A growing number of IT departments have issued codes of ethics. Is it time for your IT organization to begin addressing and establishing its moral obligations?

John Edwards, Technology Journalist & Author

August 1, 2023

4 Min Read
road sign with arrows right, wrong, moral, ethics
Greg Guy via Alamy Stock

Relatively few IT leaders spend much, if any, time pondering their organization’s values and ethics. Yet as technology continues to integrate itself into virtually every aspect of business and personal life, establishing a moral code is rapidly becoming as important as creating security, employment, asset management, and other fundamental organization policies.

No organization, including IT, can sustain successful operations over the long-term unless there’s a solid consensus on basic rules governing team behavior. “The purpose of ethics is to help people arrive at this consensus,” says John Hooker, a professor of business ethics at Carnegie Mellon University’s Tepper School of Business.

IT is an integral part of all business operations, influencing virtually every enterprise sector. “Because so many processes are reliant on IT infrastructure, the practices adopted by a company’s IT department have a downstream effect,” explains Srini Kadiyala, CTO of data governance consulting and technology firm OvalEdge. “That’s why developing an IT department based on ethical approaches is so important.”

Establishing ethical oversight is crucially important, says Andrew Clark, CTO of Monitaur, an AI governance software company. He notes that it promotes trust and credibility among stakeholders who rely on IT systems, including customers, employees and partners. “It also reduces the risk of legal and reputational damage caused by unethical practices, such as data breaches, cyberattacks, and intellectual property theft.” Perhaps most critically, ethical oversight creates a responsibility, accountability, and innovation culture that enhances operational efficiency and sustainability, he says.

There are also financial implications to be considered. Failing to adopt data privacy policies and exposing customer information in the data space can lead to significant fines, Kadiyala says. At the other end of the spectrum is the reputational damage caused by unethical practices. “When customers and investors become aware of unethical IT practices, they are less likely to support the organization,” he explains.

Ethics Policy Planning

Every IT department should create and enforce a clearly defined ethics policy. “It should state the organization’s commitment to honesty, integrity, privacy, fairness, transparency, and social responsibility,” advises Richard Baker, CTO of TWC IT Solutions.

A written IT ethics policy is important, since it not only informs the wider IT department, but also data teams and even individual team members who may adopt technologies and applications independently, Kadiyala says. “Furthermore, while it should cover the ethical use of existing technologies, the ethics policy should also account for the onboarding of new technologies, particularly emerging technologies like generative AI, and include guardrails for how these technologies can be used responsibly,” he explains.

The completed ethics policy should apply to all IT activities and specify the responsibilities of IT personnel at all levels. “It should emphasize data privacy, security, and compliance, while providing guidance on ethical decision-making,” Baker says. “Ongoing training and awareness programs are crucial to keep employees informed,” he adds.

Baker notes that a strong and ethical IT department will, over the long term, foster trust, ensure compliance, minimize harm, and mitigate risks. “A comprehensive ethics policy guides decision-making, and responsibility ... with various stakeholders working together to create an ethical culture,” he says.

Defining and enforcing IT an effective ethics policy requires both teamwork and close collaboration. “Leadership sets the ethical tone, while HR incorporates ethics into recruitment and evaluation processes,” Baker explains. Legal and compliance teams should also work to ensure adherence to applicable laws.

Hooker notes that ethics codes that do little more than parrot popular platitudes, such as “upholding integrity,” “ensuring responsibility,” or “advancing professionalism,” and other clichés, are essentially useless and worthless. “An ethics policy should provide specific guidelines for specific situations, particularly those which may not be obvious to well-meaning persons,” he advises. “The rules should be inherently reasonable so that everyone will understand the necessity of observing them voluntarily.”

The buck ultimately stops with the CIO, but everyone involved in implementing IT and data infrastructure elements should be involved in the ethics consultation process, Kadiyala says. “In terms of enforcement, IT teams should ensure that there are inbuilt measures to support ethical IT,” he states. Most critically, data privacy and managed access should be enforced at the source through strong governance. An alerting system that immediately detects and flags any improper IT use should also be developed and deployed. “At this point, CIOs and CDOs can delegate the responsibility of enforcement to other members of their teams,” Kadiyala suggests.

What to Read Next:

Should There Be Enforceable Ethics Regulations on Generative AI?

Why You Should Have an AI & Ethics Board

Status of Ethical Standards in Emerging Tech

About the Author(s)

John Edwards

Technology Journalist & Author

John Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights