HI6035 IS Governance and Risk Management Case Study Sample

HI6035 IS Governance and Risk Case Study Sample

Assignment Details

This assignment challenges you to critically evaluate an IS Governance framework and propose a risk management strategy for a given case study. Your goal is to demonstrate how effective governance and risk management can support the organization’s overall strategy and operational objectives.

Objectives:

1. To enhance your ability to analyse governance frameworks within an organizational context.

2. To develop practical risk management strategies using industry standard methodologies.

3. To critically evaluate the impact of governance and risk management on information systems operations.

Case Study Analysis: You can choose a case study that describes a business scenario involving governance and risk issues from last 5 years Journals or conferences paper. Carefully read and analyse the case to understand the underlying governance challenges and risks.

Governance Framework Assessment:

1. Framework Selection: Select an appropriate IS Governance framework (e.g., COBIT, ITIL, ISO/IEC 38500).

2. Analysis: Critically assess the selected framework's ability to address the governance challenges identified in the case study.

3. Implementation Plan: Propose a plan for implementing the framework within the organization, including key roles, responsibilities, and processes.

Risk Management Strategy:

1. Risk Identification: Identify the key risks associated with the IS operations described in the case study.

2. Risk Assessment: Evaluate the likelihood and impact of these risks using a recognized risk assessment methodology.

3. Mitigation Plan: Develop a risk mitigation plan that includes preventive, detective, and corrective controls.

Structure

1. Introduction

Clearly define the problem, research question, and the significance of your study.

2. Literature Review

Review relevant literature on IS Governance and Risk, identifying gaps and justifying your approach.

3. Methodology

Describe your approach to analysing the governance framework and risk management strategy.

4. Analysis and Findings

Present your analysis in a structured and logical manner.

5. List of references

This must be provided in the usual scholarly fashion. It helps to convince your reader that your proposal is worth pursuing if you can identify literature in the field and demonstrate that you understand it. It makes a very strong impact if you can identify where there is a research gap in the literature that your proposal hopes to fill. This is your contribution to the scholarly conversation. You should use academic references (peer reviewed articles), rather than web articles.

The Key elements of the research proposal

The following elements must be included in your research proposal:

1. Introduction or background to the research problem or issue, including an identification of the gap in the current research
2. Research question and, if possible, a thesis statement answering the question
3. Justification for the proposal research, i.e., why the research is needed.
4. Preliminary literature review covering what others have already done in the area.
5. Theoretical framework to be used in the proposed research.
6. Statement of the contribution of the research to the general area
7. Proposed research methodology
8. Research plan and outline.
9. Timetable of proposed research

Solution

1. Introduction

TikTok, an emerging popular social networking service, has received much attention regarding the collection and management of its users’ data. For this year 2020, the number of downloads of the application was over 2 billion, and active users of TikTok are over 800 million. This rapid growth has greatly raised eyebrows on its data management strategies, given that the platform processes large volumes of personal and sensitive information from different parts of the world. Issues like extensive data collection, profiling of users and sharing of data with third parties have raised concerns of privacy invasion and misuse of data on the part of the platform. The scrutiny is further aggravated by the ownership of the ByteDance company from china, thus raising geopolitical problems around the data access and surveillance. With governments and regulatory authorities worldwide paying more attention to digital privacy issues, the way TikTok deals with its users’ data is coming under scrutiny in a bid to conform to international standards of data protection as well as effectively respond to users’ privacy concerns.

The main research question is: Explaining TikTok's governance issues with data collection and politico-legal systems, what organising features can be assessed to understand its data collection and customer policies? Since data protection has increased worldwide, this question is more important than ever. Data protection, legal compliance, and user confidence in the service must all be considered. Good governance helps manage data privacy breaches, clarify data management, and protect the platform's reputation in a technologically evolved environment.

2. Literature Review

Overview of IS Governance and Risk Management

Information Systems (IS) governance is vital in an organization’s strategies and is primarily concerned with the governance of IT systems in an organization. Effective management of IS means the creation of rules and organizational practices that will let IT systems align with business strategies and control risks related to these systems. Some frameworks like COBIT (Control Objectives for Information and Related Technologies) can be used to achieve objectives on how IT can support business needs, address risks, and meet legal requirements (Cartwright, 2023). COBIT underscores the need for a governance framework that addresses IT in the business context as well as incorporates risk management strategies that can be used to respond adequately to the data safeguard and privacy challenges. Risk management within IS governance entails the identification of the risks that may affect the certainty of the data, and the implementation of measures to prevent these risks from coming to fruition. Risk management constitutes an important element of an organization’s security practice when dealing with the threats and risks that target information. This involves putting measures to mitigate security risks, which may include assessing security risks periodically and putting measures to ensure data security. Another important aspect is continuous monitoring and assessment of IT environments to address new threats and shifts in rules and regulations for MBA assignment expert.

