Ethics in Information Technology

By
Prof. Vikrant Chole
 CHAPTER 2

ETHICS FOR IT WORKERS

AND IT USERS
 OBJECTIVES
 What key characteristics distinguish a professional from other
kinds of workers, and is an IT worker considered a
professional?

 What factors are transforming the professional services

industry?

 What relationships must an IT worker manage, and what key

ethical issues can arise in each?

 How do codes of ethics, professional organizations, certification,

and licensing affect the ethical behavior of IT professionals?

 What is meant by compliance, and how does it help promote the

right behaviors and discourage undesirable ones?
 IT Professionals
 A professional is a person in a profession that
requires certain types of skilled work requiring formal
training or education
 Profession is a calling that requires Specialized
knowledge
 Long and intensive academic preparation
 Professionals such as doctors, lawyers, and
accountants require advanced training and
experience
 Are IT Workers Professionals?
Are not recognized as professionals How? Why?

Not licensed

Not liable for malpractice

Partial list of IT specialists

Programmers
Systems analysts
Software engineers
Database administrators
Local area network (LAN) administrators
Chief information officers (CIOs)
Professional Relationships That Must
Be Managed
 Relationships Between IT Workers
and Employers
 IT professionals must set an example and enforce
policies regarding the ethical use of IT
 Ethical Issues
• Software Piracy
• Trade Secret
• Whistle blowing
Software piracy
•Software piracy is the act of illegally making copies of software
or enabling others to access software to which they are not
entitled
•Software piracy is an area in which IT professionals can be
tempted to violate laws and policies
Trade secret
•Information used in business
•Generally unknown to the public
•Company has taken strong measures to keep confidential
Whistle-blowing
Attracts attention to a negligent, illegal, unethical, abusive, or
dangerous act that threatens the public interest
Relationships Between IT Workers and Clients

 IT worker provides Hardware, software, or services

at a certain cost and within a given time frame

 Relationship is usually documented in contractual

terms

 Ethical problems arise if a company recommends its

own products and services to remedy problems they
have detected
 Relationships Between IT Workers
and Suppliers
 Develop good relationships with suppliers

 Deal fairly with them

 Do not make unreasonable demands

 Do not accept bribes

Bribery
•Providing money, property, or favours to someone in
business or government to obtain a business advantage
•At what point does a gift become a bribe?
•No gift should be hidden
 Relationships Between IT Workers and
Other Professionals
 Professionals owe each other adherence to a
profession’s code of conduct
 Ethical problems between members of the IT
profession
 Résumé inflation
 Inappropriate sharing of corporate information
Relationships Between IT Workers and IT
Users
 IT user is a person for whom a hardware or
software product is designed
 IT Workers duty is to
• Understand users’ needs and capabilities
• Deliver products and services that best meet those
needs
• Establish an environment that supports ethical
behavior by users
 Relationships Between IT Workers and
Society
 Actions of an IT worker can affect society
 Society expects members of a profession to
provide significant benefits and to not cause
harm through their actions.
 What Would You Do?
Your old roommate from college was recently let go from
his firm during a wave of employee terminations to reduce
costs. You two have kept in touch over the six years since
school, and he has asked you to help him get a position
in the IT organization where you work.

