Applying Decision Making Framework to IT-Related Ethical Issues - Report Example

Applying decision making framework to IT-related ethical issues al Affiliation) The Issue Privacy of information is anIT-related ethical issue that has really affected me, from a realistic point of view. This author once worked as the chief technology officer (CTO) in a Fortune 500 company that had interests in just about every sector of the economy. The firm was involved in energy, agriculture, financial services, home appliances, consumer electronics, gas, healthcare, defense, software, water and sanitation, transport, and aviation. As would be expected, such a company places immense value on data and the ability to use it to gain any degree of competitive advantage. As the CTO, this author was in charge of steering the firm’s data collection, storage, dissemination, and application efforts. The author, in conjunction with top management, came up with policies that guided all of these data processes. The firm regularly collected data on its competitors in order to gauge their developments and work towards bettering them and avoiding their pitfalls, and the author was fine with this because in the world of conglomerates entities collect data on each other, you cannot survive without doing it (Hansson, 2005). However, the author was surprised when it was proposed that the company start sharing employee, supplier and stakeholder information amongst similar entities so that “data protection” could be enhanced. A large amount of employee, supplier and stakeholder data was already being collected in order to enable security checks and to compel people to sign confidentiality agreements regarding the sharing of company data or any data that might compromise the company’s position with external entities. However, this data was only visible to very few people (not more than 5) within the entire organization. This was done to limit the possibility of sensitive data landing in the wrong hands (Moore, 2005). However, this time the company was proposing a system which basically involved employees, suppliers, and stakeholders keeping tabs on/monitoring each other, without letting the “watched” party know, in order to know who leaked or might leak information to outsiders. For lack of a better description, the company was pushing for spying amongst employees, suppliers and stakeholders. This author could not allow that because it was a blatant violation of the right to privacy and the confidentiality agreements signed during hiring. It was bad enough that the company was collecting and keeping large amounts of data on employees, suppliers and stakeholders without most of them being aware, but it was over-the-top to suggest that individuals spy on each other and have access to each other’s sensitive data. In this case, information such as personal identification data (e.g. account identifiers and social security number), compensation and background information would be secretly shared among other employees, suppliers and stakeholders so that they could keep tabs/spy on each other. This was wrong, and the author refused to participate in the initiative. Only a few authorized personnel should have access to such information. The author offered to resign rather than be part of a saga that was ethically wrong from all perspectives, and eventually we agreed on a plan that was better for all concerned. The initial plan had the right motives, which was protection of company secrets and data, but it went far beyond ethical limits. Decision making Process Problem Statement The company wants to enhance the protection of sensitive data and trade secrets by getting employees, suppliers, and stakeholders to keep tabs/spy on each other. The primary objective is to ensure that sensitive company data is not let out by anybody and that all parties adhere to their confidentiality agreements. Identification of alternatives Since everybody needed to be satisfied in this scenario, there were very few better options available. This author developed a proposal which involved creating a pseudo-post of chief security officer in my office. Under the author’s supervision, the holder of this post would be directly responsible for collecting and protecting sensitive information associated with the company, as well as keeping tabs on employees, suppliers, and stakeholders. Evaluation and selection of alternative Rather than have a risky scenario in which a plan as sensitive as this would be privy to all and sundry, it was better to keep the lid as tight as possible in order to reduce the possibilities of exposure and, as a result, very negative consequences. This alternative was just as effective, but with less baggage and strings involved. The initial proposal would be haphazard and poorly managed because of the amount of people involved, but the alternative would put the chief security officer directly in charge of the whole plan. This gave him/her the power to use everything within his/her ability to implement the plan but in a more responsible manner. Implementing decision The chief security officer was given an office, an appropriate budgetary allocation and support from top management, and then given the green light to implement the plan. Implementation involved 2 phases: pilot and actual implementation. The pilot phase took 2 months, and the actual implementation required 1 month. This means that a minimum of 90 days was required to successfully implement the plan. Piloting took longer because it was the