Ethics in Information Technology,

Second Edition
Chapter 2
Ethics for IT Professionals and IT Users
1

Objectives
What key characteristics distinguish a professional
from other kinds of workers, and what is the role of
an IT professional?
What relationships must an IT professional manage,
and what key ethical issues can arise in each?
How do codes of ethics, professional organizations,
certification, and licensing affect the ethical
behaviour of IT professionals?
2

Objectives (continued)
What are the key tenets of four different codes of
ethics that provide guidance for IT professionals?
What are the common ethical issues that face IT
users?
What approaches can support the ethical practices of
IT users?

IT Professionals
Profession is a calling that requires
Specialized knowledge
Long and intensive academic preparation

Are IT Workers Professionals?

Partial list of IT specialists
Programmers
Systems analysts
Software engineers
Database administrators
Local area network (LAN) administrators
Chief information officers (CIOs)

Are IT Workers Professionals?

(continued)
Legal perspective
IT workers are not recognized as professionals
Not licensed
IT workers are not liable for malpractice

Professional Relationships That

Must Be Managed
IT professionals have many different
relationships with:
Employers
Clients
Suppliers
Other professionals
IT users
Society at large
7

Relationships Between IT
Professionals and Employers
IT professionals must set an example and enforce policies
regarding the ethical use of IT
Software piracy is the act of illegally making copies of
software or enabling others to access software to which they
are not entitled
Software piracy is an area in which IT professionals can be
tempted to violate laws and policies
The Business Software Alliance (BSA) is a trade group that
represents the worlds largest software and hardware
manufacturers
Its mission is to stop the unauthorized copying of software
produced by its members
8

Members of Business Software

Alliance (as of July 2005)

Relationships Between IT Professionals and

Employers (continued)
Trade secret : A trade secret is information, generally
unknown to the public, that a company has taken strong
measures to keep confidential.
Information used in business
Generally unknown to the public
Company has taken strong measures to keep confidential

Whistle-blowing : Whistle-blowing is an effort by an

employee to attract attention to a negligent, illegal,
unethical, abusive, or dangerous act by a company that
threatens the public interest.
10

Relationships Between IT Professionals

and Clients
An IT worker often provides services to clients who either
work outside the workers own organization or internal.
Hardware, software, or services at a certain cost and within a
given time frame

Client provides
Compensation
Access to key contacts
Work space

Relationship is usually documented in contractual terms

11

Relationships Between IT Professionals and

Clients (continued)
Ethical problems arise if a company recommends its
own products and services to remedy problems
they have detected
A company is unable to provide full and accurate
reporting of a projects status
The client trusts the IT worker to use his or her expertise and to act in
the clients best interests. The IT worker must trust that the client will
provide relevant information, listen to and understand what the IT
worker says, ask questions to understand the impact of key decisions,
and use the information to make wise choices among various
12
alternatives.

Legal Overview: Fraud, Misrepresentation,

and Breach of Contract
Fraud : Fraud is the crime of obtaining goods, services, or property
through trickery. Fraudulent misrepresentation occurs when a
person consciously decides to induce another person to rely and act
on the misrepresentation.
Breach of contract
One party fails to meet the terms of a contract

Misrepresentation is the misstatement or incomplete statement of

a material fact. If the misrepresentation causes the other party to
enter into a contract, that party may have the legal right to cancel
the contract or seek reimbursement for damages.

As an example of misrepresentation, an Oracle marketing campaign claimed that retail

companies using its software are 49.7 percent more profitable and 61.5 percent more
capital efficient than peers.

13

Legal Overview: Fraud, Misrepresentation, and

Breach of Contract (continued)

IT projects are joint efforts in which vendors

and customers work together
Difficult to assign blame
Breach of contract occurs when one party fails to
meet the terms of a contract. Further, a material
breach of contract occurs when a party fails to
perform certain express or implied obligations, which
impairs or destroys the essence of the contract.

