Reading: Maintain ethical conduct in IT

Maintain ethical conduct in IT

Inside this reading:

What is an ethical service?

Legal and industry controls

Your ‘ethical barometer’

Ensure correct representation

Professional presentation

Providing unbiased information

Accurate quoting and estimating

Acknowledging others’ work

Protect client interests

Reliability and security

Confidentiality and proprietary rights

Value for money

Identify conflicts of interest

A word on whistle-blowing

Summary

Feedback to activities

What is an ethical service?

The Macquarie Dictionary defines ethical, amongst other ways, as ‘in accordance with the rules and standards of a profession’.

To provide an ethical IT service is essentially to act in an honest and professional manner. IT professionals will ensure that they and their organisation are correctly represented, that their clients are advised of any conflict of interest, and that the interests of the client, internal or external, are properly protected.

/ Activity 1
You are probably familiar with the language used to describe ethical and unethical conduct. In a minute or so, how many words could you add to the list below?
Ethical / Reputable, fair, reliable …
Unethical / Corrupt, fraudulent, unscrupulous …

Check your answers against the feedback provided at the end of this document.

As an IT professional you should be able to recognise potential ethical problems and decide on the appropriate action needed. Before you act, you’ll need to know:

  • Who decides what is the right thing to do (eg does responsibility lie with the organisation, the client or customer, or the individual employee)?
  • How much influence do government, industry and others have in determining ethical behaviours?
  • What are the ethical concerns that apply to IT professionals?

Legal and industry controls

Professional ethics are governed by legislation, industry standards and workplace policies and procedures. These controls usually reflect community expectations and commonly held personal values, although occasionally conflicts arise. For this reason it is important there are guidelines for professional conduct when dealing with clients and customers, and that employees understand their obligations.

Legislation

A range of commonwealth and state legislation governs Australians and Australian business. You can view current legislation online at:

  • for commonwealth legislation
  • for NSWState legislation.

Some government agencies make important information more accessible bypublishing guidelines in ‘plain English’ and a range of other languages.

Industry codes and standards

Many industry bodies and associations publish codes and standards that govern the conduct of their members. The Australian Computer Society (ACS) Code of Ethics and Code of Professional Conduct and ProfessionalPracticefor IT professionals are available from the ACS website at

Workplace policies and procedures

Workplace policies and procedures reflect the legislation, standards and values relating to the business operations. These may be available in print, on the company intranet, or on the company’s website.

/ Activity 2

Print a copy of the Codes from the ACS website or add them to your Favourites folder for later reference. You’ll find them at: Select ‘The ACS – The Society’ then ‘General Policies’ from the menu. You could also look for a code from your place of work or study too. If your workplace does not have a code, try an Internet search for codes published by a similar Australian organisation.

Your ‘ethical barometer’

The term ‘ethics’ comes from the Greek word ethikos, which describes the authority of custom or tradition, a form of common law. This can be far more complex than ‘right versus wrong’; it can be a topic full of dark corners, grey areas and divided opinions.

It may help to think of the people around you as an ethical barometer. Before you act, think about how others might react—or ask them directly. Consider:

  • What would a legal adviser say?
  • What would your client, colleagues or employers say?
  • What would others in your profession or the wider community say?
  • What would your family and friends think?
  • How do you feel about it?

If you rely on the advice of others, be aware that some unethical people may try to influence your thinking. Ethical decision-making is not based on peer pressure or coercion.

Ensure correct representation

A qualification alone does not make you a professional. You must act like aprofessional, demonstrate honesty and fair play, and correctly represent yourself, your organisation and your products and services in all business dealings with clients.

A professional:
  • Dresses and acts appropriately
  • Respects others’ differences
  • Is fair and honest in their business dealings
  • Abides by legal, industry and workplace standards.

For the professional, correct representation means to:
  • Represent your capabilities, services, or products accurately
  • Offer unbiased advice and disclose all relevant information
  • To provide accurate quotes and work estimates.

The consequences of misrepresentation can be disastrous. There are industries that, as a whole, are perceived as unethical because of the behaviour of a few ‘professionals’. Businesses may fail and workers lose jobs because of unethical conduct on the part of others. And let’s not forget the often spectacular fall of corporate high-fliers whose dishonest dealings are eventually exposed.

Let’s take a closer look at correct representation for IT professionals.

Professional presentation

Professional representation is about presenting skills, knowledge and qualifications in an honest and professional manner. Create a good impression and you will inspire confidence in what you or your company have to offer.

Professional presentation means:
  • Representing your capabilities, services, or products accurately
  • Offering unbiased advice and disclose all relevant information
  • Providing accurate quotes and work estimates.

/ Activity 3

Consider the following scenario.

At an interview, you realise that the panel assume you have certain qualifications. You don’t, but their assumption will greatly improve your chances. Should you explain?

Check your answers against the feedback provided at the end of this document.

To lie about, over-exaggerate or misrepresent expertise and experience in order to create a good impression would be unprofessional. Nor would it beprofessional to create a poor impression through negligence, or to misrepresent another’s skills.

Providing unbiased information

A bias is a preference for or against a product, organisation or person, usually for personal or financial reasons. While a bias is not in itself unethical, clients may rely on your expertise to make the best decisions fortheir business. As a professional you must be careful to provide fair andunbiased information. What would you do in this situation?

/ Activity 4

Consider the following scenario.

Your manager asks you to research new learning management systems. Of four suitable products, the front-runner is hosted off-site, and could put jobs at risk if it were approved. You only need to put three forward for evaluation committee. What should you do?

Check your answers against the feedback provided at the end of this document.

Accurate quoting and estimating

Accurate quoting and estimating means providing an external client or an internal department or employer, with a realistic picture of the time, costs, equipment and people needed to complete a job.

You might use estimating worksheets and formulas based on past projects, or conduct detailed assessment of the project requirements to do this. Whatever method you use, you should aim to provide your client with figures that are as accurate as possible, and discuss with them anything that may affect this later.

/ Activity 5

Consider the following scenario.

The initial costing for your ‘pet’ proposal did not cover ongoing maintenance and updates, which could double the cost of the project over five years. If you advise the committee of the added costs the project may not be approved. Would you add this to your proposal?

Check your answers against the feedback provided at the end of this document.

/ Activity 6

Accurately documenting project scope, budget and progress couldavoid problems further down the track. What documents might be useful to estimate and track projects and other work?

Check your answers against the feedback provided at the end of this document.

Experience is perhaps the best tool available for preparing accurate quotes and estimates. If you’re not sure that you have it right, ask someone more experienced to look over your figures first.

Acknowledging others’ work

You have a legal and ethical obligation to correctly acknowledge the workdone by others. Source code and digital content are protected under copyright law, and giving credit where credit is due is an important part ofteamwork.

When you use someone else’s work, or where they worked with you on a project, it is only fair to acknowledge their efforts. For example:

  • ‘Graphics created by Sally Smith’, for unpublished works, or
  • ‘Smith, S. Lifeworks (2001) Moss Publishing’, for published material.

You might also acknowledge assistance informally, or during a presentation. You must also ensure you do not misrepresent others’ work, or claim it as your own.

/ Activity 7

Consider the following scenario.

You have permission to use some diagrams for workplace training purposes. The sessions are so popular that you plan to publish them online. You’ll need toinclude the diagrams. What should you do?

Check your answers against the feedback provided at the end of this document.

Copyright

Copyright protects published and unpublished original works such as:

  • images, audio and video
  • source code
  • other original work.

You have a legal obligation to obtain copyright permissions and correctly acknowledge all products and services developed by others.

/ Activity 8

A workmate gave you the source code for a shareware product she developed in her spare time. After you’ve made a few changes and put it on your website a software developer offers good money for the right to develop the product commercially. What should you do?

Check your answers against the feedback provided at the end of this document.

Copyright and intellectual property (IP) is a complex legal issue.

Tip: For an overview of copyright law see the brochure: ‘Copyright Law in Australia - A short guide’ from the Attorney-General’s website: Use the search function to look up the word ‘copyright’ then choose ‘A short guide to copyright’.

If you are unsure about copyright, check with someone who knows.

Moral rights

Among other things, moral rights include the right to be acknowledged as the author of a work, regardless of who owns the copyright. This means that original work produced by an employee may belong to the employer or client, but they cannot claim authorship.

Intellectual property (IP)

Intellectual property includes copyright of publicly available material, butalso extends to less tangible assets and knowledge, such as patents, trademarks, designs, trade secrets and ‘know-how’.

