IT Professionals

• Profession is a calling that requires:

– Specialized knowledge
– Long and intensive academic preparation
• Professionals:
– Require advanced training and experience
– Must exercise discretion and judgment in their work
– Their work cannot be standardized
– Contribute to society, participate in lifelong training,
assist other professionals
– Carry special rights and responsibilities

1
 Professional Relationships That
Must Be Managed
• IT workers are involved in relationships
with:
– Employers
– Clients
– Suppliers
– Other professionals
– IT users
– Society at large
2
 IT Workers must set example

• As steward of organization’s IT
resources, IT workers must set an
example and enforce policies regarding
the ethical use of IT

3
 IT Workers
• Confidential information
– IT workers see a lot of confidential information

• Whistle Blowing
– Must be prepared to expose unethical behaviour

4
 Relationships Between
IT Workers and Clients
• Client makes decisions about a project
based on information, alternatives, and
recommendations provided by the IT
worker
• Client trusts IT worker to act in client’s
best interests

5
 Relationships Between
IT Workers and Clients

• Conflict of interest
– Must always avoid conflict of interest
• Ethical problems arise if a company
recommends its own products and
services to remedy problems they have
detected
6
 Relationships Between
IT Workers and Clients

• Fraud
– Crime of obtaining goods, services, or property
through deception or trickery
• Misrepresentation
– Misstatement or incomplete statement of material
fact

7
 Relationships Between
IT Workers and Clients

• Breach of contract
– One party fails to meet the terms of a contract
• IT projects are joint efforts in which
vendors and customers work together
– When there are problems, it is difficult to assign
who is at fault

8
 Relationships Between
IT Workers and Suppliers

• Bribery
– Providing money, property, or favors to obtain a
business advantage
– At what point does a gift become a bribe?
– No gift should be hidden
– Perceptions of donor and recipient can differ

9
 Relationships Between
IT Workers and Suppliers

10
 Relationships Between
IT Professionals

• Professionals feel a degree of loyalty to

other members of their profession
• Professionals should adhere to their
profession’s code of conduct

11
 Relationships Between
IT Workers and IT Users

• IT workers’ duties
– Establish environment that supports ethical
behaviour:
– To minimize inappropriate use of corporate
computing resources
– Enforce policies on appropriate use

12
 Relationships Between
IT Workers and Society
• Society expects members of a
profession:
– To provide significant benefits
– To not cause harm through their actions
– To not take advantage of their specialised
knowledge to the disadvantage of others

13
 Professional Codes of Ethics
• State the principles and core values that
are essential to the work of an
occupational group

14
 Professional Codes of Ethics

• Following a professional code of ethics

can produce benefits for the individual,
the profession, and society as a whole
– Ethical decision making
– High standards of practice and ethical behavior
– Trust and respect from general public
– Evaluation benchmark for self-assessment

15
 Professional Organizations
• Prominent organizations include:
– Association for Computing Machinery (ACM)
– Institute of Electrical and Electronics Engineers
Computer Society (IEEE-CS)
– Association of IT Professionals (AITP)
– SysAdmin, Audit, Network, Security (SANS)
Institute

16
 IT Professional Malpractice

• Negligence: not doing something that a

reasonable person would do, or doing
something that a reasonable person
would not do
• Duty of care: obligation to protect people
against any unreasonable harm or risk
– Reasonable person standard
– Reasonable professional standard

17
 Question
• If an IT Professional makes a
programming mistake (and was
negligent by not testing his code) and
someone dies as a result (for example
in a computer controlled machine in a
hospital) should he/she be sent to jail
for manslaughter?

18
• Stopped here Mon 23 at 11.00
 Question
• Do you think that the IT manager in an
organisation should be held accountable if
employees have downloaded and installed
illegal software on the organisation’s
computers. The code of conduct of the
organisation clearly states that illegal software
cannot be installed on the computers
– If so, what penalty would you give him?
– If not, who is accountable?