14

Most IT projects are joint efforts in which vendors and customers work together
to
develop a system.
Assigning fault when such projects go wrong can be difficult; one side
might be partially at fault while the other side is mostly at fault.
Consider the following frequent causes of problems in IT projects:
The customer changes the scope of the project or the system requirements.
Poor communication between customer and vendor leads to performance that
does not meet expectations.
The vendor delivers a system that meets customer requirements, but a
competitor comes out with a system that offers more advanced and useful
features.
The customer fails to reveal information about legacy systems or databases
that make the new system extremely difficult to implement.

Ethics in Information Technology,

Second Edition

15

Who is to blame in such circumstances? For example, the

Texas Department of Information Resources and IBM signed
a seven-year, $863 million contract in November 2006 for
IBM to update the state governments IT infrastructure. The
effort involved the consolidation of servers and mainframes of
the data centers of 26 state agencies in 1,300 locations
to reduce costs and to improve information security and
disaster recovery capabilities.
In November 2008, the director of the Texas Department of
Information Resources, Brian Rawson, said that IBM had
breached its contractual duties and obligations to the state of
Texas by failing to perform the crucial backup of data for
more than 20 state agencies.

Ethics in Information
Technology, Second Edition

16

Relationships Between IT Professionals and Suppliers

Develop good relationships with suppliers

Deal fairly with them
Do not make unreasonable demands
Bribery involves providing money, property, or favors to someone in business or
government to obtain a business advantage. An obvious example is a software
supplier sales representative who offers money to another companys employee to
get its business. This type of bribe is often referred to as a kickback or a

payoff.
U.S. Foreign Corrupt Practices Act (FCPA) makes it a crime to bribe a
foreign official, a foreign political party official, or a candidate for foreign
political office
.

17

Relationships Between IT Professionals and

Suppliers (continued)
Bribery
At what point does a gift become a bribe?
No gift should be hidden
Perceptions of donor and recipient can differ

Ethics in Information Technology,

Second Edition

18

Distinguishing Between a Bribe and a Gift

Ethics in Information Technology,

Second Edition

19

Relationships Between IT Professionals and Other

Professionals

Professionals owe each other adherence to a

professions code of conduct
Ethical problems between members of the IT
profession
Rsum inflation
Inappropriate sharing of corporate information
Because of their roles, IT workers have
access to corporate databases of private and confidential
information about employees, customers, suppliers, new
product plans, promotions, budgets, and so on.
Ethics in Information Technology,
Second Edition

20

Relationships Between IT Professionals and IT Users

IT user distinguishes the person who uses a hardware or

software product from the IT workers who develop,
install, service, and support the product.
IT professionals duty
Understand users needs and capabilities
Deliver products and services that best meet those needs
Establish an environment that supports ethical behaviour by
users

Ethics in Information Technology, Second

Edition

21

Relationships Between IT Professionals

and Society
Actions of an IT professional can affect society.
Regulatory laws establish safety standards for products
and services to protect the public. professionals can
clearly see what effect their work will have and can take
action to eliminate potential public risks.
For example, a systems analyst may design a computerbased control system to monitor a chemical
manufacturing process. A failure or an error in the system
may put workers or residents near the plant at risk.
Ethics in Information Technology, Second
Edition

22

The Ethical Behavior of IT

Professionals
Corporations are taking actions to ensure
good business ethics among employees

Ethics in Information Technology,

Second Edition

23

Professional Codes of Ethics

A professional code of ethics states the
principles and core values that are essential to
the work of a particular occupational group
Main parts:
Outlines what the professional organization
aspires to become
Lists rules and principles by which members of the
organization are expected to accept.
Ethics in Information Technology,
Second Edition

24

Professional Codes of Ethics (continued)

Benefits for individual, profession, and society

Improves ethical decision making : common set of core
values and beliefs as a guideline for ethical decision making.

Promotes high standards of practice and ethical

behaviour
Enhances trust and respect from the general public
Trust and respect from the general publicPublic trust is built on the expectation that a
professional will behave ethically. People must often depend on the integrity and good
judgment of a professional to tell the truth, abstain from giving self-serving advice, and offer
warnings about the potential negative side effects of their actions.