Freeware and shareware

It is a common misconception that freely available web content, freeware and shareware are copyright free. This is rarely the case, for example:

  • Some websites allow restricted copying for non-commercial purposes as long as the material is correctly acknowledged.
  • Freeware and shareware is not necessarily free. Commercial use is often restricted, and you still need permission to copy any source code or content.

For commercial products you should seek written permission use or reproduce others’ work. It may be acceptable to use small examples or quotes as long as they are correctly attributed.

/ Activity 9

Look for copyright information and links on the websites you visit. These will set out the circumstances where the information can be used or reproduced, or provide contact details you need to get permission to use the material. If you find a good example, post the link to discussions for others to view.

/ Activity 10

Consider the following scenario. You might like to discuss it with others to get a different perspective.

Anya, a talented and knowledgeable software designer, arrives at a client presentation late and hung-over. Anya’s team have put together a solid proposal, but her last-minute notes are scribbled all over the paperwork. When the client notices a small error, Anya jokes that the team member responsible ‘got his qual from a cornflake pack’.

Points to ponder

How would you answer the following questions?

  • Did Anya convince the client that her team is qualified for the job?
  • What specific concerns might the client have in relation to his project?
  • How would you feel if you were part of Anya’s team?
  • Could Anya’s conduct be defended or justified in any way?

Check your answers against the feedback provided at the end of this document.

Protect client interests

Protecting client interests is about doing what is best for your client’s business operations. This may be an external client, an internal department, or a colleague. It may also be an individual whose details are stored by your organisation.

Your client will expect:
  • Security and reliability
  • Confidentiality
  • Value for money
  • Professional service
  • Appropriate IT solutions.

Let’s take a look at some of the ways client interests can be protected.

Reliability and security

Interests such as data security, reliability and efficiency of systems, processes and equipment are obviously important to the client, as these areoften the heart of their business operations.Two types of threat to the continuity of service are:

  • accidental loss of data or services resulting from system failure, human error or act of nature
  • deliberate or incidental loss or damage from hacking or other unauthorised actions.

In organisations that deal with sensitive information a security flaw, hacking incident or misuse of access privileges may also threaten continuity of service. Even if the system is otherwise intact it may need to be quarantined until the appropriate level of security can be re-established. Properly protecting your client’s interests and ensuring the continuity of service could include:

  • Software and data protection:Take all possible measures to prevent system crashes, viruses and other disasters, and to minimise downtime and loss of data should a critical incident occur.
  • Hardware: Ensure hardware is well-maintained and protected from power failure or surges. Forward planning will minimise disruption caused by old, obsolete or inadequate equipment.
  • Process: Develop efficient processes. Hardware and software solutions are only as good as the processes that support them.
  • People: Ensure that key staff and trained personnel are available to support computing services.

/ Activity 11

What are some strategies to help ensure reliability and security of data and services? Take a few minutes to see how many you can think of under the headings:

  • Software and data protection
  • Hardware
  • Process
  • People.

Check your answers against the feedback provided at the end of this document.

Firewalls, virus protection and system backups would be basic requirements for most IT functions. Further to this, client requirements for security and reliability should be discussed as part of the provision of IT services.

/ Activity 12

Consider the following scenario

Your client’s ageing system has had a few glitches recently, and when it crashed over the weekend, the support calls went unanswered. You then discover that backup device failed several weeks ago, and you cannot restore recent data.

Check your answers against the feedback provided at the end of this document.

As part of providing a professional service you may need to advise clients onwhat’s needed to ensure the security and reliability of their system. This will largely depend on the operational aspects of the client organisation, such as the sensitivity of the data, how much the organisation can afford, and any national and international standards that apply.

Confidentiality and proprietary rights

The IT professional often has access to information that is confidential or commercially sensitive.

Confidentiality is about protecting the client’s proprietary rights. These are the patents, copyrights, trademarks, trade secrets, knowledge (know-how) and other intellectual property rights that belong to the client, and are not public knowledge. It is so important to some employers that they will require you to sign a confidentiality agreement or undergo security clearances before you can work for them.

Confidentiality covers business and operational information, such as tenders, data, systems, security, product details, financial dealings and product specifications. This is different from privacy, which protects the rights of individuals.

/ Activity 13

Consider the following scenario

Your last employer permits you to briefly demonstrate parts of their new security program at job interviews. One interviewer asks for a copy of the CD to help make their final decision.

What do you do? What if the request came from a new employer who was so insistent that you felt your job was at risk if you didn’t comply?