Is IT Ethical? 2000 ETHICOMP Survey of Professional Practice

Should IS professionals actively consult all stakeholders in an information systems development project or merely keep them informed?

This is one of the questions debated at the recent launch of the IMIS-sponsored report, Is IT Ethical? The report is the second in a longitudinal study of the ethical attitudes of IS professionals being conducted on behalf of the Institute by the Centre for Computing and Social Responsibility at De Montfort University.

Both of the surveys carried out to date (in 1998 and 2000) found that the vast majority of respondents agreed on fundamental issues such as the importance of ethical considerations to organisations and to themselves. Nearly all of them, for example, in the 2000 survey agreed that organisations should require IS/IT employees to abide by a code of professional ethics (for the IMIS Code of Conduct go to the IMIS website). Over 80% would refuse to work on a project they considered to be unethical - despite the fact that some 40% said they have no choice about the projects they work on. Most (though not all) said that the unauthorised copying of software was not acceptable practice.

Of course, there may be a distinction between what people say in surveys, even anonymous ones, and what they do in practice. Which perhaps makes some of the other responses even more interesting. For example, nearly 20% agreed it was acceptable, 'for a software contractor, provided with a brief specification, to go ahead and develop the system knowing that in the future re-work under another contract will be essential' - implying support for a level of deceit to the client. Likewise, although the majority of respondents agreed it was not acceptable to cut down on testing effort when over budget or behind schedule, a sizeable minority of 16.6% thought it was acceptable, with as many as 10% indifferent. A similar proportion of respondents considered it acceptable to access data they are not authorised to see by using another employee's access code with their permission. Given the ubiquitous nature of computer systems and the quantity of personal data they now hold, these figures are somewhat worrying.

It is worth noting the profile of the survey respondents. Over 60% are over 40 years of age, 65% have more than 10 years experience as an IS professional, over 80% are male and the largest single occupation is 'Manager/Director of IS'. Both the private and public sectors are represented along with a variety of size of organisation. The majority are based in the UK, although responses were received from a number of other countries. No clear relationship can be established between the respondents' age, experience or occupation and their response to particular issues; the older and more experienced ones were just as likely as their younger colleagues in the 2000 survey to make what the authors' would see as a 'less ethical' response.

Another contentious area is that of employee surveillance. Concerned to find in the 1998 survey that as many as 22% of respondents agreed that employers were entitled to monitor employees' performance without their consent, the 2000 survey asked about this issue in more detail. The responses indicate that employees' consent and knowledge are seen as crucial by the majority of respondents. While a majority of nearly 80% agree that employers are entitled to electronically monitor their employees with both their knowledge and consent, the figure drops to 13.9% with neither. This figure, although it represents only a minority of respondents, is still a matter for concern. It is IS professionals who may well be called upon to develop, install and maintain some types of electronic surveillance software and equipment. Quite apart from the ethical issues involved such practice could now fall foul of legal requirements under the Data Protection and Human Rights Acts.

Evidence of an attitude showing greater concern for privacy is found in the 17.5% of respondents who find it unacceptable to electronically monitor employees even with both their knowledge and consent. These findings suggest that there is a need for a much wider debate about the use of electronic surveillance methods in the workplace particularly because, with the evolution of more sophisticated means of workplace surveillance, it is no longer only employees carrying out routine, repetitive tasks who are monitored but also knowledge workers such as IS professionals themselves.

Another area where the survey has highlighted the potential for further debate is that of the licensing of IS professionals. Over 40% of the UK respondents agreed with the idea of licensing, 31.2% disagreed while 25% were indifferent. The difficulties of licensing with such a diverse group as IS/IT workers are well known; however the concept of distinguishing between different levels of worker and licensing those responsible for 'signing off' specifications or (parts of) working systems was aired at the report launch. There is clearly a need for ongoing debate on this difficult but important issue.

So, should IS professionals actively consult all stakeholders in an information systems development project or merely keep them informed? Respondents to the 2000 survey were fairly evenly split between those who agreed, and those who disagreed, with the statement, 'Consultation with all stakeholders in an information systems development project is not always possible; to keep stakeholders informed is sufficient' The report's authors maintain that for an ethically acceptable approach to systems development consultation needs to embrace meaningful involvement of representatives of all those affected. Employees should have some input into any redesign of their working environment brought about by the introduction of new information systems. Many IS professionals, however, regard this as idealistic when faced with commercial and economic pressures. Until they can be persuaded otherwise, we are likely to continue to find high-profile information system failures headlined in the media.

For a full copy of the report contact IMIS.

Please send your views on ethical and social responsibility issues and cases of ethical dilemmas to: