Final year project 2

CHAPTER ONE INTRODUCTION In this century life is made so much easier with the help of technology. For instance you can shop online with your credit card, any information needed is easily retrieved from a database for decision making, decisions are made with greater ease and speed, and transactions are made faster, there is better co-ordination e.t.c. Things can’t get any better with the coming of the digital age, but in this life everything that has an advantage also has a disadvantage. Hundreds of today's emerging technologies have privacy implications, and many of them, such as wireless data communications, high speed broadband, social network sites, and webcams e.t.c, have already become cheap enough to be used on a large scale. Once these technologies become commonplace, it will be nearly impossible to change them. For this reason, taking security measures to protect privacy should be high on the agenda of societies throughout the world. Privacy cannot be talked about without talking about information security first. Information security is the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More organizations store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing. Many businesses have computerized their operations and information. Personal staff details, client lists, salaries, bank account details, marketing and sales information may all be stored on a database. Without this information, it would often be very hard for a business to operate. Information security systems need to be implemented to protect this personal and sensitive information. When there is a weakness in the information security of a system, it becomes vulnerable to attacks from perpetrators that are on the prey for personal data of individuals and organizations. With the different trends of crimes that are happening today, for example; hacking, phishing, identity theft etc. when there is a weakness in a system, these cybercrimes can be done successfully and in the process sensitive private information could be stolen or tampered with, thereby leading to a breach in privacy. Privacy is a very sensitive issue that if tampered with could lead to great losses or consequences but also different cultures view privacy differently, what is considered private in one culture or society may not be in another. Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to a person, it usually means there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends on how the public will receive this information, which differs between places and over time. Privacy can be seen as an aspect of security — one in which trade-offs between the interests of one group and another can become particularly clear. (Philip E. Argre, 1998) Privacy laws differ from country to country and some things that are regarded as private information in one country might not be in another country. These privacy laws limit the exposure of private information to unauthorized people. The irony is that certain organizations sell their private information and that of their personnel to be able to strike deals with other companies, on the other hand individuals release private information willingly hoping to get something in return but end up being disappointed when that information is misused. More Ghanaians have their personal information in a database of an organization or online and if these information leaks out it could be very detrimental and for organizations and their private information it could spell doom. In this project we are going to research more on the issue of privacy, what is being done and what can be done using K.N.U.S.T as a case study. 1.0 BACKGROUND OF STUDY In the modern world privacy issues constantly arise with the collection and dissemination of digitized personal data. We disseminate such personal data through our everyday routines, internet banking, shopping online, online registration, filling of forms online, doctor’s appointment and so on. Most of these activities are necessary for normal operations of an organization but sometimes these organizations violate the privacy of their personnel either deliberately or through carelessness on the part of individuals. Privacy is being violated without the knowledge of the victim of such violation. Email messages at work are filed for easy searching, but also for easy reading by supervisors. Computer desktops are being monitored but also used to intrude on privacy, Credit card systems capture details of purchases to sell to companies, but easing both payment and subsequent marketing. Even when security is tight, the most significant dangers to privacy derive from uses of personal information that are consciously chosen. Flows of personal data that are initiated for one purpose are often used for other purposes later on. Technology has eased the burden but there’s always a price to pay. Data can only be abused if the identity of the individual is known. For this reason organizations try different measures and mechanisms to protect private information of the company and its personnel from unauthorized access but perpetrators leave no warning signals because they are smart, determined, skillful, and backed by other big guns in the business, sometimes they even use insiders to get what they want. Ironically, whenever technology advances these criminals also advance too in skills and technology and then information security becomes a rat race, but we believe that if the privacy culture is right in an organization it would serve as the foundation for the information security mechanisms to function effectively in protecting privacy of the organization and its populace. Hope Is not lost with further research possible solutions could arise. Having said all this, it is obvious that the protection of personal privacy and the prevention of unauthorized access in this cyber age is a hard nut to crack and hopefully we can crack it one step at a time. 1.1 STATEMENT OF PROBLEM As was mentioned earlier on, much of the information stored in organizations is highly confidential and not for public viewing. Many organizations have computerized their operations. Personal staff details, client lists, salaries, bank account details, marketing and sales information may all be stored on a database. Without this information, it would often be very hard for an organization to operate. Information security systems need to be implemented to protect this information, because if this information leak out there would be a loss of privacy and this would lead to greater losses in terms of money, lives and trust. When there is a weakness in the information security system of an organization, it becomes vulnerable to attacks from perpetrators that are on the prey for personal and confidential information. With the different trends of crimes that are happening today, for example; hacking, phishing, identity theft etc. when there is a weakness in a system or carelessness of individuals, cybercrimes can be done successfully and in the process sensitive private information could be stolen or tampered with, thereby leading to a breach in privacy. Privacy is a very sensitive issue that if tampered with could lead to great losses or consequences. The large amount of private data online and on servers leaves individuals and organizations open to having their privacy violated, sometimes with serious consequences. As a result of technological advancement there have been a series of cyber crimes including identity theft, phishing, fake sites, cookies, spam and hackers that have weakened privacy. “In Ghana the case of sakawa and other cyber crimes have led to a loss of lives and huge amounts of money,(daily graphic, 2009)” these criminals can only be effective if personal information about an individual or an organization is exposed and then the attacks can be launched. This is something that can easily happen if appropriate security measures or awareness are not in place. In America identity theft crime was responsible for $745 million in losses in 1997, nearly $300 million more than the previous year (Philip E. Argre, 1998) these figures are enough reason to stand up and do something about the issue of privacy because if personal information doesn’t get into the hands of criminals there would be no cybercrimes. Credit companies say fraud inquiries have soared in the 1990s to about 500,000 cases annually and keep getting worse (Philip E. Argre, 1998). Credit laws typically limit direct financial losses to the victim, but correcting credit records and other corrupted information can consume a victim's life for years afterward and cost thousands of dollars. Inadequate protection of private information can threaten personal safety; can lead to loss of lives, properties and jobs. Ghana has been ranked number ten in the world in terms of cyber crimes (internet crime report, 2007) this recent development is enough reason to find new ways to protect personal information of individuals and organization, with this skill that has been learnt in Ghana and with the digital age and its progression these skills are improved and made more sophisticated, so therefore organizations and individuals are not safe because systems can be hacked into, there can be intrusion attempts and unauthorized access to get confidential and private information. The exposure of private personal information about an individual, an organization or a country could have devastating and life threatening outcomes. In the light of this knowledge we have decided to address the issue of privacy in this digital age and further research on it, finding better ways to improve information security and privacy awareness in the university, because this issue is like a time bomb waiting to explode. Since we cannot cover the whole Ghana we will focus on Kwame Nkrumah University of science and technology because of proximity and cost constraints and it is our beloved university so whatever happens affects us directly. 