2.1 What Is Ethics?
LEARNING OBJECTIVES
1. Explain how both individuals and institutions can be viewed as ethical or unethical.
2. Explain how law and ethics are different, and why a good reputation can be more
important than legal compliance.
Most of those who write about ethics do not make a clear distinction between ethics and morality. The
question of what is “right” or “morally correct” or “ethically correct” or “morally desirable” in any situation is
variously phrased, but all of the words and phrases are after the same thing: what act is “better” in a
moral or ethical sense than some other act? People sometimes speak of morality as something personal
but view ethics as having wider social implications. Others see morality as the subject of a field of study,
that field being ethics. Ethics would be morality as applied to any number of subjects, including journalistic
ethics, business ethics, or the ethics of professionals such as doctors, attorneys, and accountants. We
will venture a definition of ethics, but for our purposes, ethics and morality will be used as equivalent
terms.
People often speak about the ethics or morality of individuals and also about the morality or ethics of
corporations and nations. There are clearly differences in the kind of moral responsibility that we can fairly
ascribe to corporations and nations; we tend to see individuals as having a soul, or at least a conscience,
but there is no general agreement that nations or corporations have either. Still, our ordinary use of
language does point to something significant: if we say that some nations are “evil” and others are
“corrupt,” then we make moral judgments about the quality of actions undertaken by the governments or
people of that nation. For example, if North Korea is characterized by the US president as part of an “axis
of evil,” or if we conclude that WorldCom or Enron acted “unethically” in certain respects, then we are
making judgments that their collective actions are morally deficient.
In talking about morality, we often use the word good; but that word can be confusing. If we say that
Microsoft is a “good company,” we may be making a statement about the investment potential of Microsoft
stock, or their preeminence in the market, or their ability to win lawsuits or appeals or to influence
administrative agencies. Less likely, though possibly, we may be making a statement about the civic virtue
and corporate social responsibility of Microsoft. In the first set of judgments, we use the word good but
mean something other than ethical or moral; only in the second instance are we using the word good in its
ethical or moral sense.
A word such as good can embrace ethical or moral values but also nonethical values. If I like Daniel and
try to convince you what a “good guy” he is, you may ask all sorts of questions: Is he good-looking?
Well-off? Fun to be with? Humorous? Athletic? Smart? I could answer all of those questions with a yes,
yet you would still not know any of his moral qualities. But if I said that he was honest, caring, forthright,
and diligent, volunteered in local soup kitchens, or tithed to the church, many people would see Daniel as
having certain ethical or moral qualities. If I said that he keeps the Golden Rule as well as anyone I know,
you could conclude that he is an ethical person. But if I said that he is “always in control” or “always at the
top of his game,” you would probably not make inferences or assumptions about his character or ethics.
There are three key points here:
1. Although morals and ethics are not precisely measurable, people generally have similar reactions
about what actions or conduct can rightly be called ethical or moral.
2. As humans, we need and value ethical people and want to be around them.
3. Saying that someone or some organization is law-abiding does not mean the same as saying a
person or company is ethical.
Here is a cautionary note: for individuals, it is far from easy to recognize an ethical problem, have a clear
and usable decision-making process to deal it, and then have the moral courage to do what’s right. All of
that is even more difficult within a business organization, where corporate employees vary in their
motivations, loyalties, commitments, and character. There is no universally accepted way for developing
an organization where employees feel valued, respected, and free to openly disagree; where the actions
of top management are crystal clear; and where all the employees feel loyal and accountable to one
another.
Before talking about how ethics relates to law, we can conclude that ethics is the study of morality—“right”
and “wrong”—in the context of everyday life, organizational behaviors, and even how society operates
and is governed.
How Do Law and Ethics Differ?
There is a difference between legal compliance and moral excellence. Few would choose a professional
service, health care or otherwise, because the provider had a record of perfect legal compliance, or
always following the letter of the law. There are many professional ethics codes, primarily because people
realize that law prescribes only a minimum of morality and does not provide purpose or goals that can
mean excellent service to customers, clients, or patients.
Business ethicists have talked for years about the intersection of law and ethics. Simply put, what is legal
is not necessarily ethical. Conversely, what is ethical is not necessarily legal. There are lots of legal
maneuvers that are not all that ethical; the well-used phrase “legal loophole” suggests as much.
Here are two propositions about business and ethics. Consider whether they strike you as true or whether
you would need to know more in order to make a judgment.
●
Individuals and organizations have reputations. (For an individual, moral reputation is most often
tied to others’ perceptions of his or her character: is the individual honest, diligent, reliable, fair,
and caring? The reputation of an organization is built on the goodwill that suppliers, customers,
the community, and employees feel toward it. Although an organization is not a person in the
usual sense, the goodwill that people feel about the organization is based on their perception of
its better qualities by a variety of stakeholders: customers or clients, suppliers, investors,
employees, government officials).
●
The goodwill of an organization is to a great extent based on the actions it takes and on whether
the actions are favorably viewed. (This goodwill is usually specifically counted in the sale of a
business as an asset that the buyer pays for. While it is difficult to place a monetary value on
goodwill, a firm’s good reputation will generally call for a higher evaluation in the final accounting
before the sale. Legal troubles or a reputation for having legal troubles will only lessen the price
for a business and will even lessen the value of the company’s stock as bad legal news comes to
the public’s attention.)
Another reason to think about ethics in connection with law is that the laws themselves are meant to
express some moral view. If there are legal prohibitions against cheating the Medicare program, it is
because people (legislators or their agents) have collectively decided that cheating Medicare is wrong. If
there are legal prohibitions against assisting someone to commit suicide, it is because there has been a
group decision that doing so is immoral. Thus the law provides some important cues as to what society
regards as right or wrong.
Finally, important policy issues that face society are often resolved through law, but it is important to
understand the moral perspectives that underlie public debate—as, for example, in the continuing
controversies over stem-cell research, medical use of marijuana, and abortion. Some ethical perspectives
focus on rights, some on social utility, some on virtue or character, and some on social justice. People
consciously (or, more often, unconsciously) adopt one or more of these perspectives, and even if they
completely agree on the facts with an opponent, they will not change their views. Fundamentally, the
difference comes down to incompatible moral perspectives, a clash of basic values. These are hot-button
issues because society is divided, not so much over facts, but over basic values. Understanding the
varied moral perspectives and values in public policy debates is a clarifying benefit in following or
participating in these important discussions.
Why Should an Individual or a Business Entity Be Ethical?
The usual answer is that good ethics is good business. In the long run, businesses that pay attention to
ethics as well as law do better; they are viewed more favorably by customers. But this is a difficult claim to
measure scientifically, because “the long run” is an indistinct period of time and because there are as yet
no generally accepted criteria by which ethical excellence can be measured. In addition, life is still lived in
the short run, and there are many occasions when something short of perfect conduct is a lot more
profitable.
Some years ago, Royal Dutch/Shell (one of the world’s largest companies) found that it was in deep
trouble with the public for its apparent carelessness with the environment and human rights. Consumers
were boycotting and investors were getting frightened, so the company took a long, hard look at its ethic
of short-term profit maximization. Since then, changes have been made. The CEO told one group of
business ethicists that the uproar had taken them by surprise; they thought they had done everything
right, but it seemed there was a “ghost in the machine.” That ghost was consumers, NGOs, and the
media, all of whom objected to the company’s seeming lack of moral sensitivity.
The market does respond to unethical behavior. In Section 2.4 "Corporations and Corporate
Governance", you will read about the Sears Auto Centers case. The loss of goodwill toward Sears Auto
Centers was real, even though the total amount of money lost cannot be clearly accounted for. Years
later, there are people who will not go near a Sears Auto Center; the customers who lost trust in the
company will never return, and many of their children may avoid Sears Auto Centers as well.
The Arthur Andersen story is even more dramatic. A major accounting firm, Andersen worked closely with
Enron in hiding its various losses through creative accounting measures. Suspiciously, Andersen’s
Houston office also did some shredding around the clock, appearing to cover up what it was doing for
Enron. A criminal case based on this shredding resulted in a conviction, later overturned by the Supreme
Court. But it was too late. Even before the conviction, many clients had found other accounting firms that
were not under suspicion, and the Supreme Court’s reversal came too late to save the company. Even
without the conviction, Andersen would have lost significant market share.
The irony of Andersen as a poster child for overly aggressive accounting practices is that the man who
founded the firm built it on integrity and straightforward practices. “Think straight, talk straight” was the
company’s motto. Andersen established the company’s reputation for integrity over a hundred years ago
by refusing to play numbers games for a potentially lucrative client.
Maximizing profits while being legally compliant is not a very inspiring goal for a business. People in an
organization need some quality or excellence to strive for. By focusing on pushing the edge of what is
legal, by looking for loopholes in the law that would help create short-term financial gain, companies have
often learned that in the long term they are not actually satisfying the market, the shareholders, the
suppliers, or the community generally.
KEY TAKEAWAY
Legal compliance is not the same as acting ethically. Your reputation, individually or corporately,
depends on how others regard your actions. Goodwill is hard to measure or quantify, but it is real
nonetheless and can best be protected by acting ethically.
EXERCISES
1. Think of a person who did something morally wrong, at least to your way of thinking. What
was it? Explain to a friend of yours—or a classmate—why you think it was wrong. Does
your friend agree? Why or why not? What is the basic principle that forms the basis for
your judgment that it was wrong?
2. Think of a person who did something morally right, at least to your way of thinking. (This
is not a matter of finding something they did well, like efficiently changing a tire, but
something good.) What was it? Explain to a friend of yours—or a classmate—why you
think it was right. Does your friend agree? Why or why not? What is the basic principle
that forms the basis for your judgment that it was right?
3. Think of an action by a business organization (sole proprietor, partnership, or corporation)
that was legal but still strikes you as wrong. What was it? Why do you think it was wrong?
4. Think of an act by an individual or a corporation that is ethical but not legal. Compare your
answer with those of your classmates: were you more likely to find an example from
individual action or corporate action? Do you have any thoughts as to why?
Integrity Remains One of the Top Leadership Attributes
The National Showcasing Team of AIESEC in Sri Lanka presented the 5th episode of podcast series
“LeadershipIsAlsoAbout” – “Demonstrating Integrity as a Core Leadership Value”
The Guest Speakers Mr. Kaneel Dias, the Local Committee President in AIESEC in University of
Colombo 20.21 and Mr. Pium Pamuditha, the Local Committee President in AIESEC in University of
Moratuwa 20.21 reflected their AIESEC journey through their real-life examples. Mr. Arfan Nazar Member
Committee Vice President-Elect For Incoming Global Talent – AIESEC Sri Lanka 20.21. moderated the
session. In this article, you will learn more about what they discussed on a deeper level.
“The supreme quality for leadership is unquestionably integrity. Without it, no real success is possible…. ”
– Dwight D. Eisenhower
What is leadership?
A simple definition given by Mr. Kaneel Dias was that leadership is the art of leading a diverse team to act
towards achieving a common goal. People are different. Not only the choices they make or opinions they
bear, but people may also differ in many other ways. Therefore a leader should not hope his team to
behave the same. The key is to take the time to understand your team members. With that foundation in
place, you’ll have a much easier time leading your different team members in a way that resonates best
with them and their individual preferences.
Mr. Pium Pamuditha defined leadership differently; setting a direction initial and then guiding a set of
people towards that direction in the best possible way. If we take a group of people that have a common
goal they have different methods to achieve it. But there’s a certain method that produces the best
outcome of every member of that group. It’s the best possible way to achieve that particular goal
according to Mr. Pium.
Leadership definition captures the essentials of being able and prepared to inspire others. The speakers
further discussed how they were inspired to be a leader. During the AIESEC journey, Mr. Kaneel had
been inspired by many different leaders. With the inspiration of them today he has become the Local
Committee President of AIESEC in University of Colombo 20.21. Mr. Pium mentioned about a specific
character who inspired him to be the best version of his leadership; Mr. Mahela Jayawardane, the
legendary former caption of Sri Lankan National Cricket Team. Being the first player in the history of Sri
Lankan cricket to score over 10,000 Test runs and the former captain he inspired other cricketers in his
team to achieve the success of Sri Lankan Cricket Team.
From a leadership perspective integrity is…
Most leaders and companies profess to “value integrity”. But they may not all understand or agree on the
definition of this popular term. Consider ethics and models of an organization. Putting ethics and models
on the back burner can spell trouble for any organization. Because ethics is far more than someone doing
the right thing. But integrity is also about staying ethical in situations that seem to be unethical and
dishonest. This can be applied when it comes to delivering exchange standards to Exchange Participants
in AIESEC. Sometimes it might be very easy to be dishonest so that you can get the best outcome to your
Local Committee. But integrity is finding different ways to remain honest and at the same time remain
ethical while accomplishing what you want to accomplish with your organization.
Importance of understanding integrity as a core leadership value
Is it crucial that you understand the importance of behaving with integrity at all times when you are a
leader? Simply put, integrity is crucial because it means doing the right thing, no matter what. When you
are a leader, you serve as an example to everyone else in your organization. Consciously or
unconsciously, they look to you for guidance on how to behave. In organizations where integrity is a
respected virtue, on the other hand, leaders can trust that their subordinates will always choose to do the
right thing. This frees up a great deal of energy that can be harnessed for more productive ends when
everyone in the team is working towards a common goal.
Mr. Kaneel shared a recent example of a situation related to his AIESEC journey where he tested his
integrity. “Back in January, this year Our LCVP resigned from his position & I had to select a replacement
for that. I interviewed several different people. The biggest concern I noticed was whether they can
manage this role of becoming LCVP along with their academics.” In this situation, he described the real
condition of the role of Local Committee Vice President; a difficult and time-consuming role. He
maintained his integrity as well as the Local Committee’s integrity.
Mr. Pium shared an experience where integrity was challenged in his academic life. “ We have
assessments in our university and sometimes it’s really hard to reach the deadlines. But there’s an option
that I can get the assignments done through my friends by coping with their answers” But Mr. Pium was
very honest with himself. He tried to manage all these things by himself.
Respecting integrity helps the relationships between leaders and their followers to grow stronger while
increasing the performances of the followers to excellence
When a leader is working with a diverse team it’s important to understand every individuals’ strengths and
weaknesses and treat them accordingly. Aside from that, a leader should be honest with their team
members. Some truths might create negative impacts in the short term, in the long term the team
members will tend to trust the leader more. Openness is also linked with integrity. Every single person in
the team should know about every single thing about the team members. These best practices build a
strong bond among each other of the team.
Maintaining integrity helps a person to grow his internal values
“Demonstrating integrity is indeed a core leadership value”
The single most important quality that you can ever develop is the quality of integrity. When a person is
working towards a certain goal and if he is completely truthful about the work, he will give his maximum
effort towards the goal. Living in truth with other people means that one can develop strong connections
among other colleagues. On a similar note, it’s important to respect your team members’ opinions. Every
single one of them has different opinions. Knowing what those are and respecting them will help you
manage in a way that suits your direct reports best.
Integrity is the most important trait of leadership in our society because regardless of what other beneficial
characteristics exist, people will not follow someone unless they have established trust with them. So
real-life examples shared by Mr. Kaneel Dias, the Local Committee President of AIESEC in University of
Colombo 20.21 and Mr. Pium Pamuditha, the Local Committee President of AIESEC in University of
Moratuwa 20.21 demonstrated the importance of integrity in any list of leadership traits.
Security of an Information System
Information system security refers to the way the system is defended against unauthorized access, use,
disclosure, disruption, modification, perusal, inspection, recording or destruction.
There are two major aspects of information system security −
●
Security of the information technology used − securing the system from malicious
cyber-attacks that tend to break into the system and to access critical private information
or gain control of the internal systems.
●
Security of data − ensuring the integrity of data when critical issues, arise such as natural
disasters, computer/server malfunction, physical theft etc. Generally an off-site backup of
data is kept for such problems.
Guaranteeing effective information security has the following key aspects −
●
Preventing the unauthorized individuals or systems from accessing the information.
●
Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.
●
Ensuring that the computing systems, the security controls used to protect it and the
communication channels used to access it, functioning correctly all the time, thus making
information available in all situations.
●
Ensuring that the data, transactions, communications or documents are genuine.
●
Ensuring the integrity of a transaction by validating that both parties involved are genuine,
by incorporating authentication features such as "digital signatures".
●
Ensuring that once a transaction takes place, none of the parties can deny it, either
having received a transaction, or having sent a transaction. This is called
'non-repudiation'.
●
Safeguarding data and communications stored and shared in network systems.
Information Systems and Ethics
Information systems bring about immense social changes, threatening the existing distributions of power,
money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes.
Following organizations promote ethical issues −
●
The Association of Information Technology Professionals (AITP)
●
The Association of Computing Machinery (ACM)
●
The Institute of Electrical and Electronics Engineers (IEEE)
●
Computer Professionals for Social Responsibility (CPSR)
The ACM Code of Ethics and Professional Conduct
●
Strive to achieve the highest quality, effectiveness, and dignity in both the process and
products of professional work.
●
Acquire and maintain professional competence.
●
Know and respect existing laws pertaining to professional work.
●
Accept and provide appropriate professional review.
●
Give comprehensive and thorough evaluations of computer systems and their impacts,
including analysis and possible risks.
●
Honor contracts, agreements, and assigned responsibilities.
●
Improve public understanding of computing and its consequences.
●
Access computing and communication resources only when authorized to do so.
The IEEE Code of Ethics and Professional Conduct
IEEE code of ethics demands that every professional vouch to commit themselves to the highest ethical
and professional conduct and agree −
●
To accept responsibility in making decisions consistent with the safety, health and welfare of the
public, and to disclose promptly factors that might endanger the public or the environment;
●
To avoid real or perceived conflicts of interest whenever possible, and to disclose them to
affected parties when they do exist;
●
To be honest and realistic in stating claims or estimates based on available data;
●
To reject bribery in all its forms;
●
To improve the understanding of technology, its appropriate application, and potential
consequences;
●
To maintain and improve our technical competence and to undertake technological tasks for
others only if qualified by training or experience, or after full disclosure of pertinent limitations;
●
To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors,
and to credit properly the contributions of others;
●
To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or
national origin;
●
To avoid injuring others, their property, reputation, or employment by false or malicious action;
●
To assist colleagues and co-workers in their professional development and to support them in
following this code of ethics.
AIS Code of Ethics and Professional Conduct
Preamble
Computing professionals’, and in particular AIS members' actions change the world. To act responsibly,
they should reflect upon the wider impacts of their work, consistently supporting the public good. This
code is adapted from the ACM Code of Ethics and Professional Conduct ("the Code") that expresses the
conscience of the profession.
The Code is designed to inspire and guide the ethical conduct of all AIS members, including current and
aspiring researchers, practitioners, instructors, students, influencers, and anyone who uses computing
technology in an impactful way. Additionally, the Code serves as a basis for remediation when violations
occur. The Code includes principles formulated as statements of responsibility, based on the
understanding that the public good is always the primary consideration. Each principle is supplemented
by guidelines, which provide explanations to assist AIS members in understanding and applying the
principle.
Section 1 outlines fundamental ethical principles that form the basis for the remainder of the Code.
Section 2 addresses additional, more specific considerations of professional responsibility. Section 3
guides individuals who have a leadership role, whether in the workplace or in a volunteer professional
capacity. Commitment to ethical conduct is required of every AIS member, and principles involving
compliance with the Code are given in Section 4.
The Code as a whole is concerned with how fundamental ethical principles apply to a computing
professional's conduct. The Code is not an algorithm for solving ethical problems; rather it serves as a
basis for ethical decision-making. When thinking through a particular issue, a computing professional may
find that multiple principles should be taken into account, and that different principles will have different
relevance to the issue. Questions related to these kinds of issues can best be answered by thoughtful
consideration of the fundamental ethical principles, understanding that the public good is the paramount
consideration. The entire computing profession benefits when the ethical decision-making process is
accountable to and transparent to all stakeholders. Open discussions about ethical issues promote this
accountability and transparency.
1. GENERAL ETHICAL PRINCIPLES.
1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders in
computing.
This principle, which concerns the quality of life of all people, affirms an obligation of AIS members, both
individually and collectively, to use their skills for the benefit of society, its members, and the environment
surrounding them. This obligation includes promoting fundamental human rights and protecting each
individual's right to autonomy. An essential aim of AIS members is to minimize negative consequences of
computing, including threats to health, safety, personal security, and privacy. When the interests of
multiple groups conflict, the needs of those less advantaged should be given increased attention and
priority.
AIS members should consider whether the results of their efforts will respect diversity, will be used in
socially responsible ways, will meet social needs, and will be broadly accessible. They are encouraged to
actively contribute to society by engaging in pro bono or volunteer work that benefits the public good.
In addition to a safe social environment, human well-being requires a safe natural environment.
Therefore, AIS members should promote environmental sustainability both locally and globally.
1.2 Avoid harm.
In this document, "harm" means negative consequences, especially when those consequences are
significant and unjust. Examples of harm include unjustified physical or mental injury, unjustified
destruction or disclosure of information, and unjustified damage to property, reputation, and the
environment. This list is not exhaustive.
Well-intended actions, including those that accomplish assigned duties, may lead to harm. When that
harm is unintended, those responsible are obliged to undo or mitigate the harm as much as possible.
Avoiding harm begins with careful consideration of potential impacts on all those affected by decisions.
When harm is an intentional part of the system, those responsible are obligated to ensure that the harm is
ethically justified. In either case, ensure that all harm is minimized.
To minimize the possibility of indirectly or unintentionally harming others, AIS members should follow
generally accepted best practices unless there is a compelling ethical reason to do otherwise.
Additionally, the consequences of data aggregation and emergent properties of systems should be
carefully analyzed. Those involved with pervasive or infrastructure systems should also consider Principle
3.7.
A computing professional has an additional obligation to report any signs of system risks that might result
in harm. If leaders do not act to curtail or mitigate such risks, it may be necessary to "blow the whistle" to
reduce potential harm. However, capricious or misguided reporting of risks can itself be harmful. Before
reporting risks, a computing professional should carefully assess relevant aspects of the situation.
1.3 Be honest and trustworthy.
Honesty is an essential component of trustworthiness. AIS members should be transparent and provide
full disclosure of all pertinent system capabilities, limitations, and potential problems to the appropriate
parties. Making deliberately false or misleading claims, fabricating or falsifying data, offering or accepting
bribes, and other dishonest conduct are violations of the Code.
AIS members should be honest about their qualifications, and about any limitations in their competence to
complete a task. AIS members should be forthright about any circumstances that might lead to either real
or perceived conflicts of interest or otherwise tend to undermine the independence of their judgment.
Furthermore, commitments should be honored.
AIS members should not misrepresent the Association’s policies or procedures, and should not speak on
behalf of the Association unless authorized to do so.
1.4 Be fair and take action not to discriminate.
The values of equality, tolerance, respect for others, and justice govern this principle. Fairness requires
that even careful decision processes provide some avenue for redress of grievances.
AIS members should foster fair participation of all people, including those of underrepresented groups.
Prejudicial discrimination on the basis of age, color, disability, ethnicity, family status, gender identity, labor
union membership, military status, nationality, race, religion or belief, sex, sexual orientation, or any other
inappropriate factor is an explicit violation of the Code. Harassment, including sexual harassment,
bullying, and other abuses of power and authority, is a form of discrimination that, amongst other harms,
limits fair access to the virtual and physical spaces where such harassment takes place.
The use of information and technology may cause new, or enhance existing, inequities. Technologies and
practices should be as inclusive and accessible as possible and AIS members should take action to avoid
creating systems or technologies that disenfranchise or oppress people. Failure to design for
inclusiveness and accessibility may constitute unfair discrimination.
1.5 Respect the work required to produce new ideas, inventions, creative works, and computing artifacts.
Developing new ideas, inventions, creative works, and computing artifacts creates value for society, and
those who expend this effort should expect to gain value from their work. AIS members should therefore
credit the creators of ideas, inventions, work, and artifacts, and respect copyrights, patents, trade secrets,
license agreements, and other methods of protecting authors' works.
Both custom and the law recognize that some exceptions to a creator's control of a work are necessary
for the public good. AIS members should not unduly oppose reasonable uses of their intellectual works.
Efforts to help others by contributing time and energy to projects that help society illustrate a positive
aspect of this principle. Such efforts include free and open source software and work put into the public
domain. AIS members should not claim private ownership of work that they or others have shared as
public resources.
1.6 Respect privacy.
The responsibility of respecting privacy applies to AIS members in a particularly profound way.
Technology enables the collection, monitoring, and exchange of personal information quickly,
inexpensively, and often without the knowledge of the people affected. Therefore, a computing
professional should become conversant in the various definitions and forms of privacy and should
understand the rights and responsibilities associated with the collection and use of personal information.
AIS members should only use personal information for legitimate ends and without violating the rights of
individuals and groups. This requires taking precautions to prevent re-identification of anonymized data or
unauthorized data collection, ensuring the accuracy of data, understanding the provenance of the data,
and protecting it from unauthorized access and accidental disclosure. AIS members should establish
transparent policies and procedures that allow individuals to understand what data is being collected and
how it is being used, to give informed consent for automatic data collection, and to review, obtain, correct
inaccuracies in, and delete their personal data.
Only the minimum amount of personal information necessary should be collected in a system. The
retention and disposal periods for that information should be clearly defined, enforced, and communicated
to data subjects. Personal information gathered for a specific purpose should not be used for other
purposes without the person's consent. Merged data collections can compromise privacy features present
in the original collections. Therefore, AIS members should take special care for privacy when merging
data collections.
1.7 Honor confidentiality.
AIS members are often entrusted with confidential information such as trade secrets, client data,
nonpublic business strategies, financial information, research data, pre-publication scholarly articles, and
patent applications. AIS members should protect confidentiality except in cases where it is evidence of
the violation of law, of organizational regulations, or of the Code. In these cases, the nature or contents of
that information should not be disclosed except to appropriate authorities. An AIS member should
consider thoughtfully whether such disclosures are consistent with the Code.
2. PROFESSIONAL RESPONSIBILITIES.
2.1 Strive to achieve high quality in both the processes and products of work.
AIS members should insist on and support high quality work from themselves and from colleagues. The
dignity of employers, employees, colleagues, clients, users, and anyone else affected either directly or
indirectly by the work should be respected throughout the process. AIS members should respect the right
of those involved to transparent communication about the project. AIS Members should be cognizant of
any serious negative consequences affecting any stakeholder that may result from poor quality work and
should resist inducements to neglect this responsibility.
2.2 Maintain high standards of professional competence, conduct, and ethical practice.
High quality work depends on individuals and teams who take personal and group responsibility for
acquiring and maintaining professional competence. Professional competence starts with technical
knowledge and with awareness of the social context in which their work may be deployed. Professional
competence also requires skill in communication, in reflective analysis, and in recognizing and navigating
ethical challenges. Upgrading skills should be an ongoing process and might include independent study,
attending conferences or seminars, and other informal or formal education. Professional organizations
and employers should encourage and facilitate these activities. While attending these conferences and
seminars, AIS Members should act professionally and be respectful of their colleagues, AIS staff and the
host organization(s).
2.3 Know and respect existing rules.
"Rules" here include local, regional, national, and international laws and regulations, as well as any
policies and procedures of the organizations to which the professional belongs such as AIS bylaws,
policies, etc. AIS members must abide by these rules unless there is a compelling ethical justification to
do otherwise. Rules that are judged unethical should be challenged. A rule may be unethical when it has
an inadequate moral basis or causes recognizable harm. A computing professional should consider
challenging the rule through existing channels before violating the rule. A computing professional who
decides to violate a rule because it is unethical, or for any other reason, must consider potential
consequences and accept responsibility for that action.
2.4 Accept and provide appropriate review.
High quality professional and scholarly work depends on high quality review at all stages. Whenever
appropriate, AIS members should seek and utilize peer and stakeholder review. AIS members should also
provide constructive, critical reviews of others' work.
2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including
analysis of possible risks.
AIS members are in a position of trust, and therefore have a special responsibility to provide objective,
credible evaluations and testimony to employers, employees, clients, users, and the public. AIS members
should strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting
system descriptions and alternatives. Extraordinary care should be taken to identify and mitigate potential
risks in machine learning systems. A system for which future risks cannot be reliably predicted requires
frequent reassessment of risk as the system evolves in use, or it should not be deployed. Any issues that
might result in major risk must be reported to appropriate parties.
2.6 Perform work only in areas of competence.
A computing professional is responsible for evaluating potential work assignments. This includes
evaluating the work's feasibility and advisability, and making a judgment about whether the work
assignment is within the professional's areas of competence. If at any time before or during the work
assignment the professional identifies a lack of a necessary expertise, they must disclose this to the
employer or client. The client or employer may decide to pursue the assignment with the professional
after additional time to acquire the necessary competencies, to pursue the assignment with someone else
who has the required expertise, or to forgo the assignment. A computing professional's ethical judgment
should be the final guide in deciding whether to work on the assignment.
2.7 Foster public awareness and understanding of computing, related technologies, and their
consequences.
As appropriate to the context and one's abilities, AIS members should share technical knowledge with the
public, foster awareness of computing, and encourage understanding of computing. These
communications with the public should be clear, respectful, and welcoming. Important issues include the
impacts of computer systems, their limitations, their vulnerabilities, and the opportunities that they
present. Additionally, a computing professional should respectfully address inaccurate or misleading
information related to computing.
2.8 Access computing and communication resources only when authorized or when compelled by the
public good.
Individuals and organizations have the right to restrict access to their systems and data so long as the
restrictions are consistent with other principles in the Code. Consequently, AIS members should not
access another's computer system, software, or data without a reasonable belief that such an action
would be authorized or a compelling belief that it is consistent with the public good. A system being
publicly accessible is not sufficient grounds on its own to imply authorization. Under exceptional
circumstances a computing professional may use unauthorized access to disrupt or inhibit the functioning
of malicious systems; extraordinary precautions must be taken in these instances to avoid harm to others.
2.9 Design and implement systems that are robustly and usably secure.
Breaches of computer security cause harm. Robust security should be a primary consideration when
designing and implementing systems. AIS members should perform due diligence to ensure the system
functions as intended, and take appropriate action to secure resources against accidental and intentional
misuse, modification, and denial of service. As threats can arise and change after a system is deployed,
AIS members should integrate mitigation techniques and policies, such as monitoring, patching, and
vulnerability reporting. AIS members should also take steps to ensure parties affected by data breaches
are notified in a timely and clear manner, providing appropriate guidance and remediation.
To ensure the system achieves its intended purpose, security features should be designed to be as
intuitive and easy to use as possible. AIS members should discourage security precautions that are too
confusing, are situationally inappropriate, or otherwise inhibit legitimate use.
In cases where misuse or harm are predictable or unavoidable, the best option may be to not implement
the system.
3. PROFESSIONAL LEADERSHIP PRINCIPLES.
Leadership may either be a formal designation or arise informally from influence over others. In this
section, "leader" means any member of an organization or group who has influence, educational
responsibilities, or managerial responsibilities. While these principles apply to all AIS members, leaders
bear a heightened responsibility to uphold and promote them, both within and through their organizations.
A computing professional, especially one acting as a leader, should...
3.1 Ensure that the public good is the central concern
People—including users, customers, colleagues, and others affected directly or indirectly—should always
be the central concern in computing. The public good should always be an explicit consideration when
evaluating tasks associated with research, requirements analysis, design, implementation, testing,
validation, deployment, maintenance, retirement, and disposal. AIS members should keep this focus no
matter which methodologies or techniques they use in their practice.
3.2 Articulate, encourage acceptance of, and evaluate fulfillment of social responsibilities by members of
the organization or group.
Technical organizations and groups affect broader society, and their leaders should accept the associated
responsibilities. Organizations—through procedures and attitudes oriented toward quality, transparency,
and the welfare of society—reduce harm to the public and raise awareness of the influence of technology
in our lives. Therefore, leaders should encourage full participation of AIS members in meeting relevant
social responsibilities and discourage tendencies to do otherwise.
3.3 Manage personnel and resources to enhance the quality of working life.
Leaders should ensure that they enhance, not degrade, the quality of working life. Leaders should
consider the personal and professional development, accessibility requirements, physical safety,
psychological well-being, and human dignity of all workers. Appropriate human-computer ergonomic
standards should be used in the workplace.
3.4 Articulate, apply, and support policies and processes that reflect the principles of the Code.
Leaders should pursue clearly defined organizational policies that are consistent with the Code and
effectively communicate them to relevant stakeholders. In addition, leaders should encourage and reward
compliance with those policies, and take appropriate action when policies are violated. Designing or
implementing processes that deliberately or negligently violate, or tend to enable the violation of, the
Code's principles is ethically unacceptable.
3.5 Create opportunities for members of the organization or group to grow.
Educational opportunities are essential for all organization and group members. Leaders should ensure
that opportunities are available to AIS members to help them improve their knowledge and skills in
professionalism, in the practice of ethics, and in their technical specialties. These opportunities should
include experiences that familiarize AIS members with the consequences and limitations of particular
types of systems. AIS members should be fully aware of the dangers of oversimplified approaches, the
improbability of anticipating every possible operating condition, the inevitability of software errors, the
interactions of systems and their contexts, and other issues related to the complexity of their
profession—and thus be confident in taking on responsibilities for the work that they do.
3.6 Use care when modifying or retiring systems.
Interface changes, the removal of features, and even software updates have an impact on the productivity
of users and the quality of their work. Leaders should take care when changing or discontinuing support
for system features on which people still depend. Leaders should thoroughly investigate viable
alternatives to removing support for a legacy system. If these alternatives are unacceptably risky or
impractical, the developer should assist stakeholders' graceful migration from the system to an
alternative. Users should be notified of the risks of continued use of the unsupported system long before
support ends. AIS members should assist system users in monitoring the operational viability of their
computing systems, and help them understand that timely replacement of inappropriate or outdated
features or entire systems may be needed.
3.7 Recognize and take special care of systems that become integrated into the infrastructure of society.
Even the simplest computer systems have the potential to impact all aspects of society when integrated
with everyday activities such as commerce, travel, government, healthcare, and education. When
organizations and groups develop systems that become an important part of the infrastructure of society,
their leaders have an added responsibility to be good stewards of these systems. Part of that stewardship
requires establishing policies for fair system access, including for those who may have been excluded.
That stewardship also requires that AIS members monitor the level of integration of their systems into the
infrastructure of society. As the level of adoption changes, the ethical responsibilities of the organization
or group are likely to change as well. Continual monitoring of how society is using a system will allow the
organization or group to remain consistent with their ethical obligations outlined in the Code. When
appropriate standards of care do not exist, AIS members have a duty to ensure they are developed.
4. COMPLIANCE WITH THE CODE.
4.1 Uphold, promote, and respect the principles of the Code.
The future of computing depends on both technical and ethical excellence. AIS members should adhere
to the principles of the Code and contribute to improving them. AIS members who recognize breaches of
the Code should take actions to resolve the ethical issues they recognize, including, when reasonable,
expressing their concern to the person or persons thought to be violating the Code.
4.2 Treat violations of the Code as inconsistent with membership in AIS.
Each AIS member should encourage and support adherence by all computing professionals regardless of
AIS membership. AIS members who recognize a breach of the Code should consider reporting the
violation to the AIS Member Conduct Committee (AIS MCC) or the AIS Research Conduct Committee
(AIS RCC), which may result in remedial action as specified in the AIS Bylaw No. 4 Severance and
Reinstatement of Membership. The remedial measures may include, but are not limited to, member
censure, suspension or expulsion.
This Code may be published without permission as long as it is not changed in any way and it carries the
copyright notice. Copyright (c) 2018 by the Association for Computing Machinery. The Code and
guidelines were developed by the ACM Code 2018 Task Force.
Adapted from the ACM Code of Ethics and Professional Conduct.
This Code and its guidelines were adopted by the AIS Council on December 14, 2019.
File a Report – Member Code of Conduct
Reports related to potential violations of the AIS Member Code of Conduct may be submitted
confidentially and anonymously through the third-party NAVEX EthicsPoint online reporting platform.
Please visit conduct.aisnet.org for additional information about the complaint resolution process and to file
a report.
Do you have suggestions for changes to the Member Code of Conduct?
If AIS Members or your AIS Community group would like to propose edits, additions, deletions from the
Member Code of Conduct please bring them forward. You can contact the AIS Member Conduct
Committee Chair or the AIS Membership Director (or any member of AIS Council) to initiate the process
of updating the Code. Please be aware that edits to the Code will require approval by AIS Council.
INFORMATION SYSTEMS FOR BUSINESS AND BEYOND 12
David T. Bourgeois
Please note, there is an updated edition of this book available at https://opentextbook.site. If you are not
required to use this edition for a course, you may want to check it out.
Introduction
Information systems have had an impact far beyond the world of business. New technologies create new
situations that we have never dealt with before. How do we handle the new capabilities that these devices
empower us with? What new laws are going to be needed to protect us from ourselves? This chapter will
kick off with a discussion of the impact of information systems on how we behave (ethics). This will be
followed with the new legal structures being put in place, with a focus on intellectual property and privacy.
Information Systems Ethics
The term ethics is defined as “a set of moral principles” or “the principles of conduct governing an
individual or a group.”[1] Since the dawn of civilization, the study of ethics and their impact has fascinated
mankind. But what do ethics have to do with information systems?
The introduction of new technology can have a profound effect on human behavior. New technologies
give us capabilities that we did not have before, which in turn create environments and situations that
have not been specifically addressed in ethical terms. Those who master new technologies gain new
power; those who cannot or do not master them may lose power. In 1913, Henry Ford implemented the
first moving assembly line to create his Model T cars. While this was a great step forward technologically
(and economically), the assembly line reduced the value of human beings in the production process. The
development of the atomic bomb concentrated unimaginable power in the hands of one government, who
then had to wrestle with the decision to use it. Today’s digital technologies have created new categories of
ethical dilemmas.
For example, the ability to anonymously make perfect copies of digital music has tempted many music
fans to download copyrighted music for their own use without making payment to the music’s owner.
Many of those who would never have walked into a music store and stolen a CD find themselves with
dozens of illegally downloaded albums.
Digital technologies have given us the ability to aggregate information from multiple sources to create
profiles of people. What would have taken weeks of work in the past can now be done in seconds,
allowing private organizations and governments to know more about individuals than at any time in
history. This information has value, but also chips away at the privacy of consumers and citizens.
Code of Ethics
One method for navigating new ethical waters is a code of ethics. A code of ethics is a document that
outlines a set of acceptable behaviors for a professional or social group; generally, it is agreed to by all
members of the group. The document details different actions that are considered appropriate and
inappropriate.
A good example of a code of ethics is the Code of Ethics and Professional Conduct of the Association for
Computing Machinery,[2] an organization of computing professionals that includes academics,
researchers, and practitioners. Here is a quote from the preamble:
Commitment to ethical professional conduct is expected of every member (voting members,
associate members, and student members) of the Association for Computing Machinery
(ACM).
This Code, consisting of 24 imperatives formulated as statements of personal responsibility,
identifies the elements of such a commitment. It contains many, but not all, issues
professionals are likely to face. Section 1 outlines fundamental ethical considerations, while
Section 2 addresses additional, more specific considerations of professional conduct.
