Now, that?s too good not to have a little fun with. But an IT manager wrote to take me to task for making light of a very serious subject. Here?s what he said:
?The importance of work ethics and the possibility of abuse of access privileges cannot be denied. I, myself, am dedicated to the professional ethics and standards usually adopted by consultants regarding confidentiality--keep your mouth shut, don't reveal anything to third parties. I have no problem, for example, signing NDAs. But in my own case, it's hardly necessary. Anything I learn, I keep to myself. Frequently, coming across confidential or sensitive information is inadvertent; the task at hand may require reviewing the contents of files, for example, and it may not be possible to do what is needed if you don't have administrator level privileges.
The more worrisome and potentially disastrous problem, IMHO, is that with those privileges comes the possibility of very serious legal threats. We are faced constantly with the triple-threat of corporate policy, state laws, and federal laws that jeopardize our well being with legal retaliation and punishment for unauthorized access of equipment and data. It's no laughing matter--the mere false accusation of even a minor infraction can result in massive financial hardship and loss, just in the attempt to defend yourself, as a number of workers in the IT industry have already discovered for themselves. Many IT workers continue to do their jobs without actual explicit written authorization or consent from their employers to access and handle their systems; for them, it is merely "implied" that they have that consent, since they are employees. But how far does that implication go if you are faced with felony charges??
What do you think? Should IT workers have access rights written into their contracts? Should there be indemnity for IT workers who accidentally run across competitive or confidential information, or illegal content such as child pornography? Should there be an IT Workers Code of Ethics?