As much as information technology is important to our lives, it is facing some serious ethical challenges

and it is up to the IT experts and users of information technology to be ready for these challenges. As
more emerging information technologies pop up on the market, most of the IT experts and users do not
know how to go about the challenges brought about by these technologies. Information technology is
facing major challenges which are lack of privacy, security, copyright infringement and increased
computer crimes. Criminals have been eagerly utilising the many loop holes technology offers. Since
information technology greatly aids the speed, flow and access of information, cyber crime has become
an ever rising profession. Many businesses and organizations are at risk of becoming a cyber victim on a
daily basis, as most, if not all business is based on some digital network.

There is also the possible threat of unfaithful or vengeful employees that can use information
technology to achieve their personal goals which might be harmful to an organization. IT is not bad in
itself, but the way humans use the tools provided by information technology has brought some serious
challenges. Below I have detailed topics on 5 Ethical Challenges of Information Technology

Security: With tools like the internet, hackers have found it very easy to hack into any computer or system as
long as it is connected on internet. Hackers can easily use an IP (Internet Protocol) address to access a users
computer and collect data for selfish reasons. Also the wide spread of internet cookies which collect
information whenever we use the internet , has exposed IT users to high risks of deception and conflicting
interests. Many big companies use these cookies to determine which products or service they can advertise
to us. When it comes to online banking, the transfer of money can easily be interrupted by a hacker and all
the money will be transferred to their desired accounts , which affects both the bank and the customers who
is using online banking technology.

Privacy Issues: As much as information technology has enable us to share and find relevant information
online,. It has also subjugated our freedom of privacy. Their so many ways our privacy is exploited, (1) use of
internet webcams, experienced computer users can turn on any webcam of any computer online and they
will have access to your private life, many celebrities have been victims of these online stalkers. A good
example is Dharun Ravia former Rutgers University student who was spying on his roommate through a
webcam. Read more on this story here . (2) use of social networks, the main concept of these networks is
to connect with new and old friends then share your life with them, however, the loop hole in this , is that
whenever someone access your shared life data like photos , they can like it and send it their friends who are
not your friends, which might expose you to users with wrong intentions to use your data, also some
companies are known for spying on their employees via these social networks.

Copyright Infringement: Information technology has made it easy for users to access any information or
artefact at any given time. With the increased development of music sharing networks and photo
bookmarking sites, many original creators of these works are losing the credibility of their works, because
users of IT can easily gain access and share that data with friends. Free music and file downloading sites are
popping up on internet every day, lots of original work like music albums, books, are being downloaded for
free. In this case one legitimate user will purchase the book, software, web template or music album, and
they will submit it to a free download site where others will simply just download that data for free. It is good
news for the users because it saves them money, but it harms the original creator of these works. The
government has closed some of these sites like Megaupload.com, but many are popping up using funny
URLs.

Increased pressure on IT experts. Since information technology systems have to run all the time, pressure is
mounted on IT experts to ensure the accuracy and expediency of these systems. Many big organizations
which need to operate 24 hours will require a standby IT team to cater for any issues which might arise
during the itinerary of operation. This pressure results into stress and work overload which sometimes
results into Imperfection.

Digital divide: Information technology has many opportunities and it has shaped many industries in
developed countries; however, developing countries have difficulties of enjoying the same benefits of
Information technology. To get these benefits they have to train their labour and users should also adopt the
new culture which is a bit costly in these developing countries. In some remote areas they do not even have
power, so information technology tools like computers cannot be used. In other sectors like education, most
of these developing countries have poor old education systems, so a student will not be aware of new
information technologies.
In "10 ethical issues raised by IT capabilities," we examined ethical issues raised by
IT capabilities, issues that all of us as technology professionals need to consider as
we go about our duties. This time, we take a look at ethical issues more specific to
managementand not necessarily just IT management. Once again, one of our
themes is that advances in technology, just like advances in any other area of
endeavour, can generate societal changes that should cause us to re-examine our
behaviour. The dynamic nature of civilization means some components of ethical
codes that were perfectly appropriate in previous generations may no longer apply.
Although space limits us to 10 issues, the ones we examine here are based on five
main categories of particular interest to technologists: privacy, ownership, control,
accuracy, and security. As in the previous article there are more questions than
answers.

#1: PRIVACY: Does information's availability justify its use?