1.2 OBJECTIVES The objectives of this paper are to shed more light on the subject of privacy in our technologically advancing world, to investigate the level of awareness on privacy among individuals on campus, to investigate the privacy culture on campus, to determine what measures are being taken by the K.N.U.S.T system to protect the privacy of everyone in the university, To make possible recommendations to increase information security and privacy awareness in the university and Ghana at large. 1.3 SPECIFIC OBJECTIVES To analyze the extent and nature of privacy issues on campus. To investigate the extent of privacy awareness and security measures in place. To determine possible recommendations to protect personal and private information of the university 1.4 QUESTION STATEMENTS Why should we care about a possible loss of privacy? What are some of the potential impacts when privacy is breached? What data trails does a person create in modern society? What steps can organizations take to protect their valuable private information? 1.5 JUSTIFICATION OF THE STUDY Ghana is growing very fast technologically and most of the privacy issues and breach are not strange to Ghana. There has been a rise in cybercrimes like hacking to get personal information from people i.e. unauthorized access also loss of private and confidential information. There is no exemption for our beloved university and the faster we realize it and act the better for all of us. This study will help Ghana to be more aware of this issue and possibly adopt an information security policy that could save her billions of cedis that if lost could cripple the economy for a long time and also knowledge of this issue could save lots of precious human lives, in the sense that lots of lives have been lost as a result of their personal delicate information being leaked out and these information got into the wrong hands that used it against them or an organizations confidential information got into the wrong hands, knowing what to do and how to do it could prevent a lot. I believe this study would go a long way, if adhered to will bring sanity in terms of privacy into this digital age, with Ghana being no exception. Everyone has a role to play in the protection of privacy from the forces of technology. 1.6 METHODOLOGY The study involves the collection of both primary and secondary data. The primary data will be collected through questionnaires and face-to-face interviews with sectors on campus and individuals that make use of information technology and are a possible target for cybercrimes. The secondary data would be collected through libraries, the internet, publications, and books. As we are dealing with mainly privacy we would be getting most of our information from online sites and people 1.7 SCOPE OF THE STUDY The scope of study for this project is kwame Nkrumah University of science and technology and our sample unit will be the I.C.T centre, the network operating centre, the university Hospital, the planning unit, administration and finance department. Our study is dealing only with digital information. And in this study we are concerned about the personal information of students and populace of the university and how our personal information is being kept and protected from unauthorized access and also how confidential data of the university is also protected. This study will be limited to privacy issues like awareness, loss of confidential and private data and measures to combat it. Though it is a part of cyber security our efforts will be concentrated on privacy specifically organizational privacy. 1.8 LIMITATIONS OF THE STUDY During this research we encountered various limitations, they are; Time Money Lack of co-operation of respondents Access to confidential information CHAPTER TWO LITERATURE REVIEW 2.0 INTRODUCTION This chapter reviews some of the related literature and articles on the issue of privacy in the digital age. This study seeks to discover the mainstream thoughts in contemporary literature relating to meaning of information technology, benefits and drawbacks of information technology, meaning of information security, latest trends of information security and threats, what is privacy, types of privacy, and threats to privacy and measures to protect privacy. 2.1 MEANING OF INFORMATION TECHNOLOGY Information technology has changed and evolved from the first time to now it was introduced according to Dhamma’s article. Different innovations and better ways of doing things with IT are being introduced regularly. Technology is ever changing and honestly where would we be without technology but there is always a downside to everything. According to Brook N. Meeks “OUR UNBRIDLED LOVE affair with all things technological has an evil twin: a seemingly unstoppable encroachment on our personal privacy. The same streaming video technology that allows grandma and grandpa to chat with their grandchildren is being used to spy on employees in the workplace or capture unsuspecting lovers stealing a kiss” (Brook N. Meeks, 2000) According to Dhamma in an article, in simple words ‘IT’ means collection, storage, dissimilation and use of information. Not confined to hardware & software but acknowledgement of importance of man & the goals he sets to the technology. The scientific technological & engineering disciplines & the management techniques used in information handling & processing their application, computer & their interpretation with man, machines and associated social, economical & cultural matters are covered in IT. Data leads to information, information leads to knowledge, knowledge leads to wisdom, & wisdom is the key to existence of human civilizations. Our need of accuracy & revolution towards processing of information has led us to ‘Information Revolution’. Computers and IT tools can take humans to the peak of new millennium or destroy human civilization. (Dhamma, 2009) Information technology (IT), as defined by the Information Technology Association of America (ITAA), is "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware."[1] IT deals with the use of electronic computers and computer software to convert, store, protect, process, transmit, and securely retrieve information.( Information Technology Association of America ) When computer and communications technologies are combined, the result is information technology, or "InfoTech". Information technology is a general term that describes any technology that helps to produce, manipulate, store, communicate, and/or disseminate information. (Wikipedia, 2007) 2.2 BENEFITS OF INFORMATION TECHNOLOGY True globalization has come about only via this automated system. The creation of one interdependent system helps us to share information and end linguistic barriers across the continents. The collapse of geographic boundaries has made the world a 'global village'. The technology has not only made communication cheaper, but also possible much quicker and 24x7. The wonders of text messages email and auto-response, backed by computer security applications, have opened up scope for direct communication. . (Gaynor Borade, 2009) Other writers think there are other benefits too; Cost effectiveness - Information technology has helped to computerize the business process thus streamlining businesses to make them extremely cost effective money making machines. This in turn increases productivity which ultimately gives rise to profits that means better pay and less strenuous working conditions. (www.buzzle.com, 2009) Bridging the cultural gap - Information technology has helped to bridge the cultural gap by helping people from different cultures to communicate with one another, and allow for the exchange of views and ideas, thus increasing awareness and reducing prejudice. (solution.com, 2007) Creation of new jobs - Probably the best advantage of information technology is the creation of new and interesting jobs. Computer programmers, Systems analyzers, Hardware and Software developers and Web designers are just some of the many new employment opportunities created with the help of IT (smallbusinessbible.org, 2008) 2.3 DRAWBACKS OF INFORMATION TECHNOLOGY Though information technology may have made communication quicker, easier and more convenient, it has also bought along privacy issues. From cell phone signal interceptions to email hacking, people are now worried