Data Privacy and Governance

Data privacy has become a burning issue when new rules like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have been implemented. The GDPR by the European Union has a high measure of data protection demanding that, before processing individual information, organisations should seek permission from the individuals involved. It also requires accountability for data use, explains to the individuals on how their data is being used and gives them right of access, right of rectification and right of erasure. User consent and data protection remain at the heart of GDPR and have set a benchmark for other countries to follow. Likewise, the CCPA that was implemented in January 2020 in California allows residents of California to exercise considerable control over their personal info (Coche, Kolk & Ocelík, 2024). The CCPA grants the rights of access, deletion, and the ability to opt out of data being sold to consumers to the people. These regulations provide detailed requirements for data acquisition, where and how users’ consent is obtained, and rules for data processing and distribution stressing user sovereignty over personal data.

TikTok-Specific Studies

TikTok, a popular social media platform, has had many data policy issues. Beijing-based ByteDance's software has been criticised for sharing user data with China and perhaps being connected to the Chinese government. Later in 2020, concerns about Chinese authorities accessing user data prompted regulatory escalation. This raises problems about global data governance, especially with cross-border data flows and foreign ownership complicating privacy (Duffy and Meisner, 2023). The company’s privacy policy which details the methods and frequency of data collection and use have also been criticized for being murky at best. The policy states that TikTok gathers vast amounts of personal data, ranging from identification information to device data, location data, and biometric data. Some of the complaints raised by the critics include, failure in critically informing the users of their data being collected by the platform, some of the areas outlined by the policy as to how it shares data with third parties and authorities makes it susceptible to unauthorised access and misuse of data.

Identification of Gaps

Although there are several secondary sources that generally discuss data privacy and governance frameworks, there is a lack of literature that elaborated on the measures that TikTok takes in these areas. While most of the existing literature is on broader concepts of data privacy or explores other social media platforms, few provide a detailed analysis of TikTok’s data management regime (Durovic and Poon, 2023). To the best of the author’s knowledge, there is scarce literature on how the data practices of TikTok respondents to existing privacy regulations and governance frameworks or on the efficacy of the social media giant’s risk management arrangements in tackling privacy risks.

Justification of the Approach

To fill these gaps, this research will provide a comprehensive analysis of the data management and protection of the application, TikTok. As a result, the study will consult the existing governance models, including GDPR and COBIT to evaluate TikTok’s data privacy management practices as well as their efficiency. With this approach, it will be possible to highlight where TikTok appears to be lacking regarding data governance and find ways of enhancing data privacy and compliance (Faison, 2021). The results will help better understand the governance issues that have emerged in the context of the fast-growing digital platforms and investigate the measures to cope with privacy concerns on an international level.

3. Methodology

Analytical Approach

This research is of an exploratory nature and uses policy analysis and case study methods to assess TikTok data governance and privacy. The study will mainly be based on Tiktok’s privacy policy in relation to personal data, which shall outline the terms and condition that touch on the aspect of collecting, using and sharing of personal data among the users/ subscribers. Also, the study will consider other regulatory compliance documents of TikTok to determine its level of compliance with the GDPR and CCPA. Industry reports will also be used to gather data on trends and standards in data management (Faison, 2021). In this case, a relative analysis will be conducted based on TikTok’s practices and best practices from other social media platforms. By making the comparison it will be possible to understand where TikTok’s data governance framework was weak or lacked some measure of efficiency. The comparison will also focus on the measures that the other platform has adopted to deal with data privacy and regulation issues.

Data Sources

Sources of data for this study will comprise documents and reports. TikTok’s accessible privacy policy and compliance documents will generate the key qualitative data concerning the app’s data management and legal observance. Publications from the industry and scholarly papers will be consulted to establish broad trends in data governance and privacy (Gray, 2021). Media accounts and analyses will also be reviewed to identify the public and professional opinions of the data privacy issue related to TikTok.

