Bernd Carsten Stahl and Dervla Collins (Ireland)
In this paper we want to present the findings of a study that researched the attitudes of Irish IS professionals with regards to employee surveillance and how codes of ethics can change their perceptions or actions. Moving in the triangle of privacy, surveillance, and codes of ethics, the study goes to the heart of some of the most intensively discussed topics in computer ethics, information ethics, and business ethics.
Privacy is probably – next to intellectual property – the ethical problem that computer professionals as well as IT managers have to deal with most frequently. At the same time it is also a serious intellectual and academic challenge. Views range from the famous classical definition by Warren / Brandeis as being part of the general right to be “let alone” to the modern discussion of whether privacy is an intrinsic or an instrumental right. Some authors don’t agree that it is a right at all and even those who do are uncertain what the limits of this right are. The situation is exacerbated by the fact that moral and legal norms sometimes contradict and that there is no international standard on dealing with privacy. European standards, for example, are much stricter than American ones, a fact which may come to threaten transatlantic trade.
Privacy issues in commercial organisations arise in two areas: Privacy of customer data and privacy of employees. Our study concentrates on the internal questions of privacy, especially on the problem of employee surveillance. On the subject of employee privacy one can find two extreme positions. One group of authors argues that whatever employees do during their work time is done at the cost and usually with the technology belonging to the employer. The employer pays the employee for that time and therefore has a right to all of the output of the employee. The consequence is that the employer has the right to know and check everything that the employee does at work. This position can be characterised as “complete surveillance”. On the other hand there are those who say that the employer may have the right to the employee’s output, but he has no right to the data concerning the employee other than what is immediately related to the output. All information about the employee is then considered to be completely within the discretionary rights of the employee. Between these two extreme positions, all other combinations are conceivable.
Our question now is: how can the ordinary IT professional deal with these positions? They are frequently forced to make pertinent decisions because these are part of their jobs. The rapid growth and deployment of surveillance technologies by organisations threatens to make information and employee privacy obsolete. The current range of technologies specifically designed to survey ranges from phone tapping, Internet tracking, email monitoring to closed circuit TV. Thanks to these technological innovations the private sector now enjoys unprecedented abilities to collect personal data, and it is suggested that the costs of data collection and surveillance will decrease, while the quantity and quality of data will increase. As the responsibility for purchasing, developing, installing, collating, storing and reviewing the information generated from such surveillance tools falls on the shoulders of the IT/IS Department, ethical and moral demands are placed on IS/IT professionals they might never have envisaged and are ill equipped to deal with.
One possible solution to the problem that one finds frequently in literature about applied ethics is the introduction of codes of ethics or codes of conducts. Those codes, however, are themselves highly contentious. What is their purpose? Can they tell people what to do, should they just awaken consciousness of the problem, can they circumvent the legal loopholes or are they a contradiction in terms, because ethics cannot be codified?
We decided that one important aspect in answering all of these questions was to know more about the actual realities of the use of such codes. For that purpose we conducted a survey among 60 IS / IT professionals in Ireland which should tell us what the practices in surveillance was as well as what influence codes of conduct had on these practices. The survey, which we will present in detail in the finished paper, revealed several interesting discrepancies. It turned out that 55% of the companies used electronic methods of surveillance of their employees. The perception of this as unethical varied significantly. Depending on the mode of surveillance, the IS professionals often thought the surveillance acceptable. At the same time most considered themselves ethical and would refuse to do tasks for the company that they saw as unethical.
The interesting part of the survey was contrasting this possible ethical problem of surveillance with the realities of codes of conduct. Only 27% of the respondents stated that their organisation had a code of conduct and of those 50% were familiar with its content. Similar numbers apply to specific codes of conduct for IS professionals. Of those respondents who worked in companies that had codes of conduct 47% stated that they thought the code helpful when dealing with ethical problems. An almost equal percentage of the respondents who did not have a code also thought it would be helpful in dealing with ethical problems.
There are several conclusions one can draw from this: First, electronic surveillance is a reality in Ireland. Second, it is done by IS professionals, who in many cases see it as an ethical problem but are unsure how to deal with it. Third, codes of conduct are accepted by people making ethical decisions as a means for dealing with the ethical content of these decisions. The study clearly shows the relevance of codes of ethics for theory and practice.
At the same time, several questions for subsequent research became clear:
- If IS professionals see codes as helpful, how exactly do codes help in concrete decision situations?
- On what grounds do IS professionals decide if an action is immoral? Does the practice in a company affect the professionals’ ethical judgement?
- Do any of these findings allow a feedback to the theoretical evaluations of privacy, surveillance, and codes of ethics? We hope that our presentation of the study and the discussion will help us define this future research more clearly.