moorefmgt7019-5_final
TRANSCRIPT
NORTHCENTRAL UNIVERSITYASSIGNMENT COVER SHEET
Student: Fahmeena Odetta Moore
THIS FORM MUST BE COMPLETELY FILLED IN
Follow these procedures: If requested by your instructor, please include an assignment cover sheet. This will become the first page of your assignment. In addition, your assignment header should include your last name, first initial, course code, dash, and assignment number. This should be left justified, with the page number right justified. For example:
MooreFMGT7019-5 1
Save a copy of your assignments: You may need to re-submit an assignment at your instructor’s request. Make sure you save your files in accessible location.
Academic integrity: All work submitted in each course must be your own original work. This includes all assignments, exams, term papers, and other projects required by your instructor. Knowingly submitting another person’s work as your own, without properly citing the source of the work, is considered plagiarism. This will result in an unsatisfactory grade for the work submitted or for the entire course. It may also result in academic dismissal from the University.
MGT7019-8 Professor Jo Ann Davis
Ethics in Business Week 5 Assignment
Faculty Use Only
<Faculty comments here>
<Faculty Name> <Grade Earned> <Date Graded>
Running Head: ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 1
Ethics and Information Technology
By Fahmeena Odetta Moore
Northcentral University
April 10, 2016
MGT7019-8
Professor Davis
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 2
Ethics and Information Technology
In this paper, I review ethical issues associated with information technology usage, particularly
the ethical decisions of information technology professionals. First, I look at how technological advances
hsve impacted society then discuss the business need for technology usage rules and code of
conduct/ethics for employees of an organization. This is followed by the main rights of employees that
must be considered and then issues related to the development and enforcement of the technology usage
rules and code of conduct. Then, I look at how training and education could lead to more ethical decision-
making by all information technology professionals. As required, the main article used for the paper is:
“The Development Of A Code Of Ethics: An Online Classroom Approach To Making Connections
Between Ethical Foundations And The Challenges Presented By Information Technology” (Brooks,
2010).
Within the last two decades, there has been a lot of change and growth in technology and
technology usage. There has been the creation of social networking websites such as Facebook and
Twitter, the development of new (smart) mobile phones that provide access to the internet, the availability
of online courses, the availability of street directions and maps online to assist the average citizen to get
from one place to another, and so on. These changes have had much impact on society. Some have led to
improvements such as increased connectedness and communication across the world (the world now
seems smaller) and the ability for the average citizen to record events/problems and to report what they
found. Technology has also brought problems and challenges. We read about, and some are affected by,
news of data breaches, identity theft, and financial crimes using technology. For example, there was the
unauthorized access and download of payment card data of 40 million customers (data breach) at Target
in December 2013. Another is the hack of JP Morgan’s systems in October 2013 to obtain customers’
financial data. It is usually difficult to determine who is behind such technology-enabled crimes because
they hide their identities (are anonymous) or escape identification in other ways. Some problems are not
as serious or criminal. For example, technology distracts us (fight for our attention) all day and sometimes
interrupts important plays or other events when they are left on. There are moral and ethical issues
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 3
associated with technology. Should we tamper with human life using new technology – stem cell
research, cloning etc.? What would we do if we knew we would not be detected? And so on.
The Business Need for Technology Usage Rules and Code of Conduct
A company or organization is usually at the center of, and the source of data in, a lot of highly
publicized cases of data breaches and other technology crimes, such as the Target data breach. The
carelessness or unauthorized behavior of one employee could be the cause of a major crime. To prevent
such events, companies invest in secure security systems, put appropriate controls in place, and set
technology usage policies, among other actions. Technology usage policies, sometimes called Authorized
Use Policies, include rules governing the use of computers at work, especially areas important to security
such as the download of software on company computers, the securing of passwords, and the use of
personal devices at work. The company sets rules to minimize the risk that a data breach or other security
event may occur.
There may be a separate code of conduct that outlines how employees are expected to behave.
Codes of conduct cover areas such as integrity and the reporting of violations. Many organizations have a
broad code of conduct that applies to all employees, not just information technology (IT) employees.
Such codes of conduct will apply to instances where an IT employee who has access to privileged
information wants to use the information for personal gain.
Technology usage policies at a company may also cover areas that are not purely security-related
such as employee monitoring and posts on social media websites when the employee is at the office and
even away from the office. The need to be aware of issues such as harassment (sexual, racial or other) is a
reason to access employee emails or monitor employee emails or other activity. Employee monitoring
may also be needed to ensure employes are productive at work. Companies may limit posts on social
media websites such as Facebook or Twitter because an employee can divulge sensitive information or
cause harm to the company’s reputation through posts on those websites.
Employees’ Rights and Usage of Technology
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 4
Employees as individuals have rights such as the right to privacy and the right to be treated with
respect and fairness. In the United States, laws such as the Fourth Amendment to the Constitution protect
the privacy of citizens by prohibiting unreasonable government searches and seizures and allowing for
legitimate expectations of privacy.
