Manage Copyright, Ethics and Privacy in an ICT environment


The key objective of this report is to develop the understanding and knowledge about the copyright, ethics, and privacy under the organization. In this way, this report includes the number of legislation, standards related to copyright, professional conducts, privacy and updates in organizational copyright policy and procedures that are considered while addressing the issues that are identified under the internal audit.

In addition, the review and update of the code of ethics policy and procedure in concern of organizational and ICT specific addressing the issues identified in the internal audit are also involved under this report.

At the same time, this study also conducts the review and update of appropriate privacy policy as well as procedure in respect of both organizational and ICT addressing the issues identified in the internal audit.

Apart from this, the copyright notice, copyright register, copyright checklist, code of ethics notice, ethical standards checklist, privacy internal review document, and  privacy checklist are also developed to be used under the organization. At the end of this report, an email containing minutes of the meeting is also created for updating the staffs.

These acts will be helpful to address the issues in the copyright act, ethics and privacy act etc and to provide some suggestions for overcoming the identified issues.

Task1: Copyright

Analyze the legislation and standards related to copyright, professional conduct, and privacy and update the organizational copyright policy and procedure addressing the issues identified in the internal audit

There are different copyright issues that are faced by the firm and affect the work of the firm. In the same concern of this, BC Software Pty Ltd (BCSoft) also faced different issues related to the copyright and affect the work of the firm as well.

In this, pirated software is one of the major issues that firms faced and created the issue for the firm to manage the base of customers and to sustain in the competitive market for a long time period.

The reason in this is that the IT staffs of the firm were managing the computer network but at the same time, the use of operating software was pirated and the all staff of the firm was in believe that they will get the success (Lewin-Lane et al., 2018).  But it was the issue for the firm the reason in this is that as per the Australian Copyright Act 1968; it is illegal to use pirated software.

Apart from this, there was a continuous downloading licensed material that was also against the law of copyright. In this, The IT staffs of the firm were downloading movies, music from the internet, photos without permission.

So, these are the issues that are faced by BC Software Pty Ltd (BCSoft) in its business.  For the better management of these all issues and to perform better, it is needed for the firm to follow the Australian Copyright Act 1968 strictly. It will help the firm by managing all issue of the firm and will also improve the performance of the firm.

Apart from this, it can be determined that there are some strict rules and regulations in the firm regarding do the work against the Australian Copyright Act 1968.  It will help to manage the illegal use and will be effective for the firm (Bell et al., 2018).

In like manner, there will also be a program of copyright education and awareness that will be effective for the employees to develop the awareness regarding the Copyright Act 1968 and the consequences that firm faces due to not following the copyright acts.

Additionally, get help from the colleagues will also be helpful for the firm to manage the issue of copyright and get help from the colleagues. It will also help the employees to develop their understanding regarding the use of software and to follow the copyright acts.

Copyright legislation and standard Checklist to be used in the organization

The company must follow the below Copyright legislation and standard Checklist:


Copyright Clauses






1.     Does the organization have a documented and proper copyright compliance policy?  


2.     Are the copyright policies of the company covered in the organizational codes of conduct?  


3.     Is the copyright policy displayed in the organization?  


4.     Is the organizational copyright policy communicated to the employees?  


5.     Do the organizations conduct audits to gauge compliance?  


6.     If the organizational policy relies on a designated contact, does the organization know who that person is within your organization?  


7.     Does anyone responsible for obtaining rights and permissions?  


8.     Does the organization subscribe to the publications?  


9.     Do the subscriptions massage?  


10.  Do the employees access to the internet?  



Create and update staff with an email containing minutes of meeting to ensure organizational copyright requirements are adhering to these requirements

This mail is to inform all employees to follow all copyright rules and to do the work with full of ethics and responsibilities.

 Good Morning


Greeting of the day,


Regarding follow the Australian Copyright Act 1968


It is informed to all that it is noticed there are many members of the IT staff that are involved in the illegal activities related to the copyright issue. It is not effective for the firm and the customers also. So, it is decided by the management of the firm that there will be strictly following of the Australian Copyright Act 1968 and if any member of IT team will break the rules of this act then a serious action will be taken against him/her. There is also a policy that is made by the management and as per this policy, employees those work against the Copyright Act 1968 can be terminated by the firm.

