Copyright © 2005 Simon Rogerson and Mary Prior
Originally published as ETHIcol in the IMIS Journal Volume 15 No 5 (September 2005)
In September the fourth bi-annual study into the attitudes of Information Systems (IS) professionals, 'Is IT Ethical? 2002 ETHICOMP Survey of Professional Practice' was launched at ETHICOMP 2005 in Sweden. A copy of the survey was sent to all IMIS members and was also made available on the IMIS website. The country profile of respondents reflects the Institution's strong presence in African countries such as Zambia and Kenya and its high proportion of student members.
The survey findings suggest a high level of ethical awareness among the IMIS members who responded, who overwhelmingly agree that ethical issues are important to organisations and to themselves as individuals, that they would not make unauthorised copies of software to use at work nor at home, and who would not use other employees' access codes without their permission to view data they are not authorised to see. However, the findings also highlight areas where more guidance and support for individuals is desirable to encourage consistently responsible behaviour.
Among the findings that will be of interest to employers is that respondents consider their organisation's computer-held data to be more secure from external than from internal sources. Taken with the finding that some respondents consider it acceptable to use other employees' access codes with their permission to access data they are not authorised to see, this provides a warning to organisations to review both the technical aspects of the security of their systems and also the human resource management issues.
Employers may also be interested to find that over the four surveys, a large proportion of respondents continue to consider it acceptable to use their organisation's computing facilities for their own non-profit-making activities providing this has 'no adverse affect' on their employer. This is the case despite the widespread existence of organisational policies covering facilities' use. Organisations may wish to ensure that employees are not only informed about policies but that they understand their relevance; for example what are the possible 'adverse affects' of unauthorised use. A regular review of policies and frequent reminders to employees may also be required.
A cause for concern is the finding that the minority of respondents who find it acceptable to cut down on testing effort if a project is significantly behind schedule or over budget is continuing to grow with each survey, reaching 22% in 2004. It is somewhat alarming to consider the consequences on software quality and the potential impact of such an attitude. Another worrying result is that the proportion of respondents who consider it acceptable for employers to use electronic surveillance to monitor employees' performance without either their knowledge or consent has risen to 20%.
The report contains recommendations for organisations, for professional societies and for educators that are intended to promote more socially responsible practices within the IS community.
seriously consider adopting a Code of Conduct for all employees
increase efforts to promote awareness among all employees of:
* ethical issues
* the organisation's Code of Conduct
* how the organisation's Code of Conduct may be applied to guide ethical decision-making
establish 'whistle-blowing' procedures to encourage employees who become aware of unethical practices within the organisation to come forward
introduce a clear policy concerning the use of computing resources by employees for their own activities, and consider allowing the use for selected non-profit-making activities as a contribution to the local community or as a legitimate perk for employees
establish clear guidelines for the introduction and operation of any electronic surveillance process, including email and internet usage monitoring, ensuring that all employees are fully consulted and that their rights to privacy in the workplace are respected
review on a regular basis the security of computer-held data with attention to both technical aspects and management aspects affecting potential threats
consider and clarify their policy concerning the re-creation of intellectual property such as a product, program or design by employees when they move to another employer
ensure that all policies are clearly communicated to employees and are deployed throughout the organisation
promote an approach to systems development that encourages genuine stakeholder involvement in decision-making
improve the promotion of data protection awareness among staff and review the means by which compliance with data privacy and data protection requirements are assured
make greater efforts to provide a working environment that encourages ethical practices, supporting employees in resisting the temptation to allow commercial pressures to lead to ethically dubious practices - instead, promoting their ethical stance to their commercial advantage
consider whether they have adequate guidelines stating what information should be available on their intranets
ensure that information about individuals is not made available on their intranet without the specific consent of those involved
It is recommended that professional societies representing the IS profession should:
ensure that their Code of Conduct remains up-to-date and relevant to the profession, increasing efforts to promote awareness of the Code among members and providing guidance how it can be applied in practice
provide a greater degree of particular support for their younger members, helping them to acquire greater awareness of the ethical issues they will encounter throughout their careers
promote debate of the continuing applicability of legislation such as the software licensing laws, in the light of current developments, opinion and practice
promote debate concerning the desirability of licensing for information systems professionals
promote members' awareness of the role that IS staff play in the designing of data privacy and data protection compliance into information systems
It is recommended that the academic community responsible for the education of future IS professionals and for research into IS-related issues should:
address ethical issues more extensively in their curriculum, to raise the awareness of young, aspiring professionals concerning all of the issues covered in this survey
include in their research agenda the issues identified by this survey as requiring further investigation, for example:
* the effects of factors such as age, geography and culture on attitudes to issues such as intellectual property, the use of employer's computing facilities, software and systems testing and the licensing of IS professionals
* the factors affecting the IS professional's ability to choose and choice of what projects they work on
* the effect of workplace monitoring on employees and guidelines for the ethical use of employee surveillance
* the implications of the globalisation of the IS profession and recommendations for socially responsible practice in this area
* the applicability of intranets for providing different types of information
For a copy of the survey report contact IMIS.
Please send your views on ethical and social responsibility issues and cases of ethical dilemmas to:
Professor Simon Rogerson
Director
Centre for Computing and Social Responsibility
Faculty of Computing Sciences and Engineering
De Montfort University
The Gateway
Leicester
LE1 9BH
Tel:(+44) 116 257 7475
Fax:(+44) 116 207 8159
Email:<srog@dmu.ac.uk>
Home Page:http://www.ccsr.cse.dmu.ac.uk