When Ethics and IT Collide

jcatcw writes "IT workers have access to confidential data, and they can see what other employees are doing on their computers or the networks. This can put a good worker in a bad predicament. Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children. He reported it but the company ignored it. Subsequently the employee was promoted and moved to China to run a manufacturing plant. That was six years ago but Bryan still regrets not going to the FBI. Other IT workers admit using their admin passwords to snoop through company systems. In a Ponemon Institute poll of more than 16,000 U.S. IT practitioners, 62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason, and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."

At the end of the day, it's your reflection.

[UncHellMatt]

Not too many years ago I worked for a "web startup" (i.e. small company founded by Harvard MBA who smoked lots of weed, drove a VW, and was out to "save the world") as IT manager. As the market tanked, the CEO became more and more concerned for the future of the company and with good reason! We'd gone from regular upper 6 figures per month to less than half that, with three locations whittled down to essentially one and a half. Many employees left for greener pastures. When things REALLY started to go down hill, the CEO asked me to intercept any emails between current and former employees, and then "hinted" that since so many of our clients had their email hosted on our email server, couldn't I do the same with them. I know that, legally, he had the right to get access to current employee email, and any former employee whom he had granted continued use of our email system (not sure on that last bit, IANAL). But asking me to, or suggesting I should allow him to, read client emails was a final straw. While he may have the "legal right" to read employee emails, it left a very bad taste in my mouth. Suggesting I allow him to read client's emails? It was like licking a rat. At the end of the day I had to go home and see myself in the mirror, and I knew that reading other people's personal, private emails was something so abhorrent. (Rimmer: "Lister, that is my private, personal, private diary; full of my personal, private, personal things." Cat: "It's gone public.") Now all that said, at another job, myself and some other IT workers suspected one of the devs of possibly being a pedo. We didn't read his emails, we didn't pour through his computer (which we could easily have done), but we did put google to good use, and at one point we did packet sniff where he was browsing. Was I proud of that? Well, actually yes. If he HAD been looking at kiddie porn, if he HAD been a sexual predator, being a father how could I stand back and not try to do something? It turned out he wasn't a diddler, just... Really really really really creepy. It is a very fine line between "ethical" and "non-ethical", it can be very hard to judge which is which, and everyone will have their own opinions. But in the end you have to live with yourself, and certainly I'm not qualified to decide right and wrong, nor pass judgment. If I had my way, anyone who sold a poorly made curry would be strung up and boiled in oil.

Re:There is no Absence!

[archen]

What kind of soulless bastard needs a written code of ethics to know what's right and wrong? Who really thinks that snooping around other peoples' data is the right thing to do?

Most of us do. But then again a LOT of us have lapses and moments of weakness. I mean if you know there is some really good dirt being shot back and forth via email and you log all email it's really tempting to just snoop through it to kill some boredom. Sometimes just reading a piece of paper on the wall can help you keep your focus.

I'm an I.T. Manager and it's sort of tough sometimes. For me personally I'm having a bad time in my life and I have this vicious streak that emerges many times a day - and that isn't helping. I have the ability to see every website they visit, everything they do on their PC, and can see every email received and sent. I can also access pretty much every file on every machine in the company. That's a LOT of responsibility. And I honestly don't snoop through any of it - it's kept for security/legal reasons. Monthly I wrap it up an 256bit AES encryption on a DVD and that's it. I think most I.T. people are actually pretty honest as well as far as the ones I've met. I mean I'd hate to see what the assholes in sales would do if they had as much power over the company as I had. heh, I actually just cringed.