Provides an evaluation benchmark

professional can use as a means of self-assessment
Ethics in Information Technology,
Second Edition

25

Professional Organizations
No universal code of ethics for IT professionals
No single, formal organization of IT professionals has
emerged as preeminent
Most prominent organizations include:
Association for Computing Machinery (ACM)
Association of Information Technology Professionals (AITP)
Computer Society of the Institute of Electrical and
Electronics Engineers (IEEE-CS)
Project Management Institute (PMI)

Ethics in Information Technology, Second

Edition

26

The Association for Computing Machinery (ACM) is a computing

society founded in 1947 with 24,000 student members and 68,000
professional members in more than 100 countries.
It offers many publications and electronic forums for technology
workers, including Tech News, a comprehensive news-gathering
service; Career News, a career news digest;

Ethics in Information Technology,

Second Edition

27

Association of Information Technology Professionals (AITP)

The Association of Information Technology Professionals (AITP) started
in Chicago in 1951, when a group of machine accountants got together
and decided that the future was
bright for the IBM punched-card tabulating machines they were
operatinga ancestor of the modern electronic computer. They were
members of a local group called the Machine Accountants Association
(MAA), which first evolved into the Data Processing Management
Association in 1962.
Project Management Institute (PMI) The Project Management Institute
(PMI) was established in 1969 and has more than 420,000 members
and people who have passed the PMI certification process in more than
170 countries.
Ethics in Information Technology,
Second Edition

28

Certification
Indicates a professional possesses a particular set of
skills, knowledge, or abilities in the opinion of a
certifying organization
Can also apply to products
Generally voluntary
Carries no requirement to adhere to a code of ethics
e.g., the Wi-Fi CERTIFIED logo assures that the
product has met rigorous interoperability testing to
ensure that it will work with other Wi-Fi-certified
products.
Ethics in Information Technology, Second
Edition

29

Certification (continued)
Vendor certifications : Many IT vendorssuch as Cisco, IBM,
Microsoft, Sun, SAP, and Oracleoffer certification programs for
their products. Workers who successfully complete a program can
represent themselves as certified users of a manufacturers
product. Depending on the job market and the demand for skilled
workers, some certifications might substantially improve an IT
workers salary and career prospects.
Workers are commonly recertified as newer technologies become
available
A few certifications, such as the Cisco Certified Internetwork Expert
(CCIE) certification, also require a hands-on lab exam that
demonstrates skills and knowledge.

Ethics in Information Technology,

Second Edition

30

Certification (continued)
Industry association certifications
Require a certain level of experience and a
broader perspective than vendor certifications
Lag in developing tests that cover new
technologies
The trend in IT certification is to move from purely technical
content to a broader mix of technical, business, and
behavioral competencies, which are required in todays
demanding IT roles.
Ethics in Information Technology,
Second Edition

31

Ethics in Information Technology,

Second Edition

32

Government Licensing

In the United States, a government license is government-issued

permission to engage in an activity or to operate a business. It is
generally administered at the state level and often requires that the
recipient pass a test of some kind. Some professionals must be
licensed, including certified public accountants (CPAs),Case for
licensing IT professionals

Encourage IT professionals to follow the highest

standards of the profession
Practice a code of ethics
Violators would be punished
Modern systems are highly complex, interconnected, and critically dependent on
one another. Highly integrated enterprise resource planning (ERP) systems help
multibillion-dollar companies control all of their business functions, including
forecasting, production planning, purchasing, inventory control, manufacturing,
and distribution.
Ethics in Information Technology,
Second Edition

33

Government Licensing (continued)

Issues associated with government licensing of IT professionals

There are few international or national licensing

programs for IT professionals
The National Council of Examiners for Engineering and Surveying
(NCEES) has developed a professional exam for electrical engineers
and computer engineers.
There is no universally accepted core body of knowledge. The core
body of knowledge for any profession outlines agreed-upon sets of
skills and abilities that all licensed professionals must possess.
It is unclear who should manage the content and administration of
licensing exams. How would licensing exams be constructed, and who
would be responsible for designing and administering them? Would
someone who passes a license exam in one state or country be
accepted in another state or country?
Ethics in Information
Technology, Second Edition

34

There is no administrative body to accredit professional education

programs. Unlike the American Medical Association for medical schools
or the American Bar Association for law schools, no single body
accredits professional education
programs for IT. Furthermore, there is no well-defined, step-by-step
process to train IT workers, even for specific jobs such as programming.

