Information Technology Reference
In-Depth Information
INFORMATION
SYSTEMS @ WORK
System
Arek Oy, Ltd develops information systems and provides sys-
tem services to pension insurance providers in Finland. The govern-
ment of Finland has created laws to ensure that anyone earning a
paycheck in Finland receives a pension upon retirement.
Finnish employers are required to maintain records on every
employee, including the employee's name, national ID number,
date of birth, work history, and other private information, along
with an account of every paycheck issued to the employee. Employ-
ers share that information with one of many pension insurance
companies. Arek Oy was created by the Finnish Centre for Pen-
sions (ETK) and the country's authorized pension insurance
providers to develop and manage the information systems that
collect, store, and deliver employee information to the pension
insurance industry.
Arek Oy was established in 2004 to perform an important
task. The mission of the new company was to develop the largest
information system used in Finland. The company had 30 months
to complete the task, which may seem generous until you consider
the size of the system. The goal of the pension insurance informa-
tion system was to manage employment records of every person
that works in Finland. If Arek Oy could not provide a flawless sys-
tem by the deadline, they would put workers' pensions at risk,
acquire hefty fines from the government, and ruin their own repu-
tation, which would most likely mean the end of Arek Oy.
What made the systems development especially challenging
was that Arek Oy had to apply many privacy rules and regulations
as defined by the Finnish government. Today's privacy-sensitive
culture makes database development and maintenance a time
and resource-consuming affair for businesses and governments
around the globe.
In general, sensitive employee data must be hidden from the
eyes of all but approved parties. The systems engineers for Arek
Oy were not allowed to see the data stored in the pension
database. Special data privacy solutions were employed to mask
personal identification information in database records—a practice
called “de-identification.” Arek Oy set up a safe sandbox for devel-
opment that provided realistic, fictionalized data for developers to
use when testing the systems. These types of systems are referred
to as test-data management systems; they promote information
privacy by allowing database developers to create reliable systems
without accessing the actual private data that the system will
manage.
Government privacy regulations, although important to cus-
tomers and citizens, are particularly burdensome to businesses
and information system developers. To assist developers in com-
plying with privacy laws, database management systems provided
by major information systems companies such as IBM have com-
pliance embedded in their systems. Arek Oy reduced its stress and
responsibility by adopting such a system to use for its pension
insurance information system.
As you might guess, Arek Oy was successful in meeting its
deadline for Finland's largest information system. It has deployed
a database management system that includes a safe sandbox for
test-data management that meets the high privacy standards of
the Finnish government. The many pension insurance companies
that work with the system can develop database applications using
the secure and private environment that Arek Oy has provided.
Considering the time and effort that Arek Oy invested in com-
plying with government privacy regulations, it's clear why many
companies not governed by regulations are hesitant to commit
resources to privacy practices. In most cases it isn't a matter of not
caring, but of providing the best quality system for the least
amount of money. The Arek Oy case provides a good example of
the benefits and costs of government regulations.
Discussion Questions
1.
What challenges did Arek Oy face in the Finnish pension sys-
tems development project?
2.
What techniques did the company use to meet project require-
ments and government regulations?
Critical Thinking Questions
1.
Besides government regulations, what other pressure might
persuade a business to employ strict privacy practices?
2.
What are the risks involved for a company that takes shortcuts
and allows systems developers to see private data?
Sources:
IBM Staff, “Arek Oy deploys IBM Optim to deliver the largest infor-
mation management system in Finland,” IBM Case Studies, May 30, 2008,
OpenDocument&Site=default&cty=en_us;
Arek Oy Web site,
www.arek.fi,
accessed August 2, 2008.
607