A company could easily “wade into the details of an employee’s private life” far beyond what is
required for their purposes (Dillon et al.,2008). This can occur when an employer reviews an employee’s
emails (to and from his company email address) for one purpose and stumbles upon other problems, for
example. This was the issue in a 1996 Massachusetts case where an employer that had no policy
regarding personal use of email, reviewed an employee’s email because the employee was thought to be
spending a large amount of time using company computers for personal business (Dillon et sl.,2008). The
employer found emails indicating an extra-marital affair with another employee. The company fired both
employees, claming that it found an excessive use of email for personal business, but did not dismiss the
employees because of the content of emails. The court found an issue with the employer’s reading of the
email messages because the employee had a reasonable expectation of privacy.
Companies should have technology usage policies that provide information on employee
monitoring and other such company practices, and inform employees of the policies. Company policies
determine employee expectations, which in turn determine what employees should object to. Employers
must communicate and implement the policy.
In addition to the privacy of emails created by an employee, there is the issue of information
disseminated about an employee in emails created by others. In the case Meloff v. The NewYork Life
Insurance Company, an employee who was fired claimed that her manager (the employer) defamed her
by sending a sensational email about her issue with the company to other managers which was then
forwarded to other employees and managers who had worked with her. The court awarded her $250,000
in compensatory damages and $1,000,000 in punitive damages.
For IT employees or other administrative employees who have access to privileged information,
there is the issue of these employees reviewing information they should not review such as salaries of
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 5
employees and emails. The access rights of these individuals allow them to review information they may
need in the future, but not to review this information because they are curious. Surveys such as the 2008
Cyber-Ark survey found that about 33% of IT staff used administration rights to inappropriately access
privileged information such as human resources records, layoff lists and customer databases (Brooks,
2010).
Development and Enforcement of Technology Usage Rules
Companies determine the technology usage and behavior rules that fit their situation, considering
issues such as the need to protect data, corporate culture, and employees’ rights. It would clearly benefit
companies to closely monitor the activities of employees at work, especially companies that operate in
some industries, such as banking and finance, but they need to consider other issues such as employee
rights. Rules and written policies outlining the company’s requirements and expectations for employees
must be developed for different areas of IT such as security, email use, internet use, software
development, and remote access to systems (when working from home, for example). The rules may have
different levels of granularity. For example, rules on internet use may specify that websites such as
pornographic sites must not be accessed at work. Other rules may be at a higher level. The rules vary
from company to company, but there are a lot of similarities. Rules such as security-related rules and
rules on limiting internet use are common to most companies.
Many of the technology usage rules, such as internet use rules, are implemented using
technology. The way a rule is implemented (using technology) may ensure enforcement of the rule. For
example, the company may use a software program to block access to websites employees are not
permitted to visit so that employees are unable to view or open those websites when on the internet. There
may be other implementations that permit access but notify the user that they are accessing a questionable
website.
When the implementation does not ensure strict enforcement of a rule, the company may penalize
or punish the user for violating the policy. The company may suspend account access if certain conditions
are met or terminate an employee for serious violations. The company must determine when to enforce
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 6
the rules as well as the specific punishment. However, there are cases where the company is willing to
overlook some employee violations to ensure specific employees are happy and remain with the
organization (Brooks, 2010). IT professionals who monitor employee activity for violations or
wrongdoing may have different ideas about whether a rule was broken and should be reported. This
‘selective’ enforcement of technology usage policies is problematic.
It is interesting that for the implementation of technology usage rules, inconsistent punishment
for violations is a problem. And, the consistemt blocking of websites and implementation of rules is
viewed as positive. One criticism of information systems is the ‘hard coding’ of rules into the operation of
the system so that there is no change even when one is justified due to ethical reasons. Brooks (2010)
refers to this automation of decision-making as subsumption ethics. The system is unable to stop the
processing output even if there are unethical impacts.
There may be cases where the policy does not address specific scenarios or issues. In the past and
maybe for some companies today, the use of personal devices (computers, cell phones or tablets) or
personal email at work and for work is one such area. Issues may arise concerning the employer’s access
and pwnership of data on the employee’s personal device. Employers should have a formal BYOB (Bring
Your Own Device) program with “clear guidelines that establish expectations for both the employer and
employee” (Richter, 2015). A written BYOD agreement is part of the BYOB program as well as
procedures for deleting company data from an employee’s device when the employee leaves the company
or at some other appropriate time.
Preparing Employees to Be More Ethical
Company policies are meant to prevent/stop certain behaviors. Training and education is another
way to attack the problem. Ethics education in colleges and universities (higher education) is seen as a
way to improve the ethical decision-making and behavior of young people before they enter the
workforce. With ethics education, American youth should understand that stealing, lying and cheating
(behaviors they admitted to in a 2008 survey by Josephson Institute) is unethical and has no place in the
workplace.
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 7
There is evidence that ethics training and education produce results. Ethics training has been
shown to improve the ethical decision-making of managers. Studies also indicate that ethics education
increased the ethical competence of students (nursing students). Through ethics education, the students
were more aware of ethical issues and their complexity and could apply analytical and problem-solving
skills to ethics. The students became more self-aware with more understanding of their personal qualities
and limitations and also discovered personal and professional values (Cannaerts, Gastmans, & Casterlé,
2014).
There are, however, different ideas on the type of training and/or teaching methods that are more
effective. Traditional ethics education is all philosophy, emphasizing the careful analysis of moral
concepts and the study of normative theories and principles” (Hartner, 2015). Now, there is the belief that
ethics training should be more practical by including the review of real-world scenarios and cases. Case
studies (the use of case studies viewed as a teaching method) are considered an appropriate way to
understand ethical concepts and their applications and are also helpful for developing ethical decision-
making skills. However, some students believe case studies can be too vague and obvious. Studies show
that innovative teaching methods also work. Hybrid training that is a blend of traditional face-to-face
classroom lectures and e-learning was well received by students. Students also liked problem-based
learning over conventional teaching saying that it promoted skills and capabilities such as self-motivated
learning and critical thinking.
Technical students at colleges and universities tend to take ethics courses other than the generic
ethics course taught by the philosophy department. This is because many undergraduate computer science
programs create their own ethics courses to meet accreditation requirements – requirements to provide
students with a broad understanding of the social and ethical issues associated with computing. A non-
standard course helps to ensure students spend enough time on information-technology-specific case
studies and also have a good assessment of the course.
Ethics training usually does not provide information technology or other professionals with a
code of ethics or a formal list of rules for guiding their behavior. A code of ethics specific to IT
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 8
professionals is also not available (Brooks, 2010). Brooks (2010) sees such a code of ethics as important
to creating an appropriate culture. In her research, she asked the eight students enrolled in an online
undergraduate ethics course within a business program for adult learning to develop a code of ethics for
key IT usage challenge areas. Specifically, the students would develop statements, supported by concepts
from ethical thinkers and ethical leaders such as Aristotle, Albert Einstein and Confucius, on how IT
professionals in these areas should behave and/or make decisions. The activity seemed to be a step in the
direction of developing a code of ethics. From the feedback questions presented to students, it seems that
Brooks wants the activity/process to be used in the workplace to develop codes of ethics.
Conclusion
Technological advances have brought benefits as well as problems and challenges. The
inappropriate use of IT presents challenges. The questionable ethics and behaviors of IT professionals
who have broad access to data at the company is a problem.
In an effort to manage and deal with inappropriate behaviors and poor ethics of employees,
companies outline the expected ethics and behaviors of employees in rules/policies governing technology
use. These rules are meant to secure and protect customer data, ensure employees are productive, and
protect the company from liability, among other reasons. When developing the rules, companies need to
consider other isssues such asthe rights of employees. Once developed, implementation of the rules may
be a problem as there may be the inconsistent reporting of violations and punishment.
Training and education on ethics is another way to improve ethical decision-making. Education at
college and universities promise to change the mindset of youth before they enter the workforce. There is
much change and innovation in ethics education. Professors are incorporating online training and using
new teaching methods that all help students figure out how to behave in the workplace. The project to
develop a code of ethics for different IT areas was one such innovation.
ETHICS AND INFO TECHNOLOGY MOOREFMGT7019-5 9
References
Brooks, R. (2010). The development of a code of ethics: An online classroom approach to making
connections between ethical foundations and the challenges presented by information technology.
American Journal of Business Education, 3(10), 1-13.
Cannaerts, N., Gastmans, C., & Casterlé, B. d. (2014). Contribution of ethics education to the ethical
competence of nursing students: Educators’ and students’ perceptions. Nursing Ethics, 21(8),
861-878 18p. doi:10.1177/0969733014523166
Dillon, T., Hamilton, A., Thomas, D., & Usry, M. (2008). The importance of communicating workplace
privacy policies. Employee Responsibilities & Rights Journal, 20(2), 119-139.
doi:10.1007/s10672-008-9067-1
Hartner, D. F. (2015). Should ethics courses be more practical?. Teaching Ethics, 15(2), 349-368.
doi:10.5840/tej20158321
Huckabee, G. M., & Kolb, C. (2014). Privacy in the workplace, fact or fiction, and the value of an
authorized use policy (AUP). South Dakota Law Review, 59(1), 35-49.
Mika, K. (2014). The benefit of adopting comprehensive standards of monitoring employee technology
use in the workplace. Cornell HR Review, 1-7.
Mulig, E., Smith, L. M., &Stambaugh, C. T. (2014). Identity hack! Is your company next?.Strategic
Finance, 96(12), 33.
Ottensmeyer, E. J., & Heroux, M. A. (1991). Ethics, public policy, and managing advanced technologies:
The case of electronic surveillance. Journal Of Business Ethics, 10(7), 519-526.
Richter, D. (2015). "Bring Your Own Device” programs: Employer control over employee devices in the
mobile e-discovery age. Tennessee Law Review, 82(2), 443-459.