Governments collect massive amounts of data on individuals and organizations and

use it for a variety of purposes: national security, accurate tax collection,
demographics, international geopolitical strategic analysis, etc. Corporations do the
same for commercial reasons; to increase business, control expense, enhance
profitability, gain market share, etc. Technological advances in both hardware and
software have significantly changed the scope of what can be amassed and
processed. Massive quantities of data, measured in pet bytes and beyond, can be
centrally stored and retrieved effortlessly and quickly. Seemingly disparate sources
of data can be cross-referenced to glean new meanings when one set of data is
viewed within the context of another.

In the 1930s and 1940s the volumes of data available were miniscule by comparison
and the "processing" of that data was entirely manual. Had even a small portion of
today's capabilities existed, the world as we now know it would probably be quite
different.

Should organizations' ability to collect and process data on exponentially increasing

scales be limited in any way? Does the fact that information can be architected for a
particular purpose mean it should be, even if by so doing individual privacy rights are
potentially violated? If data meant for one use is diverted to another process which is
socially redeeming and would result in a greater good or could result in a financial
gain, does that mitigate the ethical quandary, no matter how innocent and pure the
motivation?

#2: PRIVACY: How much effort and expense should managers incur
in considering questions of data access and privacy?
This is an issue with both internal and external implications. All organizations collect
personal data on employees, data that if not properly safeguarded can result in
significant negative implications for individuals. Information such as compensation
and background data and personal identification information, such as social security
number and account identifiers, all have to be maintained and accessed by
authorized personnel. Systems that track this data can be secured, but at some
point data must leave those systems and be used. Operational policies and
procedures can address the proper handling of that data but if they're not followed or
enforced, there's hardly any point in having them. Organizations routinely share data
with each other, merging databases containing all kinds of identifiers.

What's the extent of the responsibility we should expect from the stewards of this
data? Since there's no perfect solution, where's the tipping point beyond which
efforts to ensure data can be accessed only by those who are authorized to do so
can be considered reasonable and appropriate?

#3: OWNERSHIP: What can employers expect from employees with

regard to nondisclosure when going to work for another firm?

Many people are required to sign NDAs (nondisclosure agreements) and

noncompeting clauses in employment contracts, legal documents that restrict their
ability to share information with other future employers even to the point of
disallowing them to join certain companies or continue to participate in a particular
industry.

What about the rest of us, who have no such legal restrictions? In the course of our
work for employer A, we are privy to trade secrets, internal documents, proprietary
processes and technology, and other information creating competitive advantage.
We can't do a brain dump when we leave to go to work for employer B; we carry that
information with us. Is it ethical to use our special knowledge gained at one
employer to the benefit of another? How do you realistically restrict yourself from
doing so?

#4: OWNERSHIP: What part of an information asset belongs to an

organization and what is simply part of an employee's general
knowledge?

Information, knowledge, and skills we develop in the course of working on projects

can be inextricably intertwined. You're the project manager for an effort to
reengineer your company's marketing operations system. You have access to
confidential internal memorandum on key organization strategic and procedural
information. To build the new system, you and your team have to go for some
advanced technical training on the new technology products you'll be using. The
new system you build is completely revolutionary in design and execution.

Although there are areas of patent law that cover many such situations, there's not
much in the way of case law testing this just yet, and of course laws vary between
countries. Clearly, you've built an asset owned by your company, but do you have a
legitimate claim to any part of it? Can you take any part of this knowledge or even
the design or code itself with you to another employer or for the purpose of starting
your own company? Suppose you do strike out on your own and sell your system to
other companies. Is the ethical dilemma mitigated by the fact that your original
company isn't in the software business? Or that you've sold your product only to
noncompeting companies? What if we were talking about a database instead of a
system?

#5: CONTROL: Do employees know the degree to which behaviour is

monitored?

Organizations have the right to monitor what employees do (management is

measurement) and how technology systems are used. It's common practice to notify
employees that when they use organizational assets such as networks or Internet
access, they should have no expectation of privacy. Even without that disclaimer,
they really don't need the warning to know this monitoring is, or could be, taking
place.

Do organizations have an obligation to notify employees as to the extent of that

monitoring? Should an organization make it clear that in addition to monitoring how
long employees are using the Internet, it's also watching which Web sites they visit?
If the organization merely says there's no expectation of privacy when using the e-
mail system, is it an ethical violation when employees later find out it was actually
reading their e-mails?

