Bài giảng Business Driven Technology - Business plug-in B7 - Ethics

BUSINESS PLUG-IN B7EthicsLEARNING OUTCOMESSummarize the guidelines for creating an information privacy policyIdentify the differences between an ethical computer use policy and an acceptable computer use policyDescribe the relationship between an email privacy policy and an Internet use policyLEARNING OUTCOMESExplain the effects of spam on an organizationSummarize the different monitoring technologies and explain the importance of an employee monitoring policyINTRODUCTIONEthics – the principles and standards that guide our behavior toward other peopleImportant ethical concepts stemming from ITIntellectual propertyCopyrightFair use doctrine Pirated softwareCounterfeit softwareINTRODUCTIONePolicies address information privacy and confidentiality issuesePolicies – policies and procedures that address the ethical use of computers and Internet usagePrivacy – the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consentConfidentiality – the assurance that messages and information are available only to those who are authorized to view themEthicsIndividuals form the only ethical component of an IT systemsEthicsActing ethically and legally are not always the same INFORMATION HAS NO ETHICSInformation does not care how it is usedInformation will not stop itself from sending spam, viruses, or highly-sensitive informationInformation cannot delete or preserve itselfDeveloping Information Management PoliciesOrganizations strive to build a corporate culture based on ethical principles that employees can understand and implementePolicies typically include:Ethical computer use policyInformation privacy policyAcceptable use policyEmail privacy policyInternet use policyAnti-spam policyETHICAL COMPUTER USE POLICYEthical computer use policy – contains general principles to guide computer user behaviorThe ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rulesETHICAL COMPUTER USE POLICYINFORMATION PRIVACY POLICYThe unethical use of information typically occurs “unintentionally” when it is used for new purposesFor example, social security numbers started as a way to identify government retirement benefits and are now used as a sort of universal personal IDInformation privacy policy - contains general principles regarding information privacyINFORMATION PRIVACY POLICYInformation privacy policy guidelinesAdoption and implementation of a privacy policyNotice and disclosureChoice and consentInformation securityInformation quality and accessACCEPTABLE USE POLICYAcceptable use policy (AUP) – a policy that a user must agree to follow in order to be provided access to a network or to the InternetAn AUP usually contains a nonrepudiation clauseNonrepudiation – a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actionsACCEPTABLE USE POLICYEMAIL PRIVACY POLICYOrganizations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policyEmail privacy policy – details the extent to which email messages may be read by othersEMAIL PRIVACY POLICYEMAIL PRIVACY POLICYINTERNET USE POLICYInternet use policy – contains general principles to guide the proper use of the InternetANTI-SPAM POLICYSpam – unsolicited emailSpam accounts for 40% to 60% of most organizations’ email and cost U.S. businesses over $14 billion in 2005Anti-spam policy – simply states that email users will not send unsolicited emails (or spam)Ethics in the WorkplaceWorkplace monitoring is a concern for many employeesOrganizations can be held financially responsible for their employees’ actionsThe dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethicalMONITORING TECHNOLOGIESMONITORING TECHNOLOGIESMonitoring – tracking people’s activities by such measures as number of keystrokes, error rate, and number of transactions processedKey logger or key trapper softwareHardware key loggerCookieAdwareSpywareWeb logClickstreamEMPLOYEE MONITORING POLICIESEmployee monitoring policies – explicitly state how, when, and where the company monitors its employeesCLOSING CASE ONE Sarbanes-OxleyThe Sarbanes-Oxley Act (SOX) of 2002 is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices by organizationsSarbanes-Oxley is where information technology, finance, and ethics meetCLOSING CASE ONE QUESTIONSDefine the relationship between ethics and the Sarbanes-Oxley ActWhy is records management an area of concern for the entire organization?What are two policies an organization can implement to achieve Sarbanes-Oxley compliance? Be sure to elaborate on how these policies can achieve complianceIdentify the biggest roadblock for organizations that are attempting to achieve Sarbanes-Oxley complianceCLOSING CASE ONE QUESTIONSWhat types of information systems might facilitate SOX compliance?How will electronic monitoring affect the morale and performance of employees in the workplace?What do you think an unethical accountant or manager at Enron thought were the rewards and responsibilities associated with their job?CLOSING CASE TWOInvading Your PrivacyCan your employer invade your privacy through monitoring technologies?Smyth verses Pillsbury CompanyBourke verses Nissan Motor CorporationMcLaren verses Microsoft CorporationCLOSING CASE TWO QUESTIONSPick one of the cases above and create an argument on behalf of the employeePick one of the cases above and create an argument against the employeePick one of the cases above and create an argument on behalf of the employer’s use of monitoring technologiesPick one of the cases above and create an argument against the employer’s use of monitoring technologies