You offered to review his résumé, make sure that it gets

to the “right person,” and even put in a good word for him.
However, as you read the résumé, it is obvious that your
friend has greatly exaggerated his accomplishments at
his former place of work and even added some IT-related
certifications you are sure he never earned.
What would you do?
 Professional Codes of Ethics
 It states the principles and core values that are essential to
the work of a particular occupational group
 Consists of two main parts: The first outlines what the
organization aspires to become, and the second typically
lists rules and principles by which members of the
organization are expected to abide
 Following a professional code of ethics can produce
benefits for the individual, the profession, and society as a
whole
–Ethical decision making
–High standards of practice and ethical behavior
–Trust and respect from general public
–Evaluation benchmark for self-assessment
 Professional Organizations
 is useful in a field that is rapidly growing and changing
 In order to stay on top of the many new developments in
their field, IT workers need to network with others, seek
out new ideas, and continually build on their personal
skills and expertise
 These organizations disseminate information through
email, periodicals, Web sites, meetings, and
conferences
 most prominent IT-related professional organizations are
- Association for Computing Machinery (ACM)
- Institute of Electrical and Electronics Engineers
Computer Society (IEEE-CS)
 Certification
• indicates that a professional possesses a particular
set of skills, knowledge, or abilities in the opinion of
a certifying organization
• Can also apply to products
• Carries no requirement to adhere to a code of
ethics
• Employers view as benchmark of knowledge
• Opinions are divided on value of certification
Vendor certifications
•Some certifications substantially improve IT workers’
salaries and career prospects
•Relevant for narrowly defined roles or certain aspects of
broader roles
•Require passing a written exam
•Can take years to obtain experience
•Training can be expensive
•Workers are commonly recertified as newer technologies
become available
Industry association certifications
•Require a higher level of experience and a broader
perspective than vendor certifications
•Lag in developing tests that cover new technologies
•Are moving from purely technical content to a broader
mix of technical, business, and behavioral
competencies
 Government Licensing
• Generally administered at the state level in the
United States
• Requires that recipient pass a test
• Case for licensing IT workers
• Encourages following highest standards of
profession
• Encourages practicing a code of ethics
• Violators would be punished
• Without licensing, no requirements for heightened
care and no concept of professional malpractice
Issues with government licensing of IT workers
•No universally accepted core body of knowledge
•Unclear who should manage content and
administration of licensing exams
•No administrative body to accredit professional
education programs
•No administrative body to assess and ensure
competence of individual workers
 IT Professional Malpractice
• Negligence: not doing something that a reasonable
person would do, or doing something that a
reasonable person would not do
• Duty of care: obligation to protect people against any
unreasonable harm or risk
• Reasonable person standard
• Reasonable professional standard
• Professional malpractice: professionals who breach
the duty of care are liable for injuries that their
negligence causes
 What Would You Do?
You are a new human resources manager assigned to your firm’s IT
organization. One of your responsibilities is to screen résumés for
job openings in the organization.
You are in the process of reviewing more than 100 résumés you
received for a position as a Cisco network specialist. Your goal is to
trim the group down to the top five candidates to invite
to an in-house interview. About half the résumés are from IT
workers with less than three years of experience who claim to have
one or more Cisco certifications.
There are also a few candidates with over five years of impressive
experience but no Cisco certifications listed on their résumés. You
were instructed to include only candidates with a Cisco certification
in the list of finalists. However, you are concerned about possible
résumé inflation and the heavy emphasis on certification versus
experience.
What would you do?
 Common Ethical Issues for IT Users
 Software piracy

 Inappropriate use of computing resources

–Erodes productivity and wastes time
–Could lead to lawsuits

 Inappropriate sharing of information

–Every organization stores vast amounts of private or
confidential data; Private data (employees and customers)
Confidential information (company and operations)
 Supporting the Ethical Practices of IT
Users
 Policies that protect against abuses:

–Set forth general rights and responsibilities of users

–Create boundaries of acceptable behavior

–Enable management to punish violators

Companies can take several of the following actions
when creating an IT usage policy

–Establishing guidelines for use of company software

–Defining appropriate use of IT resources

–Structuring information systems to protect data and

information

–Installing and maintaining a corporate firewall

 Compliance
 To be in accordance with established policies, guidelines,
specifications, and legislation
 Sarbanes-Oxley – established requirements for internal
controls
 HIPAA – ensures security and privacy of employee
healthcare data
 Failure to be in conformance can lead to criminal or civil
penalties and also lawsuits
 Compliance (cont’d.)
 Major challenge to comply with multiple government and
industry regulations that are sometimes in conflict

 To meet this challenge:

–Implement software to track and record compliance actions

–Hire management consultants for advice and training
–Create Chief Compliance Officer position
 Compliance (cont’d.)

• Audit committee is subset of the board of directors, with

oversight for the following activities:
– Quality and integrity of accounting and reporting
practices and controls
– Compliance with legal and regulatory requirements
– Qualifications, independence, and performance of
organization’s independent auditor
– Performance of company’s internal audit team
 Compliance (cont’d.)
• Internal audit committee responsibilities:
– Determine that internal systems and controls are
adequate and effective
– Verify existence of company assets and maintain proper
safeguards over their protection
– Measure the organization’s compliance with its own
policies and procedures
– Ensure that institutional policies and procedures,
appropriate laws, and good practices are followed
– Evaluate adequacy and reliability of information
available for management decision making
 What Would You Do?
You work part-time evenings and weekends as a real estate
salesperson. You also work full-time for an IT consulting group.
When ordering business cards for your real estate
business, you decided to include your full-time work email address.

As a result, you frequently find yourself receiving and sending

emails related to your real estate work from your computer at your
IT consulting job. You try to limit this activity to your lunch hour,
but there are often urgent messages that require an immediate
reply.
Lately the number of such emails is increasing. Sometimes you
worry what would happen if your manager found out about this
activity, but cutting off the flow of emails from your clients could
have a serious impact on your ability to serve them and earn
commissions
What would you do?