Ethics are rules that establish the boundaries of generally accepted behavior and are often expressed in statements about how people should behave, and these form the moral code by which society lives. Ethics stem from morality which refers to social conventions: widely accepted right and wrong behavior. What is accepted as moral behavior varies by age, culture, ethnicity, religion and gender. It is often a matter of opinion and a person’s opinion is influenced by family, life experiences, education, religion, personal values and peer influences.
For individuals, virtues are habits that incline a person to do what is acceptable and vices are habits of unacceptable behavior. These virtues and vices define a person’s value system, and that a value system is the complex scheme of moral values by which a person lives. A cornerstone of ethical behavior is integrity; a person that acts with integrity acts in accordance with a personal code of principles. To be consistent and act with integrity, a person must apply the same moral standards in all situations.
IT professionals (programmers, systems analysts, software engineers, database administrators, chief information officers, and many others) are also bound by ethical and moral choices related to their jobs. Just like other professionals, IT professionals are often guided by professional codes of ethics provided by IT professional organizations. Most codes of ethics created by these professional organizations have two parts: the first outlines what the organization aspires to, the second typically lists rules and principles the members are expected to adhere to. Professional codes of ethics are not definitive.
Our lesson will review different codes of ethics provided by four prominent IT professional organizations (ACM, AITP, IEEE, PMI). Also, we'll discuss ethical topics related to these codes. Finally, we'll review possible IT policies as they relate to end-users. Enjoy!
6 comments:
Persons holding support positions in the field of Information Technology would undoubtedly come across confidential information from time to time. It is especially important that those persons are bound by a code of ethics that prevents them from divulging information. I think it is necessary to have persons sign a confidentiality agreement when assuming certain positions in case their own ethical standards do not dictate to them to be careful with confidential information. While signing of the agreement cannot ensure ethical standards are kept, it opens up awareness to the situation that may not have been present before. Persons who break the code can then be held accountable since they would have read and signed the agreement.
Our organization requires that everyone sign an "Acceptable Use" agreement regarding the ethical use of our computer systems, as well as a confidentiality agreement regarding the information we come across every day. We also have to daily acknowledge that there is absolutely no expectation of privacy on our system, and basically every keystroke is logged somewhere. And if that wasn't enough, we have to take (and pass) an information security (INFOSEC) web-based training course every year.
Yet all of this has not completely eliminated the occasional humorous video clip or sappy PowerPoint presentation from being circulated on e-mail. It hasn't completely prevented people from inserting non-approved removable media into our system. Even the best set of ethics and rules need to have an enforcement plan, and consequences for those who violate the standards of behavior.
Compare and Contrast Code of Ethics for ACM and PMI
Both the Association for Computing Machinery (ACM) and the Project Management Institute (PMI) base their code of ethics on behavioral ideals, organized by section and sub-section. Some of these ideals are difficult to measure, such as the ACM’s mandate to “contribute to society and human well-being” and the PMI’s desire to “take actions on the best interests of society.” Looking out for well-being and best interests are not firm standards for behavior, as these terms may be interpreted differently.
The ACM chose to organize their code by “general moral imperatives,” “more specific professional responsibilities,” and “organizational leadership imperatives.” The moral imperatives include the basic dos and don’ts, such as avoiding harm to others and being honest, but it also ventures into more serious (i.e., criminal) topics such as copyrights, privacy, and confidentiality. The professional responsibilities deal more with issues like competence, excellence, and fair evaluations of others’ work. Organizational leadership imperatives admonish managers to treat their employees well.
The PMI code is not as comprehensive a code as that of the ACM, and it is much easier to understand. The PMI simply identifies four basic values: responsibility, respect, fairness, and honesty. Within each of these values they clearly distinguish between “aspirational standards,” or ideal behaviors, and “mandatory standards,” which are firm (and enforceable) requirements. For example, the “respect” section states that PMI members “listen to others’ points of view” (aspirational standard), but they also “respect the property rights of others” (mandatory standard).
In a code of ethics, I would like to see at least a reference to the fact that violating some of these rules could result in criminal charges. Examples of IT-related crimes include violating the Privacy Act by sharing private subscriber information, unlawfully disclosing proprietary information (Intellectual Property Rights), and unauthorized access/hacking/intrusion into a computer system.
Although we all have “pet issues” that we would like to see in a code of ethics, it is difficult to have a code that is both completely accurate and completely understood.
Comparison of Code of Ethics between the Association of Information Technology Professionals (AITP) and the Computer Society of the Institute of Electrical and Electronics Engineers (IEEE-CS)
Commonalities
The statements made seem to bear in mind the obligation professionals have to help others within the profession and not cause harm in any way through the inappropriate use of information that may be disclosed in the line of duty. There seems to also be a general obligation to society as well as to management. Most statements made in both cases can be categorized in these terms.
Differences
The Code of Ethics presented by AITP was clearly defined by categories but this was not the case for the IEEE-CS. Although analysis of the IEEE-CS statements can place most statements within similar categories as those defined by AITP, it was not as clearly presented. AITP also presented a more comprehensive list of statements by expanding on the Code of Ethics with Standards of Conduct. This clarified general statements and gave more guidance for each of the categories defined.
Additional Important Issue
It is praiseworthy to have the code of ethics in place for organizations but it is also necessary to state with the code, a statement of compliance and the consequences for non-compliant persons. Persons should be called on to honor the agreements that they sign and a procedure must be put in place to handle violations.
In my capacity as a manager in the realm of information technology, I hold the “keys” to all systems employed at my institution. Subsequently I have thought much about my responsibility to the administration, students, and faculty to conduct myself in an ethical manner. I also consistently concern myself with the access granted to the other technologists in my unit. Not only are technologists responsible for acting responsibly considering their access to data, but also are charged with doing their due diligence to keep electronic information secure and confidential. This is certainly a topic that causes sleep deprivation for me personally! One of my greatest fears, as our institution has grown and so has the technology unit I manage, is one of the personnel in my unit misusing the “keys” they may have. I do trust my team members; but, I have found the notion is never far from my thoughts. This, in my opinion, is because no policy, law, or code of ethics will stop someone who becomes intent on doing harm or acting in a negligent manner.
Comparison and Discussion of the PMI and AITP Code of Ethics
Question 1 – Commonalities
Both codes clearly define who the code applies to and to whom professionals are responsible to. This, as a foundation for the respective codes, is important. The two associations stress the responsibility of professionals to share information honestly and appropriately with management. This is very important, as much of the administration ultimately responsible for technology and major technological projects in today’s college and universities are not technologists. Technology personnel purposefully withholding key information, or providing misinformation, is a concern expressed by many top level administrators I have experience with. Another important common theme was the responsibility to stay current on applicable knowledge and skills. Staying up to date on current technologies is essential for efficiency and effectiveness, and should be considered an ethical responsibility. Lastly, both codes emphasize the necessity of fact when charging an individual with breaking the code of ethics or of violating any technological policy. Having proof prior to making accusations is paramount to maintaining the validity of the codes and policies enacted at any institution.
Question 2 - Differences
There are numerous differences in these two codes. The primary difference evident to me was PMI’s segmentation between those standards that practitioners either aspire to or those that are mandatory. Conversely, AITP asserts their standards of conduct are to be followed without fail, rather than strived for. Secondly, PMI includes a history of the code and how the four primary areas of concentration were determined. This is helpful when considering the overall context of the code. Further, PMI provides a glossary that is also helpful to those working to fully understand the code, its meaning, and how it might be applied.
Question 3 – Other Important Issues
Both codes speak to the responsibility of practitioners where local, state, and federal rules and regulations are concerned. However, I could find no clear path to determining what those might be from either organization’s website. In my experience, determining this information can be difficult at best. Particularly with AITP, it would be helpful to have information on how institutions can gain knowledge in this important topic.
Post a Comment