Equifax is a credit reporting agency for many countries, which had a massive data leak in 2017. They profited from this event by charging helpless individuals to freeze their credit reports to prevent identity theft. Some question whether they were lax on the security of this information to take advantage of their consumers. Eventually, an announcement was made reporting free freezes, but people were still charged days later on their website. A federal settlement reimbursed those who paid the fee, and for the time they spent. This event led to a change in federal legislation, which made credit freezes/unfreezes free for major credit reporting bureaus in 2018. In this case analysis, I will argue that deontology shows us that the Equifax breach harmed citizens of the United States, Canada, and the United Kingdom by leaking their personally identifiable information. They acted immorally by charging individuals to freeze accounts they are forced to have with the company, and making minimum changes afterwards to prevent another.   

Friedman speaks about how businesses, unlike people, are made-up entities, so they cannot have social responsibility. He thinks that as a corporate executive who leads a business, the number one priority is to ensure the profitability of their company. He believes that making them consider social responsibility as a part of their role is equivalent to acting in a way that is not in the interests of anyone involved with the company. He considers them taking any additional social responsibility beyond what is legally required, an act that harms employees, stockholders, and board members. However, Friedman considers it okay for individual proprietors to take up more social responsibility than legally required because it is their own money. Regarding Equifax’s data breach in 2017, I think Friedman would have supported most of their actions. Credit reporting agencies were not legally required to offer free credit freezes/unfreezes during this time. I assume that he would take offering these free services as charitable and not in the best interest of the company’s profitability for these reasons. However, he might recognize the fact that consumer trust is necessary for an industry that citizens of several countries are dependent on. Such an incident will inevitably result in financial loss, so he might be in support of Equifax trying to profit off individuals who have been exposed. A company like Equifax, which people are dependent on for credit scores, reports, monitoring, and loan applications, market value will eventually rebound. I am left wondering if he would consider the fact that Equifax’s president of the information solutions unit in the United States and its chief financial officer sold stock after the breach was discovered but before made public to be their right. These individuals disregarded their social responsibility, performing such an act which undermined the public trust in such an important agency, exploited others from powerful positions with insider knowledge, and showed they are self-serving individuals who have no respect for accountability, employees, investors, and the public.  

Deontology is about considering whether an action is right or wrong, doing the right things for the right reasons, not making exceptions for yourself, and always respecting others. Interpreting this case with this ethical theory shows us that the actions of Equifax and its high-ranking officials are immoral. Firstly, Equifax only offered free credit freezes after receiving backlash from the masses and the fear of legal penalties. Although they eventually did the right thing, it was for the wrong reasons. They disrespected their consumers, who have little choice but to be, by charging for services to clean up the damage their negligence in data security created. They showed little care for the fact that they exposed the personally identifiable information of millions and placed them at risk of identity theft. I consider the selling of stock by Equifax’s President of Information Security Solutions unit in the United States and the Chief Financial Officer before the breach was made public to be more immoral through the lens of this ethical theory. The timing of their transaction is simply too uncanny for them not to have used insider knowledge. These individuals were only concerned with the money lining their pockets at the time and made exceptions for themselves using this knowledge. They disrespected the consumers of Equifax, who are basically forced to give their personal information to them, by showing that they are not held accountable or suffer for incidents they are at fault for. Equifax should have been proactive in relieving the pressure and distrust that plagued consumers before they were legally required to.  

Similarly to Friedman’s article, Anshen covers the social contract as it applies to businesses throughout different eras. However, he is far more unbiased, but it still seems like he is against the extent of social responsibility businesses are forced to take legally. Anshen mentions how in the past, businesses’ only social responsibility businesses carried was met by them focusing on maximizing profits. In doing so, they contributed goods, services, and jobs to society. He considers the current social obligations that businesses are faced with to be extraneous and stresses that reform is needed. Regarding environmental contaminations, he states that cost estimates, review of current technologies, and cost transfer need to be altered. In my opinion, companies should offset their environmental damage, no matter the cost. It might put something else on their plate, but they will be incentivized to come up with ways to avoid polluting to such a degree or find cheaper ways to clean up their mess. The public might benefit from their goods and services, but the tradeoff should not be leaving them with the environmental destruction they cause. It is disrespectful to the earth, locals, and future generations. The more demanding issue at hand is mass unemployment, which will more likely result in social upheaval, as it has in the past. Anshen stresses the need to allow corporate executives a role in establishing what levels of social burden they carry. This seems fair as it severely affects their companies, and they might be able to contribute to finding a better balance. Regarding the Equifax data breach, protecting the personal identifiable information of hundreds of millions is more than a mere cost; it’s a social responsibility. Despite the burden that modern corporations face in attempting to protect user data to avoid steep penalties, I consider it a basic duty in today’s economy. There is no room for negotiating the social responsibility for such scenarios where the public’s trust in an organization responsible for an entire nation’s information is at stake.   

 Today, companies are held socially responsible for data leaks and other damage they cause. I imagine that Anshen would support legal reform that removes some of this burden off businesses, since all companies holding such information are susceptible to it, and considering that they happen all the time. However, he might believe that adequate information security is a necessary cost to protect a company’s market value, public perception, and finances. Credit scores might help people get loans for houses and cars, but identity theft is a steep price to pay for such services. Identity theft can take many hours to recover from, lead to the destruction of your financial livelihood, destroy your credit score, and leave individuals feeling unsafe and traumatized. Their negligence of information security by Equifax caused these troubles to hundreds of millions. They profit from gathering the financial information of individuals and should be held accountable when it is leaked. I am left to assume that Anshen might agree with my stance because he only covered environmental contamination and mass unemployment. I believe that the necessary legal reform to minimize damage to consumers when a similar incident takes place has been achieved. I think it is overly optimistic to expect a business to take actions that minimize the damage before legally required. Equifax should spend more to secure consumer data and not disrespectfully exploit individuals who are suffering on their behalf.   

In conclusion, the social responsibility of businesses has rightfully grown to include the protection of consumers’ personally identifiable information. I believe that the necessary legal changes made in response to Equifax’s data breach in 2017 have been made. However, reimbursing individuals for the damage and time spent hardly seems like an adequate solution. Sadly, they would probably not have even given that to consumers if it weren’t a legal requirement. Companies, especially those like Equifax that store such sensitive data on millions, need to spend more time, effort, and money on prevention. The field of Cybersecurity would not exist if working towards the prevention of data leaks did not benefit a company and were not plausible. I wonder if the field would even exist if companies did not have to fear the legal repercussions of similar incidents. Also, large corporations need to stop dehumanizing consumers and treat them with respect. Equifax should never have charged individuals for freezing accounts or delayed the public announcement regarding the breach until after high-ranking officials sold stock in the company. It almost makes me believe that they planned the entire incident to profit from freezing accounts and selling data. However, I don’t see how it would be profitable given the fall in market value and legal penalties that followed.