So, it is requested to all too strictly follow the Copyright Act 1968 and manage the work accordingly.

o   Follow the Copyright Act 1968

o   Stop to do illegal work like the use of pirated software, download movies, etc

o   Implementation of new policies in the firm


Administer Department





Dear all staff members


Good morning


Overcoming the privacy issues


It is to inform all that there are some ways that are implemented in this firm for managing the privacy issues. In this, educate the employees of all departments, random audit to prohibit the password sharing at the workplace, no use of external devices in the firm, etc are the major ways that will be used.  So, it is requested to all to follow and corporate.



o   Educate the employees of all departments

o   Random audit to prohibit the password sharing

o   Prohibit password sharing



Administer Department

Task2: Ethics

Review and update the appropriate code of ethics policy and procedure, both organizational and ICT specific addressing the issues identified in the internal audit

Code of ethics is the set of values and standards adopted by the organization in order to understand the difference between right and wrong actions. At the same time, BCSoft Company has also implemented the code of the ethics in an organization that provides the guidelines to the company professionals in approaching any problem at the workplace (Martinov-Bennie and Mladenovic, 2015).

However, there are several ethical issues occurred at the time of an internal audit of the company. These challenges were related to developing the online learning system and database programming. In regards to this, these issues created the requirement to update the company’s code of ethics.

In order to build the current code of ethics more effective, the company needs to be strictly scrutinizing the whole documentation process before implementing any project.

As to why during the internal audit it has been identified that programmers have used the other company’s software technology without seeking permission and mentioning this fact in the project documentation process (Christians et al., 2015).

It clearly shows the violation of the ethical code of conduct of the company and breaches the rule of intellectual property rights. Moreover, the company needs to add one more clause in its Copyright and Intellectual Property policy that any technology or software is developed in the company need to go through the IP cell first that will check the duplicity of the technology the copyright.

It will confirm whether it has already developed, adopted and registered with another inventor name (Jacob et al., 2016). Once the developed product gets passed through the verification process of the IP cell then only it can be deployed in the organization’s working mechanism. This practice will help for the organization to avoid copyright related and ethical issues in the future.

Apart from this, another issue was recognized that software advisor was recommending the product of own company without revealing his identity. However, it was against the ethical code of conduct of the company.

Ideally, being a professional advisor he must have mentioned his identity and the designation in the consultancy process for the respective organization. At the same time, he should suggest the client the best products available in the market without any biases and offer fair deals (Burgess-Proctor, 2015).

In order to stop such unethical incidents in future, the company must update the Professionalism section of the code of ethics for members of ASC that the involved parties in the projects are mandatory to mention their professional details during the consultation process.

Ethical standard Checklist to be used in the organization

The company must follow the below ethical standard checklist:


Ethical Clauses






11.  Are employees are practicing the General Duty of care while working in the organization?  


12.  Our staff and contractors ensures the accountability and authenticity regarding the financial transactions take place in the organization?  


13.  Is organizational staff is diligently contributing towards achieving the organizational goals?  


14.  Are unethical incidents are reporting the confidentially and appropriate actions are taken by the management?  


15.  Are working staff is punctual and adhering the normal course of action?  


16.  Is the employer is maintaining good relations with employees and contractors?  


17.  Is the company has a good working environment, adhere equality, transparency, and fairness at workplace?  


18.  Is the company following the Occupational Health and safety rules in the organization?  


19.  Our staff and contractors serving the client effectively and efficiently?  


20.  Are real and potential personal conflicts avoided through training and discussion sessions?  



Review and Grievance Procedure to enable confidential reporting of Ethical Issues

Currently, NCSoft’s ethical code of conducts stated that any unethical behavior taken place at the workplace need to report by the employee and the contractor staff. In addition to this, the reporting process must happen without any fear, pressure, and influence of any higher designated person (Morse and Coulehan, 2015).

The company policy defines the unethical behavior as any action done by the employees and contractor that violets the company ethical laws, policies, rules and regulation and that leads to danger for safety and health.