about their once private information becoming public knowledge. (smallbusinessbible.org, 2008) Information technology has made people lose their jobs especially middle managers that can easily be replaced by a computer. (Nk, 2009) 2.4 MEANING OF INFORMATION SECURITY Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met. This should be done in conjunction with other business management processes. (International standards organization, 2005) Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction (Wikipedia, 2009) Information security is the process of protecting information. It protects its availability, privacy and integrity (Garry Crystal, 2010) 2.5 LATEST TRENDS IN INFORMATION SECURITY AND THREATS According to mike rossander the latest trends in information security threats are; Social networking, Conficker worm- The experts predict that the payload, which is what the worm will do when it is activated, will somehow involve people being separated from their money, Spam and phishing campaigns, Holiday related scams, Laptop theft, Fake cheques, hacking, web 2.0, botnets ( Mike Rossander, 2009) according to Dr larry polemon, they are: cloud computing, virtualization, mobility and mobile devices, cyber crime, outsourcing to third parties, data breaches and the risk of identity theft, peer-to-peer file sharing and Web 2.0. Mega trends becoming more risky are cloud computing, malware, web 2.0 and mobile devices. In the case of cloud computing, it is the inability to assess or verify the security of data centers in the cloud and protect sensitive and confidential information. IT security practitioners see the risk of malware and Web 2.0 as resulting in the loss of sensitive or confidential business information including trade secrets. It is interesting to note that in our study IT security respondents perceive the risk of a mobile workforce as decreasing but mobile devices remaining a high or very high risk for many companies. According to respondents, the most risky mobile device is the laptop computer and the number one concern is the inability to properly identify and authenticate remote users. (Dr Larry Polemon, 2008) Michael A, Davis predicts that in 2010 the following crime will take center stage: Emboldened social engineering, Social networking sites will be a bigger target, Ransomeware will replace scareware, Organized cybercrimes (Michael A. Davis, 2009) “Using rich content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime, having the widespread distribution and the popularity of Flash-based ads on the Web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware.” (Yuval Ben-Itzhak, CTO of Finjan) Hackers are now attacking RFID tags and readers, mobile devices and hardware drivers and using advanced information security threats such as root kits and self-morphing Trojans to gain control of PCs (searchsecurity.com, 2003) “Right now, really the past two years, this botnet delivery cycle is what concerns me the most. It's really a major, major problem, and this is where users PC's get compromised by visiting a legitimate website that itself had been compromised and download some software on the user PC. That user PC happily goes back to work, talks out to the botnet command control center, and downloads a much targeted attack. We published some case studies with some large global commercial businesses that have found on the order of three to five percent of their PC's have bad clients installed, and these are well-protected PC's. When you look at consumer PC's on the order of 30-35 percent of consumer PC's have bad clients installed. That can be used to capture passwords and look for databases and so on. So it's a very clever mechanism” (John Gartner, 2009) 2.6 WHAT IS PRIVACY? “We know our privacy is under attack, the problem is that we don’t know how to fight back.”(Simpson Garfunkel, 2007) Alan Westin (1967) has surveyed studies of animals demonstrating that a desire for privacy is not restricted to humans. However, what is termed private in these multiple contexts varies. Privacy can refer to a sphere separate from government, a domain inappropriate for governmental interference, forbidden views and knowledge, solitude, or restricted access, to list just a few. The privacy principle, they believed, was already part of common law and the protection of one’s home as one’s castle, but new technology made it important to explicitly and separately recognize this protection under the name of privacy (Warren and Brandeis, 1890). Privacy should only be protected when access to the information would reduce its value (e.g. allowing students access to their letters of recommendation make those letters less reliable and thus less valuable, and hence they should remain confidential or private).( Richard Posner, 1981). Alan Westin describes privacy as the ability to determine for ourselves when, how, and to what extent information about us is communicated to others (Westin, 1967). Parent explains that he proposes to defend a view of privacy that is consistent with ordinary language and does not overlap or confuse the basic meanings of other fundamental terms. He defines privacy as the condition of not having undocumented personal information known or possessed by others, there is a loss of privacy on Parent’s view, only when others acquire undocumented personal information about an individual (William Parent, 1983). The American jurist Louis Brandeis described privacy as “the right to be let alone” and as “the most fundamental of all rights cherished by a free people” in a famous article on the Right to Privacy (1890). Sissela Bok (1982) argues that privacy protects us from unwanted access by others — either physical access or personal information or attention. Ruth Gavison (1980) defends this more expansive view of privacy in greater detail, arguing that interests in privacy are related to concerns over accessibility to others, that is, what others know about us, the extent to which they have physical access to us, and the extent to which we are the subject of the attention of others. Thus the concept of privacy is best understood as a concern for limited accessibility and one has perfect privacy when one is completely inaccessible to others. Privacy can be gained in three independent but interrelated ways: through secrecy, when no one has information about one, through anonymity, when no one pays attention to one, and through solitude, when no one has physical access to one. Moore argues that privacy is objectively valuable — human beings that do not obtain a certain level of control over access will suffer in various ways. Moore claims that privacy, like education, health, and maintaining social relationships, is an essential part of human flourishing or well-being (Adam Moore, 2003). It is clear that many people still view privacy is a valuable interest and realize it is now threatened more than ever by technological advances, There are massive databases and Internet records of information about individual financial and credit history, medical records, purchases and telephone calls, for example, and most people do not know what information is stored about them or who has access to it. The ability for others to access and link the databases, with few controls on how they use, share, or exploit the information, makes individual control over information about oneself more difficult than ever before.(Stanford encyclopedia of philosophy,2006) Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes (Philip E. Argre, 1998) Privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those they choose to give the information to. Privacy is sometimes related to anonymity although it is often most highly valued by people who are publicly known. Privacy can be seen as an aspect of security (encyclopedia) From the above review of the literature on the meaning of privacy, privacy does not have a definite meaning; it means different things to different people. Most people believe that when the issue of privacy comes up it has to do with only individuals but privacy encompasses individuals, groups and organizations and all are of equal importance. We would define privacy as prevention of unauthorized persons from information that is private and of a highly confidential nature belonging to a person, a group or an organization and that if exposed to the public could be detrimental. 