Ethical Work Practices in IT

Submitted by coleen.yan@edd… on Mon, 04/15/2024 - 16:56
Sub Topics

 

Practice

Go to the Yoobee Build Sandbox in Practice Lab's and undertake:

  • Secure Data Disposal Methods
  • Safety and Environmental Procedures
  • Privacy, Licensing & Policy Concepts
Explore 
Explore Lesson 19 and 20 of the CompTIA A+ resource.

Ethics in the IT world

There are certain protocols to the way that things are done in IT. There are three main documents that govern the decisions made. They are:

  1. New Zealand Institute of Information Technology Professionals (ITP) code of practice and code of ethics
  2. The ITIL document – started out as a guideline for manufacturers developed by but is now the guide to way services are provided in IT. This covers things such as seeking to continually improve and resulting recommendations around ticketing, project management and much more.
  3. Te Tiriti o Waitangi – is a cornerstone document in New Zealand and IT projects conducted in New Zealand are guided by agreement. The principles in the Tiriti are of partnership, protection, and participation. Over the last few years it has been argued that these principles were self-serving because defined by the Government for use by Government.

Aside from these three core  documents there is also the legal framework that must be abided by:

  • Legal framework – while there are some pieces of legislation that are generic, such as the Health and Safety laws, there are specific pieces of legislation such as Data Privacy Act of 2020 and Copyright Act of 1994 and the computer programs section of the Patents Act 2013.

The role of IT Infrastructure Library(ITIL)

Originally designed by the UK Government for their IT systems it has been widely adopted inside and outside IT. The fundamental concept behind ITIL is “always improving”. It is also about how a service provider can improve. There are number of ways that the Main Service Providor (MSP) are encouraged to improve:

These are some practical recommendations that come out of the framework. If you look at:

  1. What Is ITIL? A Beginner’s Guide to the ITIL Process | Coursera you will see that it covers every aspect of business including financial systems. 
  2. New Zealand Institiute for Information Technology Professionals (ITP) is a comprehensive overview of the recommendations.

While ITIL covers how things should be done, and why they should be done like that, the ITP covers the code of ethics for IT professionals in New Zealand. There are ten tenets to the code of ethics. They are covered in the ITP Code of Ethics and are based upon the principles of:

  • Respect for the individual,
  • Protecting the interests of the client,
  • Bettering the community, and
  • Professional integrity.

The values that the code of ethics is based on are:

  • Competence,
  • Truth,
  • Social Justice, and
  • Ethical behaviour

Ethics and Data

System Administrator Working in a Dark Research Facility on a Computer with Multiple Displays.

At the heart of the ethics is that the data belongs to the individual or the organisation and the protection of intellectual property.

Data about someone belongs to the person it is about. Personal details about a person cannot be collected without the person’s authority.Data created by an organisation belongs to that organisation. Just as taking something that belongs to another person is theft, so taking data without the authorisation of the owner of the data is also theft. In the same way if you find something that belongs to another person the right thing to do is to find a way to return it to the person when it is possible. If you find data belonging to someone or an organisation there is an ethical responsibility to not use that data but to notify the owner and destroy it.

Within software every licence represents the owner of the intellectual property of the software granting the right for others to use that intellectual property within certain boundaries. Some owners allow it to be freely used and modified by others while other owners restrict the use to authorised users being allowed to run the software. Most commercially available software has licences that allow users to run the software but not decompile or reverse engineer it and can only be used in certain ways. Some restrict how many times the package can be installed, others how many installations can run at the same time.

The End Users License Agreement (EULA)

The End Users License Agreement (EULA) will stipulate the restrictions and the responsibility to comply is with the licence holder of the software. When a software package is purchased, it is a licence to use the software that is being purchased, not ownership of the software. If software is found to be used without an appropriate licence the correct response will depend on the circumstances. It may be as simple as encouraging the purchase of an appropriate licence or removal of the software.

Respect within the IT industry will require advising clients how to operate within the law and licensing provisions of the software while respecting the rights of individuals and organisations, including software licences.

While the principles sound simple, they implementation can be complex and often subject to personal value judgements.

These include things such as:

  • How much PD is required to stay current?
  • What determines an area of competence?
  • What is “betterment of the community”?

There are other things, however, such as many of the “isms” (racism, sexism, ageism, etc) that are not tolerated within the New Zealand law or the ITP ethics.

Activity

Some situations to consider and then discuss in your next Live Session or on the Hardware Task Forum with your peers:

  1. A client has purchased a hard drive, but found after installing it, that it was not the correct specifications for what is required. The client has returned it. Is it okay to sell it as new? Should it be reformatted before being sold?
  2. A client suspects that employees are stealing and requests that you install CCTV cameras throughout a complex, including in staff locker rooms. Is this a valid request?
  3. A client requests a particular component that you do not have access to. You do have access to another component that does the same job, and is higher specs than the one requested by the client. They, however, insist on the original component. What should you do?
  4. A client returns a part under warranty, but the serial number does not match the one on the invoice for the sale. Should it be replaced under warranty?
Supervisor Holds Briefing for His Employees in System Control Center

A 'code of ethics' guides the principles designed to help professionals conduct their business ethically and fills in the gaps that laws and regulations fail to reach. It considers the interests of the public, community and clients and ensures their rights are at the forefront of the professionals' actions.

The ITP Code of Ethics is a binding document issued under the authority of the Constitution of the Institute of IT Professionals NZ Inc (the formal name for ITP).

This membership provides trust and assurance to clients and the public as should an ITP member breach the Code of Ethics, the client or a member of the public have the right to complain to ITP, initiating a process for dealing with complaints.

The code of ethics is split into 3 categories:

  1. The code
  2. Guidelines and interpretations to support the principles
  3. Disciplinary process explaining the steps taken to handle complaints.

Principles of ITP

There are 8 principles within the ITP:

Computer technicians should treat people with respect, dignity and good faith, and without discrimination. They must have consideration for their values and cultural sensitivities.

Computer technicians should perform their duties with integrity, dignity and honour to merit the community's trust. They should always maintain honesty skills and take the initiative to contribute positively to the wellbeing of society.

Computer technicians should be community-focused and focus on the community's needs instead of private or professional interests to themselves or other members.

Computer technicians should apply their skills and knowledge in the interest of their clients or employers and not work to compromise their skills based on their interests.

Computer technicians should participate in continual improvement and professional development to develop their skills and expertise. This is to improve their wisdom and knowledge regarding their profession and to provide the best service to all clients.

Computer technicians shall take reasonable steps to inform their clients of the job task and what is involved before commencing work. They should inform them of economic, social, environmental or legal consequences which may arise from their actions.

Technicians shall inform their clients or employers of any conflict of interest that may impact their quality of service.

Computer technicians should always follow professional practice and provide services only within their competence areas to ensure the quality of work is guaranteed.

All members must adhere to these practices within the Code of Ethics, or they may have to deal with disciplinary processes.

Complaints and disciplinary action

If an individual breaches the code of ethics, a complaint may be made against them, and disciplinary action will be taken.

The individual must complete the complaint by providing the details of the alleged breach and attaching any documentation. A hearing will then be conducted by the ITP discipline and professional conduct board, where they make a final decision having heard both parties involved.

How ethical practices affect IT professionals

Team of Three Multiethnic Diverse Software Developers Talk

Ethical issues such as how we treat others, use information, engage with employees, manage resources and approach sustainability can impact how employees and clients view organisations.

Businesses in IT need to adhere to any legal requirements. However, there are also ethical issues that laws and regulations may miss. IT professionals need to strive to ensure personal information and data are used appropriately, and professionalism is at the forefront of their roles.

Examples of ethical concerns within the IT industry may include:

  • Misuse of personal information
  • Personal privacy and unauthorised access
  • Misinformation
  • Lack of oversight
  • Taking advantage of consumers
    • incorrect pricing
    • providing them with service that is not quality
  • Respect for employees and customers
  • Moral use of data and resources.
A diagram depicting Deloitte's five steps for a more holistic approach to ethics in the technology industry

Deloitte (the multinational professional services network) has created a 5-step holistic approach (illustrated above) to work through ethical issues within their organisation. 

  • Ensure alignment to purpose and values
  • Create feedback loops to incorporate learning
  • Alter project management practices
  • Seek out strong external networks and education skills
  • Get applied as fast as possible
  • Build on existing organisational capabilities
  • Start with education programs for select groups
  • Identify board members and executives to lead
  • Connect the dots across the organisation
  • Modify performance plans and establish metrics
  • Engage in deep research at the beginning of projects
  • Assemble a diverse group of employees to help
  • Use formal tools and methods to explore ethical challenges
  • Develop industry-wide research agendas, training and standards
  • Leverage neutral parties for facilitation
  • Create safe spaces for industry discussion
  • Look to overcome difficulties in cooperation

Some effective approaches include:

  • Ensuring the organisation's purpose and values are confidently shared and known to all employees
  • Implementing regular learning and training to support feedback and growth in ethical concerns and actions
  • Hiring professionals who can provide knowledge and experience in dealing with ethical dilemmas
  • Designing and facilitating regular educational programs
  • Understanding that everyone should be responsible for ethical decision-making.

Deloitte uses an ethical business life cycle that details how their organisation acknowledges and acts on ethical concerns. The diagram below details how they evaluate their practices to ensure ethical responsibility is practiced.

Ethical introspection across the business lifecycle

At each stage, and across all stages, companies should consider key ethical concerns.

A diagram depicting Deloitte's business process lifecycle stages
  • What is your purpose?
  • What responsibilities do you have for society?
  • How do your leadership and governance amplify your core values?
  • What are the ethical implications of your business model?
  • Does your marketing respect the diverse values of your customers?
  • What are the diverse values of your users?
  • What ethical principles are guiding your designs?
  • Does dialogue between different areas of your company inform design?
  • How do you make things and who makes things for you?
  • How do you measure the ethics of your supply chain?
  • Is your distribution equitable whenever possible?
  • What happens to end-of-life products?
  • How do you improve upon your products and services?
  • How does your organisation evolve and learn from new experiences?

IT organisations have now shifted their focus on profit. They have now implemented ways to be more ethically and socially aware of their environment and their people. They consider ethical complications and navigate to find strategies to prevent unanticipated consequences.

In the end, it’s not just about creating ethical and trustworthy technology, but enabling the entire industry to make ethical and trustworthy decisions more easily.

'Social responsibility' can be defined as: individuals and businesses acting in the best interests of their environment and society as a whole. The business must do no harm and acknowledge how its actions can affect the community.

Based on this, it is believed that businesses should, in addition to the law, act ethically to meet the expectations of societal expectations and participate in actions that give back to the community.

Aspects of social responsibility

Social responsibility can be divided into 4 areas.

  1. Economic aspects: One aspect of being socially responsible includes economic prosperity. Businesses need to remain profitable to provide value to their employees and stakeholders.
  2. Legal aspects: Businesses must follow the law as they have a legal obligation. Some standards must be adhered to; otherwise, they will face legal consequences.
  3. Ethical aspects: Acting ethically can be defined as: working through the areas that law does not reach. It allows businesses to breach the gap and go above and beyond to meet society's expectations. This can include policies of businesses to increase the wellbeing of their staff.
  4. Philanthropic aspects: This is the idea that businesses should continually give back to society in money, actions, charity and other forms of donations (e.g. a business donating a certain percentage of its sales to an organisation).
A diagram depicting the aspects of social responsibility

Social responsibility focuses on how businesses can give back to society in good faith. Businesses are now focusing on caring for the environment, with many adopting 'green' policies to cut back on omissions, energy, paper and partaking in green activities in the community.

Individuals within an organisation also have the social responsibility to 'give back' to the community. These can include:

  • Charitable acts
  • Working for the community (e.g. volunteering, making blood donations and working at a food bank or animal shelter)
  • Supporting issues that affect society, such as advocating political or social issues that can help others (e.g. advocating for child labour laws, purchasing fair trade products, recycling)
  • Individual ethics, such as integrity and honesty. These individual ethics can also include the 'golden rule': treat others how you wish to be treated. This might mean empathy and a sense of fairness.
A Levis logo, stiched on to the back of a pair of their iconic jeans

Levis Strauss & Co. has been a leader at the forefront of social responsibility. The following video demonstrates their objectives and how they give back to support their community.

Throughout many industries, and especially the IT industry, there is a big push to go 'green' and focus on sustainable practices that minimise negative impacts on the environment.

Within the IT industry, sustainable practices include how products are manufactured and the management and disposal of information technology.

The IT industry has a huge opportunity in terms of reducing its consumption and complexity and utilising assets more effectively to drive down the carbon footprint
– Vijay Sankaran, former Director of Infrastructure Operations at Ford

As an IT professional, there are many ways in which you can support sustainability within your role. Consider the options noted below.

  • Collate servers--by maximising your data space to minimise cooling and energy costs.
  • Follow practices including:
    • automate lights, security and outdoor cooling controls
    • separate hardware aisles based on hot and cold temperatures
    • aim for a power usage effectiveness of 1.2 or lower
    • unplug any servers that are using energy but are not in use
    • upgrade to smart power strips that cut down on energy when devices are not in use.
  • Migrate to the cloud to save storage space and resource consumption.
  • Purchase equipment that is rated highly for energy efficiency.
  • Recycle equipment and materials.
  • Buy remanufactured or refurbished products and equipment.

This environment is a positive move away from the old linear product creation style of ‘take-make-dispose’ to a more sustainable ‘make-use-recycle’ route, which will ultimately help the environment and provide better practices within the technology industry.

Watch

To see the environmental impacts of technology, click on the following video.

Equity in the workplace can be defined as: fair and unbiased practices that provide inclusive practices to all individuals, no matter their circumstances or situations.

Organisations look to identify and acknowledge specific needs relating to demographics, ethnicity, gender, disabilities and more. They identify the struggles faced and consider these when developing their inclusion practices. This encourages all employees to feel supported and succeed within an inclusive workplace.

A diagram depicting an inclusive workplace

Providing accessibility and equity to all employees begins with understanding their needs. By listening to their employees, organisations can identify and develop solutions and programs to accommodate barriers. Options may include mentoring, educational opportunities (like workshops and seminars), developing policies, and adjusting the work environment to cater to any physical or mental disabilities.

A young professional taking their team through an upcoming initiative in a modern office

Instructions:

Organisations around the world understand the necessity to run their business ethically. They recognise the need to:

  • Go ‘green’ by applying reduce, reuse and recycle efforts
  • Have sustainable work habits and practices for staff
  • Acknowledge and respect diversity in all aspects of cultural, gender, belief and accessibility opportunities, etc.
  • Be part of the EEO (Equal Employment Opportunities) movement.

Research organisations you have come across in the past and take note of their efforts in creating a sustainable work environment, with emphasis on their IT resource management.

Share, discuss and compare with your peers In the Hardware task Forum

Module Linking
M00216C
Main Topic Image
Team of Diverse Multiethnic Software Developers Working on Computers
Is Study Guide?
Off
Is Assessment Consultation?
Off