February 19, 2001

Printer-friendly

A Question Of Ethics

Doing business online brings into sharp focus ethical questions about privacy, employee monitoring, and sharing data in supply chains. Are IT professionals prepared to respond?

By Clinton Wilder   (cwilder@cmp.com) and John Soat   (jsoat@cmp.com)

More on e-business ethics:

sidebar:Cell Phones Trigger Litigation Risks And Ethical Choices Should Vendor Profit From Students' Web Data?(2/8/01) Activists Say Nortel Software Could Abuse Privacy (2/1/01) TechWeb News: Group Asks Officials To Sign Privacy Pledge

Exclusive Online Content:

Business Ethics for IT Managers--What You Can Do

ne afternoon last fall, Lockheed Martin corp. senior financial analyst Susan Waterschoot opened an E-mail attachment and knew immediately that she was looking at information she wasn't supposed to see. In a template from a Lockheed Martin competitor that should have been blank, the competitor had mistakenly included proprietary rate calculations for a federal government contract on which Lockheed Martin was a subcontractor.

Waterschoot, who also acts as database administrator in the company's radar systems unit in Syracuse, N.Y., immediately alerted her boss and the unit's legal counsel. But there was one other department that had to be notified--and fast. Waterschoot knew that if the document was still on the company's Microsoft Mail server after 5 p.m., it would be backed up overnight and archived on tape, making it potentially recoverable by other employees. Furthermore, the server is shared by the prime contractor, Lockheed Martin, and other subcontractors, exposing the confidential data to even more potential competitors. Waterschoot and the legal counsel worked with their colleagues in IT to remove the document from the server and back it up onto a diskette, which they returned to the competitor. "I just tried to do the right thing," she says.

As E-business moves more and more business processes and transactions online, Waterschoot's experience is a telling example of how information technology, and the people who manage it, are at the forefront of decisions with ethical implications. The debate over ethical standards in business isn't new. What is new, or at least more apparent than ever, is IT's central role in some of the most important business-ethic issues of the day: privacy, the ownership of personal data, and the obligations created by extended E-business partnerships. How have these controversies affected IT managers and others involved with technology? What ethical issues, if any, are business executives grappling with in connection with cutting-edge IT? And where do IT people go for guidance on ethically ambiguous situations? Far from self-evident, the answers may be critical to the development of the trust and integrity needed to succeed at E-commerce and online business.

Changes in technology and business processes can outpace companies' ability to consider their ethical implications or to train employees to deal with them. Few companies have formal programs like Lockheed Martin's, which requires its 140,000 employees to complete one hour of ethics training every year. "It's traditionally been seen as an add-on--'ethics is nice, but let's get back to work,'" says David Gebler, a principal at the Working Values Group in Boston, a consulting firm that's developed ethics training programs for Chase Manhattan Bank, Procter & Gamble, Prudential, Raytheon, and other companies. "You have to bring ethics into your business context. And E-business raises ethical issues that may have existed before, but not in such stark reality."

One IT manager considers the quality of his work to have ethical implications. "The impact of the decisions I make on our company is scary," says Frank Gillman, director of technology at Allen Matkins Leck Gamble & Mallory LLP, a large law firm in Los Angeles. Gillman says his decisions on anything from an outsourcing partner to a WAN vendor could be critical to the firm's ability to operate and compete effectively. And that's an ethical burden in itself. "IT people need professional training on more than just how to work on computers," Gillman says. "We don't do enough in that area. I wish we could do more."

Many IT and business managers seem to take their cues about ethical conduct from the companies they work for. In an InformationWeek Research survey of 250 IT and business professionals, only 54% say they have a personal code for evaluating the ethical and moral implications of business decisions. Of those who do, 67% say it's based on their company's code of conduct; only personal experience polled higher (70%). An eye-opening 93% of all respondents say they agree with all aspects of their company's ethical code, and 96% say their company adheres to its code.

