Behavioral/Agent-Based Supply Chain Modeling Research Synthesis and Guide

APPENDIX A. DATA PRIVACY LITERATURE—KEY CONCEPTS

Bibas (1994)¹ examined solutions to data privacy issues at the macro and micro levels. The macro, or centralized level solutions cited by the author are government based and do not cater to any one individual group or situation. The first solution offered by the author is regulatory and legislative in nature. These include federal provisions that would tighten restrictions on the transaction of data (or the security of data) and may also allow one or more administrative agency the capability to regulate data privacy. The second solution suggests constitutional protections of privacy and property in relation to data. Finally, it is suggested that the judicial system determine which data merits protection on a case-by-case basis.

Another concept of data protection is introduced by Nelson (2004)² , who proffers a concept relating to the relationship between technology, privacy, and government. Nelson identifies the dual role of government and the role of technology in addressing privacy issues. A first role of government is as the protector of privacy by means of legislative and regulatory functions. Applied to the private industry data held by the U.S. DOT, laws should protect the data-sharing parties, and parties whose data could be collected, through coercive means. The threat of government penalties will facilitate acceptable data-sharing practices as all parties of the supply chain strive for compliance.

Parker (2003)³ suggests that data privacy policies for businesses should address four key issues that will improve overall business in a method that can be applied to trading partners. Under the authors guidelines, trading partners would first assess their own privacy policies and procedures to not only protect their data, but more importantly, the data of their trading partners. Secondly, when the decision is made to enter into a DSA, trading partners should form a plan to comply with the data privacy needs of the other firm and with any regulations that are in place. This includes dedicating labor resources to ensuring compliance is met for internal and external data privacy policies. This is followed by implementation of the plan, and finally verification.

In the current global economy, it is often the case that supply chains include overseas manufacturing. Klosek⁴ (2005) discusses risks to personal information held by offshore businesses that provide outsourced goods and service. Several steps that trading partners may want to take to manage the risk of data privacy breaches include:

Investigation of the offshore trading partners’ data privacy and security policies.
Investigation of data privacy history and complaints.
Investigation of methods used for protecting data.

It is finally recommended that an exit strategy be developed regarding data privacy in the case that a trading partnership ends with the private firm.

¹ Bibas, Steve A., (1994). A Contractual Approach to Data Privacy. Harvard Journal of Law and Public Policy, Spring 1994. [Return to Note 1]

² Nelson, Lisa. (2004). Privacy and Technology: Reconsidering a Crucial Public Policy Debate in the Post-September 11 Era. [Return to Note 2]

³ Parker, Robert G. (2003) How to Profit by Safeguarding Privacy. [Return to Note 3]

⁴ Klosek, Jacqueline. (2005). Data Privacy and Security Are a Significant Part of the Outsourcing Equation. [Return to Note 4]

Previous Next