Statements in Section 3 pertain more specifically to individuals who have a leadership role,
whether in the workplace or in a volunteer capacity such as with organizations like ACM.
Principles involving compliance with this Code are given in Section 4.
In the ACM’s code, you will find many straightforward ethical instructions, such as the admonition to be
honest and trustworthy. But because this is also an organization of professionals that focuses on
computing, there are more specific admonitions that relate directly to information technology:
●
No one should enter or use another’s computer system, software, or data files without
permission. One must always have appropriate approval before using system resources,
including communication ports, file space, other system peripherals, and computer time.
●
Designing or implementing systems that deliberately or inadvertently demean individuals or
groups is ethically unacceptable.
●
Organizational leaders are responsible for ensuring that computer systems enhance, not
degrade, the quality of working life. When implementing a computer system, organizations must
consider the personal and professional development, physical safety, and human dignity of all
workers. Appropriate human-computer ergonomic standards should be considered in system
design and in the workplace.
One of the major advantages of creating a code of ethics is that it clarifies the acceptable standards of
behavior for a professional group. The varied backgrounds and experiences of the members of a group
lead to a variety of ideas regarding what is acceptable behavior. While to many the guidelines may seem
obvious, having these items detailed provides clarity and consistency. Explicitly stating standards
communicates the common guidelines to everyone in a clear manner.
Having a code of ethics can also have some drawbacks. First of all, a code of ethics does not have legal
authority; in other words, breaking a code of ethics is not a crime in itself. So what happens if someone
violates one of the guidelines? Many codes of ethics include a section that describes how such situations
will be handled. In many cases, repeated violations of the code result in expulsion from the group.
In the case of ACM: “Adherence of professionals to a code of ethics is largely a voluntary matter.
However, if a member does not follow this code by engaging in gross misconduct, membership in ACM
may be terminated.” Expulsion from ACM may not have much of an impact on many individuals, since
membership in ACM is usually not a requirement for employment. However, expulsion from other
organizations, such as a state bar organization or medical board, could carry a huge impact.
Another possible disadvantage of a code of ethics is that there is always a chance that important issues
will arise that are not specifically addressed in the code. Technology is quickly changing, and a code of
ethics might not be updated often enough to keep up with all of the changes. A good code of ethics,
however, is written in a broad enough fashion that it can address the ethical issues of potential changes to
technology while the organization behind the code makes revisions.
Finally, a code of ethics could have also be a disadvantage in that it may not entirely reflect the ethics or
morals of every member of the group. Organizations with a diverse membership may have internal
conflicts as to what is acceptable behavior. For example, there may be a difference of opinion on the
consumption of alcoholic beverages at company events. In such cases, the organization must make a
choice about the importance of addressing a specific behavior in the code.
Sidebar: Acceptable Use Policies
Many organizations that provide technology services to a group of constituents or the public require
agreement to an acceptable use policy (AUP) before those services can be accessed. Similar to a code of
ethics, this policy outlines what is allowed and what is not allowed while someone is using the
organization’s services. An everyday example of this is the terms of service that must be agreed to before
using the public Wi-Fi at Starbucks, McDonald’s, or even a university. Here is an example of an
acceptable use policy from Virginia Tech.
Just as with a code of ethics, these acceptable use policies specify what is allowed and what is not
allowed. Again, while some of the items listed are obvious to most, others are not so obvious:
●
“Borrowing” someone else’s login ID and password is prohibited.
●
Using the provided access for commercial purposes, such as hosting your own business website,
is not allowed.
●
Sending out unsolicited email to a large group of people is prohibited.
Also as with codes of ethics, violations of these policies have various consequences. In most cases, such
as with Wi-Fi, violating the acceptable use policy will mean that you will lose your access to the resource.
While losing access to Wi-Fi at Starbucks may not have a lasting impact, a university student getting
banned from the university’s Wi-Fi (or possibly all network resources) could have a large impact.
Intellectual Property
One of the domains that have been deeply impacted by digital technologies is the domain of intellectual
property. Digital technologies have driven a rise in new intellectual property claims and made it much
more difficult to defend intellectual property.
Intellectual property is defined as “property (as an idea, invention, or process) that derives from the work
of the mind or intellect.”[3] This could include creations such as song lyrics, a computer program, a new
type of toaster, or even a sculpture.
Practically speaking, it is very difficult to protect an idea. Instead, intellectual property laws are written to
protect the tangible results of an idea. In other words, just coming up with a song in your head is not
protected, but if you write it down it can be protected.
Protection of intellectual property is important because it gives people an incentive to be creative.
Innovators with great ideas will be more likely to pursue those ideas if they have a clear understanding of
how they will benefit. In the US Constitution, Article 8, Section 8, the authors saw fit to recognize the
importance of protecting creative works:
Congress shall have the power . . . To promote the Progress of Science and useful Arts, by
securing for limited Times to Authors and Inventors the exclusive Right to their respective
Writings and Discoveries.
An important point to note here is the “limited time” qualification. While protecting intellectual property is
important because of the incentives it provides, it is also necessary to limit the amount of benefit that can
be received and allow the results of ideas to become part of the public domain.
Outside of the US, intellectual property protections vary. You can find out more about a specific country’s
intellectual property laws by visiting the World Intellectual Property Organization.
In the following sections we will review three of the best-known intellectual property protections: copyright,
patent, and trademark.
Copyright
Copyright is the protection given to songs, computer programs, books, and other creative works; any work
that has an “author” can be copyrighted. Under the terms of copyright, the author of a work controls what
can be done with the work, including:
●
Who can make copies of the work.
●
Who can make derivative works from the original work.
●
Who can perform the work publicly.
●
Who can display the work publicly.
●
Who can distribute the work.
Many times, a work is not owned by an individual but is instead owned by a publisher with whom the
original author has an agreement. In return for the rights to the work, the publisher will market and
distribute the work and then pay the original author a portion of the proceeds.
Copyright protection lasts for the life of the original author plus seventy years. In the case of a copyrighted
work owned by a publisher or another third party, the protection lasts for ninety-five years from the original
creation date. For works created before 1978, the protections vary slightly. You can see the full details on
copyright protections by reviewing the Copyright Basics document available at the US Copyright Office’s
website.
Obtaining Copyright Protection
In the United States, a copyright is obtained by the simple act of creating the original work. In other words,
when an author writes down that song, makes that film, or designs that program, he or she automatically
has the copyright. However, for a work that will be used commercially, it is advisable to register for a
copyright with the US Copyright Office. A registered copyright is needed in order to bring legal action
against someone who has used a work without permission.
First Sale Doctrine
If an artist creates a painting and sells it to a collector who then, for whatever reason, proceeds to destroy
it, does the original artist have any recourse? What if the collector, instead of destroying it, begins making
copies of it and sells them? Is this allowed? The first sale doctrine is a part of copyright law that
addresses this, as shown below[4]:
The first sale doctrine, codified at 17 U.S.C. § 109, provides that an individual who knowingly
purchases a copy of a copyrighted work from the copyright holder receives the right to sell,
display or otherwise dispose of that particular copy, notwithstanding the interests of the
copyright owner.
So, in our examples, the copyright owner has no recourse if the collector destroys her artwork. But the
collector does not have the right to make copies of the artwork.
Fair Use
Another important provision within copyright law is that of fair use. Fair use is a limitation on copyright law
that allows for the use of protected works without prior authorization in specific cases. For example, if a
teacher wanted to discuss a current event in her class, she could pass out copies of a copyrighted news
story to her students without first getting permission. Fair use is also what allows a student to quote a
small portion of a copyrighted work in a research paper.
Unfortunately, the specific guidelines for what is considered fair use and what constitutes copyright
violation are not well defined. Fair use is a well-known and respected concept and will only be challenged
when copyright holders feel that the integrity or market value of their work is being threatened. The
following four factors are considered when determining if something constitutes fair use: [5]
1. The purpose and character of the use, including whether such use is of commercial nature or is
for nonprofit educational purposes;
2. The nature of the copyrighted work;
3. The amount and substantiality of the portion used in relation to the copyrighted work as a whole;
4. The effect of the use upon the potential market for, or value of, the copyrighted work.
If you are ever considering using a copyrighted work as part of something you are creating, you may be
able to do so under fair use. However, it is always best to check with the copyright owner to be sure you
are staying within your rights and not infringing upon theirs.
Sidebar: The History of Copyright Law
As noted above, current copyright law grants copyright protection for seventy years after the author’s
death, or ninety-five years from the date of creation for a work created for hire. But it was not always this
way.
The first US copyright law, which only protected books, maps, and charts, provided protection for only 14
years with a renewable term of 14 years. Over time, copyright law was revised to grant protections to
other forms of creative expression, such as photography and motion pictures. Congress also saw fit to
extend the length of the protections, as shown in the chart below. Today, copyright has become big
business, with many businesses relying on the income from copyright-protected works for their income.
Many now think that the protections last too long. The Sonny Bono Copyright Term Extension Act has
been nicknamed the “Mickey Mouse Protection Act,” as it was enacted just in time to protect the copyright
on the Walt Disney Company’s Mickey Mouse character. Because of this term extension, many works
from the 1920s and 1930s that would have been available now in the public domain are not available.
Evolution of copyright term length. (CC-BY-SA: Tom Bell)
The Digital Millennium Copyright Act
As digital technologies have changed what it means to create, copy, and distribute media, a policy
vacuum has been created. In 1998, the US Congress passed the Digital Millennium Copyright Act
(DMCA), which extended copyright law to take into consideration digital technologies. Two of the
best-known provisions from the DMCA are the anti-circumvention provision and the “safe harbor”
provision.
●
The anti-circumvention provision makes it illegal to create technology to circumvent technology
that has been put in place to protect a copyrighted work. This provision includes not just the
creation of the technology but also the publishing of information that describes how to do it. While
this provision does allow for some exceptions, it has become quite controversial and has led to a
movement to have it modified.