2.7 TYPES OF PRIVACY Different people categorize privacy differently because term privacy differs from country to country. In the article below Wikipedia divide privacy into three types namely, physical privacy, information privacy and organizational privacy while the encyclopedia divided the types of privacy into six types namely; Political privacy, Medical privacy, Genetic privacy, Privacy during an online job search, Privacy from corporations, Privacy from government interference Physical Physical privacy could be defined as preventing “intrusions into one’s physical space or solitude an example of the legal basis for the right to physical privacy would be the US Fourth Amendment, which guarantees “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures”. Most countries have laws regarding trespassing and property rights also determine the right of physical privacy. Physical privacy may be a matter of cultural sensitivity, personal dignity, or shyness. There may also be concerns about safety, if for example one has concerns about being the victim of crime or stalking. (Wikipedia, 2009) 2.7.2 Informational Information privacy Data privacy refers to the evolving relationship between technology and the legal right to, or public expectation of privacy in the collection and sharing of data about one’s self. Privacy concerns exist wherever uniquely identifiable data relating to a person or persons are collected and stored, in digital form or otherwise. In some cases these concerns refer to how data is collected, stored, and associated. In other cases the issue is who is given access to information. Other issues include whether an individual has any ownership rights to data about them, and/or the right to view, verify, and challenge that information. Various types of personal information often come under privacy concerns. For various reasons, individuals may not wish for personal information such as their religion, sexual orientation, political affiliations, or personal activities to be revealed. This may be to avoid discrimination, personal embarrassment, or damage to one’s professional reputation. Financial privacy, in which information about a person’s financial transactions is guarded, is important for the avoidance of fraud or identity theft. Information about a person’s purchases can also reveal a great deal about that person’s history, such as places they have visited, whom they have had contact with, products they use, their activities and habits, or medications they have used. Internet privacy is the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. These concerns include whether email can be stored or read by third parties without consent, or whether third parties can track the web sites someone has visited. Another concern is whether web sites which are visited collect, store, and possibly share personally identifiable information about users. Tools used to protect privacy on the internet include encryption tools and anonymzing services like I2P and tor. Medical privacy allows a person to keep their medical records from being revealed to others. This may be because they have concern that it might affect their insurance coverage or employment. Or it may be because they would not wish for others to know about medical or psychological conditions or treatment which would be embarrassing. Revealing medical data could also reveal other details about one’s personal life (such as about one’s sexual activity for example). Sexual privacy prevents a person from being forced to carry a pregnancy to term and enables individuals to acquire and use contraceptives and safe sex supplies and information without community or legal review Political privacy has been a concern since voting systems emerged in ancient times. The secret ballot is the simplest and most widespread measure to ensure that political views are not known to anyone other than the original voter — it is nearly universal in modern democracy, and considered a basic right of citizenship. In fact even where other rights of privacy do not exist, this type of privacy very often does. (Wikipedia, 2009) Organizational Government agencies, corporations, and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals. Such organizations may implement various security practices in order to prevent this. Organizations may seek legal protection for their secrets. For example, a government administration may be able to invoke or declares certain information to be classified, or a corporation might attempt to protect trade secrets (Wikipedia, 2009) According to the encyclopedia there are six types of privacy and they are; Privacy – Political privacy, Privacy – Medical privacy, Privacy – Genetic privacy, Privacy – Privacy during an online job search, Privacy – Privacy from corporations, Privacy – Privacy from government interference(encyclopedia, 2009) From the above literature it is obvious that there are various types of privacy but they are grouped differently and not in a structured way. From our own point of view we would say that they all fall under information privacy because that is the major thing that needs to be kept securely and if breached could lead to losses or problems, so all other types fall under information privacy. 2.8 THREATS TO PRIVACY There are several crimes that threaten privacy in so many ways and can violate the privacy of individuals and organizations they are; Network Intrusions – unauthorized penetrations (kwame owusu, 2009) Hacking- Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user ( www.cybercellmumbai.com) Cookie exploits, Spam, Phishing, Cracking (kwame owusu, 2009) Hacking and cracking are amongst the gravest Cybercrimes known till date. It is a dreadful feeling  to  know  that  someone  has  broken  into  your  computer  systems  without  your knowledge and consent and has tampered with precious confidential data and  information. Coupled with this, the actuality is that no computer system in the world is hacking proof. It is unanimously agreed that any and every system in the world can be hacked. Using  one’s own  programming  abilities  as  also  various   programmes  with  malicious   intent  to gain unauthorized  access to  a  computer  or network  are  very  serious crimes.  Similarly, the creation and   dissemination of harmful computer programs or virus which do irreparable damage to computer systems is another kind of Cybercrime (Pavan Duggal, 2004) According to Mr. Marc Rotenberg there are three threats to privacy; the threats to privacy came from multiple sources. They can be broadly classified as technologic threats, threats from actions of government, and threats from the private sector and commercial services. Technology Threatens Privacy In the modern era, technology has long been viewed as the source of many privacy concerns. Among the key characteristics of technology in the surveillance realm are amplification, routininazation, and sublimation. Amplification refers to the ability of technology to extend the ability to gather information and intrude into private life. Examples of amplification are linked directly to the sensory abilities. A zoom lens on a camera allows a reporter to see further and record events that might not otherwise be observed. A listening device permits a police agent to intercept and overhear a private communication. New techniques for the detection of heat behind walls make it possible for police to determine whether grow lamps are in use inside a home, possibly indicating the presence of marijuana. Routinization is the process of making intrusion into private life an ongoing process here technology is used to establish a pattern or practice of surveillance. While technology is not required for an invasion of privacy, the ability of techniques to amplify, routinize and sublimate surveillance has traditionally raised some of the greatest privacy concerns. (Marc Rotenberg, 1997) 2.8.2 Governments Threaten Privacy Many of the most serious threats to privacy come from government. In the most extreme form, when a government arrests and imprisons a person it has denied the individual the dignity of privacy almost absolutely. Government can also diminish privacy through schemes for compelled identification, drug testing, physical searches of one’s home or person, database profiling, genetic testing, and polygraph examinations to name just a few.(marc Rotenberg, 1997) Corporations Threaten Privacy Corporations threaten privacy in a variety of means. In the workplace, corporations seek to exert greater control over workers through a variety of monitoring and surveillance practices. Such practices include the monitoring of telephone calls and computer use, the video surveillance of change rooms and bathrooms, drug testing, and polygraphs. More generally, corporations threaten privacy in the marketplace through the extraction of commercial value from consumers in their personally identified transactions. It is no longer sufficient for customers to offer payment for goods and services. They must now also provide personal details that can then be used by companies for subsequent purposes (marc Rotenberg, 1997) Looking at the above literature we believe that the greatest threat to privacy is technology, because technology has made it so much easier to get any information that is needed, with the help of technology hackers can do a very good job at getting private confidential information, identity theft can occur, password theft, phishing and all sorts. But also there is always a silver lining because when privacy is breached it can serve as a means to tighten security and upgrade technology so probably if there was no breach in privacy there will be no way to better enhance technology to prevent future attacks 2.9 MEASURES TO PROTECT PRIVACY According to Rotenberg he says that technology and law could protect privacy but not fully; the limitations of law have renewed the focus on technical methods to protect privacy. But it