InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

February 19, 2001

A Question Of Ethics

continued...page 2 of 2

By Clinton Wilder (cwilder@cmp.com) and John Soat (jsoat@cmp.com)

Illustration by Jonathan Weiner

More on e-business ethics:

sidebar:Cell Phones Trigger Litigation Risks And Ethical Choices

Should Vendor Profit From Students' Web Data?(2/8/01)

Activists Say Nortel Software Could Abuse Privacy (2/1/01)

TechWeb News: Group Asks Officials To Sign Privacy Pledge

Exclusive Online Content:

Business Ethics for IT Managers--What You Can Do

But what role should IT people play in determining that ethic? Like scientists, IT professionals are often accused of being more interested in results than ramifications. "When your job is building the best-performing database you can, you don't always think about the ethical implications of how that data will be used," says Ed Altman, a former CIO at Metro-Goldwyn-Mayer Studios Inc. and now director of business development at integrator and staffing firm Metro Information Services. "The very people helping to create the [data privacy] problem don't realize how bad it is."

Yes they do, says Kathy Komer, president-elect of the International DB2 User Group, a worldwide organization of users of IBM's enterprise relational database. Or at least they're aware of the controversy. "I don't see anyone who takes managing databases lightly," says Komer, a database administrator for a large Northeastern company. But the user group has no written ethical policy concerning data collection, nor does it advise companies on ethical considerations in dealing with personal data, Komer says.

For consumers, the line between well-targeted marketing and privacy invasion has always been a fine one. Some argue the consumer privacy issue, when compared with the actual capabilities of online marketing technology today, is overblown. It's rarely possible and almost never cost-effective to segment customer data to the individual level. In the InformationWeek survey, 65% respondents say they segment customer data by product line, 46% by region, 41% by frequency of purchases, and 33% by profitability. "All this fuss about privacy policies is the political correctness of the 21st century," says admitted contrarian Peter Fader, professor of marketing at the University of Pennsylvania's Wharton School of Business. "Let the market dictate what's good and bad. As technology advances, consumers also get smarter and more skeptical."

Most everyone in E-business agrees that questionable ethical moves that compromise customer privacy for short-term marketing gain are bad for business in the long run. "Online business is entering a more mature phase, and the issue of who the customer trusts becomes more of a competitive differentiator," says IBM chief privacy officer Harriet Pearson.

Lands' End Inc. believes that its renowned customer loyalty depends heavily on trust, and the apparel retailer has one of the industry's strictest online privacy policies. The company doesn't send E-mail promotions to its customers except by request and never sells or trades online customer data.

Lands' End's security audits include not only hacking tests on its firewalls, but ethical tests of IT and business employees in situations where data security could be compromised. "We test to make sure they make data available only to those who should see it," says Linda Severson, director of business systems. "You have to have tests that continually challenge your security and privacy processes. Ethics has to become more of a way of life, not a one-time policy posting."

Trust between workers and employers is another key issue putting IT managers in the midst of ethical decisions. Most companies forbid employees using company computers to access Web sites with material that is pornographic, violent, or hate-related. Dow Chemical Corp. fired 50 employees last year at a Freeport, Texas, facility for violating that rule. In the InformationWeek survey, more than half of the companies monitor their employees' use of the Web (62%) and E-mail (54%). Among companies larger than $1 billion, those figures jump to 77% and 70%. And consistent with respondents' overwhelming agreement with their corporate policies, most IT people believe such monitoring is ethical.

"Speaking for myself, I think employees' Web-usage logs should be available," says Dave Austin, human-resources IS specialist at manufacturer Leggett & Platt Inc. in Carthage, Mo. "If an employee is doing a poor job and the manager can see that person has visited eBay 85 times in the past week, the manager should be able to say that's not acceptable and must stop. And that should be explained to every employee up front." But Austin also says reasonable personal use of the Net should be allowed, given the fact that many devote long hours and weekend time to their jobs.

Another question is, who should this data be available to? Canon Information Systems' Underwood says he's been approached by department managers seeking a peek at the Web-surfing habits of certain employees. "I said, 'We have the information but you need to go to HR to get it.'"

Photo by Jennifer Dickson When accounting firm Clifton Gunderson LLP in Peoria, Ill., started generating monthly reports on Web-site usage for its HR department, chief technology officer Matthew Camden, who studied business ethics while in graduate school at Loyola University, says he realized the technology manager producing the reports might be tempted to warn people whose names appeared on the list. "I said, 'You may see people on the list who sit next to you, but you can't do anything about it,'" Camden recalls. IT people need help in determining the proper ethical responses to ambiguous situations, he says, and IT and business managers need to provide that guidance. "It's not enough to have a rule; you have to do what you can to make people follow it."

Because of IT professionals' access to sensitive data, they must often do more than ensure compliance with company policy. At the Allen Matkins law firm, an IT employee cleaning up logs in the firm's contact-management application noticed something amiss. In a space for comments and notes usually left blank, one attorney, unaware it was a shared application, had keyed in two credit-card numbers, a savings-account personal ID number, and the access code for his home security system. Director of technology Gillman told the employee to notify the attorney immediately.

Call it CYA ethics. "Whenever there's a leak of information, one of the fingers of suspicion will be pointed at IT," Gillman says. "The more you act like you can be trusted, the less you'll be targeted."

Guarding data privacy takes on even more significance when supply-chain partners share information online outside company walls, as Lockheed Martin's Waterschoot knows. In industries such as automotive, high-tech manufacturing, aerospace and defense, and many others, collaborators on one project can often be competitors on another. "You need to make darn sure that the information being exchanged online is the right information," says ethics director Dougherty.

More suppliers are designing key components for competitors and sharing those designs online, says Michael Bauer, a partner in CSC Consulting's manufacturing practice and co-author of E-Supply Chain (Berrett-Koehler Publishers, 2000). "I hear a lot of emphasis on shortening cycle times and finding tools for security, but I haven't seen a lot of awareness or programs about the responsibilities of partners in an electronic supply chain," Bauer says. "The problem is human beings--not because they're malicious, but because they can be careless or ignorant about ethical implications."

That may be the key: Most IT managers and executives agree there needs to be more training in ethics, especially now that IT has taken a central role in doing business. Indeed, thinking of business and ethics, or IT and ethics, as opposing forces may be a false dichotomy. "The whole idea of positioning ethics and profits as a trade-off is like asking me if I want a heart or a lung," says University of Virginia's Freeman. "Well, I'm partial to both of them." --with Bob Wallace