In relation, this, in order to enables the confidential reporting of ethical issues company need to adhere to the three steps of reporting procedure (Rajakaruna et al., 2015). The three steps of the grievance procedure are as follows:

  • Describe the issue occurred at the workplace in writing to the employer.
  • Discussion with the employees regarding the issue
  • The decision of the making appeal against the employer judgment, if not satisfied.

Moreover, if the employees are not satisfied with the given resolution, in that case, he or she can lodge complain through formal grievance in writing at the next level of the escalation.

While setting up the confidential and effective reporting of the ethical issues management should include the company policies in the employee handbook so that they can be aware of company’s ethical compliances that need to follow while working in the organization.

In order to avoid such unpleasant events in future and effectively addressing, company should assign one person or department that can handle the list of complaints (Norton, 2017). So that these issues can be discussed and resolved properly in an organized manner and on time.

Apparently, the company must develop the separate department or group of members who will mainly responsible for looking after such challenges in the organization and resolve them. Most importantly provide the confidential forum to make complain so that employee can put their points without any fear and hesitation.

It is very important to give assurance that they will not any kind of threat and harmful action if they notice such incidents in the organization. This is very essential steps in perspective of creating awareness among the employees and in a direction to boost their morale (Smith, 2015). Moreover, the employer should educate and motivate the employees for raising the voice against unethical actions in an appropriate forum.

Task3: Privacy

Review and update the appropriate privacy policy and procedure, both organizational and ICT specific addressing the issues identified in the internal audit

The company needs to follow the privacy policy in order to secure the personal information of the users in the company and the company’s confidential information. BCSoft privacy includes the rules related to the websites in use, a collection of personal information, sharing of personal information and accessing the personal information.

However, there are some severe privacy-related issues identified during the internal audit of the company despite having the privacy place in place (Kindt, 2016). These issues were against the company’s privacy policy and are a threat to company confidentiality and integrity. Apart from that issues revealed in the audit are related the password sharing, use of virus-infected software and insecure disposal of the software.

In order to resolve such issues in the organization, the company needs to educate the employees of all departments about the privacy policy of the company. At the same time, management must conduct a random audit to prohibit password sharing at the workplace (Janssen and van den Hoven, 2015).

Also, the software is used in the operational activity must be well configured before deploying them into the system. In order to this, the company can add one additional clause in its private policy that all the data storage devises like, pen drive, CD and data cable are prohibited in the company campus. So that no one can use the company’s confidential information for one’s personal use.

As to why that it is notified in the internal audit that a company’s confidential information has been stolen from an employee’s home. Hence, the prohibition of using the data storage devices will be helpful in stopping such incidences in the future.

Furthermore, management must ensure that the system containing confidential information like personal data of employees, TFN number must not be accessed publically (Schaub et al., 2015). There should be few authorized person those can access that system.

Also, need to make sure before disposing of any computer equipment that all the company related data are deleted permanently so that it cannot be misused further (Min and Kim, 2015). Lastly, there should be the provision of strict action in case anyone found guilty for violation of privacy policy. Thus, by implementing the above suggestions the privacy issues can be resolved.

Privacy Policy and Procedure Checklist to be used in the organization

The company needs to follow the below checklist in order to check that the current privacy policy is effective or not. It also identify the area of improvement that needs to be improvised in the presently enforces policy in the organization.


Privacy Clauses





1.     Does the organization share, collect and transfer any form of data to third parties?  


2.     Does the company offer the various sources to the user in order to control the collection and use of personal information?  


3.     What are the modes available in the organization for exchanging of data and information in the organization?

Ø  Via E-mail

Ø  Via telephone

Ø  Via postal E-mail

Ø  Others

Ø  Select the relevant option and

















4.     How does the deployed system identify that anyone accessing the data?  


5.     Is there any inbuilt technology at the workplace that differentiates between sensitive information and less sensitive data?  


6.     Does the organization has controlling measures to access the data?  


7.     Is sensitive information of the data is restricted to access?  


8.     Does the organization have the specific standards to set the passwords for the users?  


9.     Is the authority to access the company data is restricted to the few personal only?  


10.  Does the organization website contain the links of other websites?  


11.  Can the outside parties access the organization data?  


12.  Does the organization ‘s nature of business require the additional authentication for password security like Biometrics etc?  


13.  Is there any system deployed that reminds the employees about the change in the use of personally identifiable information?  