remains unclear whether technology can provide a comprehensive solution. It is necessary in the first instance to distinguish between genuine technical means to protect privacy and those technical means that in fact promote collection of personally identifiable information. Privacy Enhancing Technologies (PET) is generally understood as those that limit or eliminate the collection of personally identifiable information. Such methods include techniques for anonymous and pseudo-anonymous payment, communication, and web access. By limiting the collection of personal information, these approaches enable transactions avoid the creation of personal information. By analogy to the environmental context, this would be much like the design of an engine that generated no pollutants Privacy Extracting Techniques (~PET) typically create a technological framework that facilitates the disclosure of personal information, often without any assurance of protection or legal safeguards. These techniques which are often confused with true PETs are put forward by commercial firms and others as a "technical solution" to privacy when in fact they are designed to make it easier to obtain personal data. Whether new technology can protect privacy will thus depend on several factors, including the progress in the development of these techniques, their acceptance by consumers and others, and the ability to discern actual methods for privacy protection from those that are likely to further erode privacy protection. For much of the history of privacy law, the relationship between law and technology was understood as a simple equation: technology creates the risk to privacy, it is the role of law to protect privacy against this incursion of technology. Thus privacy law has been established to control the use of personal information collected by means of computerized databases, private conversations overhead though telephone networks. Although it has sometimes been said that technology outpaces the law, raising the question of whether law can operate effectively in a technological environment (Marc Rotenberg, 1997) The truth is fighting to protect privacy is a quixotic venture. Sure, there are any number of technologies, techniques and work-arounds you can employ, all in the effort to protect your privacy. But such a quest is like trying to dig a hole in middle of a fast flowing river. The rich and powerful gain some amount of privacy only because they can afford to grid their personal lives with a kind of digital body armor. (Brook N. Meeks, 2000) David Brin proffers that the more we attempt to protect privacy the more we are sure to lose it. Regardless of how many technologies and techniques the public can conjure to protect privacy, there will always be governments and the rich and powerful that are more able and more willing to subvert those same technologies for their own ends to the ultimate detriment of ours. (David Brin) According to an article on privacysolutions.com the ways to protect personal information on a system is to have firewalls, encryption of sensitive data, antivirus software and experts who can help protect privacy.(privacysolutions.com) According to Alan Westin there is more to protecting privacy than concentrating on creating awareness, he was concerned with shifting the privacy debates away from ‘raising privacy awareness’ to ‘a sensitive discussion of what can be done to protect privacy in an age when so many forces of science, technology, environment, and society press against it from all sides’ (Alan Westin 1970) From the above literature it is obvious that there are a lot of ways to protect privacy but these ways are not enough if used in isolation, David Brin believes that it is a waste of time so do other scholars but even if it is a waste of time should we leave our personal information at the mercy of perpetrators, the answer is NO. Alan westin believes creating awareness is not the way but the truth is that awareness is the bedrock of safety, ’people perish for lack of knowledge(the holy bible)’ we believe that one measure of protection of privacy should not be used alone, there should be multiple measures that should be used if security is to be at its highest. Privacy cannot be completely protected but there are still measures that can be used to give individuals and organizations the level of privacy and security they need. Only technological ways cannot solve the problem but if technology, laws, policies and the individuals being more careful and aware are put together then I believe that there is hope for privacy in the digital age. CHAPTER THREE RESEARCH METHODOLOGY 3.0 INTRODUCTION This chapter describes the sample size, source of data, methods of data collection, methods of data analysis and a brief overview of source of data. 3.1 RESEARCH METHODOLOGY This is defined as a planned and systematic process or a way of investigating either personally or through any techniques used by a researcher in order to collect facts from a stipulated number of people in a particular problem. It also explains how the research was carried out. (Henry walker, 2007) 3.2 SAMPLE SIZE The sample size for this research is 61 and it consists of the various sample units; I.C.T centre, the network operating centre, the university hospital, the administration and finance office, planning unit and students of Kwame Nkrumah University of Science and Technology. 3.3 SOURCE OF DATA For this research we collected both primary and secondary data. The source of our primary data was from the various entities mentioned in the sample size, while our secondary data source was obtained from journals, articles and books obtained online about the ongoing issue of privacy in the digital age. 3.4 METHODS OF DATA COLLECTION Questionnaires were the major tools used for the collection of data for this research based on the ease of getting answers from respondents at their own convenience. It also allowed the respondents to crosscheck facts which ensured the accuracy of the data. There were three sets of questionnaires administered, one for the IT staffs, one for the non IT staffs and one for students. Interviews were also used to collect data, mostly semi-structured interviews. Semi-structured interviews were used to back up questions in the questionnaires that were not clear to respondents and to clarify answers that were not clear to us the interviewers. METHODS OF DATA ANALYSIS Raw data collected was edited to detect and correct errors to ensure consistency and validity. The data collected from the field was coded and analyzed using statistical package for social scientists (spss) version 16.0 and Microsoft excel from which conclusions were drawn. Bar and pie chart were also used to present the analyzed information diagrammatically. BRIEF OVERVIEW OF THE SOURCE OF DATA ABOUT KWAME NKRUMAH UNIVERSITY OF SCIENCE AND TECHNOLOGY Kwame Nrumah University of Science and Technology is situated in Kumasi, Ghana. The University of Science and Technology succeeded the Kumasi College of Technology which was established by a Government Ordinance on 6th October, 1961. It, however, opened officially on 22nd January, 1952 with 200 Teacher Training students transferred from Achimota, to form the nucleus of the new College.  In October, 1952, the School of Engineering and the Department of Commerce were established and the first students were admitted. From 1952 to 1955, the School of Engineering prepared students for professional qualifications only. In 1955, the School embarked on courses leading to the University Of London Bachelor Of Engineering External Degree Examinations. A Pharmacy Department was established in January, 1953, with the transfer of the former School of Pharmacy from Korle-Bu Hospital, Accra, to the College. The Department ran a two-year comprehensive course in Pharmacy leading to the award of the Pharmacy Board Certificate. A Department of Agriculture was opened in the same year to provide a number of ad hoc courses of varying duration, from a few terms to three years, for the Ministry of Agriculture. A Department of General Studies was also instituted to prepare students for the Higher School Certificate Examinations in both Science and Arts subjects and to give instruction in such subjects as were requested by the other departments.  Once established, the College began to grow and in 1957, the School of Architecture, Town Planning and Building was inaugurated and its first students were admitted in January, 1958, for professional courses in Architecture, Town Planning and Building. As the College expanded, it was decided to make the Kumasi College of Technology a purely science and technology institution. In pursuit of this policy, the Teacher Training College, with the exception of the Art School, was transferred in January, 1958, to the Winneba Training College, and in 1959 the Commerce Department was transferred to Achimota to form the nucleus of the present School of administration of the University of Ghana, Legon.  The university now has six colleges namely; college of agriculture and renewable natural resources, college of engineering, college of health sciences, college of arts and social science, college of architecture and planning, and college of sciences. These colleges have various departments that cater to the educational needs of their students. Also the university has a well equipped hospital. The University Hospital started as a dressing station in 1952 and has grown by additions and modifications into a full-fledged 100-bed hospital. This was at a period when the entire University population was barely 1000 with a corresponding low hospital attendance. The hospital currently caters for a population of over 200,000. This is made of: Students – 21000, Staff and dependants – 30000; and over 30 surrounding communities, including Ayigya, Bomso, Ayeduase, Kotei, Boadi etc. -150000. K.N.U.S.T also has an ICT center and a network operating center that deal with all the Information technology needs of the university and its students. They secure the servers and databases and keep data and information about various entities and events in the university. The ICT center is well equipped with computers and cameras it is located in the library while the network operating center is located above the chemistry laboratory. The administration and finance office handles the administrative and finance needs of the university. While the planning unit handles information about students and staff CHAPTER FOUR DATA ANALYSIS 4.0 Introduction A tool sample of 61 respondents was selected for the survey. This was backed by interviews with top personnel in order to check the validity of the responses to the questionnaires. The 61 respondents included the personnel of department of administration and finance (15), the N.O.C (5), the ICT centre (10), the planning unit (5), the university hospital (5) and students (21) of K.N.U.S.T 4.1 ANALYSIS The researcher intends to analyze the state of privacy and information security in kwame Nkrumah University of science and technology. INFORMATION PRIVACY CULTURE AND AWARENESS OF STUDENTS IN K.N.U.S.T Figure 14: Frequency of online activities of students Source: Authors Field Survey, (April 2010) In this survey, there were 21 respondents, who are students in K.N.U.S.T, we wanted to find out how often students go online, 16 said every day, 2 said often and 3 said rarely Figure 15: Information privacy awareness level Source: Authors Field Work (April 2010) Here we wanted to find out how aware students are of the subject of information privacy. 13 respondents said they are aware and 8 students said no. This shows that something needs to be done to raise the level of awareness because it is not so good. Table 1: Information respondents regard as personal INFORMATION RESPONDENTS REGARD AS PERSONAL Index No Student Ref No Exam Results Telephone No Medical Record Email Address House/Hall No ATM PIN Account No Username & Password Yes 15 10 19 9 13 11 3 20 17 19 No 6 11 2 12 8 10 18 1 4 2 Source: Authors Field Work (April 2010) Here students were asked to state what kind of information was personal to them, and from the table above the students stated if various information was regarded as personal to them or not. Figure 16: need to protect personal information? Source: Authors Field Work (April 2010) In the survey, we wanted to know if respondents saw the need to protect the information they regarded as personal and all the respondents said yes. Figure 17: personal information in the wrong hands detrimental? Source: Authors Field Work (April 2010) Here all but one respondent felt that if their personal information got into the wrong hands it could be detrimental Figure 18: Awareness of online information theft Source: Authors Field Work (April 2010) Here respondents were asked if they were aware that their personal information can be stolen online. 13 respondents said they were aware, 8 respondents said they were not aware. Figure 19: Respondents on social network Source: Authors Field Work (April 2010) Out of the 21 respondents, 19 are on a social network and 2 respondents are not. This shows a lot of students belong to a social site. For example, facebook, hi5, twitter e.t.c Table 2: security measures installed and configured on pc of students SECURITY MEASURES INSTALLED AND CONFIGURED ON PC Anti-Spam Anti-Spyware Firewall Anti-Spoofing Anti-virus Passwords Biometrics Yes 8 4 19 2 20 11 1 No 13 17 2 19 1 10 20 Source: Authors Field Work (April 2010) Here various security measures were given and respondents were asked to tick which ones they had installed on their personal computers. From the above table, most respondents did not have enough security measures on their personal computers Table 3: Bad security habits of students BAD SECURITY HABITS OF INDIVIDUALS Sharing Of Passwords No Password On PC Un-configured Firewalls Outdated Anti-virus Replying To Spam Lack Of Verification Of Websites Guilty 15 5 14 15 8 18 Not Guilty 6 16 7 6 13 3 Source: Authors Field Work (April 2010) In the reasearch various bad security habits were given and respondents were asked to tick which ones they were guilty of. From the above table, most respondents were guilty of the bad habits. This went a long way to show the privacy culture of students on campus Figure 20: opinions on whether the university secures personal information effectively Source: Authors Field Work (April 2010) Here students asked if they feel the university protects their personal information effectively, out of the 21 respondents, 4 said yes, 17 said no. The students who said no backed their answers with reasons pertaining to their examination results, index number and name pasted for everyone to see, and some said they just feel their personal information is not safe. INFORMATION PRIVACY CULTURE AND AWARENESS OF K.N.U.S.T Figure 9: types of data held by general personnel in K.N.U.S.T Source: Authors Field Survey, (April 2010) From the survey, this is the kind of data that is being held in our various sample units; administration and finance, ict centre, and hospital. This analysis gives a clear picture as to what kind of information is being held by K.N.U.S.T Figure 10: Does outfit have a privacy policy Source: Authors Field Survey, (April 2010) In the various sample units, respondents were asked if they had a privacy policy on information. There were 15 respondents from the administration and finance office, 4 respondents said yes, 6 respondents said no, and 5 respondents were not aware of any such policy. There were 5 respondents from the ict centre, 0 respondents said yes, 3 respondents said no, and 2 respondents are not aware of any such policy. There were 3 respondents from the hospital, and all said there was a privacy policy in the hospital. Most of the respondents said there was a privacy policy but had never seen one before, some respondents had never heard of such a thing called a privacy policy. In this research respondents were asked if it is important to have a privacy policy on information and all except one respondent said it was important. The respondents were also asked if they are aware of the potential harm that the disclosure of personal information of staff, students and the university could cause and all the 21 respondents said they were aware. Figure 11: Level of awareness Source: Authors Field Survey, (April 2010) Here respondents were asked to rate the level of awareness on information privacy in their outfit. Out of 15 respondents in the admin/finance office, 2 rated it very good, 9 rated it good and 5 rated it average. Out of 5 respondents in the ict centre, 2 rated it good and 3 rated it average. Out of 3 respondents in the hospital, in the hospital, 1 rated it good and 2 rated it average Figure 12: Frequency of awareness programmes Source: Authors Field Survey, (April 2010) Here we wanted to know the frequency of programmes aimed at increasing privacy awareness. In the admin/finance office, 2 respondents said programmes are held regularly, 8 respondents said rarely, and 5 said never. In the ict centre all respondents said awareness programmes are rarely held, in the hospital all respondents said awareness programmes are rarely held. Figure 13: Opinion on privacy programmes Source: Authors Field Survey, (April 2010) Here respondents were asked if awareness programmes should be held In K.N.U.S.T. In the admin/finance office, all respondents said yes, in the ict centre all respondents said yes, in the hospital 2 respondents said yes and 1 respondent said no. IT STAFF STATE OF INFORMATION SECURITY AND PRIVACY OF IT DEPARTMENTS IN K.N.U.S.T Figure 1: Types of data held by IT staff in K.N.U.S.T Source: Authors Field Survey, (April 2010) From the survey, this is the kind of data that is being held in our various technical sample units; ict centre, hospital, planning unit and the network operating center. This analysis gives a clear picture as to what kind of information is being held by K.N.U.S.T Figure 2: Does outfit have a privacy policy Source: Authors Field Survey, (April 2010) In the various sample units, respondents were asked if they had a privacy policy on information. There were 5 respondents from the network operating centre, 2 respondents said yes, 3 respondents said no. There were 5 respondents from the ict centre; 3 respondents