McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-2 LEARNING OUTCOMES 1.Summarize the guidelines for creating an information privacy policy. 2.Identify the differences between an ethical computer use policy and an acceptable computer use policy 3.Describe the relationship between an privacy policy and an Internet use policy

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-3 LEARNING OUTCOMES 4.Explain the effects of spam on an organization. 5.Summarize the different monitoring technologies and explain the importance of an employee monitoring policy

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-4 INTRODUCTION Ethics – the principles and standards that guide our behavior toward other people Important ethical concepts stemming from IT: – Intellectual property – Copyright – Fair use doctrine – Pirated software – Counterfeit software

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-5 INTRODUCTION ePolicies address information privacy and confidentiality issues – ePolicies – policies and procedures that address the ethical use of computers and Internet usage – Privacy – the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent – Confidentiality – the assurance that messages and data are available only to those who are authorized to view them

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-6 Ethics Individuals form the only ethical component of an IT systems

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-7 Ethics Acting ethically and legally are not always the same

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-8 INFORMATION HAS NO ETHICS Information has no ethics Information does not care how it is used Information will not stop itself from sending spam, viruses, or highly-sensitive information Information cannot delete or preserve itself

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-9 Developing Information Management Policies Organizations strive to build a corporate culture based on ethical principles that employees can understand and implement ePolicies typically include: – Ethical computer use policy – Information privacy policy – Acceptable use policy – privacy policy – Internet use policy – Anti-spam policy

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved ETHICAL COMPUTER USE POLICY Ethical computer use policy – contains general principles to guide computer user behavior The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved ETHICAL COMPUTER USE POLICY Six principles for ethical information management

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved INFORMATION PRIVACY POLICY The unethical use of information typically occurs “unintentionally” when it is used for new purposes – For example, social security numbers started as a way to identify government retirement benefits and are now used as a sort of universal personal ID Information privacy policy - contains general principles regarding information privacy

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved INFORMATION PRIVACY POLICY Information privacy policy guidelines: 1.Adoption and implementation of a privacy policy 2.Notice and disclosure 3.Choice and consent 4.Information security 5.Information quality and access

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved ACCEPTABLE USE POLICY Acceptable use policy (AUP) – a policy that a user must agree to follow in order to be provided access to a network or to the Internet An AUP usually contains a nonrepudiation clause – Nonrepudiation – a contractual stipulation to ensure that e-business participants do not deny (repudiate) their online actions

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved ACCEPTABLE USE POLICY

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved PRIVACY POLICY Organizations can mitigate the risks of and instant messaging communication tools by implementing and adhering to an privacy policy privacy policy – details the extent to which message may be read by others

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved PRIVACY POLICY

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved INTERNET USE POLICY Internet use policy – contains general principles to guide the proper use of the Internet

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved ANTI-SPAM POLICY Spam – unsolicited Spam accounts for 40% to 60% of most organizations’ and cost U.S. businesses over $10 billion in 2003 Anti-spam policy – simply states that users will not send unsolicited s (or spam)

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved Ethics in the Workplace Workplace monitoring is a concern for many employees Organizations can be held financially responsible for their employees’ actions The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved MONITORING TECHNOLOGIES Monitoring – tracking people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved EMPLOYEE MONITORING POLICIES Employee monitoring policies – explicitly state how, when, and where the company monitors its employees

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved Closing Case One Sarbanes-Oxley The Sarbanes-Oxley Act (SOX) of 2002 is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices by organizations Sarbanes-Oxley is where information technology, finance, and ethics meet

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved Closing Case One Questions 1.Define the relationship between ethics and the Sarbanes-Oxley Act 2.Discuss why records management is an area of concern for the entire organization 3.What are two policies an organization can implement to achieve Sarbanes-Oxley compliance? 4.Identify the biggest roadblock for organizations that are attempting to achieve Sarbanes-Oxley compliance

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved Closing Case Two Spying on Employees Many organizations have taken the Big Brother approach to Web monitoring and track Internet usage and read employees’ to help prevent lost productivity Current research indicates that the effects of such employee monitoring are even worse than the lost productivity from employee Web surfing

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved Closing Case Two Questions 1.Explain the ethical issues involved in employee monitoring 2.Summarize the adverse effect employee monitoring can have on employees. Summarize the potential issues an organization can face if it does not monitor its employees. If you were the CEO of an organization, would you choose to monitor your employees? Why or why not?

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved Closing Case Two Questions 3.Identify the relationship between information privacy and monitoring 4.Summarize the different monitoring technologies and rank them in order of least invasive to most invasive for employees