There is no administrative body to assess and ensure competence of

individual workers. Lawyers, doctors, and other licensed professionals
are held accountable to high ethical standards and can lose their
license for failing to meet those
standards or for demonstrating incompetence.

Ethics in Information Technology,

Second Edition

35

IT Professional Malpractice
Negligence has been defined as not doing something
that a reasonable man would do, or doing something
that a reasonable man would not do
Duty of care refers to the obligation to protect
people against any unreasonable harm or risk
Courts consistently reject attempts to sue individual
parties for computer-related malpractice

Ethics in Information Technology, Second

Edition

36

Reasonable professional standard. For example, in a medical

malpractice suit based on improper treatment of a broken bone, the
standard of measure would be higher if the plaintiff were an
orthopedic surgeon rather than a general practitioner.
In the IT arena, consider a hypothetical negligence case in which an
employee inadvertently destroyed millions of customer records in an
Oracle database. The standard of measure would be higher if the
plaintiff were a licensed, Oracle-certified database administrator (DBA)
with 10 years of experience rather than an unlicensed systems analyst
with no DBA experience or specific knowledge of the Oracle software

Ethics in Information Technology,

Second Edition

37

A breach of the duty of care is the failure to act as a reasonable

person would act.

A breach of duty may consist of an action, such as throwing a lit

cigarette into a fireworks factory and causing an explosion, or a
failure to act when there is a duty to do sofor example, a
police officer not protecting a citizen from an attacker.

Ethics in Information Technology,

Second Edition

38

IT Users
Employees ethical use of IT is an area of
growing concern

Ethics in Information Technology,

Second Edition

39

Common Ethical Issues for IT Users

Software piracy
Inappropriate use of computing resources :
Some employees use their computers to surf popular Web sites that
have nothing to do with their jobs, participate in chat rooms, view
pornographic sites, and play computer games.

Inappropriate sharing of information

Private data : For Example their salary information, attendance data,
health records, and performance ratings.

Confidential information : company and its operations,

including sales and promotion plans, staffing projections, manufacturing
processes, product formulas, tactical and strategic plans, and research and
development
Ethics in Information Technology,
Second Edition

40

Supporting the Ethical Practices of IT Users

Policies that protect against abuses:
Establish boundaries of acceptable and unacceptable behavior
Enable management to punish violators
Policy components include:
Defining and limiting the appropriate use of IT resources
Establishing guidelines for use of company software
Structuring information systems to protect data and information
Installing and maintaining a corporate firewall : A firewall is a hardware
or software device that serves as a barrier between an organizations
network and the Internet; a firewall also limits access to the companys
network based on the organizations Internet usage policy. The firewall
can be configured to serve as an effective deterrent to unauthorized
Web surfing by blocking access to specific objectionable Web sites.
Ethics in Information Technology,
Second Edition

41

Managers Checklist of Items to Consider when Establishing an IT

Usage Policy

Ethics in Information Technology,

Second Edition

42

Summary
A professional from a legal standpoint
Has passed the state licensing requirements
Has earned the right to practice there

IT professionals have many different relationships

Each with its own set of ethical issues and potential
problems

Professional code of ethics

States the principles and core values essential to the work
of an occupational group

Ethics in Information Technology, Second

Edition

43

Summary (continued)
Licensing and certification of IT professionals
Many people feel that certification will increase the
reliability and effectiveness of information systems
Raises many issues

IT-related professional organizations have developed

a code of ethics
IT usage policy defines appropriate and inappropriate
IT user behavior

Ethics in Information Technology, Second

Edition

44