Sie sind auf Seite 1von 29

BUSINESS PLUG-IN

B7
Ethics

McGraw-Hill/Irwin

The McGraw-Hill Companies, All Rights Reserved

LEARNING OUTCOMES
1. Summarize the guidelines for creating an
information privacy policy
2. Identify the differences between an ethical
computer use policy and an acceptable
computer use policy
3. Describe the relationship between an email
privacy policy and an Internet use policy
B7-2

LEARNING OUTCOMES
4. Explain the effects of spam on an
organization
5. Summarize the different monitoring
technologies and explain the importance
of an employee monitoring policy

B7-3

INTRODUCTION
Ethics the principles and standards that guide
our behavior toward other people
Important ethical concepts stemming from IT

Intellectual property
Copyright
Fair use doctrine
Pirated software
Counterfeit software
B7-4

INTRODUCTION
ePolicies address information privacy and
confidentiality issues
ePolicies policies and procedures that address the
ethical use of computers and Internet usage
Privacy the right to be left alone when you want to
be, to have control over your own personal
possessions, and not to be observed without your
consent
Confidentiality the assurance that messages and
information are available only to those who are
authorized to view them
B7-5

Ethics
Individuals form the only ethical component of
an IT systems

B7-6

Ethics
Acting ethically and legally are not always
the same

B7-7

INFORMATION HAS NO ETHICS


Information does not care how it is used
Information will not stop itself from
sending spam, viruses, or highly-sensitive
information
Information cannot delete or preserve
itself
B7-8

Developing Information Management


Policies
Organizations strive to build a corporate culture based
on ethical principles that employees can understand
and implement
ePolicies typically include:

Ethical computer use policy


Information privacy policy
Acceptable use policy
Email privacy policy
Internet use policy
Anti-spam policy
B7-9

ETHICAL COMPUTER USE POLICY


Ethical computer use policy contains
general principles to guide computer user
behavior
The ethical computer user policy ensures
all users are informed of the rules and,
by agreeing to use the system on that
basis, consent to abide by the rules
B7-10

ETHICAL COMPUTER USE POLICY

B7-11

INFORMATION PRIVACY POLICY


The unethical use of information typically occurs
unintentionally when it is used for new
purposes
For example, social security numbers started as a
way to identify government retirement benefits and
are now used as a sort of universal personal ID

Information privacy policy - contains general


principles regarding information privacy

B7-12

INFORMATION PRIVACY POLICY


Information privacy policy guidelines
1. Adoption and implementation of a privacy
policy
2. Notice and disclosure
3. Choice and consent
4. Information security
5. Information quality and access

B7-13

ACCEPTABLE USE POLICY


Acceptable use policy (AUP) a policy that a
user must agree to follow in order to be
provided access to a network or to the Internet
An AUP usually contains a nonrepudiation
clause
Nonrepudiation a contractual stipulation to ensure
that ebusiness participants do not deny (repudiate)
their online actions

B7-14

ACCEPTABLE USE POLICY

B7-15

EMAIL PRIVACY POLICY


Organizations can mitigate the risks of
email and instant messaging
communication tools by implementing and
adhering to an email privacy policy
Email privacy policy details the extent
to which email messages may be read by
others
B7-16

EMAIL PRIVACY POLICY

B7-17

EMAIL PRIVACY POLICY

B7-18

INTERNET USE POLICY


Internet use policy contains general
principles to guide the proper use of the
Internet

B7-19

ANTI-SPAM POLICY
Spam unsolicited email
Spam accounts for 40% to 60% of most
organizations email and cost U.S.
businesses over $14 billion in 2005
Anti-spam policy simply states that
email users will not send unsolicited
emails (or spam)
B7-20

Ethics in the Workplace


Workplace monitoring is a concern for many
employees
Organizations can be held financially
responsible for their employees actions
The dilemma surrounding employee monitoring
in the workplace is that an organization is
placing itself at risk if it fails to monitor its
employees, however, some people feel that
monitoring employees is unethical
B7-21

MONITORING TECHNOLOGIES

B7-22

MONITORING TECHNOLOGIES
Monitoring tracking peoples activities by
such measures as number of keystrokes, error
rate, and number of transactions processed

Key logger or key trapper software


Hardware key logger
Cookie
Adware
Spyware
Web log
Clickstream
B7-23

EMPLOYEE MONITORING POLICIES


Employee monitoring policies explicitly state how,
when, and where the company monitors its employees

B7-24

CLOSING CASE ONE


Sarbanes-Oxley

The Sarbanes-Oxley Act (SOX) of 2002 is


legislation enacted in response to the highprofile Enron and WorldCom financial scandals
to protect shareholders and the general public
from accounting errors and fraudulent
practices by organizations

Sarbanes-Oxley is where information


technology, finance, and ethics meet
B7-25

CLOSING CASE ONE QUESTIONS


1.

Define the relationship between ethics and the


Sarbanes-Oxley Act

2.

Why is records management an area of concern for the


entire organization?

3.

What are two policies an organization can implement to


achieve Sarbanes-Oxley compliance? Be sure to
elaborate on how these policies can achieve
compliance

4.

Identify the biggest roadblock for organizations that are


attempting to achieve Sarbanes-Oxley compliance B7-26

CLOSING CASE ONE QUESTIONS


5. What types of information systems might
facilitate SOX compliance?
6. How will electronic monitoring affect the
morale and performance of employees in the
workplace?
7. What do you think an unethical accountant or
manager at Enron thought were the rewards
and responsibilities associated with their job?
B7-27

CLOSING CASE TWO


Invading Your Privacy

Can your employer invade your privacy


through monitoring technologies?
Smyth verses Pillsbury Company
Bourke verses Nissan Motor Corporation
McLaren verses Microsoft Corporation

B7-28

CLOSING CASE TWO QUESTIONS


1.

Pick one of the cases above and create an argument


on behalf of the employee

2.

Pick one of the cases above and create an argument


against the employee

3.

Pick one of the cases above and create an argument


on behalf of the employers use of monitoring
technologies

4.

Pick one of the cases above and create an argument


against the employers use of monitoring technologies
B7-29