moorefmgt7019-5_final

NORTHCENTRAL UNIVERSITYASSIGNMENT COVER SHEET

Student: Fahmeena Odetta Moore

THIS FORM MUST BE COMPLETELY FILLED IN

Follow these procedures: If requested by your instructor, please include an assignment cover sheet. This will become the first page of your assignment. In addition, your assignment header should include your last name, first initial, course code, dash, and assignment number. This should be left justified, with the page number right justified. For example:

MooreFMGT7019-5 1

Save a copy of your assignments: You may need to re-submit an assignment at your instructor’s request. Make sure you save your files in accessible location.

Academic integrity: All work submitted in each course must be your own original work. This includes all assignments, exams, term papers, and other projects required by your instructor. Knowingly submitting another person’s work as your own, without properly citing the source of the work, is considered plagiarism. This will result in an unsatisfactory grade for the work submitted or for the entire course. It may also result in academic dismissal from the University.

MGT7019-8 Professor Jo Ann Davis

Ethics in Business Week 5 Assignment

Faculty Use Only

<Faculty comments here>

<Faculty Name> <Grade Earned> <Date Graded>

Running Head: ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 1

Ethics and Information Technology

By Fahmeena Odetta Moore

Northcentral University

April 10, 2016

MGT7019-8

Professor Davis

ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 2

Ethics and Information Technology

In this paper, I review ethical issues associated with information technology usage, particularly

the ethical decisions of information technology professionals. First, I look at how technological advances

hsve impacted society then discuss the business need for technology usage rules and code of

conduct/ethics for employees of an organization. This is followed by the main rights of employees that

must be considered and then issues related to the development and enforcement of the technology usage

rules and code of conduct. Then, I look at how training and education could lead to more ethical decision-

making by all information technology professionals. As required, the main article used for the paper is:

“The Development Of A Code Of Ethics: An Online Classroom Approach To Making Connections

Between Ethical Foundations And The Challenges Presented By Information Technology” (Brooks,

2010).

Within the last two decades, there has been a lot of change and growth in technology and

technology usage. There has been the creation of social networking websites such as Facebook and

Twitter, the development of new (smart) mobile phones that provide access to the internet, the availability

of online courses, the availability of street directions and maps online to assist the average citizen to get

from one place to another, and so on. These changes have had much impact on society. Some have led to

improvements such as increased connectedness and communication across the world (the world now

seems smaller) and the ability for the average citizen to record events/problems and to report what they

found. Technology has also brought problems and challenges. We read about, and some are affected by,

news of data breaches, identity theft, and financial crimes using technology. For example, there was the

unauthorized access and download of payment card data of 40 million customers (data breach) at Target

in December 2013. Another is the hack of JP Morgan’s systems in October 2013 to obtain customers’

financial data. It is usually difficult to determine who is behind such technology-enabled crimes because

they hide their identities (are anonymous) or escape identification in other ways. Some problems are not

as serious or criminal. For example, technology distracts us (fight for our attention) all day and sometimes

interrupts important plays or other events when they are left on. There are moral and ethical issues


associated with technology. Should we tamper with human life using new technology – stem cell

research, cloning etc.? What would we do if we knew we would not be detected? And so on.

The Business Need for Technology Usage Rules and Code of Conduct

A company or organization is usually at the center of, and the source of data in, a lot of highly

publicized cases of data breaches and other technology crimes, such as the Target data breach. The

carelessness or unauthorized behavior of one employee could be the cause of a major crime. To prevent

such events, companies invest in secure security systems, put appropriate controls in place, and set

technology usage policies, among other actions. Technology usage policies, sometimes called Authorized

Use Policies, include rules governing the use of computers at work, especially areas important to security

such as the download of software on company computers, the securing of passwords, and the use of

personal devices at work. The company sets rules to minimize the risk that a data breach or other security

event may occur.

There may be a separate code of conduct that outlines how employees are expected to behave.

Codes of conduct cover areas such as integrity and the reporting of violations. Many organizations have a

broad code of conduct that applies to all employees, not just information technology (IT) employees.

Such codes of conduct will apply to instances where an IT employee who has access to privileged

information wants to use the information for personal gain.

Technology usage policies at a company may also cover areas that are not purely security-related

such as employee monitoring and posts on social media websites when the employee is at the office and

even away from the office. The need to be aware of issues such as harassment (sexual, racial or other) is a

reason to access employee emails or monitor employee emails or other activity. Employee monitoring

may also be needed to ensure employes are productive at work. Companies may limit posts on social

media websites such as Facebook or Twitter because an employee can divulge sensitive information or

cause harm to the company’s reputation through posts on those websites.

Employees’ Rights and Usage of Technology


Employees as individuals have rights such as the right to privacy and the right to be treated with

respect and fairness. In the United States, laws such as the Fourth Amendment to the Constitution protect

the privacy of citizens by prohibiting unreasonable government searches and seizures and allowing for

legitimate expectations of privacy.

