BUSINESS PLUG-IN

B7
Ethics

McGraw-Hill/Irwin

The McGraw-Hill Companies, All Rights Reserved

LEARNING OUTCOMES
1. Summarize the guidelines for creating an
information privacy policy
2. Identify the differences between an ethical
computer use policy and an acceptable
computer use policy
3. Describe the relationship between an email
privacy policy and an Internet use policy
B7-2

LEARNING OUTCOMES
4. Explain the effects of spam on an
organization
5. Summarize the different monitoring
technologies and explain the importance
of an employee monitoring policy

B7-3

INTRODUCTION
Ethics the principles and standards that guide
our behavior toward other people
Important ethical concepts stemming from IT

Intellectual property
Copyright
Fair use doctrine
Pirated software
Counterfeit software
B7-4

INTRODUCTION
ePolicies address information privacy and
confidentiality issues
ePolicies policies and procedures that address the
ethical use of computers and Internet usage
Privacy the right to be left alone when you want to
be, to have control over your own personal
possessions, and not to be observed without your
consent
Confidentiality the assurance that messages and
information are available only to those who are
authorized to view them
B7-5

Ethics
Individuals form the only ethical component of
an IT systems

B7-6

Ethics
Acting ethically and legally are not always
the same

B7-7

INFORMATION HAS NO ETHICS

Information does not care how it is used
Information will not stop itself from
sending spam, viruses, or highly-sensitive
information
Information cannot delete or preserve
itself
B7-8

Developing Information Management

Policies
Organizations strive to build a corporate culture based
on ethical principles that employees can understand
and implement
ePolicies typically include:

Ethical computer use policy

Information privacy policy
Acceptable use policy
Email privacy policy
Internet use policy
Anti-spam policy
B7-9

ETHICAL COMPUTER USE POLICY

Ethical computer use policy contains
general principles to guide computer user
behavior
The ethical computer user policy ensures
all users are informed of the rules and,
by agreeing to use the system on that
basis, consent to abide by the rules
B7-10

ETHICAL COMPUTER USE POLICY

B7-11

INFORMATION PRIVACY POLICY

The unethical use of information typically occurs
unintentionally when it is used for new
purposes
For example, social security numbers started as a
way to identify government retirement benefits and
are now used as a sort of universal personal ID

Information privacy policy - contains general

principles regarding information privacy

B7-12

INFORMATION PRIVACY POLICY

Information privacy policy guidelines
1. Adoption and implementation of a privacy
policy
2. Notice and disclosure
3. Choice and consent
4. Information security
5. Information quality and access

B7-13

ACCEPTABLE USE POLICY

Acceptable use policy (AUP) a policy that a
user must agree to follow in order to be
provided access to a network or to the Internet
An AUP usually contains a nonrepudiation
clause
Nonrepudiation a contractual stipulation to ensure
that ebusiness participants do not deny (repudiate)
their online actions

B7-14

ACCEPTABLE USE POLICY

B7-15

EMAIL PRIVACY POLICY

Organizations can mitigate the risks of
email and instant messaging
communication tools by implementing and
adhering to an email privacy policy
Email privacy policy details the extent
to which email messages may be read by
others
B7-16

EMAIL PRIVACY POLICY

B7-17

EMAIL PRIVACY POLICY

B7-18

INTERNET USE POLICY

Internet use policy contains general
principles to guide the proper use of the
Internet

B7-19

ANTI-SPAM POLICY
Spam unsolicited email
Spam accounts for 40% to 60% of most
organizations email and cost U.S.
businesses over $14 billion in 2005
Anti-spam policy simply states that
email users will not send unsolicited
emails (or spam)
B7-20

Ethics in the Workplace

Workplace monitoring is a concern for many
employees
Organizations can be held financially
responsible for their employees actions
The dilemma surrounding employee monitoring
in the workplace is that an organization is
placing itself at risk if it fails to monitor its
employees, however, some people feel that
monitoring employees is unethical
B7-21

MONITORING TECHNOLOGIES

B7-22

MONITORING TECHNOLOGIES
Monitoring tracking peoples activities by
such measures as number of keystrokes, error
rate, and number of transactions processed

Key logger or key trapper software

Hardware key logger
Cookie
Adware
Spyware
Web log
Clickstream
B7-23

EMPLOYEE MONITORING POLICIES

Employee monitoring policies explicitly state how,
when, and where the company monitors its employees

B7-24

CLOSING CASE ONE

Sarbanes-Oxley

The Sarbanes-Oxley Act (SOX) of 2002 is

legislation enacted in response to the highprofile Enron and WorldCom financial scandals
to protect shareholders and the general public
from accounting errors and fraudulent
practices by organizations

Sarbanes-Oxley is where information

technology, finance, and ethics meet
B7-25

CLOSING CASE ONE QUESTIONS

1.

Define the relationship between ethics and the

Sarbanes-Oxley Act

2.

Why is records management an area of concern for the

entire organization?

3.

What are two policies an organization can implement to

achieve Sarbanes-Oxley compliance? Be sure to
elaborate on how these policies can achieve
compliance

4.

Identify the biggest roadblock for organizations that are

attempting to achieve Sarbanes-Oxley compliance B7-26

CLOSING CASE ONE QUESTIONS

5. What types of information systems might
facilitate SOX compliance?
6. How will electronic monitoring affect the
morale and performance of employees in the
workplace?
7. What do you think an unethical accountant or
manager at Enron thought were the rewards
and responsibilities associated with their job?
B7-27

CLOSING CASE TWO

Invading Your Privacy

Can your employer invade your privacy

through monitoring technologies?
Smyth verses Pillsbury Company
Bourke verses Nissan Motor Corporation
McLaren verses Microsoft Corporation

B7-28

CLOSING CASE TWO QUESTIONS

1.

Pick one of the cases above and create an argument

on behalf of the employee

2.

Pick one of the cases above and create an argument

against the employee

3.

Pick one of the cases above and create an argument

on behalf of the employers use of monitoring
technologies

4.

Pick one of the cases above and create an argument

against the employers use of monitoring technologies
B7-29