Analysis using Doing Ethics Technique

The importance of business ethics has grown substantially with the increase in unethical behaviour of organisations and individuals in the business sector. In case of information and technology industry, the role of ethics has grown as well, and organisations focus on implementing a code of conduct in order to ensure that ICT professionals perform their operations ethically (Burmeister, 2017). In the information and communication technology field, the professionals deal with the confidential data of clients along with confidential information about the company, therefore, they have to maintain a high level of standard of care to ensure that they did not violate the privacy of clients or the organisation. In this paper, a case study relating to ICT professional will be evaluated to understand various key issues including confidentiality of information, privacy, and security of clients’ data, professional conduct and others. The case study will be analysed through the Doing Ethics Technique (DET) which focuses on giving the answers to the simple question in order to identify the ethical dilemma in a particular case and find out relevant solutions for the ethical issues raised in the case study. This report will also use the Code of Ethics given by the Australian Computer Society (ACS) to identify the ethical dilemmas raised in the case study and what necessary measures should be taken by the ICT professionals while facing these issues.

What’s going on?

In this case, Max is working for a large state department which maintains a large database in which the information of clients is stored relating to alcoholism and drug abuse, and some of these details include the name of the clients along with their address. The department has ordered Max to prepare a report based on the data of the clients in order to determine the number of clients who have joined the program for each month in the last five years. Max is required to analyse the length of treatment of clients along with the number of clients who returned for completing the program, criminal histories and others. Max was giving access to these files in the computer of the agency; however, he downloaded the files into his computer in the office. Max decided to work from home in order to complete the task within the given deadline. He burned the information of the clients on a CD to take home. After completing the report, Max forgot to take back the CD back to the office.

What are the facts?

• Max was given access to the database of the agency which included information relating to alcoholism and drug abuse of clients. The names and addresses of the clients are written on the reports given to Max by the agency.
• Max was given authority to work on the mainframe computer of the agency; however, he downloaded the files of the clients onto his office computer.
• In order to work on the report on the weekend, Max decided to take the files to his home. He burned the information onto a CD to take to home and work on the same.
• After completing his report, Max forgot the CD at his home and did not take it back to the office.

What are the issues?

1. Firstly, the agency which keeps the data on the clients regarding their alcoholism and drug abuse write the key information of clients on the reports which include the name of the clients and their addresses.
2. Max has given authority to work on the files on the mainframe computer of the agency; however, he downloads those files onto his office computer without analysing the security capabilities of his office computer.
3. While working under pressure, Max decided to bring the files to his home in order to work over the weekend. He burned the information onto a CD without ensuring the security and brings the CD to his home.
4. Max forgot to bring the CD back to the office after completing the report and leave it at his home.

Who is affected?

Following stakeholders are involved in this case who are affected by this incident.

• Clients

The main stakeholder in this scenario is the clients who data is stored by the agency. The data is collected by the agency which includes private information about the clients which include information regarding their treatment for alcoholism and drug abuse. The agency also puts the names and addresses of the clients on the front of the files which can access by anyone. The agency is not required to put this information on the reports while giving it to Max since he did not have to know about this information while completing his report. Moreover, Max is able to download the information to his office computer without ensuring that it is able to keep the information safe from outside breaches. Max also burned the private data of clients onto a CD and brought it home where anyone can easily access such data. The friends and family of Max can easily saw such data along with the names and addresses of the clients. Max also forgot the CD at his house without keeping it secured; it can be accessed by anyone which can result in losing the confident information of the clients to third parties which could have disastrous effects.

• The Agency

What’s Going On?

The state department is liable for collecting and keeping the data of clients safe which is related to their treatment regarding alcoholism and drug abuse. The agency has failed to ensure that such data is protected from unauthorised access and keep it safe from cybercriminals. The agency also failed to stop Max from downloading the information on his computer and burning it onto a CD. Thus, a lawsuit can be filed against the agency for failure to keeping appropriate standards in order to keep the information of clients secured.

• Max

Without ensuring the security of his office computer, Max downloads the information of clients onto his office computer. It makes it easier for cybercriminals to violate the security of clients by collecting their private data. Max has also burned the information onto a CD without considering the fact that such information can easily access by anyone. While working at home, the friends or family of Max can easily access the confidential data of clients which also includes information regarding their names and numbers. Max also forgets the CD at his home which can get into the hands of wrong people.

What are the ethical issues and implications?

The main ethical issue is related to the confidentiality of the data of clients. The private information regarding clients such as the term of their treatment, addition, medication, and others are given by the agency to Max along with the names and addresses of the clients (Lustgarten, 2015). This is a serious violation of the privacy of the clients. The Utilitarianism theory evaluates the morality of a situation based on the consequences (Jones and Felps, 2013). The consequences in this scenario can be disastrous since the information of clients can be accessed by anyone that includes office employees and cybercriminals. As per the Deontology ethics theory, the morality is judged based on the actions of the parties rather than the consequences. This theory provides that parties should not breach their duties irrespective of the facts whether the consequences are positive or not (Ferrell et al., 2013). In this case, the duty of violated by the agency since it has failed to maintain the confidentially while keeping the clients’ data safe. On the other hand, Max has violated his duties as an ICT professional by engaging in activities which could result in violating the privacy of clients by leaking their confidential data.

What can be done about it?

