What social and ethical issues arise from large database information systems and who is responsible for them?
Describe the social and ethical issues raised by database information systems, including privacy, data accuracy and quality, data ownership, control, and the impact of centralised data
A focused answer to the HSC Information Processes and Technology dot point on issues raised by database information systems. Privacy, data accuracy and quality, ownership, control and centralisation, with the traps markers look for.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
What this dot point is asking
NESA wants you to describe the social and ethical issues that arise specifically from database information systems that hold large amounts of data about people. This differs from the project management ethics dot point, which is about a team's responsibilities while building a system; here the focus is on the issues the databases themselves create once they exist and are used.
The answer
Privacy
A database can hold detailed personal information: identity, finances, health, location and behaviour. Privacy is the issue of who may collect this data, what they may use it for, who may see it, and whether the person consented. Risks include collecting more than is needed, using data for purposes the person never agreed to, and matching or merging databases to build profiles that no single source intended. Privacy principles require that personal data is collected fairly, used only for stated purposes, kept secure, and made available to the person to inspect and correct.
Accuracy and data quality
Decisions are only as good as the data behind them. If a credit, health or enrolment record is wrong, out of date or incomplete, the person it describes can be unfairly refused a loan, given the wrong treatment or denied a service. Data quality is an ethical issue because the cost of errors falls on the data subject, who often cannot see the record. Maintaining quality means validating on entry, allowing people to check and correct their records, and removing data that is no longer accurate or needed.
Data ownership and control
When an organisation holds data about a person, a tension arises over who owns it and who controls its use. The organisation collected and stores it, but the data describes the individual. Ownership questions include whether the person can demand their data be deleted, whether the organisation can sell it, and who is accountable when it is misused. Control is about the practical power to decide these things, which usually sits with the organisation unless law shifts it to the individual.
Centralisation of data
Combining data into one large central system makes it efficient: data is entered once, kept consistent and accessed by many. But centralisation concentrates risk. One breach exposes everything, one error propagates everywhere, and one operator can misuse a vast store. It also concentrates power in whoever controls the system. Distributed designs reduce these single points of failure but make consistency and security harder to manage. The trade-off between centralised efficiency and concentrated risk is a recurring exam theme.
Security as the enabling control
Many of these issues turn on security: access controls, authentication, encryption and audit logs that ensure only authorised people see and change data, and that misuse can be traced. Security is the mechanism by which privacy and control are enforced; without it, policy promises are empty.
Exam-style practice questions
Practice questions written in the style of NESA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
2022 HSC1 marksWhich statement best describes how the Australian Freedom of Information Act can be used? A. Government agencies can choose which details they publish online about their functions. B. Government agencies annually release documents about individuals unless there is a law preventing this. C. Individuals can request that government agencies change any information they have about their family members. D. Individuals can request access to all documents containing information about themselves, held by all government agencies.Show worked answer →
The answer is D, "Individuals can request access to all documents containing information about themselves, held by all government agencies."
The Freedom of Information Act gives a person the right to request access to documents that government agencies hold about them. This supports the principle that individuals should be able to see what data is held on them.
The other options are wrong: agencies cannot freely choose what to disclose (A), there is no blanket annual release of documents about individuals (B), and the right concerns access to one's own information, not changing records about family members (C). So D best describes its use.
2019 HSC4 marksA gym is developing a mobile app to handle members' payments and bookings. Explain how the gym can keep its members' data secure. In your answer, consider hardware, software and communication systems.Show worked answer →
For 4 marks address all three named areas (hardware, software, communications) with how each protects member data.
Hardware:
- Physically secure the servers (locked, access-controlled rooms) and use backups stored offsite so data cannot be lost or stolen physically.
Software:
- Use authentication (usernames, strong passwords, multi-factor login) and access levels so only authorised staff see member data, plus up-to-date antivirus and firewalls to block malware and intrusion.
Communication systems:
- Encrypt data in transit (for example SSL/TLS) so payment and personal details intercepted during transmission cannot be read, and secure the network with firewalls.
Markers reward at least one concrete measure in each of the three areas, explained in terms of protecting the members' data.
2022 HSC1 marksMany websites require a non-robot verification (CAPTCHA) to be completed. This is an example of which data issue? A. Accuracy. B. Matching. C. Quality. D. Security.Show worked answer →
The answer is D, Security.
A CAPTCHA (the "prove you are not a robot" check) is a security control. It verifies that a human, not an automated bot, is submitting the form, which protects the system against automated attacks, spam and fraudulent account creation.
It does not check whether the entered data is accurate, whether records match across tables, or the overall quality of the data, so accuracy, matching and quality are incorrect. The issue being addressed is data and system security, option D.