#6: CONTROL: Does data gathered violate employee privacy rights?

Many organizations have started adding a credit and background check to the
standard reference check during the hiring process. Are those organizations
obligated to tell us they're doing this and what results they've received? The
justification for doing the credit check typically is that a person who can't manage his
or her own finances probably can't be trusted with any fiduciary responsibility on
behalf of the organization. Does this pass the smell test or is this actually an
infringement of privacy?

Performing these checks is a relatively recent phenomenon, brought on in part by

the desire of organizations to protect themselves in the wake of the numerous
corporate scandals of the past few years but also because technology has enabled
this data to be gathered, processed, and accessed quickly and inexpensively. Is
technology responsible for enabling unethical behaviour?

#7: ACCURACY: Is accuracy an explicit part of someone's

responsibility?

Business has always had a love/hate relationship with accuracy. Effective decision
making is driven by accurate information, but quality control comes with a cost both
in terms of dollars and productivity. (If you're checking, you can't also be doing.)

In a bygone era, there was less data to work with, and the only quality assurance
that needed to be performed was on dataoperations and procedures were
manual, so it was the output of those functions that was most critical. Technology
has enabled vastly more complicated and interconnected processes, such that a
problem for upstream in a process has a ripple effect on the rest of the process.
Sarbanes Oxley requires the certification of all internal controls in large part for this
reason. Unfortunately, accuracy is one of those areas that always seems to be
assigned to the dreaded "someone," which all too often translates to no one. On
what basis should the level of accuracy in any given system be determined? How
much accuracy is sufficient? How should responsibility for accuracy be assigned?

#8: ACCURACY: Have the implications of potential error been

anticipated?

Most assembly lines have a cord or chain that can be pulled when a worker notices
a particular unit has a flaw. The line is brought to a halt and the unit can either be
removed or repaired. The effect of the error can be contained. As complex
interactions between systems and ever larger databases have been created, the
downstream consequence of error has become vastly more magnified. So too has
the growing dependence on highly distributed systems increased the potential for,
and the cost of, error.

Do managers have a correspondingly greater responsibility to assess negative

outcomes and the mitigations of costs and effects of errors? Can management or
system owners be held accountable if unforeseen errors occur? Is this also the case
for predictable but unmitigated error?

#9: SECURITY: Have systems been reviewed for the most likely
sources of security breach?
As we mentioned in the previous article on ethics, security used to be confined to
locking the door on the way out of the office or making sure the lock on the safe was
spun to fully engage the tumblers. Technology presents us with a whole new set of
security challenges. Networks can be breached, personal identification information
can be compromised, identities can be stolen and potentially result in personal
financial ruin, critical confidential corporate information or classified government
secrets can be stolen from online systems, Web sites can be hacked, keystroke
loggers can be surreptitiously installed, and a host of others. (It's interesting to note
at this point that statistics still show that more than 80 percent of stolen data is the
result of low tech "dumpster diving," and approximately the same percentage of
organizational crime is the result of an inside job.)

How far canand shouldmanagement go in determining the security risks

inherent in systems? What level of addressing those risks can be considered
reasonable?

#10: SECURITY: What's the liability exposure of managers and the

organization?

Can system owners be held personally liable when security is compromised? When
an organization holds stewardship of data on external entitiescustomers,
individuals, other organizationsand that data is compromised, to what extent is the
victimized corporation liable to the secondary victims, those whose data was stolen?

Organizations generally have internal policies for dealing with security breaches, but
not many yet have specific policies to address this area. Managers who do not
secure the systems for which they're responsible, employees who cavalierly use
information to which they should not have access, and system users who find
shortcuts around established security procedures are dealt with in the same fashion
as anyone who doesn't meet the fundamental job requirements, anything from
transfer or demotion to termination. Should compromised or ineffective security be
held to a higher standard?

Jeff Elkin has 30+ years of technology-based experience at several Fortune 500
corporations as a developer, consultant, and manager. He has also been an adjunct
professor in the master's program at Manhattanville College. At present, he's the
CIO of the Millennium Challenge Corporation (MCC), a federal government agency
located in Washington, DC. The views expressed in this article do not necessarily
represent the views of MCC or the United States of America.