The agency should improve its security measures and avoid putting confidential information of clients on their reports such as their names and addresses while giving them to their employees. The agency should also prohibit the employees from downloading the confidential data of clients onto their office computer or burning them onto CDs. As an ICT professional, Max should prioritise the privacy of clients and ensure the security of their data is maintained by him.

What are the options?

The first option is that the agency can terminate the decision to conduct a study on the data of clients in order to ensure their security. The second option is that the agency can improve its security infrastructure to avoid putting the critical information of clients on their database and prohibiting the employees from downloading their information on other computers or take them to their homes. The third option is that the agency can fire Max and put the whole blame on him for his actions.

What Are the Facts?

Which option is best – and why?

The second option is the best in this particular scenario because it ensures the confidentiality of the information of clients in the future. By taking appropriate security measures, the agency can ensure that the data of clients is secured from any external access which resulted in protecting the privacy of clients.

The ICT professionals have to ensure that they comply with the code of ethics established by ACS in order to work in a professional manner while ensuring the security of their clients.

• The primacy of the public interest

The ICT professionals have to ensure that they put the interest of public above their personal, business and sectional interests (ACS, 2014). In this case, Max failed to comply with this provision because he failed to put the interest of its clients above others. In order to complete the tasks within appropriate time, he downloaded the data of clients onto his office computer. The code specifies that parties are obligations to verify that the systems on which the data of clients are stores are designed to protect their privacy and enhance their personal dignity. In this scenario, the data is downloaded by Max onto his office computer which the security measures are not appropriate due to which the information can be accessed by third parties or cybercriminals. He also took the CD which contained the information of clients and forgot it there due to which the privacy of clients could be breached. Thus, he failed to put the interest of the public above others.

• The enhancement of quality of life

The ICT professionals have to ensure that they strive to enhance the quality of the life of others who are affected by their work (McDermid, 2015). The clients are affected by the work of Max, and he downloaded their confidential data on the office computer without ensuring the security of the same. Max also downloaded the information onto a CD and brought it home where it could have accessed by anyone; he also forgot the CD at his home. Thus, Max failed to enhance the quality of life of people who are affected by his work, and he puts them at the risk of privacy breach.

• Honesty

The ICT professionals have to be honest while representing their products, services, knowledge, and skills. Max was dishonest towards the agency since he downloaded the information onto the office computer and burned it onto a CD without asking for permission from his seniors, and he did not tell them about the same. He was also using the information carelessly, thus, he has violated this principle.

• Competence

The ICT professionals have to ensure that they work competently and ensure diligence towards their stakeholders. Max was not diligence towards the clients because he carelessly kept the confidential data of clients without considering the fact that it could result in violating their privacy.

• Professional development

The ICT professionals have to ensure that they enhance their own professional development along with their staff. The actions of Max were not focused on developing his professional abilities. He violated his duties towards the agency and the clients by failing to maintain a standard of care to ensure their privacy and confidentiality, thus, Max has violated his principle as well.

• Professionalism

The ICT professionals are required to enhance the integrity of ACS and give respect to its members while dealing with each other (Burmeister, 2013). The actions of Max was not professional at all since he filed to maintain the integrity of the ACS by failing to maintain appropriate standard of care towards the security of the clients.

Conclusion

In conclusion, the ICT professionals and organisations have to ensure that they take appropriate measures to ensure the security of their clients in order to maintain confidentially of their data. In this case, the principles of privacy and confidentially applies. As per the code, the organisations have the obligation to ensure that their computer systems are designed to protect the privacy and enhance the personal dignity of their clients. It is the duty of the organisation to ensure that they implement appropriate and authorised uses of the organisation resources. In this case, the agency should be implemented appropriate policies in order to protect the identities of their clients. Moreover, the family and friends of Max could have accidentally access the private information of clients when he brought the work at home. This could result in adversely harm the reputation of the clients by leaking their private information. Max did not require knowing the private details of clients while preparing his report. Furthermore, Max was carelessly using the confidential information of clients without ensuring the security of their data. Thus, many ethical issues rose in this case due to the organisation and Max, however, both of them were not attentive to avoid these ethical issues ahead of time.

References

ACS. (2014) ACS Code of Professional Conduct. [PDF] Available at: https://www.acs.org.au/content/dam/acs/rules-and-regulations/Code-of-Professional-Conduct_v2.1.pdf [Accessed on 16^th September 2018].

Burmeister, O.K. (2013) Achieving the goal of a global computing code of ethics through an international-localisation hybrid. Ethical Space, 10(4), pp.25-32.

Burmeister, O.K. (2017) Professional ethics in the information age. Journal of Information, Communication and Ethics in Society, 15(4), pp.348-356.

Ferrell, O.C., Crittenden, V.L., Ferrell, L. and Crittenden, W.F. (2013) Theoretical development in ethical marketing decision making. AMS review, 3(2), pp.51-60.

Jones, T.M. and Felps, W. (2013) Shareholder wealth maximization and social welfare: A utilitarian critique. Business Ethics Quarterly, 23(2), pp.207-238.

Lustgarten, S.D. (2015) Emerging ethical threats to client privacy in cloud communication and data storage. Professional Psychology: Research and Practice, 46(3), p.154.

McDermid, D. (2015) Ethics in ICT: an Australian perspective. London: Pearson Higher Education.