"I'm pretty shielded from those [ethical] questions by our human-resources department," says James Underwood, manager of IS at Canon Information Systems Inc. He's alluding to collecting Internet firewall log data that reveals which Web sites employees visit. The HR department "is responsible for what's ethical and legal as far as what they do with that information, and I'm happy to let them do that," Underwood says. "The question of whether they use it in an ethical manner is up to them."

A pragmatic view, to be sure, but is it a sound one? "IT people are the ones responsible for configuring technologies and systems that have ethical implications," says R. Edward Freeman, business administration professor and director of the Olsson Center for Applied Ethics at the University of Virginia's Darden School of Business, and co-editor of the Blackwell Encyclopedic Dictionary Of Business Ethics (Blackwell, 1998). "They have to be more than the mechanics who keep it running. They need to understand that ethics is at the center of what they do."

At a law firm where Frank Gillman formerly worked, one IT employee clearly didn't understand that. The worker sold company-owned disk drives for money to support his cocaine habit. Theft and drug use are bad enough, but that's not what horrified Gillman. To cover his tracks, the employee seriously compromised the firm's IT integrity by removing the system's data-mirroring capability, giving the system the appearance of having the added memory provided by the missing drives. "Can you imagine what would have happened if the system crashed?" Gillman says.

In large part to address potential IT-related liabilities, both inside and outside a company, a growing number of businesses have high-level ethics executives or chief privacy officers to enforce company standards. "Our goal is to raise awareness, to be proactive and preventive rather than punitive," says Tracy Carter Dougherty, Lockheed Martin's director of ethics communication and training, part of a corporate-level office of ethics and business conduct that reports to the chief operating officer and CEO. Lockheed Martin recently disciplined an employee who E-mailed a chain letter to friends in the company--and brought down a server that affected an entire business area. "When you hit that 'Send' key, there's no getting it back," says Dougherty. "You always have to be very mindful of the risks, and we depend on IT to tell us where the new risks are likely to be."

One new area of risk has to do with the use of handheld devices such as cell phones or personal digital assistants while driving, which has been cited as a factor in a growing number of traffic accidents. Mike Vleisides, senior manager of application development at Aventis Pharmaceuticals Inc. in Parsippany, N.J., spearheaded a "pull-off-the-highway" policy for the company's 3,500 field sales reps seeking to download data while in their vehicles--which Vleisides says constitutes about 90% of their working hours. "Our company would rather have our sales people pull over and spend 30 seconds using the devices safely than risk accident, injury, or worse using them while attempting to drive,'' he says.

Another area of risk, perhaps the riskiest, has to do with collecting personal data. In the InformationWeek Research survey, 80% of respondents say their companies collect customer data. Yet only 60% say their companies have a publicly displayed policy on the privacy of customer data they collect. Just 6% of those surveyed say their companies sell data to third parties, though the percentage jumps to 11% among companies with revenue of $1 billion or more. Health-care companies, which collect what may be the most sensitive customer data, have the highest percentage (9%) of companies selling data among five industries surveyed. Overall, 95% of respondents say their companies always adhere to their privacy policies, and virtually everyone says their customers know when specific types of data are being collected.

"We will treat customer information in a way that our customers expect it to be treated," says Robert Beason, outgoing CIO of the Southern Co., a $23 billion gas and utility holding company in Atlanta. Beason says the company has turned down third-party offers to buy some of the data within its 7-terabyte data warehouse of information on 4 million customers. "It's for our internal use, and we're not going to sell information in the open marketplace without written approval from customers," he says. "There has to be a business ethic that goes along with that."

continue on to page 2

Illustration by Jonathan Weiner
Photo of Underwood by Kim Kulish
Photo of Dougherty by Dominic Episcopo

E-mail To A Friend |  Printer-Friendly |  Send Us Your Feedback

Home | This Week's Issue | Workplace and Careers | Resource Centers | Research

---