●
The “safe harbor” provision limits the liability of online service providers when someone using
their services commits copyright infringement. This is the provision that allows YouTube, for
example, not to be held liable when someone posts a clip from a copyrighted movie. The
provision does require the online service provider to take action when they are notified of the
violation (a “takedown” notice). For an example of how takedown works, here’s how YouTube
handles these requests: YouTube Copyright Infringement Notification.
Many think that the DMCA goes too far and ends up limiting our freedom of speech. The Electronic
Frontier Foundation (EFF) is at the forefront of this battle. For example, in discussing the
anti-circumvention provision, the EFF states:
Yet the DMCA has become a serious threat that jeopardizes fair use, impedes competition
and innovation, chills free expression and scientific research, and interferes with computer
intrusion laws. If you circumvent DRM [digital rights management] locks for non-infringing fair
uses or create the tools to do so you might be on the receiving end of a lawsuit.
Sidebar: Creative Commons
In chapter 2, we learned about open-source software. Open-source software has few or no copyright
restrictions; the creators of the software publish their code and make their software available for others to
use and distribute for free. This is great for software, but what about other forms of copyrighted works? If
an artist or writer wants to make their works available, how can they go about doing so while still
protecting the integrity of their work? Creative Commons is the solution to this problem.
Creative Commons is a nonprofit organization that provides legal tools for artists and authors. The tools
offered make it simple to license artistic or literary work for others to use or distribute in a manner
consistent with the author’s intentions. Creative Commons licenses are indicated with the symbol. It is
important to note that Creative Commons and public domain are not the same. When something is in the
public domain, it has absolutely no restrictions on its use or distribution. Works whose copyrights have
expired, for example, are in the public domain.
By using a Creative Commons license, authors can control the use of their work while still making it
widely accessible. By attaching a Creative Commons license to their work, a legally binding license is
created. Here are some examples of these licenses:
●
CC-BY: This is the least restrictive license. It lets others distribute and build upon the work, even
commercially, as long as they give the author credit for the original work.
●
CC-BY-SA: This license restricts the distribution of the work via the “share-alike” clause. This
means that others can freely distribute and build upon the work, but they must give credit to the
original author and they must share using the same Creative Commons license.
●
CC-BY-NC: This license is the same as CC-BY but adds the restriction that no one can make
money with this work. NC stands for “non-commercial.”
●
CC-BY-NC-ND: This license is the same as CC-BY-NC but also adds the ND restriction, which
means that no derivative works may be made from the original.
These are a few of the more common licenses that can be created using the tools that Creative
Commons makes available. For a full listing of the licenses and to learn much more about Creative
Commons, visit their web site.
Patent
Another important form of intellectual property protection is the patent. A patent creates protection for
someone who invents a new product or process. The definition of invention is quite broad and covers
many different fields. Here are some examples of items receiving patents:
●
circuit designs in semiconductors;
●
prescription drug formulas;
●
firearms;
●
locks;
●
plumbing;
●
engines;
●
coating processes; and
●
business processes.
Once a patent is granted, it provides the inventor with protection from others infringing on his or her
patent. A patent holder has the right to “exclude others from making, using, offering for sale, or selling the
invention throughout the United States or importing the invention into the United States for a limited time
in exchange for public disclosure of the invention when the patent is granted.”[6]
As with copyright, patent protection lasts for a limited period of time before the invention or process enters
the public domain. In the US, a patent lasts twenty years. This is why generic drugs are available to
replace brand-name drugs after twenty years.
Obtaining Patent Protection
Unlike copyright, a patent is not automatically granted when someone has an interesting idea and writes it
down. In most countries, a patent application must be submitted to a government patent office. A patent
will only be granted if the invention or process being submitted meets certain conditions:
●
It must be original. The invention being submitted must not have been submitted before.
●
It must be non-obvious. You cannot patent something that anyone could think of. For example,
you could not put a pencil on a chair and try to get a patent for a pencil-holding chair.
●
It must be useful. The invention being submitted must serve some purpose or have some use that
would be desired.
The job of the patent office is to review patent applications to ensure that the item being submitted meets
these requirements. This is not an easy job: in 2012, the US Patent Office received 576,763 patent
applications and granted 276,788 patents. The current backlog for a patent approval is 18.1 months. Over
the past fifty years, the number of patent applications has risen from just 100,000 a year to almost
600,000; digital technologies are driving much of this innovation.
Increase in patent applications, 1963–2012 (Source: US Patent and Trademark Office)
Sidebar: What Is a Patent Troll?
The advent of digital technologies has led to a large increase in patent filings and therefore a large
number of patents being granted. Once a patent is granted, it is up to the owner of the patent to enforce it;
if someone is found to be using the invention without permission, the patent holder has the right to sue to
force that person to stop and to collect damages.
The rise in patents has led to a new form of profiteering called patent trolling. A patent troll is a person or
organization who gains the rights to a patent but does not actually make the invention that the patent
protects. Instead, the patent troll searches for those who are illegally using the invention in some way and
sues them. In many cases, the infringement being alleged is questionable at best. For example,
companies have been sued for using Wi-Fi or for scanning documents, technologies that have been on
the market for many years.
Recently, the US government has begun taking action against patent trolls. Several pieces of legislation
are working their way through Congress that will, if enacted, limit the ability of patent trolls to threaten
innovation. You can learn a lot more about patent trolls by listening to a detailed investigation conducted
by the radio program This American Life, by clicking this link.
Trademark
A trademark is a word, phrase, logo, shape or sound that identifies a source of goods or services. For
example, the Nike “Swoosh,” the Facebook “f”, and Apple’s apple (with a bite taken out of it) are all
trademarked. The concept behind trademarks is to protect the consumer. Imagine going to the local
shopping center to purchase a specific item from a specific store and finding that there are several stores
all with the same name!
Two types of trademarks exist – a common-law trademark and a registered trademark. As with copyright,
an organization will automatically receive a trademark if a word, phrase, or logo is being used in the
normal course of business (subject to some restrictions, discussed below). A common-law trademark is
designated by placing “TM” next to the trademark. A registered trademark is one that has been examined,
approved, and registered with the trademark office, such as the Patent and Trademark Office in the US. A
registered trademark has the circle-R (®) placed next to the trademark.
While most any word, phrase, logo, shape, or sound can be trademarked, there are a few limitations. A
trademark will not hold up legally if it meets one or more of the following conditions:
●
The trademark is likely to cause confusion with a mark in a registration or prior application.
●
The trademark is merely descriptive for the goods/services. For example, trying to register the
trademark “blue” for a blue product you are selling will not pass muster.
●
The trademark is a geographic term.
●
The trademark is a surname. You will not be allowed to trademark “Smith’s Bookstore.”
●
The trademark is ornamental as applied to the goods. For example, a repeating flower pattern
that is a design on a plate cannot be trademarked.
As long as an organization uses its trademark and defends it against infringement, the protection afforded
by it does not expire. Because of this, many organizations defend their trademark against other
companies whose branding even only slightly copies their trademark. For example, Chick-fil-A has
trademarked the phrase “Eat Mor Chikin” and has vigorously defended it against a small business using
the slogan “Eat More Kale.” Coca-Cola has trademarked the contour shape of its bottle and will bring
legal action against any company using a bottle design similar to theirs. As an example of trademarks that
have been diluted and have now lost their protection in the US are “aspirin” (originally trademarked by
Bayer), “escalator” (originally trademarked by Otis), and “yo-yo” (originally trademarked by Duncan).
Information Systems and Intellectual Property
The rise of information systems has forced us to rethink how we deal with intellectual property. From the
increase in patent applications swamping the government’s patent office to the new laws that must be put
in place to enforce copyright protection, digital technologies have impacted our behavior.
Privacy
The term privacy has many definitions, but for our purposes, privacy will mean the ability to control
information about oneself. Our ability to maintain our privacy has eroded substantially in the past
decades, due to information systems.
Personally Identifiable Information
Information about a person that can be used to uniquely establish that person’s identify is called
personally identifiable information, or PII. This is a broad category that includes information such as:
●
name;
●
social security number;
●
date of birth;
●
place of birth;
●
mother‘s maiden name;
●
biometric records (fingerprint, face, etc.);
●
medical records;
●
educational records;
●
financial information; and
●
employment information.
Organizations that collect PII are responsible to protect it. The Department of Commerce recommends
that “organizations minimize the use, collection, and retention of PII to what is strictly necessary to
accomplish their business purpose and mission.” They go on to state that “the likelihood of harm caused
by a breach involving PII is greatly reduced if an organization minimizes the amount of PII it uses,
collects, and stores.”[7] Organizations that do not protect PII can face penalties, lawsuits, and loss of
business. In the US, most states now have laws in place requiring organizations that have had security
breaches related to PII to notify potential victims, as does the European Union.
Just because companies are required to protect your information does not mean they are restricted from
sharing it. In the US, companies can share your information without your explicit consent (see sidebar
below), though not all do so. Companies that collect PII are urged by the FTC to create a privacy policy
and post it on their website. The state of California requires a privacy policy for any website that does
business with a resident of the state (see http://www.privacy.ca.gov/lawenforcement/laws.htm).
While the privacy laws in the US seek to balance consumer protection with promoting commerce, in the
European Union privacy is considered a fundamental right that outweighs the interests of commerce. This
has led to much stricter privacy protection in the EU, but also makes commerce more difficult between the
US and the EU.
Non-Obvious Relationship Awareness
Digital technologies have given us many new capabilities that simplify and expedite the collection of
personal information. Every time we come into contact with digital technologies, information about us is
being made available. From our location to our web-surfing habits, our criminal record to our credit report,
we are constantly being monitored. This information can then be aggregated to create profiles of each
and every one of us. While much of the information collected was available in the past, collecting it and
combining it took time and effort. Today, detailed information about us is available for purchase from
different companies. Even information not categorized as PII can be aggregated in such a way that an
individual can be identified.
