Business Ethics Questions

Question 1: Environmental Issue

When determining the best approach that an organization should take in order to
achieve environmental sustainability, the three main considerations that should be made are
environmental effectiveness, ease of implementation and financial viability. For a mid-sized
manufacturer, the three options that they have for achieving sustainability are expression of
corporate responsibility, monetize and count, and accelerate and innovate (Brusseau, 2013).
For a mid-sized manufacturer, expression of corporate responsibility may not be applicable
because of the firm’s limited financial resources. Generally, only large businesses can
effectively use the expression of corporate responsibility approach because of the relatively
large amounts of financial resources that are required (Brusseau, 2013). The business cannot
also use monetize and count because of implementation difficulties. Thus, the best approach
for a mid-sized manufacturer to sustainability and environmental protection is accelerate and
innovate. Accelerate and innovate is a strategy where innovation is used to protect the
environment. For instance, as a manufacturing business, some of the approaches that the
business could take include applying innovations that minimize waste. Such practices,
applied at great speed, have the potential of helping the business to achieve sustainability at
low cost to itself.

The use of accelerate and innovate is based on utilitarian ethics. The approach
benefits the manufacturer because it is able to manufacture products more efficiently. It also
benefits the general population because it reduces pollution and destruction of the
environment. Thus, the approach provides the most benefits to the greatest number of people.

Question 2: Data Security

3
The SingHealth data breach took place between May 1, 2015 and July 4, 2018.
Hackers managed to access data of around 1.5 million people (BBC, 2018). It was reported
that the prime minister’s data was especially targeted multiple times. The data that was taken
as a result of the hack included names and addresses of patients who had visited the hospital
between July 4, 2014 and May 1, 2015. However, the breach did not affect medical records
such as doctor’s notes, test results or patient diagnoses. In just a few cases did the hacker
manager to steal data on dispensed medicines (BBC, 2018). Upon investigation by
government agencies, it was found that the data breach occurred when a computer belonging
to SingHealth group was infected by a malware. The hackers then used the malware to access
the hospital’s database. Thus, the ethical breach took place because the hospital had not taken
robust cybersecurity measures to protect data of their patients.
The ethical issues demonstrated in the data breach include confidentiality and privacy.
The two issues are closely related. With regards to healthcare, confidentiality requires that
any information that a patient provides to healthcare personnel does not get accessed by third
parties. By exposing their computer system to hacks and data breaches, SingHealth acted
unethically because their laxity allowed patient data to be accessed by third parties that were
not supposed to access the data. In general, data breaches occur either internally when
personnel within the healthcare facility abuse their privilege and disclose patient data to third
parties or through external means using cyber-attacks. In the case of SingHealth, the data
breach occurred through a malware that allowed the hackers to easily steal some of patient
information.
Data breaches in healthcare industry are extremely damaging to the hospital
organizations where the breaches occur and to the patients. It is estimated that the average
cost of data breach is around $6.45 million in healthcare industry (Seh et al., 2020). Given the
high cost of data breaches and the equally large sums of money that healthcare organizations

4
need to secure data of their patients, the most appropriate level of governance would be one
that involves public-private partnership (Davis, 2018). Such a partnership will help in help in
reducing the costs of securing data from cyber-attacks while improving the effectiveness of
data protection.

Question 3: Government Regulation

The type of regulation espoused is complete government regulation. The case of the
two Boeing 737 Max accidents where airplane design was blamed are perfect examples of
why there should be complete government regulation of businesses (Cassidy, 2019). Based
on the Boeing accidents, it may seem obvious that there should be complete government
regulation over all industries, the issue is often more complicated than it seems. Supporters of
minimal or no government regulations argue that as far as taking measures to ensure to
product safety are concerned, the interests of the industry are perfectly aligned with the
interests of government regulators (Naylor, 2019). For businesses, production of low-quality
products has an extremely harmful effect on their reputation and business interests. Thus,
their motivation and interests are perfectly aligned with the interests of government regulators
who seek to ensure that businesses produce quality products that are safe for use by
consumers. Apart from being effective, self-regulation also saves government money as it
does not need to incur the huge costs required to train and equip regulators.

Such views are, however, disputed by opponents of industry self-regulation. They
argue that businesses are primarily focused on making profits. Thus, they are likely to skirt
around certification requirements if they consider them too costly (Naylor, 2019). The result
is production of products that are less safe for consumers. This is the view that supports my
position on the continuum that there should be complete government regulation of industry.

5

With firm belief that they can regulate themselves, private companies have
consistently lobbied against safety regulations on the account that such regulations are often
expensive to implement and, therefore, reduce their competitiveness. I believe that
government-imposed safety regulations should remain in place and private companies should
not be allowed to lobby against them because the profit-making motive of private companies
often makes them to adopt less stringent safety measures. The view against private companies
being allowed to lobby against safety regulations is aligned with my position that having
complete government regulation of the industry.

Apart from Boeing and the aviation industry, another example where there is lack of
complete government regulation is the drug industry. The Food and Drug Administration
(FDA) relies on drug manufacturers to test all of the new drugs that they manufacture
(Naylor, 2019). The FDA only certifies the data that it receives from the drug manufacturers.
Lack of adequate funding has been cited as the main reason why FDA has taken this
approach. However, as the opioid crisis has revealed, such an approach can have serious
negative consequences to consumers.

6

References

BBC News (2018, July 20) Singapore personal data hack hits 1.5m, health authority says.
https://www.bbc.com/news/world-asia-44900507

Brusseau, J. (2013). The Business Ethics Workshop. Saylor Foundation

Cassidy, J. (2019, March 19). How Did The F.A.A Allow the Boeing 737 Max to Fly? The
New Yorker. https://www.newyorker.com/news/our-columnists/how-did-the-faa-
allow-the-boeing-737-max-to-fly

Davis, J. (2018, April 18). FDA medical device plan zeros in on cybersecurity, public-private
partnership. Healthcare IT News https://www.healthcareitnews.com/news/fda-
medical-device-plan-zeros-cybersecurity-public-private-partnership

Naylor, B. (2019, April 2). Boeing Not Alone in Companies That Government Agencies
Have Let Self-Regulate. NPR. https://www.npr.org/2019/04/02/709203191/boeings-
not-alone-in-companies-that-government-agencies-have-let-self-regulate

Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Khan, R. A.
(2020). Healthcare Data Breaches: Insights and Implications. Healthcare (Basel,
Switzerland), 8(2), 133. https://doi.org/10.3390/healthcare8020133