Is IT Ethical? The ETHICOMP Survey of Professional Practice

Prof. Simon Rogerson

Mary Prior

Originally published as ETHIcol in the IMIS Journal Volume 18 No 1 (February 2008)

The fifth bi-annual study into the attitudes of Information Systems (IS) professionals, 'Is IT Ethical? 2006 ETHICOMP Survey of Professional Practice' is now published. This survey was somewhat different from that of the previous ones, with the consequence that the profile of respondents is also dissimilar. There is a much smaller number of responses from industrial practitioners who are members of IMIS this time. The majority of respondents are young people studying for a computing degree in the UK. Other respondents include a group of experienced academics attending the ETHICOMP 2007 conference and, for the first time, a substantial number of students and IS professionals working in China who attended an ETHICOMP working conference held in that country in April 2007. This has enabled a comparison to be made between the responses of each of these disparate groups, and between them and previous survey respondents.

It is not surprising to find that although the students show a high level of awareness of some ethical issues, they are generally less aware than the academics, and there are some areas where the student responses are a cause for concern. There are some intriguing differences within the UK student group. It is interesting to find that the responses of those attending the conference in China are aligned with the UK students' responses on some issues, with the ETHICOMP 2007 delegates' responses on others, but in some cases with neither of these other groups.

It was found that most UK students believed it was unacceptable to make unauthorised copies of commercial software to use at work whilst a quarter of them thought it was acceptable to make unauthorised copies of commercial software for their own private use. By contrast, Chinese students are more likely to find unauthorised use to be acceptable when it is for use at work than when it is for their own private use.

One of the findings indicates that the privacy of data is most valued by the practitioners and the experienced academics, and is less appreciated by the UK and Chinese students. There is a clear warning for organisations that they need to ensure that their privacy and security policies are clear, communicated to all employees, and that employees' awareness and deployment of them are continually reviewed.

In the current climate of reported major system failures it was pleasing to find evidence that education may be having an effect on attitudes to testing. It is hoped this responsible attitude will be carried into the workplace by newly qualified graduates. It remains the case that employing organisations have a responsibility to provide an environment that encourages ethical practice and to ensure that commercial pressures to meet budgetary and other deadlines do not lead to ethically dubious practices such as cutting down on testing. Project leaders have a responsibility not to agree to unrealistic deadlines that could result in such pressures being applied; professional societies have a supportive role to play in helping members to maintain their integrity in the face of pressure from employers.

Overall the report contains recommendations for organisations, for professional societies and for educators that are intended to promote more socially responsible practices within the IS community.

These include:

that organisations should:

adopt a Code of Conduct for all employees;
introduce a clear policy concerning the use of computing resources by employees for their own activities, and consider allowing the use for selected non-profit-making activities as a contribution to the local community or as a legitimate perk for employees;
establish clear guidelines for the introduction and operation of any electronic surveillance process, including email and internet usage monitoring, ensuring that all employees are fully consulted and that their rights to privacy in the workplace are respected;
promote an approach to systems development that encourages genuine stakeholder involvement in decision-making;
improve the promotion of data protection awareness among staff and review the means by which compliance with data privacy and data protection requirements are assured;
make greater efforts to provide a working environment that encourages ethical practices, supporting employees in resisting the temptation to allow commercial pressures to lead to ethically dubious practices - instead, promoting their ethical stance to their commercial advantage.

that professional societies should:

ensure that their Code of Conduct remains up-to-date and relevant to the profession, increasing efforts to promote awareness of the Code among members and providing guidance how it can be applied in practice;
provide a greater degree of particular support for their younger members, helping them to acquire greater awareness of the ethical issues they will encounter throughout their careers;
promote members' awareness of the role that IS staff play in the designing of data privacy and data protection compliance into information systems.

that educators should:

address ethical issues more extensively in their curriculum, to raise the awareness of young, aspiring professionals concerning all of the issues covered in this survey;
include in their research agenda the ethical and social impact issues such as access, workplace monitoring, global workforce, professional obligations and choice

For a copy of the survey report contact IMIS.

Please send your views on ethical and social responsibility issues and cases of ethical dilemmas to:

Professor Simon Rogerson
Director
Centre for Computing and Social Responsibility
Faculty of Computing Sciences and Engineering
De Montfort University
The Gateway
Leicester
LE1 9BH
Tel: (+44) 116 257 7475
Fax: (+44) 116 207 8159
Email: <srog@dmu.ac.uk>
Website: http://www.ccsr.cse.dmu.ac.uk/