Evaluation Criteria

The evaluation will be based on several key criteria: Some of the areas are related to specific compliance of such regulations as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), as well as to the major principles of data management, which include data transparency, risk management, and companies’ data governance frameworks. Parameters will involve the extent of data that TikTok gathers, the processes it employs to obtain user consent, and the data sharing (Lee and Ng, 2023). This evaluation will reveal the extent by which TikTok complies with regulatory standards and industry best practices in data governance; and the areas that require improvement.

4. Analysis and Findings

Data Collection Practices

TikTok collects a vast amount of different user data, which can be classified as rather invasive. The platform collects data such as profile information, videos, videos interactions, location, and biometric data. TikTok’s privacy policy outline shows that the platform gathers details about the devices used, the OS, IP addresses, and browsing history. However, they have also drawn-out major criticisms of the arguably invasive nature of collecting such extensive data (Gray, 2021). Large amounts of data collected allow for comprehensive user profiling, which if not protected appropriately, can be leveraged maliciously. Adding facial recognition or any other kind of biometric data collection to the mix furthers complicate the process, and extends the possibility for intrusive forms of surveillance and misuse of personal data. The gathering of such diverse data types also enables TikTok to provide the users with unique experiences and targeted promotion.

Privacy Policies

TikTok’s privacy policy best describes the kind of data collected that has been criticized for its obscurity and vagueness. The policy allows the sharing of data with third parties and government agencies, which is a major worry considering privacy infringement and data breaches. Another concern, which has already become the subject of fierce debate, is the possibility of the transfer of user data to the Chinese authorities since ByteDance, the owner of TikTok, is based in China. This provision has increased the attention of regulatory bodies and many concerns about government spying and data misuse. There are additional worries associated with the lack of detailed information on safeguarding data, privacy and user consent policies presented in TikTok (Hochen, 2021). One major weakness of personal data, therefore, is that most users are unaware of how the data is used or spread, negating the notion of informed consent. This aspect of TikTok’s privacy policies and practices evokes the contemporary discussion on data control and user’s privacy.

Regulatory Compliance

Another major challenge that TikTok has faced in the past couple of years is to conform to data protection laws globally. Later in August 2020, the EDPB has argued that Tiktok does not fully comply with the GDPR due to issues to data transfer and users’ consent. Issues of adequacy of data protection measures and transfer of data across borders were identified during the scrutiny by the EDPB. Compliance with the provisions of GDPR requires appropriate protection for personal data, well-defined rules on the use of data, and intelligible consent principles, which many have raised about TikTok. In addition to GDPR risks, TikTok was issued a $5.7 million by the Federal Trade Commission (FTC) back in July 2020 over violation of the Children’s Online Privacy Act (COPPA). This fine which resulted from a COPPA investigation into TikTok underscored the fact that the social media APP has not been observing regulations designed to protect young users (Hochen, 2021). This action by the FTC showed that better compliance measures opened and that there was a need to improve data protection arrangements.
Potential Risks

Data Security Risks

There are several security issues associated with TikTok which if compromised can lead to unauthorized access to the user’s data. Studies performed in the year 2020 flagged flaws in the code of TikTok that could potentially cause instances of data leakage. These vulnerabilities could allow users to disclose their private information to the attackers and cause unauthorized use of their data. This threat underlines the need to employ stricter security protocols and remain vigilant to prevent data leakage due to new risks (Horowitz & Check, 2022).

Privacy Risks

Collection of biometric data is among the numerous privacy threats presented by the platform due to the nature of the company’s data collection. It involves privacy issues in regards to surveillance and misuse of user data by other parties. Specific and comprehensive user data compilation combined with doubts about information disclosure with third parties raises the level of privacy violations. These risks are exacerbated by the lack of data practices for data utilization and sharing, so users may not be fully aware of how their data is being used or shared (Horowitz and Check, 2022).

Reputational Risks

TikTok faces severe data privacy concerns that may harm its image and lead to a loss of trust from customers. Loss of user confidence arises from negative media coverage; regulatory fines can threaten the platform’s market share. Due to rising concerns about personal data, the company’s inability to address such issues may be detrimental to the image of the app and reduce its competitiveness within the market. Reputational loss may also bring decreased user participation as well as trust, affecting the continuous success of the platform (Scharlach, Hallinan and Shifman, 2023).

Legal and Regulatory Risks

TikTok remains exposed to legal and regulatory risks with regards to the way it handles users’ data privacy. Possible penalties include massive penalties, lawsuits, and enhanced attention from the authorities. These risks can and should be managed, and arguably need to be managed most of all to maintain user trust and to adhere to data protection regulations, among other things. The platform must also confront legal issues regarding data privacy that may lead to penalties, which could potentially hamper its reputation (Scharlach, Hallinan and Shifman, 2023).

Governance Frameworks

Existing Frameworks

Some examples of frameworks used for data governance are GDPR and ISO/IEC 27001. GDPR focuses on ideas like data minimization, obtaining consent from the user, or being transparent about the purpose of data use. Managers are obliged to perform DPIAs and start using efficient data protection tools to meet the GDPR requirements (Kosters and Gstrein, 2024). ISO/IEC 27001 is an information security standard that aims at controlling risk and implementing an information security management system (ISMS) to safeguard information.

Comparison and Analysis

A comparison with these frameworks shows there are some clear areas for TikTok to develop further. While Tiktok has provided a general statement regarding data collection processes, it does not offer elaborate information regarding data protection procedures as well as the methods it uses to obtain user consent. The IPR should consider implementing GDPR and ISO standards into the company’s data governance to improve upon the issues highlighted (Zeng and Kaye, 2022). The actions to enhance the data governance and compliance standards are as follows: the proper data security measures should be incorporated; the transparency in handling data should be detected; and proper and explicit consent on the usage of data should be acquired.

5. Recommendations

To manage the governance challenges and risks, the following should be done to Tik Tok:

1. Enhance Transparency: Be very specific and specific when establishing privacy policies with regards to the collection of data and the use of the same.

2. Strengthen Data Protection: Adopt sound security measures and perform periodic Data Protection Impact Assessment (DPIAs) to mitigate the risks.

3. Improve Compliance: Comply with the GDPR and CCPA guidelines regarding obtaining consent directly from users and limiting sharing personal data with third parties.

4. Engage Stakeholders: To avoid conflicts with users, regulators and privacy advocates active communication with them should be initiated to ensure effective cooperation and maintain clear awareness of privacy issues. 

References

Cartwright, M., 2023. TikTok's Fall from Grace: How Growing Security Concerns in Chinese Technology Affect US Courts and Presidential Successors. SMU Sci. & Tech. L. Rev., 26, p.87.

Coche, E., Kolk, A. and Ocelík, V., 2024. Unravelling cross-country regulatory intricacies of data governance: the relevance of legal insights for digitalization and international business. Journal of International Business Policy, 7(1), pp.112-127.

Duffy, B.E. and Meisner, C., 2023. Platform governance at the margins: Social media creators’ experiences with algorithmic (in) visibility. Media, Culture & Society, 45(2), pp.285-304.

Durovic, M. and Poon, J., 2023. Consumer Vulnerability, Digital Fairness, and the European Rules on Unfair Contract Terms: What Can Be Learnt from the Case Law Against TikTok and Meta? Journal of consumer policy, 46(4), pp.419-443.

Faison, A., 2021. TikTok Might Stop: Why the IEEPA Cannot Regulate Personal Data Privacy and the Need for a Comprehensive Solution. Duke J. Const. L. & Pub. Pol'y Sidebar, 16, p.115.

Gray, J.E., 2021. The geopolitics of" platforms": The TikTok challenge. Internet policy review, 10(2), pp.1-26.
Hochen, R., 2021. When Your Apps Threaten National Security-A Review of the Tiktok and Wechat Bans and Government Actions under IEEPA and FIRRMA. Brook. J. Corp. Fin. & Com. L., 16, p.193.

Horowitz, B. and Check, T., 2022. TikTok v. Trump and the uncertain future of national security-based restrictions on data trade. J. Nat'l Sec. L. & Pol'y, 13, p.61.
Kosters, L. and Gstrein, O.J., 2024. TikTok and Transparency Obligations in the EU Digital Services Act (DSA)–A Scoping Review. Zeitschrift für Europarechtliche Studien (ZEuS), 27(1), pp.110-145.

Lee, R.K.W. and Ng, L.H.X., 2023. TikTok’s Project Texas-Social Media Data Governance Across Geopolitical Lines. Digital Government: Research and Practice, 4(4), pp.1-5.

Scharlach, R., Hallinan, B. and Shifman, L., 2023. Governing principles: Articulating values in social media platform policies. new media & society, p.14614448231156580.

Zeng, J. and Kaye, D.B.V., 2022. From content moderation to visibility moderation: A case study of platform governance on TikTok. Policy & Internet, 14(1), pp.79-95.