Create and update staff with an email containing minutes of meeting to ensure organizational new work procedures adhere to the privacy requirement

This mail is to inform the all employees to follow all privacy-related rules and to do the work with full of ethics and responsibilities so that privacy can be maintained under the organization:

Good Morning,


Greetings for the day!


This is to keep you informed that it has been noticed that there are some incidents are taken place in recent times that are against the company’s privacy policies. Management has observed that some of the employees are sharing their ID and passwords that are a sheer breach of the company’s privacy policy.

It is also to notify that company is bound to work with the enforcement of Privacy Act 1988 that prohibits any illegal sharing of the data to the outside parties. Therefore, the clear instruction is given by the higher management to rigorously follow the company privacy at the workplace.

Lastly, it is announced that all kind of data storage devices (Pen drive, data cable, CDs etc.) are strictly prohibited in the company campus now. These devices can be submitted at the reception desk before entering the operational area in case of unintentional carrying.


In order to this, below are the key points of the meeting.

Ø  Make sure that you do not share the domain ID and password with your colleagues.

Ø   As per the amendment in the company privacy policy now data storage devices are not allowed to bring in the campus.

Ø   Management may take action in case any employee found as guilty in illegal data transmission and id password sharing.

Ø  Follow the Privacy act 1988.


Please discuss with your respective managers in case of any confusion.


Thanking you!

HR Personal


From the above discussion, it can be concluded that there are different issues such as copyright issue, security and privacy issues, and ethical issues that are faced by the firm. But at the same time, it can also be concluded that there are different ways that can also be used by the firm for the better management of all issues.


Bell, J.M., Gottlieb, T., Daley, D.A. and Coombs, G.W., 2018. Australian Group on Antimicrobial Resistance (AGAR) Australian Gram-negative Sepsis Outcome Programme (GNSOP) Annual Report 2016. Communicable diseases intelligence (2018)42.

Burgess-Proctor, A., 2015, January. Methodological and ethical issues in feminist research with abused women: Reflections on participants’ vulnerability and empowerment. In Women’s Studies International Forum (Vol. 48, pp. 124-134). Greek: Pergamon.

Christians, C.G., Richardson, K.B., Fackler, M., Kreshel, P. and Woods, R.H., 2015. Media Ethics: Cases and Moral Reasoning, CourseSmart eTextbook. UK: Routledge.

Jacob, S., Decker, D.M. and Lugg, E.T., 2016. Ethics and law for school psychologists. US: John Wiley & Sons.

Janssen, M. and van den Hoven, J., 2015. Big and Open Linked Data (BOLD) in government: A challenge to transparency and privacy?.

Kindt, E.J., 2016. Privacy and data protection issues of biometric applications (Vol. 1). Germany: Springer.

Lewin-Lane, S., Dethloff, N., Grob, J., Townes, A. and Lierman, A., 2018. The Search for a Service Model of Copyright Best Practices in Academic Libraries. Journal of Copyright in Education & Librarianship2(2).

Martinov-Bennie, N. and Mladenovic, R., 2015. Investigation of the impact of an ethical framework and an integrated ethics education on accounting students’ ethical sensitivity and judgment. Journal of Business Ethics127(1), pp.189-203.

Min, J. and Kim, B., 2015. How are people enticed to disclose personal information despite privacy concerns in social network sites? The calculus between benefit and cost. Journal of the Association for Information Science and Technology66(4), pp.839-857.

Morse, J.M. and Coulehan, J., 2015. Maintaining confidentiality in qualitative publications.

Norton, M.A., 2017. Factors in the Reporting of Unethical Conduct: The Importance of Trust in Leaders (Doctoral dissertation).

Rajakaruna, N., Henry, P.J. and Scott, A.J., 2015. A necessary safety net: use of a confidential internal telephone line to report unethical behaviour. Police Practice and Research16(5), pp.431-443.

Schaub, F., Könings, B. and Weber, M., 2015. Context-adaptive privacy: Leveraging context awareness to support privacy decision making. IEEE Pervasive Computing14(1), pp.34-43.

Smith, M.E., 2015. Redesigning incident reporting systems in the post-Mid-Staffordshire era. British Journal of Hospital Medicine76(9), pp.510-515

Leave a Comment