A company could easily “wade into the details of an employee’s private life” far beyond what is

required for their purposes (Dillon et al.,2008). This can occur when an employer reviews an employee’s

emails (to and from his company email address) for one purpose and stumbles upon other problems, for

example. This was the issue in a 1996 Massachusetts case where an employer that had no policy

regarding personal use of email, reviewed an employee’s email because the employee was thought to be

spending a large amount of time using company computers for personal business (Dillon et sl.,2008). The

employer found emails indicating an extra-marital affair with another employee. The company fired both

employees, claming that it found an excessive use of email for personal business, but did not dismiss the

employees because of the content of emails. The court found an issue with the employer’s reading of the

email messages because the employee had a reasonable expectation of privacy.

Companies should have technology usage policies that provide information on employee

monitoring and other such company practices, and inform employees of the policies. Company policies

determine employee expectations, which in turn determine what employees should object to. Employers

must communicate and implement the policy.

In addition to the privacy of emails created by an employee, there is the issue of information

disseminated about an employee in emails created by others. In the case Meloff v. The NewYork Life

Insurance Company, an employee who was fired claimed that her manager (the employer) defamed her

by sending a sensational email about her issue with the company to other managers which was then

forwarded to other employees and managers who had worked with her. The court awarded her $250,000

in compensatory damages and $1,000,000 in punitive damages.

For IT employees or other administrative employees who have access to privileged information,

there is the issue of these employees reviewing information they should not review such as salaries of


employees and emails. The access rights of these individuals allow them to review information they may

need in the future, but not to review this information because they are curious. Surveys such as the 2008

Cyber-Ark survey found that about 33% of IT staff used administration rights to inappropriately access

privileged information such as human resources records, layoff lists and customer databases (Brooks,

2010).

Development and Enforcement of Technology Usage Rules

Companies determine the technology usage and behavior rules that fit their situation, considering

issues such as the need to protect data, corporate culture, and employees’ rights. It would clearly benefit

companies to closely monitor the activities of employees at work, especially companies that operate in

some industries, such as banking and finance, but they need to consider other issues such as employee

rights. Rules and written policies outlining the company’s requirements and expectations for employees

must be developed for different areas of IT such as security, email use, internet use, software

development, and remote access to systems (when working from home, for example). The rules may have

different levels of granularity. For example, rules on internet use may specify that websites such as

pornographic sites must not be accessed at work. Other rules may be at a higher level. The rules vary

from company to company, but there are a lot of similarities. Rules such as security-related rules and

rules on limiting internet use are common to most companies.

Many of the technology usage rules, such as internet use rules, are implemented using

technology. The way a rule is implemented (using technology) may ensure enforcement of the rule. For

example, the company may use a software program to block access to websites employees are not

permitted to visit so that employees are unable to view or open those websites when on the internet. There

may be other implementations that permit access but notify the user that they are accessing a questionable

website.

When the implementation does not ensure strict enforcement of a rule, the company may penalize

or punish the user for violating the policy. The company may suspend account access if certain conditions

are met or terminate an employee for serious violations. The company must determine when to enforce


the rules as well as the specific punishment. However, there are cases where the company is willing to

overlook some employee violations to ensure specific employees are happy and remain with the

organization (Brooks, 2010). IT professionals who monitor employee activity for violations or

wrongdoing may have different ideas about whether a rule was broken and should be reported. This

‘selective’ enforcement of technology usage policies is problematic.

It is interesting that for the implementation of technology usage rules, inconsistent punishment

for violations is a problem. And, the consistemt blocking of websites and implementation of rules is

viewed as positive. One criticism of information systems is the ‘hard coding’ of rules into the operation of

the system so that there is no change even when one is justified due to ethical reasons. Brooks (2010)

refers to this automation of decision-making as subsumption ethics. The system is unable to stop the

processing output even if there are unethical impacts.

There may be cases where the policy does not address specific scenarios or issues. In the past and

maybe for some companies today, the use of personal devices (computers, cell phones or tablets) or

personal email at work and for work is one such area. Issues may arise concerning the employer’s access

and pwnership of data on the employee’s personal device. Employers should have a formal BYOB (Bring

Your Own Device) program with “clear guidelines that establish expectations for both the employer and

employee” (Richter, 2015). A written BYOD agreement is part of the BYOB program as well as

procedures for deleting company data from an employee’s device when the employee leaves the company

or at some other appropriate time.

Preparing Employees to Be More Ethical

Company policies are meant to prevent/stop certain behaviors. Training and education is another

way to attack the problem. Ethics education in colleges and universities (higher education) is seen as a

way to improve the ethical decision-making and behavior of young people before they enter the

workforce. With ethics education, American youth should understand that stealing, lying and cheating

(behaviors they admitted to in a 2008 survey by Josephson Institute) is unethical and has no place in the

workplace.


There is evidence that ethics training and education produce results. Ethics training has been

shown to improve the ethical decision-making of managers. Studies also indicate that ethics education

increased the ethical competence of students (nursing students). Through ethics education, the students

were more aware of ethical issues and their complexity and could apply analytical and problem-solving

skills to ethics. The students became more self-aware with more understanding of their personal qualities

and limitations and also discovered personal and professional values (Cannaerts, Gastmans, & Casterlé,

2014).

There are, however, different ideas on the type of training and/or teaching methods that are more

effective. Traditional ethics education is all philosophy, emphasizing the careful analysis of moral

concepts and the study of normative theories and principles” (Hartner, 2015). Now, there is the belief that

ethics training should be more practical by including the review of real-world scenarios and cases. Case

studies (the use of case studies viewed as a teaching method) are considered an appropriate way to

understand ethical concepts and their applications and are also helpful for developing ethical decision-

making skills. However, some students believe case studies can be too vague and obvious. Studies show

that innovative teaching methods also work. Hybrid training that is a blend of traditional face-to-face

classroom lectures and e-learning was well received by students. Students also liked problem-based

learning over conventional teaching saying that it promoted skills and capabilities such as self-motivated

learning and critical thinking.

Technical students at colleges and universities tend to take ethics courses other than the generic

ethics course taught by the philosophy department. This is because many undergraduate computer science

programs create their own ethics courses to meet accreditation requirements – requirements to provide

students with a broad understanding of the social and ethical issues associated with computing. A non-

standard course helps to ensure students spend enough time on information-technology-specific case

studies and also have a good assessment of the course.

Ethics training usually does not provide information technology or other professionals with a

code of ethics or a formal list of rules for guiding their behavior. A code of ethics specific to IT


professionals is also not available (Brooks, 2010). Brooks (2010) sees such a code of ethics as important

to creating an appropriate culture. In her research, she asked the eight students enrolled in an online

undergraduate ethics course within a business program for adult learning to develop a code of ethics for

key IT usage challenge areas. Specifically, the students would develop statements, supported by concepts

from ethical thinkers and ethical leaders such as Aristotle, Albert Einstein and Confucius, on how IT

professionals in these areas should behave and/or make decisions. The activity seemed to be a step in the

direction of developing a code of ethics. From the feedback questions presented to students, it seems that

Brooks wants the activity/process to be used in the workplace to develop codes of ethics.

Conclusion

Technological advances have brought benefits as well as problems and challenges. The

inappropriate use of IT presents challenges. The questionable ethics and behaviors of IT professionals

who have broad access to data at the company is a problem.

In an effort to manage and deal with inappropriate behaviors and poor ethics of employees,

companies outline the expected ethics and behaviors of employees in rules/policies governing technology

use. These rules are meant to secure and protect customer data, ensure employees are productive, and

protect the company from liability, among other reasons. When developing the rules, companies need to

consider other isssues such asthe rights of employees. Once developed, implementation of the rules may

be a problem as there may be the inconsistent reporting of violations and punishment.

Training and education on ethics is another way to improve ethical decision-making. Education at

college and universities promise to change the mindset of youth before they enter the workforce. There is

much change and innovation in ethics education. Professors are incorporating online training and using

new teaching methods that all help students figure out how to behave in the workplace. The project to

develop a code of ethics for different IT areas was one such innovation.


References

Brooks, R. (2010). The development of a code of ethics: An online classroom approach to making

connections between ethical foundations and the challenges presented by information technology.

American Journal of Business Education, 3(10), 1-13.

Cannaerts, N., Gastmans, C., & Casterlé, B. d. (2014). Contribution of ethics education to the ethical

competence of nursing students: Educators’ and students’ perceptions. Nursing Ethics, 21(8),

861-878 18p. doi:10.1177/0969733014523166

Dillon, T., Hamilton, A., Thomas, D., & Usry, M. (2008). The importance of communicating workplace

privacy policies. Employee Responsibilities & Rights Journal, 20(2), 119-139.

doi:10.1007/s10672-008-9067-1

Hartner, D. F. (2015). Should ethics courses be more practical?. Teaching Ethics, 15(2), 349-368.

doi:10.5840/tej20158321

Huckabee, G. M., & Kolb, C. (2014). Privacy in the workplace, fact or fiction, and the value of an

authorized use policy (AUP). South Dakota Law Review, 59(1), 35-49.

Mika, K. (2014). The benefit of adopting comprehensive standards of monitoring employee technology

use in the workplace. Cornell HR Review, 1-7.

Mulig, E., Smith, L. M., &Stambaugh, C. T. (2014). Identity hack! Is your company next?.Strategic

Finance, 96(12), 33.

Ottensmeyer, E. J., & Heroux, M. A. (1991). Ethics, public policy, and managing advanced technologies:

The case of electronic surveillance. Journal Of Business Ethics, 10(7), 519-526.

Richter, D. (2015). "Bring Your Own Device” programs: Employer control over employee devices in the

mobile e-discovery age. Tennessee Law Review, 82(2), 443-459.

moorefmgt7019-5_final

Documents