This process of collecting large quantities of a variety of information and then combining it to create
profiles of individuals is known as non-obvious relationship awareness, or NORA. First commercialized by
big casinos looking to find cheaters, NORA is used by both government agencies and private
organizations, and it is big business.
Non-obvious relationship awareness (NORA)
In some settings, NORA can bring many benefits, such as in law enforcement. By being able to identify
potential criminals more quickly, crimes can be solved more quickly or even prevented before they
happen. But these advantages come at a price: our privacy.
Restrictions on Record Collecting
In the US, the government has strict guidelines on how much information can be collected about its
citizens. Certain classes of information have been restricted by laws over time, and the advent of digital
tools has made these restrictions more important than ever.
Children’s Online Privacy Protection Act
Websites that are collecting information from children under the age of thirteen are required to comply
with the Children’s Online Privacy Protection Act (COPPA), which is enforced by the Federal Trade
Commission (FTC). To comply with COPPA, organizations must make a good-faith effort to determine the
age of those accessing their websites and, if users are under thirteen years old, must obtain parental
consent before collecting any information.
Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act (FERPA) is a US law that protects the privacy of student
education records. In brief, this law specifies that parents have a right to their child’s educational
information until the child reaches either the age of eighteen or begins attending school beyond the high
school level. At that point, control of the information is given to the child. While this law is not specifically
about the digital collection of information on the Internet, the educational institutions that are collecting
student information are at a higher risk for disclosing it improperly because of digital technologies.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the law the specifically singles
out records related to health care as a special class of personally identifiable information. This law gives
patients specific rights to control their medical records, requires health care providers and others who
maintain this information to get specific permission in order to share it, and imposes penalties on the
institutions that breach this trust. Since much of this information is now shared via electronic medical
records, the protection of those systems becomes paramount.
Sidebar: Do Not Track
When it comes to getting permission to share personal information, the US and the EU have different
approaches. In the US, the “opt-out” model is prevalent; in this model, the default agreement is that you
have agreed to share your information with the organization and must explicitly tell them that you do not
want your information shared. There are no laws prohibiting the sharing of your data (beyond some
specific categories of data, such as medical records). In the European Union, the “opt-in” model is
required to be the default. In this case, you must give your explicit permission before an organization can
share your information.
To combat this sharing of information, the Do Not Track initiative was created. As its creators explain[8]:
Do Not Track is a technology and policy proposal that enables users to opt out of tracking by
websites they do not visit, including analytics services, advertising networks, and social
platforms. At present few of these third parties offer a reliable tracking opt out, and tools for
blocking them are neither user-friendly nor comprehensive. Much like the popular Do Not Call
registry, Do Not Track provides users with a single, simple, persistent choice to opt out of
third-party web tracking.
Summary
The rapid changes in information technology in the past few decades have brought a broad array of new
capabilities and powers to governments, organizations, and individuals alike. These new capabilities have
required thoughtful analysis and the creation of new norms, regulations, and laws. In this chapter, we
have seen how the areas of intellectual property and privacy have been affected by these new capabilities
and how the regulatory environment has been changed to address them.
Study Questions
1. What does the term information systems ethics mean?
2. What is a code of ethics? What is one advantage and one disadvantage of a code of ethics?
3. What does the term intellectual property mean? Give an example.
4. What protections are provided by a copyright? How do you obtain one?
5. What is fair use?
6. What protections are provided by a patent? How do you obtain one?
7. What does a trademark protect? How do you obtain one?
8. What does the term personally identifiable information mean?
9. What protections are provided by HIPAA, COPPA, and FERPA?
10. How would you explain the concept of NORA?
Exercises
1. Provide one example of how information technology has created an ethical dilemma that would
not have existed before the advent of information technology.
2. Find an example of a code of ethics or acceptable use policy related to information technology
and highlight five points that you think are important.
3. Do some original research on the effort to combat patent trolls. Write a two-page paper that
discusses this legislation.
4. Give an example of how NORA could be used to identify an individual.
5. How are intellectual property protections different across the world? Pick two countries and do
some original research, then compare the patent and copyright protections offered in those
countries to those in the US. Write a two- to three-page paper describing the differences.
Ethics vs Morals vs Law
Dr. Arturo Perez
Did you know that you can never be ethical and moral and follow the law at the same time? The idea that
we can have all three elements together is the hope that human society dreams.
All three elements together conflict each other.
Let us look at the definitions of ethics, morals, and law.
Ethics is the moral principles that govern a person's behavior or the conducting of an activity. Morals are
concerned with the principles of right and wrong behavior and the goodness or badness of human
character. Law is the system of rules that a particular country or community recognizes as regulating the
actions of its members and may enforce by the imposition of penalties.
If you are ethical you can abide by the law. If you are Moral you can be ethical. Also, if you are moral you
can abide by the law. But you can never be all three together.
Morality governs private, personal interactions. Ethics governs professional interactions. Law governs
society as a whole, often dealing with interactions between total strangers.
Some people talk about their personal ethics, others talk about a set of morals, and everyone in a society
is governed by the same set of laws. If the law conflicts with our personal values or a moral system, we
have to act – but to do so we need to be able to tell the difference between them.
Ethics and morals relate to “right” and “wrong” conduct. While they are sometimes used interchangeably,
they are different: ethics refer to rules provided by an external source, e.g., codes of conduct in
workplaces or principles in religions. Morals refer to an individual's own principles regarding right and
wrong.
Morals and Law differ because the law demands an absolute subjection to its rules and commands. Law
has enforcing authority derived from the state. It is heteronymous (being imposed upon men upon the
outer life of men). Law regulates men’s relations with others and with society.
A promissory note is in force for three years. It is the debtor’s duty to repay the loan. It is the legal duty.
The creditor can enforce legal action against the debtor within three years from the date of execution of a
promissory note before the court of law. The legal duty involves a corresponding right. The state provides
organized machinery for the enforcement of the law. Legal disputes admit to the principle of alteration by
legislation. Legal disputes can only be settled by an appropriate court of law. Law is narrower than
morality. It extends to a great number of such acts. The law applies to all the citizens whether they want
or not. Law cannot be changed into morals.
Morality demands that men should act from a sense of ethical duty. Morality has no such enforcing
authority from the state. It is autonomous (coming from the inner life of men). It governs the inner life of
men. If the promissory note is time-barred, then the legal duty of the debtor turns into moral duty. Of
course, moral duty is not enforceable before the court of law. It is also accompanied by a corresponding
right. But right is not enforceable before the court of law. There is no such organization for the
enforcement of morals. Moral rules do not admit even in principle admit of change by legislation. Moral
disputes can be solved by the mediation of caste elders, village elders, etc. Morality applies to every
human act.
Morality also applies to all persons. But it depends from person to person, from religion to religion, society
to society. It is his/her pleasure to follow or not. But morals sometimes can be converted into law.
Example: a donation to a charity institution is a moral principle. The income-tax recognized and exempts
a certain percentage of income-tax towards donation from the total income.
Ethics and Law - Ethics are rules of conduct. Laws are rules developed by governments in order to
provide balance in society and protection to its citizens. Ethics comes from people’s awareness of what is
right and wrong. Laws are enforced by governments to their people. Ethics are moral codes that every
person must conform to. Laws are codifications of ethics meant to regulate society. Ethics does not carry
any punishment to anyone who violates it. The law will punish anyone who happens to violate it. Ethics
comes from within a person’s moral values. Laws are made with ethics as a guiding principle.
It is clear that one cannot be Ethical, Moral, and follow the law. In today's society following the law affects
the morality of people. Being ethical makes you look like you are against someone or something. What do
you do? It is not to please anyone but make sure you are ok with what you will follow. Choose wisely
because only two go side by side.
Including Ethical Considerations in Decision Making
We are all faced with difficult decisions in our work and in our personal life. Most of us have developed a
decision-making process that we execute automatically, without thinking about the steps we go through.
For many of us, the process generally follows the steps outlined in Figure 3.1.
Figure 3.1 Decision-making process
The following sections discuss this decision-making process further and point out where and how ethical
considerations need to be brought into the process.
STEP 1. Develop a Problem Statement
A problem statement is a clear, concise description of the issue that needs to be addressed. A good
problem statement answers the following questions: What do people observe that causes them to think
there is a problem? Who is directly affected by the problem? Is there anyone else affected? How often
does the problem occur? What is the impact of the problem? How serious is the problem? Development
of a problem statement is the most critical step in the decision-making process. Without a clear statement
of the problem or the decision to be made, it is useless to proceed. Obviously, if the problem is stated
incorrectly, the decision will not solve the problem.
You must gather and analyze facts to develop a good problem statement. Seek information and opinions
from a variety of people to broaden your frame of reference. During this process, you must be extremely
careful not to make assumptions about the situation. Simple situations can sometimes turn into complex
controversies because no one takes the time to gather the facts. For example, you might see your boss
receive what appears to be an employment application from a job applicant and then throw the application
into the trash after the applicant leaves. This would violate your organization’s policy to treat each
applicant with respect and to maintain a record of all applications for one year. You could report your boss
for failure to follow the policy, or you could take a moment to speak directly to your boss. You might be
pleasantly surprised to find out that the situation was not as it appeared. Perhaps the “applicant” was
actually a salesperson promoting a product for which your company had no use, and the “application” was
marketing literature.
Part of developing a good problem statement involves identifying the stakeholders and their positions on
the issue. Stakeholders often include others beyond those directly involved in an issue. Identifying the
stakeholders helps you understand the impact of your decision and could help you make a better
decision. Unfortunately, it may also cause you to lose sleep from wondering how you might affect the lives
of others. However, by involving stakeholders in the decision, you can work to gain their support for the
recommended course of action. What is at stake for each stakeholder? What does each stakeholder
value, and what outcome does each stakeholder want? Do some stakeholders have a greater stake
because they have special needs or because the organization has special obligations to them? To what
degree should they be involved in the decision?
The following list includes one example of a good problem statement as well as two examples of poor
problem statements:
●
Good problem statement: Our product supply organization is continually running out of stock
of finished products, creating an out-of-stock situation on over 15 percent of our customer
orders, resulting in over $300,000 in lost sales per month.
●
Poor problem statement: We need to implement a new inventory control system. (This is a
possible solution, not a problem statement.)
●
Poor problem statement: We have a problem with finished product inventory. (This is not
specific enough.)
STEP 2. Identify Alternatives
During this stage of decision making, it is ideal to enlist the help of others, including stakeholders, to
identify several alternative solutions to the problem. Brainstorming with others will increase your chances
of identifying a broad range of alternatives and determining the best solution. On the other hand, there
may be times when it is inappropriate to involve others in solving a problem that you are not at liberty to
discuss. In providing participants information about the problem to be solved, offer just the facts, without
your opinion, so you don’t influence others to accept your solution.
During any brainstorming process, try not to be critical of ideas, as any negative criticism will tend to shut
down the discussion, and the flow of ideas will dry up. Simply write down the ideas as they are suggested.
STEP 3. Evaluate and Choose an Alternative
Once a set of alternatives has been identified, the group must evaluate them based on numerous criteria,
such as effectiveness at addressing the issue, the extent of risk associated with each alternative, cost,
and time to implement. An alternative that sounds attractive but that is not feasible will not help solve the
problem.
As part of the evaluation process, weigh various laws, guidelines, and principles that may apply. You
certainly do not want to violate a law that can lead to a fine or imprisonment for yourself or others. Are
there any corporate policies or guidelines that apply? Does the organizational code of ethics offer
guidance? Do any of your own personal principles apply?
Also consider the likely consequences of each alternative from several perspectives: What is the impact
on you, your organization, other stakeholders (including your suppliers and customers), and the
environment?
The alternative selected should be ethically and legally defensible; be consistent with the organization’s
policies and code of ethics; take into account the impact on others; and, of course, provide a good
solution to the problem.
Philosophers have developed many approaches to aid in ethical decision making. Four of the most
common approaches, summarized in Table 3.1 and discussed in the following sections, provide a
framework for decision makers to reflect on the acceptability of their actions and evaluate their moral
judgments. People must find the appropriate balance among all applicable laws, corporate principles, and
moral guidelines to help them make decisions.
Table 3.1 Four common approaches to ethical decision making
Virtue Ethics Approach
The virtue ethics approach to decision making focuses on how you should behave and think about
relationships if you are concerned with your daily life in a community. It does not define a formula for
ethical decision making, but suggests that when faced with a complex ethical dilemma, people do either
what they are most comfortable doing or what they think a person they admire would do. The assumption
is that people are guided by their virtues to reach the “right” decision. A proponent of virtue ethics believes
that a disposition to do the right thing is more effective than following a set of principles and rules, and
that people should perform moral acts out of habit, not introspection.
Virtue ethics can be applied to the business world by equating the virtues of a good businessperson with
those of a good person. However, businesspeople face situations that are peculiar to a business setting,
so they may need to tailor their ethics accordingly. For example, honesty and openness when dealing with
others are generally considered virtues; however, a corporate purchasing manager who is negotiating a
multimillion dollar deal might need to be vague in discussions with potential suppliers.
A problem with the virtue ethics approach is that it doesn’t provide much of a guide for action. The
definition of virtue cannot be worked out objectively; it depends on the circumstances—you work it out as
you go. For example, bravery is a great virtue in many circumstances, but in others it may be foolish. The
right thing to do in a situation also depends on which culture you’re in and what the cultural norm dictates.
Utilitarian Approach
The utilitarian approach to ethical decision making states that you should choose the action or policy that
has the best overall consequences for all people who are directly or indirectly affected. The goal is to find
the single greatest good by balancing the interests of all affected parties.
Utilitarianism fits easily with the concept of value in economics and the use of cost benefit analysis in
business. Business managers, legislators, and scientists weigh the benefits and harm of policies when
deciding whether to invest resources in building a new plant in a foreign country, to enact a new law, or to
approve a new prescription drug.
A complication of this approach is that measuring and comparing the values of certain benefits and costs
is often difficult, if not impossible. How do you assign a value to human life or to a pristine wildlife
environment? It can also be difficult to predict the full benefits and harm that result from a decision.
Fairness Approach
The fairness approach focuses on how fairly actions and policies distribute benefits and burdens among
people affected by the decision. The guiding principle of this approach is to treat all people the same.
However, decisions made with this approach can be influenced by personal bias, without the decision
makers even being aware of their bias. If the intended goal of an action or a policy is to provide benefits to
a target group, other affected groups may consider the decision unfair.
Common Good Approach
The common good approach to decision making is based on a vision of society as a community whose
members work together to achieve a common set of values and goals. Decisions and policies that use
this approach attempt to implement social systems, institutions, and environments that everyone depends
on and that benefit all people. Examples include an effective education system, a safe and efficient
transportation system, and accessible and affordable health care.
As with the other approaches to ethical decision making, there are complications with the common good
approach. People clearly have different ideas about what constitutes the common good, which makes
consensus difficult. In addition, maintaining the common good often requires some groups to bear greater
costs than others—for instance, homeowners pay property taxes to support public schools, but apartment
dwellers do not.
STEP 4. Implement the Decision
Once an alternative is selected, it should be implemented in an efficient, effective, and timely manner.
This is often much easier said than done, because people tend to resist change. In fact, the bigger the
change, the greater is the resistance to it. Communication is the key to helping people accept a change. It
is imperative that someone whom the stakeholders trust and respect answer the following questions: Why
are we doing this? What is wrong with the current way we do things? and What are the benefits of the
new way for you? A transition plan must be defined to explain to people how they will move from the old
way of doing things to the new way. It is essential that the transition be seen as relatively easy and pain
free.
STEP 5. Evaluate the Results
After the solution to the problem has been implemented, monitor the results to see if the desired effect
was achieved, and observe its impact on the organization and the various stakeholders. Were the
success criteria fully met? Were there any unintended consequences? This evaluation may indicate that
further refinements are needed. If so, return to the problem development step, refine the problem
statement as necessary, and work through the process again.
Ethical Considerations in Decision Making http://www.csun.edu/~hfmgt001/ethicalFr.htm
What is Ethics in Information Technology?
Social networking user terms may be a huge ethical quandary for industry, but there are so many other
ethical standards for IT professionals to solve today. Some of those include:
Security: From e-commerce sites to banking and government databases, the public trusts that their
information is secure once they’ve set up a password-protected account. When data breaches occur, it
can cause a domino effect of security issues, especially when they’re using a site like Facebook or
Google as their master-key log-in under the presumption they’ll be more secure. Even when breached,
users often don’t find out until long after the fact, like when Equifax had a breach for 76 days, affecting
147 million Americans. How soon should the public be notified, and what recourses should they have?
Proprietary Software: Software made for a company or organization’s private purposes does not go
through an oversight process. When building a house, a civic inspector needs to approve it against the
building code, but not with software, even though software can conceivably impact far more people. In
proprietary instances, if only the client and the IT coding personnel know about possible ethical conflicts
in software, personnel are conflicted with either needing to quit their job or do what they’re asked.
Deep Learning & Artificial Intelligence: AI algorithms now underpin so much daily technology. From the
concierge on your phone to your smart TV and your car’s cruise control, right through to safety
mechanisms on flights. What happens when the AI makes a choice that involves an ethical conundrum?
AI is designed to make the call, but what if it’s a questionable call its designers never considered?
Parental Ignorance: Today’s parents are keen to record so much of their children’s lives, uploading
everything from deeply personal moments that amuse them to rallying support to advocate for their child’s
medical issues to creating hashtags with their child’s full name. These records can follow their children for
the rest of their lives. At what point do parental rights trump the child’s, and whose side should the IT
world be protecting?
These dilemmas barely scratch the surface of questions worth posing about information technology and
moral philosophy.
1
C h a p t e r
4
E t h i c a l a n d
I n f o r m a t i o n
S o c i a l I s s u e s
S y s t e m s
i n
LEARNING TRACK 1: DEVELOPING A CORPORATE CODE OF ETHICS FOR IT
As a manager, you will be responsible for developing, enforcing, and explaining corporate ethics policies. Historically, corporate management has paid much more attention to
financial integrity and personnel policies than to the information systems area. But based
on what you will have learned after reading this chapter, it will be clear your corporation
should have an ethics policy in the information systems (IS) area covering such issues as
privacy, property, accountability, system quality, and quality of life. The challenge will
be in educating non-IS managers about the need for these policies, as well as educating
your workforce.
Some corporations have developed far-reaching corporate IS codes of ethics, including FedEx, IBM, American Express, and Merck & Co. Most firms, however, have not
developed these codes of ethics, leaving their employees unsure about expected correct
behavior. There is some dispute concerning a general code of ethics versus a specific
information systems code of ethics. As managers, you should strive to develop an IS-specific set of ethical standards for each of the five moral dimensions:
• Information rights and obligations. A code should cover topics such as employee
e-mail and Internet privacy, workplace monitoring, treatment of corporate information, and policies on customer information.
• Property rights and obligations. A code should cover topics such as software licenses,
ownership of firm data and facilities, ownership of software created by employees on
company hardware, and software copyrights. Specific guidelines for contractual relationships with third parties should be covered as well.
• System quality. The code should describe the general levels of data quality and system error that can be tolerated, with detailed specifications left to specific projects.
The code should require that all systems attempt to estimate data quality and system
error probabilities.
• Quality of life. The code should state that the purpose of systems is to improve the
quality of life for customers and for employees by achieving high levels of product
quality, customer service, and employee satisfaction and human dignity through proper ergonomics, job and workflow design, and human resources development.
• Accountability and control. The code should specify a single individual responsible
for all information systems, and reporting to this individual should be others who are
responsible for individual rights, the protection of property rights, system quality, and
quality of life (e.g., job design, ergonomics, and employee satisfaction).
Responsibilities for control of systems, audits, and management should be clearly
defined. The potential liabilities of systems officers and the corporation should be
detailed in a separate document.