said yes, 2 respondents said no, there were 5 respondents from the planning unit all respondents said yes and in the hospital all respondents said yes. The problem here was that there was no one had actually seen the policy but some knew there was a policy. SECURITY MEASURES TAKEN BY THE VARIOUS IT DEPARTMENTS IN K.N.U.S.T TO PROTECT INFORMATION SECURITY AND PRIVACY Figure 3: Security measures in place at K.N.U.S.T Source: Authors Field Survey, (April 2010) The above is a table showing the available security measures K.N.U.S.T uses to protect its private and confidential information from unauthorized access. They are; secure passwords, firewall, username, access control and encryption, security codes, policies, looking at the table above it is obvious that not all technical departments in the university have sufficient security measures. Questions were asked in all sample units, if the school had a good firewall and if it was configured properly all respondents said yes. Respondents were also asked if they had a security response strategy and most of them said no while others said they create awareness on the ongoing threat and tighten security. According to an article on privacysolutions.com the ways to protect personal information on a system is to have firewalls, encryption of sensitive data, antivirus software and experts who can help protect privacy. (privacysolutions.com) Figure 4: Types of policy implemented in K.N.U.S.T Source: Authors Field Survey, (April 2010) Here respondents were asked if there was a computer use policy, information security policy and an internet use policy in their outfits, the above table shows the responses given. Figure 5: How often security measures are reviewed Source: Authors Field Survey, (April 2010) Here we wanted to know how often the security measures above are reviewed, the table above shows the responses from our respondents in each sample unit. PRIVACY ISSUES IN K.N.U.S.T Figure 6: Privacy issues on campus Source: Authors Field Survey, (April 2010) Here we wanted to know if any of our sample unit has ever experienced any privacy issues, 9 people from all units said yes and 8 people said no. from the interviews we found out that most of the privacy issues related to intrusions, unauthorized access to servers, password theft and identity theft. Figure 7: Challenges in protecting privacy Source: Authors Field Survey, (April 2010) Here questions were asked to find out the challenges faced when trying to protect information security and privacy. Most of the responses from all sample units were; financial constraints, lack of co-operation, and lack of user awareness. During the research respondents were asked what was their security response strategy, most respondents said they create awareness, some said they tighten security measures, while some said nothing is done in response to a threat. INFORMATION SECURITY AND PRIVACY RECOMMENDATIONS Figure 8: Best approach to managing privacy in the digital age Source: Authors Field Survey, (April 2010) Here we wanted to get the opinion of the respondents on the best way to handle IT security and privacy in this digital age and 42% said by creating awareness, 23% said by implementing security/privacy policies and laws and 35% said by using technological measures. According to Alan Westin there is more to protecting privacy than concentrating on creating awareness, he was concerned with shifting the privacy debates away from ‘raising privacy awareness’ to ‘a sensitive discussion of what can be done to protect privacy in an age when so many forces of science, technology, environment, and society press against it from all sides’ (Alan Westin 1970) CHAPTER FIVE CONCLUSION AND RECOMMENDATION 5.0 CONCLUSION From the research carried out in Kwame Nkrumah University of Science and Technology, many discoveries were made and it shows that a lot more work needs to be done in terms of protecting information privacy of the university and its populace Firstly, the awareness level is basically average and there are hardly any programmes to increase the level of awareness on information privacy in the university. From the interview, respondents are aware that private information needs to be protected but most of them do not really know what kind of harm can be done if personal information gets into the wrong hands or the kind of crimes that are happening today that involves information of individuals and organizations. Secondly, the availability of a privacy policy on information technology is something that is not really known by personnel on campus, some say there is one, some say there is none, while some are not even aware of such a policy, this shows that there are no stringent rules and guidelines as to how to handle private and confidential data, and people can handle it anyway they deem fit, which could be detrimental. Most of the respondents say they rely on ethics, but a privacy policy is something that gives the populace of K.N.U.S.T assurance that their private and confidential information is safe and acts as a measure to protect privacy too. Thirdly, looking at the privacy culture of K.N.U.ST, human beings are the foundation on which information security is built. And if the privacy culture of the individuals is bad no matter how many security measures are put in place, privacy will be breached. The respondents know that personal and confidential information should be kept private but they do not know the seriousness of the issue of privacy and what damage can be done if breached, one person believes there is no need for awareness programmes probably because he doesn’t understand the situation, but all respondents say that awareness programmes should be held, some IT personnel were careless with their security passwords and giving them out to their friends, thereby enabling intrusions and unauthorized access to servers. Again, when there are no privacy policy available, individuals do not understand how to handle certain information. Looking at students a lot of them did not know about information privacy and that their personal information can be stolen online, they were very ignorant, replying to spam, putting their information on websites they did not verify, giving their passwords out freely, not having passwords on their computers or not even configuring their firewalls, some did not have adequate security measures on their pc, 96% of respondent go online everyday and 98% are on a social site which is a target for cybercrime and identity theft. All these go a long way to show the privacy culture of students on campus is bad and students treat their personal information with levity probably because they do not know what they are up against. During the interviews personnel had an attitude that showed a serious lack of awareness, in one of our sample units the respondents said there was nothing personal about student’s information, in another sample unit respondents underestimated Ghana in terms of hacking and network intrusions, so with this attitude personnel feel they can never fall victim of cyber attacks. This is a mentality that needs to be corrected. The privacy culture among departments and students in the university needs to be improved and worked upon to enable the security measures in place to be effective Fourthly, the security measures in place in the various IT departments in K.N.U.S.T are not uniform, some departments have some security measures and others do not, the same level of security should be given to all departments because of the “CHAIN OF TRUST”. The chain of trust involves departments that can access data on others servers in that chain of trust, for example authorized persons in the ict centre can access the data in the network operating centre, so basically they are all linked and if someone is careless in the ict centre unauthorized persons can get private data from other servers. From the interviews the various departments lacked antivirus updates, and some personnel were careless with their passwords and giving them out to their friends, thereby enabling intrusions and unauthorized access to servers. In the research it was discovered that the security measures of the university are reviewed once in a while, which is not good enough to ensure security. Finally, there have been privacy issues like intrusions and unauthorized access to servers have been encountered in K.N.U.S.T but there are also challenges encountered trying to combat these issues, and most of it is user awareness and financial constraints. In terms of how to combat the issue of information privacy 42% respondents said by creating awareness, 23% said by implementing security/privacy policies and laws and 35% said by using technological measures. It is obvious that creating awareness is the best way to handle it, because knowledge is power and people perish for lack of knowledge. 