce-realizing the potential. In Leer, A. (Ed.). Masters of the Wired World, 228-237. London: Financial Times Pitman Publishing.
Kruchen, P. B. (1995). The 4 + 1 view model of architecture. IEEE Software, 12(6), 42-50.
Latour, B. (1987). Science in Action. Harvard University Press, MA: Cam- bridge.
Nicolle, L. (1998). The next big issue. The Computer Bulletin, November.
Nierstrasz, O. and Dami, L. (1995). Component-oriented software technology. In Nierstrasz, O. and Tsichritzis, D. (Eds.). Object-Oriented Software Composi- tion, Prentice Hall, Englewood Cliffs, NJ, 3-28.
Nierstrasz, O. and Meijler, T. D. (1995). Research directions in software composi- tion. ACM Computing Surveys, 27(2), 262-264.
Poulymenakou, A. and Holmes, A. (1996). A contingency framework for the investigation of information systems failure. European Journal of Informa- tion Systems, 5(1), 34-46.
Ratnasingham, P. (1998). The importance of trust in electronic commerce.
Internet research: Electronic Networking Applications and Policy, 8(4), 313-321.
Reagle, J. and Cranor, L. F. (1999), The platform for privacy preferences. Commu- nications of the ACM, 42(2), 48-55.
Sauer, C. (1993). Why Information Systems Fail: A Case Study Approach. Henley- on-Thames: Alfred Walled Limited.
Sessions, R. (1998). COM and DCOM: Microsoft’s Vision for Distributed Objects.
John Wiley and Sons, New York.
Sparling, M. (2000). Lessons learned through six years of component-based development. Communications of the ACM, 43(10), 47-53.
Steyaert, P., Lucas, C., Mens, K. and De Hondt, T. (1996). Reuse contracts:
Managing the evolution of reusable assets. ACM SIGPLAN Notices, 31(10), 268-285.
Swanson, E. B. and Beath, C. M. (1989). Maintaining Information Systems in Organizations, Chichester: Wiley.
Swire, P. P. and Litan, R. E. (1998). None of your business. World Data Flows, Electronic Commerce, and the European Privacy Directive, Brookings Insti- tution Press, Washington, D.C.
Szyperski, C. (1998). Component Software - Beyond Object-Oriented Program- ming. Addison-Wesley, Harlow, Essex.
Warren, P. (1998). Protect and survive. Business and Technology, September, 29- 32.
Weck, W. (1997). Independently extensible component frameworks. In Mühlhäuser, M. (Ed.), Special Issues in Object-Oriented Programming: Workshop Reader of the 10th European Conference on Object-Oriented Programming ECOOP’96, Linz, July, dpunkt.verlag, Heidelberg, 177-183.
Wilson, S. (1997). Certificates and trust in electronic commerce. Information Management & Computer Security, 5(5), 175-181.