most important part of the implementation process; get things right at this stage and the whole imitative was likely to be a success. Evaluating results As the overall leader of the project, the author was required to work with the chief security officer to evaluate the results and come up with logical conclusions from which realistic inferences could be drawn. Evaluation and analysis involved the use of appropriate software like SPSS ad Microsoft Excel, among others. Results would be organized, analyzed and then presented in the appropriate format. Evaluation took 18 days, and presentation was done in a day. The board then met a week later and reviewed the results to come up with the right assessments. Success The plan was a massive success. It managed to integrate most of the elements involved in the first proposal and implement them while maintaining a good perspective throughout (Freeman & Peace, 2005). A year after its implementation the board met and agreed that the plan would form the blueprint for similar initiatives in the future. However, more important than everything else was the fact that all parties got a good deal and nobody felt violated in any way. Impact The company was free to go ahead and implement this internal spying program disguised as a data protection initiative, but it ran the risk of causing very big problems in the future. Say, for instance, that something happened within the company and the plan was revealed to the public, employees, and the government. The negative ramifications would have a much greater impact than all the benefits the company hoped to enjoy by implementing the plan. What the alternative plan offered was a similar program, but with a much smaller scope and degree of awareness/control. The company would still continue collecting and storing employee, supplier, and stakeholder data but it would share it amongst those parties. A pseudo-post was created in my office for a chief security officer. Working under this author, the CTO, the chief security officer would be directly responsible for the collection, storage, and dissemination of employee, supplier, and stakeholder information. However, such data would be seen by a maximum of 6 people in the entire company. This would preserve the company’s initial objectives but eliminate the “spying” element so that privacy rights are not (grossly) violated as would have been the case in the initial plan. Also, the alternative plan would significantly reduce the possibility of employees, suppliers, or stakeholders knowing what was going on, which was safer in the long-run. The initial proposal was vulnerable to exposure because no matter how secretive it would have been, at some point someone would slip and reveal the whole plan. It was impossible to keep the plan going for a long time without the “wrong” people knowing at some juncture. In the end therefore, we came up with a plan that advanced the common good of everyone involved. We got to stick to our objectives without grossly violating people’s privacy rights. Approach Used The common good approach was used here. It is worth noting that the company was not willing to discard its plan entirely because of privacy issues. In fact, most of the top managers were comfortable with the plan so long as the firm’s objectives were realized. To emphasize how important the plan was, the author had been informed that I would be let go if he/she “opposed” the plan but could not come up with another, more effective one. Realizing that his/her job was at stake, and considering the interests of all parties involved (the company, employees, suppliers, stakeholders, and the author) this author decided to formulate a proposal that would be as effective but satisfying for everybody concerned. The author got to keep their job, the company got to advance its objectives, and employees, suppliers and stakeholders got to retain their privacy. This plan was based on a vision of the company as a community whose members cooperated in order to realize a common set of goals and values (Cannon, 2005). Nobody needed to feel hard done-by (now or in the future). The author’s proposal attempted to implement working mechanisms and an environment that all parties depended on and that benefited all people. References Cannon, J. C. (2005). Privacy: what developers and IT professionals should know. Boston: Addison-Wesley. Davis, K., & Patterson, D. (2012). Ethics of big data. Sebastopol, CA: OReilly. Espejo, R. (2010). Ethics. Farmington Hills. MI: Greenhaven Press. Ess, C. (2007). Information technology ethics: cultural perspectives. Hershey: Idea Group Reference. Freeman, L., & Peace, A. G. (2005). Information ethics privacy and intellectual property. Hansson, S. O. (2005). The ethics of workplace privacy. Brussels: PIE-Peter Lang. Hershey, PA: Information Science Publications. Hawthorne, J. (2004). Ethics. Malden, MA: Blackwell Publications. Moore, A. D. (2005). Information ethics: privacy, property, and power. Seattle: University of Washington Press. Peltier, T. R., Peltier, J., & Blackley, J. A. (2005). Information security fundamentals. Boca Raton, Fla.: Auerbach Publications. Phillips, R. (2003). Stakeholder Theory and Organizational Ethics. San Francisco: Berrett Koehler Publishers. Tavani, H. T. (2004). Ethics and technology: ethical issues in an age of information and communication technology. Hoboken, NJ: Wiley. Tipton, H. F., & Krause, M. (2005). Information security management handbook (5th ed.). London: Taylor & Francis e-Library. Read More