5.1 RECOMMENDATIONS After much research on the privacy situation in K.N.U.S.T, the following recommendations are therefore necessary to manage information privacy in this digital age effectively; The university should educate all personnel and students on information privacy and its implications, there should be programmes, workshops and seminars held regularly to increase privacy awareness amongst the populace of K.N.U.S.T. the programmes should educate personnel on how to handle and disclose personal and confidential information. There should be a single documented privacy policy available at all sectors in the university and personnel should be conversant with it, also anybody or organization communicating with the university. The policy should be clear and communicated to all personnel and students in the university, this will give students that doubt the safety of their personal information the confidence they need. For students special awareness programmes should be conducted, with the help of the ict centre. The programmes should educate students on how to secure their personal information online and on their personal computers. The university should establish a clear privacy leader who is accountable and has visible executive support. Create a governing board composed of members throughout the university to ensure the incorporating of privacy throughout all areas in the university. Private data should be placed in areas that have restricted access; Virtual private networks (VPNs) can enhance the confidentiality of information being sent from one network to another. Establish access, authorization, process, and technical controls to support privacy policies. Authentication and authorization should be used in terms of access to servers and pc’s. An authentication component will allow the enterprise to restrict which users (application users, database users, or even individual users) are allowed to see and access data. If deployed correctly and coupled with an authorization component, this can provide a strong layer of security. Cryptography where applicable can greatly enhance the protection of sensitive information. The encryption of folders that are used for sensitive information should be, in our opinion, a normal exercise for every organization. Security measures employed should be uniform across all departments and should all be given the same level of security. And there should be a documented security response strategy which is reviewed periodically. Managing privacy in this digital age has more to it than technical measures to protect privacy, individuals are the foundation of privacy protection because their attitudes towards privacy determines the extent to which it can be protected and policies should also be implemented to protect privacy. BIBLIOGRAPHY Agre, P. and Rotenberg, M., (eds.), 1997, Technology and Privacy: The New Landscape, Cambridge: MIT Press Stanford encyclopedia of philosophy, 2006 Philip E, Argre. Personal privacy in the digital age, 1998 Westin, A., 1967, Privacy and Freedom, New York: Athenaeum Online Guide to Privacy Resources, (Electronic Privacy Information Center, Marc Rotenberg, Ed.) Rachels, J., 1975, “Why Privacy is Important”, Philosophy and Public Affairs 4: 323-33 Encarta encyclopedia, 2009 Austin, L., 2003, “Privacy and the Question of Technology”, Law and Philosophy 22, 2:119-166 Wikipedia, the free encyclopedia Rothfeder, Jeffrey. Privacy for Sale: How Computerization Has Made Everyone's Private Life an Open Secret. Simon and Schuster, 1992. Daniel J. Solove, “Conceptualizing Privacy” , George Washington University Law School, 2002 APPENDIX KNUST SCHOOL OF BUSINESS COLLEDGE OF ARTS AND SOCIAL SCIENCE QUESTIONNAIRE FOR STUDENTS TOPIC-MANAGING INFORMATION PRIVACY IN THE DIGITAL AGE How often do you go online Everyday Rarely Never Are you aware of the issue of information privacy Yes no What do you regard as personal to you in this university Index number Student reference number Examination result Telephone number Medical record E-mail address House/hall address ATM PIN Account number Username and password Other, please specify……………………………………………………………………………… do you feel there is a need to protect the above information Yes no If any of the above information u ticked gets into the wrong hands would it be detrimental to you. Yes no Do you know that your personal information can be stolen when you go online Yes no what security measures do you have installed and configured in your personal computers Anti-spam Anti-spyware Firewall Anti-spoofing utility Anti-virus Passwords Biometrics I don’t have a personal computer Others, please specify……………………………………………. Which of these are you guilty of Giving your passwords out to friends No password on personal computer Firewall not configured Outdated anti-virus Replying to spam Giving information out without verifying the website Others please specify………………………………………………………… Are you on any social site e.g. facebook, hi5, twitter Yes no Do you Feel the university secures your personal information effectively Yes no IT STAFF NOC/ICT/PLANNING UNIT Which of the following best describes your position in your outfit SENIOR STAFF JUNIOR STAFF WAGES SENIOR MEMBER IF OTHER, SPECIFY…………………………………………………………………… What kind of data do you hold in your outfit EMPLOYEE DATA GENERAL DATA PRIVATE DATA STUDENT DATA IF OTHER, SPECIFY…………………………………………………………………… Does your outfit have a privacy policy on information Yes No Not aware Is there a computer use policy Yes No Is there an information security policy Yes No Is there an internet use policy Yes No If yes how does it work Time limits Restriction on malicious sites Restriction on downloading videos/harmful content IF OTHER, SPECIFY…………………………………………………………………… What security measures are in place in your outfit to protect elecronic data secure passwords anti-virus/firewall personal ID & username Security codes security policies Security software CCTV camera/monitoring Access control Encryption IF OTHER, SPECIFY…………………………………………………………………… Does your outfit have a good firewall protection Yes No if yes, Is the firewall functioning properly Yes No Is there physical protection of the server room Yes No how often are these security measures reviewed Regularly Once in a while Rarely Never How does your outfit respond to information security threats Awareness Update security measures We do nothing It won’t happen to us Other, please specify……………………………. Are there any online privacy issues that have been encountered in your outfit Yes No If yes which of these is applicable Password theft Intrusions Hacking Viruses in the form of spyware Unauthorized access to server Username and ID theft what are the current possible threats to the privacy of your electronic data spoofing Hacking/intrusions Identity theft Password theft Phishing Malicious codes Spam IF OTHER, SPECIFY…………………………………………………………………… what are the challenges encountered trying to protect online information privacy in your outfit Financial Lack of co-operation User awareness Lack of technological expertise Leadership IF OTHER, SPECIFY…………………………………………………………………… What do you think is the best way to handle the issue of It security and privacy in this technologically advancing world creating awareness Technological measures Policies/laws IF OTHER, SPECIFY…………………………………………………………………… ADMINISTRATION/FINANCE/ICT CENTRE Which of the following best describes your position in your outfit SENIOR STAFF JUNIOR STAFF WAGES SENIOR MEMBER IF OTHER, SPECIFY…………………………………………………………………… What kind of data do you hold in your outfit STUDENT EMPLOYEE POLICY IF OTHER, PLEASE SPECIFY………………………………………………………… Does your outfit have a privacy policy on information Yes No Not aware Is it important for your outfit to have an information privacy policy Yes No How would you rate the level of awareness on information privacy in your outfit Very good Good Average Poor How often does your outfit organize programmes for staff on information privacy protection Regularly Rarely Never Should your outfit organize security privacy awareness programmes for staff and others Yes No Should your outfit sanction or discipline violators of the information privacy policy Yes No Do you think that properly managed information of your outfit can improve the efficiency of it Yes No Are you aware of the potential harm that the disclosure of personal information of staff, students and the university could cause Yes No HOSPITAL Which of the following best describes your position in your hospital SENIOR STAFF JUNIOR STAFF WAGES SENIOR MEMBER IF OTHER, SPECIFY…………………………………………………………………… What kind of data do you hold in your outfit PATIENT EMPLOYEE POLICY IF OTHER, PLEASE SPECIFY………………………………………………………… Does your outfit have a privacy policy on information Yes No Not aware Is it important for the hospital to have an information privacy policy Yes No How would you rate the level of awareness on information privacy in your hospital Very good Good Average Poor How often does your hospital organize programmes for staff on information privacy protection Regularly Rarely Never Should the hospital organize security privacy awareness programmes for staff and others Yes No Should the hospital sanction or discipline violators of the information privacy policy Yes No Do you think that properly managed hospital information can improve efficiency of the hospital Yes No Are you aware of the potential harm that the disclosure of personal information of patients could cause Yes No 53