20
 Question
• An organisation has not written in its policies
that illegal software cannot be installed on its
computers. An external auditor finds illegal
software on an employee’s (Mariam)
computer and the company will be
prosecuted.
• Who is/are the person(s) that should be held
accountable – the CEO, the IT Manager, or
Mariam?
21
 Policies -
Support Ethical Practices

• Need to have policies that protect

against abuses:
– Sets out general rights and responsibilities of
users
– Create boundaries of acceptable behaviour
– Enable management to punish violators

22
 Policies -
Support Ethical Practices

23
24
 Compliance
• Ensuring that all parts of the
organisation are following established
policies, guidelines, specifications, and
legislation
• Compliance Audit ( may be done by
internal or external team)
• May have a Compliance Committee
and/or a Compliance officer
25
 Question
• If you are the IT manager and you find
that an employee has an unlicenced
copy of software on a company
computer e.g. a pirate copy of
Photoshop, what would you do?
 ACM Code of Ethics
• https://www.acm.org/code-of-ethics
• ACM Code of Ethics and Professional
Conduct
 Software Engineering Code of
Ethics

• https://ethics.acm.org/code-of-ethics/
software-engineering-code/
 IEEE Code of Ethics
• https://www.ieee.org/about/corporate/
governance/p7-8.htm
Global Issues
 Question
• If you learned that the company selling
coffee on the campus are using child
workers in their factory in Musaffa
would you consider it ethical?
• What would you do?
 Question
• If you learned that the coffee company
is doing everything ethically in the UAE
but that they are using child workers in
South America where they grow the
coffee would you consider that ethical?
• What would you do?
 Question
• If you found that one of the oil
companies working in the UAE is
causing major pollution in the desert
would you consider that ethical?
• What would you do?
 Question
• If you found that one of the oil
companies working in the UAE is doing
all its operations at a high standard here
but that they are causing a lot of
pollution in Africa would you consider
that ethical?
• What would you do?
Pollution

36
 Question
• Animal Rights - What rights should animals
have?
• Our sensitivity to other peoples, minorities,
etc. continues to expand. We're less tolerant
of cruelty. What about animals, excessive
constraints in raising livestock, for instance?
Egg farms? Animal laboratory testing?
• Some people link Animal Rights with Ethics.
What do you think?
 Question
• Environment - What obligations do we
have to the environment?
• To what extent must we go to preserve
species of animals or plants?
• How much intervention in foreign affairs is
ethical in the service of "saving" forests,
whales, various other ecological systems?
– Read about Greenpeace -http://www.greenpeace.org/international/en/
 Question
• What would you do if you found out that
Coca-Cola obtained the sugar to make
its drink from sugarcane grown on land
that was confiscated from poor farmers
and that some of these farmers suffered
loss of livelihood and hunger as a
result?
40
41
Privacy
 Outline
• Privacy Issues
• Privacy and Computer Technology
• Protecting Privacy
• Communications
 Privacy
• What does Privacy mean to you?
 Question
• I, Minister of Transport, have been told to do
whatever is necessary to reduce the number of road
accidents. I intend to introduce a system whereby
every car in the UAE will be fitted with a tracking
system. A central monitoring station will record the
position and speed of every car and automatically
issue speeding fines and black points.
• What are your opinions on this system?
 Question

• I, Minister for Justice, have been told to put an end to

crime. One of the things I will do is the following. I will put
a tracking device on every single person in the UAE so if
ever a crime is committed I will know exactly who was at
the scene and where the person currently is. (A similar
type system is currently used in some countries to track
people that are on bail). I will have a small chip
implanted in everyone under the skin at the back of the
neck.
• What are your opinions of this system?
 Question
• People scanners have been shown to
enhance security, efficiency and
convenience at airports. These
scanners (which are similar to baggage
scanners) see through peoples clothing.
• Would it be OK for the airport authority
to use these scanners at Abu Dhabi
airport?
 Privacy
• Why is it so important to you?
 Question

• Is there a difference between the

needs of society and the needs of
individuals?
 Question
• Which is more important – having rules
and controls for the good of society or
having rules and controls for the good of
individuals?
 Privacy
Key Aspects of Privacy:
• Freedom from intrusion (being left
alone)
• Control of information about oneself
• Freedom from surveillance (being
tracked, followed, watched)
 Question
• Why is privacy so important for human
beings?
 Homework
• Pick one story from the list given and
read it. Be prepared to discuss in next
class.
• Start reading the chapter in your book
on Privacy
 Issue:
Security versus Privacy
in everyday life

• Which is more important ?

– How can we decide?
(Here, I mean security in the sense that law
enforcement authorities provide good security by
having unlimited access to information about
everyone.)
 Security
• A Government's main concern is
security.
• Balance of security/privacy is difficult!
 Question
• In the USA it is believed that a majority
of people considered privacy more
important than security before 9/11
• Do you think that some people changed
their opinion after 9/11?
Stopped here 3Oct in 1.30 class
 Issue
• Is it OK for management to monitor
everything an employee does on his/her
computer (i.e. all email, web surfing, …)

• Is it OK for management to monitor an

employee’s telephone conversations?
Stopped 3 Oct
 What is the issue here?

• https://www.aclu.org/technology-and-liberty/
ordering-pizza-2015
 Privacy and the Internet

• http://www.youtube.com/watch?v=tD4_gJwfCMM
Privacy
continued …
Privacy International - Watchdog
 Privacy and Computer
Technology
New Technology, New Risks.
• For example:
– Government and private databases
– Sophisticated tools for surveillance and data
analysis e.g.
• Re-identification – identifying an individual from
anonymous data
– Vulnerability of data
 Terminology
• Invisible information gathering -
collection of personal information about
someone without the person’s
knowledge
• Secondary use - use of personal
information for a purpose other than the
one it was provided for
 Terminology
• Data mining - searching and analyzing
masses of data to find patterns and
develop new information or knowledge
• Computer matching - combining and
comparing information from different
databases (using social security
number, for example, to match records)
 Terminology
• Computer profiling - analyzing data in
computer files to determine
characteristics of people most likely to
engage in certain behavior
• Re-identification – identifying an individual from
anonymous data – intersection of various anonymous
data sets
 Data Collection Principles
Principles for Data Collection and Use:
• Informed consent
• Opt-in and opt-out policies
• Fair Information Principles (or
Practices)
• Data retention
– How long data can be kept
 Data Collection and Use
Principles
• Informed Consent
– User consents after being fully informed
Data Collection and Use Principles

• Opt-out policy
– Assumes that consumers approve of
companies collecting, storing and using
their personal information
– Requires consumers to actively opt out
– Favored by data collectors
 Data Collection and Use
Principles
• Opt-in policy
– Must obtain specific permission from
consumers before collecting or using any
data
– Favored by consumers
 Fair Information Principles
• Inform people when personally identifiable information about
them is collected, what is collected, and how it will be used
• Collect only the data needed
• Offer a way for people to opt out from mailing lists, advertising,
transfer of their data to other parties, and other secondary uses
• Provide stronger protection for sensitive date, for example an
opt-in policy for disclosure of medical data
• Keep data only as long as needed
• Maintain accuracy of data. Where appropriate and reasonable
provide a way for people to access and correct data stored
about them
• Protect security of data (from theft and from accidental leaks)
• Develop policies for responding to law enforcement requests to
data
 Privacy Policies
• In developed countries organisations
are legally required to publish their
privacy policies
 Discussion Questions

• Have you seen opt-in and opt-out

choices? Where? How were they
worded?
• Were any of them deceptive?
• What are some common elements of
privacy policies you have read?
 "Big Brother is Watching You!"
Databases:
• Government Accountability Office (USA) -
monitors government's privacy policies
– Found numerous breaches of privacy policy

• Government uses data mining and computer

matching is used to fight terrorism
 Right to Privacy

• In the USA the Fourth Amendment in the

Constitution protects an individual’s right to
privacy from government intrusion
– Modern surveillance techniques are redefining
expectation of privacy. (Common technology
provides data for surveillance use)

• Note: In the US Constitution various stipulations are referred to as

Amendments.
• https://sites.google.com/site/constitutionstudyguide/home/parts-of-the-
constitution
 Question
• Are there any privacy issues in relation to
placing cameras in public places which
stream video to the Web? These cameras are
commonly used nowadays – for example they
show traffic on certain roads, weather
conditions, ….
 Surveillance
Video Surveillance:
• Security cameras
– Increased security
– Decreased privacy
 Question
• Is Facial Recognition technology
acceptable in the UAE?
 Question

• Is it a violation of privacy to search a

person’s house from the exterior using
thermal imaging technology without the
person’s consent?
 Discussion Questions

• What data is held about you in various

organisations ?
• Who has access to the data?
• How is your data protected?
 UAE

Constitutional Privacy Framework

The Constitution of the United Arab Emirates
(UAE) guarantees the right to privacy. The
UAE Constitution in Article 31 states that an
individual enjoys "Freedom of communication
by post, telegraph or other means of
communication and the secrecy thereof shall
be guaranteed in accordance with the law .“
 Question
• Most of you would not accept having an
implanted microchip that could be used
to track you
• Would you be happy that you could be
tracked at all times without you having a
microchip?
 Tracing
• Every electronic transaction leaves a
footprint
 Question
• Should we have the right to keep
aspects of our choice in our life private?
– For example, should we be able to tell an
organisation not to record details of a transaction
 Question
• What are some Pros and Cons of a
Cashless society?
 Question
• Some people say that there should be
an optional cash toll booth for road tolls
(for example like SALEK in Dubai) in
order to protect people’s privacy.
• Discuss
 Marketing
Marketing, Personalization and Consumer
Files:
• Targeted marketing
– Data mining
– Paying for consumer information
– Data firms and consumer profiles
• Credit records
 Location Tracking
• Global Positioning Systems (GPS) -
computer or communication services
that know exactly where a person is at a
particular time
• Mobile phones and other devices are
used for location tracking
• Pros and cons
 Question
• Should tracking devices be permitted in cars
that transmit data such as location and speed
to a central monitoring station? Assume that
the Government have promised that it would
only be used in emergencies by the police.
 Question
• Should accident data recorders be
permitted in cars (like black boxes in
aircraft)?
 Stolen and Lost Data
• Hackers
• Physical theft (laptops, thumb-drives,
etc.)
• Requesting information under false
pretenses
• Bribery of employees who have access
 What We Do Ourselves

• Personal information in blogs and online

profiles
• Pictures of ourselves and our families
• File sharing and storing
• Is privacy old-fashioned?
– Young people put less value on privacy
than previous generations
– May not understand the risks
 Children

• The Internet
– Not able to make decisions on when to
provide information
– Vulnerable to online predators
• Parental monitoring
– Software to monitor Web usage
– Web cams to monitor children while
parents are at work
 Discussion Questions

• Is there information that you have posted to

the Web that you later removed? Why did you
remove it? Were there consequences to
posting the information?
• Have you seen information that others have
posted about themselves that you would not
reveal about yourself?
 Protecting Privacy

Rights and laws:

• Different theories of what constitutes
privacy or private information
• Ownership of personal data
• Transactions
– Can any or all parties insist on privacy?
 Protecting Privacy (cont.)
• Regulation
– In USA there are hundreds of privacy laws
– In EU (Europe) privacy regulations are
more strict than in US
Europe - General Data Protection
Regulation (GDPR)
• The GDPR came into effect in 2018
• It is the primary law regulating how
companies protect EU citizens' personal data.
Companies that fail to achieve GDPR
compliance are subject to stiff penalties and
fines.
• It applies to each member state of the
European Union.
 GDPR
• Key privacy and data protection
requirements of the GDPR include:
– Requiring the consent of subjects for data
processing
– Anonymizing collected data to protect privacy
– Providing data breach notifications
– Safely handling the transfer of data across borders
– Requiring certain companies to appoint a data
protection officer to oversee GDPR compliance
 UAE
• See article in National on 10 Sept 2013
entitled “ID chief calls for data protection
watchdog”
– He is suggesting that an independent agency
should watch and monitor data collection and use
by organisations here in the UAE
 Privacy Video
• Malte Spitz: Your phone company is
watching
– https://www.ted.com/talks/
malte_spitz_your_phone_company_is_watching?
language=en