5 Ethical Principles for the Practice of IT
IT is governed by policies--but those ethics are only as good as the ethics behind those principles. Here are 5 keys to the ethical practice of IT.
Corporate ethics are vitally important. Companies large and small have recognized the value of moving beyond the minimum standard of compliance to develop a more wide-ranging ethical organizational culture.
This emphasis on ethics sounds great the in boardroom and in shareholder calls, but for IT departments based on policies and safeguards, operating primarily based on a code of ethics may be difficult to envision.
But the truth is that in this era where more and more businesses pursue ethical practice, IT should be an enthusiastic participant.
At Worthwhile, we seek to make a better world with our work, and so we have set forth our own IT Code of Ethics. These ethical principles can translate to your company as well, and so we share what we have committed to as part of the ethical practice of IT.
1. I.T.'s No. 1 job is to help people work.
The first step toward the ethical practice on IT is a focus on people. Data security, network usage, hardware and device management—none of it matters if employees at your company can’t do their part in helping your company achieve its mission and goals. So you must take a human-centered approach to IT design and management.
Your primary product as an IT leader is not a list of good policies. Your primary goal is not coming under budget for hardware purchases. Job No. 1 is integrating tools that help people do their jobs and that help your customers make meaningful purchases. You can’t treat people as subordinates to your policies—it must be the other way around.
If you don’t have this empathy-based mindset, your IT department will be an obstacle to your company’s mission, instead of an asset. And if you are evaluated by KPIs that don’t focus on people, then you’re being measured by the wrong things. IT is internal service. It must always put people first.
2. I.T. protects proactively
Cybersecurity is a huge topic, and it’s fundamentally important. Your company’s data, customer info, and IP are extraordinarily valuable, and they should be protected with a great level of care.
As any good IT professional knows, security is not about building a bunker around your business. With smartphones, cloud hosting, and connected sensors becoming the norm, networks are more distributed than ever. That means that security only happens via being proactive.
This is more than periodic penetration testing and strong anti-virus software, although those are good things to do. Security means staying current on the latest versions of software and phasing out old and potentially vulnerable hardware and software quickly. IT also needs to proactively address technical debt, and be honest with stakeholders on all sides of what type of technical debt exists and what risks that may create.
If you don’t, your business could easily become one of these stories where hackers take over your connected devices to take down your network. Or one of the stories (like Maersk or Basecamp) where a company can only express regrets about wishing IT had acted sooner.
Technology is moving fast, which means more attack vectors are discovered and the implications of failures are larger than ever. An ethical IT practice will be proactive to keep up with these changes and protect everyone through vigilance and transparent updates.
3. I.T. puts privacy first whenever possible
IT is a playground for the possible. You can find out everything about customers and employees through logging tools and network backups.
But just because you can doesn’t mean you should. If people internally or externally find out you’ve been violating their privacy, there will be hell to pay. Just ask Google or Facebook about the messes they’ve had to clean up because they ignored perceived or promised privacy protection.
Ethical IT requires that you only invade privacy as a last resort, not a first one. Put the customer’s and the employee’s expectation of privacy at a premium, and only erode that privacy when absolutely necessary.
Of course, there are legitimate reasons that IT departments may need to review emails or internet history or even keystroke logs—especially to protect patient or employee personal information, or to ensure confidential information is protected. But these reasons are frankly few and far between. They should be identified in advance by both IT and the C-suite, and then IT should make the lines around privacy expectations clear to everyone early and often.
The stakes for this are even higher with the advent of GDPR regulations, which codify compliance for user privacy. These kinds of regulations are only going to spread, making privacy a key compliance area. But ethics require more than merely complying with the law. You need to prize the privacy of the user (whether internal or external) as much of the user himself or herself does.
4. I.T. makes its policies clear and concise, and repeats them constantly
IT is policy-driven, which is fine. But too often, IT departments write a policy once and expect employees or customers to find them, interpret them, and remember them. This approach simply isn’t good enough. It’s not laissez-faire; it’s just lazy.
Ethical IT takes on the burden of making sure that everyone not only hears the policies, but fully understands them. This means that IT must write policies that are clear and easy to understand. Policies should never default into developer-centric or technical language that most people can’t easily understand. This also means that IT practitioners repeat policies often, to ensure that everyone has the best possible understanding of the policy so they can follow it.
Whether a policy is lax or stringent or old or new, it should never be a surprise or a trick question. If employees know from the start that their email is reviewed or their internet history is monitored, they won’t be upset about it. The problem comes when IT enforces a policy that employees or customers haven’t heard in years, or never understood in the first place. The burden falls on IT to avoid this problem.
This kind of transparency applies beyond privacy. IT should avoid mechanical turk type of services that give the impression a machine is doing the work when it’s actually being done by a person. Transparency for IT means not being deceptive about the work and not trying to hide how things work or even what processes and decisions led to IT architecture and policies.
5. I.T. treats customers as people, not data
We live in a business world where customer data is sometimes more valuable than what a customer may purchase. But when you treat customer data as the biggest value of your business, you will end up disappointing your customers or even exploiting your customers. Unless you want to be lumped in with Cambridge Analytica, you need to protect customers so you can serve them using their data, rather than disregarding your customers while using their data for anything and everything you please.
That’s why our ethical practice of IT begins and ends with people. IT looks to make the customer experience good in every way from the options on the VOIP system to chatbots to security of their financial data. IT tries to serve customers more than it tries to create efficiencies or new revenue streams.
People are more important than data or terms of service policies. So put people first, whether they’re your fellow employees or your customers. That is where the ethical practice of IT should always start and end.