create ethical policies and procedures - aoi...
TRANSCRIPT
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Create ethical policies and procedures
Inside this reading Create ethical policies and procedures 2
National privacy principles 2
Code of ethics 3
Creating a code of ethics 4
Producing work procedures 4
Implementing the policies, procedures and codes 5
Summary 5
Feedback to activities Error! Bookmark not defined.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Create ethical policies and procedures It is important that IT professionals understand the ethics and values of their organisation,
and their obligation to meet both employer and client expectations of ethical conduct.
Expectations of ethical conduct are often communicated through formal documents such as
workplace codes, standards, policies and procedures. Creating ethical policies and procedures
is about ensuring that business operations reflect ethics and values, as well as the legislation
and standards that apply.
What are workplace policies and procedures?
Workplace policies and procedures are two different types of document that provide guidance
for employees as they go about their work:
A workplace policy is a general statement of intention relating to legislation, standards or
the values of the organisation.
A workplace procedure contains practical information and directions on how work is to
be carried out to an acceptable standard.
As an example, a Safe Workplace Policy may outline the commitment to a safe workplace in
line with OHS legislation. A hazard reporting procedure might then be developed that
describes the method and documentation required for reporting and managing hazards.
National privacy principles Privacy is an important issue for most people, and one that should be reflected throughout IT
workplace policies and procedures, as staff often have easy access to others’ personal
information. As well as laws that protect the rights of others in regard to personal information
the Commonwealth Government has introduced – in the Privacy Act 1988 (as amended) – the
10 National Privacy Principles as a guide to how others’ information should be managed so
that their privacy is protected.
The National Privacy Principles cover the following topics:
Principle 1 – Collection
Principle 2 – Use and disclosure
Principle 3 – Data quality
Principle 4 – Data security
Principle 5 – Openness
Principle 6 – Access and correction
Principle 7 – Identifiers
Principle 8 – Anonymity
Principle 9 – Transborder data flows
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Principle 10 – Sensitive information
More information about the National Privacy Principles can be found in Schedule 3, at the
end of the Privacy Act 1988. To find the Act you can search for it in
http://www.comlaw.gov.au/ or http://www.austlii.edu.au/. If you go into the Austlii site click
on ‘Australian Cases and Legislation,’ ‘Commonwealth,’ then ‘Commonwealth Consolidated
Acts’ and then find the Act through the alphabetical list.
Code of ethics
Most organisations or workplaces expect a certain standard of behaviour from their
employees. In small organisations these may be unwritten rules, but larger organisations will
develop an ethics code or statement to ensure that their employees know the standard of
conduct that is expected of them.
The example below shows a policy and procedure for IT support services:
IT support policy statement:
All Solutions1 clients are entitled to prompt and professional support service. Solutions1
will endeavour at all times to minimise disruption to services and ensure security of data.
There may be many procedures may relate to this policy. Following is one example
procedure:
Support team job logging procedure:
Support requests are to be logged and acknowledged within 15 minutes of receipt
Critical support requests are to be given priority. These include, but are not limited to,
threats to information security and interruption to core business operations
Non-critical support requests are to be actioned in order of receipt and finalised within
24 hours. For support requests that cannot be finalised within 24 hours clients are to be
provided with regular status reports.
An organisation’s policies and procedures may cover many aspects of their operations, such
as human resources, customer service, environmental management, operational areas and
occupational health and safety. The policies may be available in print, in electronic format on
the company intranet, or in some cases online on a public website. The documents may be
published collectively as a Policy and Procedures Manual (PPM).
Many industry bodies and associations also publish codes and standards that govern the
ethical conduct of their members. These codes and standards are aimed at promoting the
reputation of the industry by ensuring members maintain professional and ethical conduct.
The standards are not necessarily legally binding, but may be used to support legal argument.
A Code of Ethics may be described as a Code of Conduct, Ethics Statement or similar. Codes
of Ethics published by industry bodies include:
Australian Computer Society (ACS). To access this code online, go to
http://www.acs.org.au/ and choose from the left menu: The ACS/The Society/General
Policies/Code of Ethics
System Administrators Guild of Australia (SAGE-AU). The SAGE-AU Code of Ethics is
published online at http://www.sage-au.org.au/ethics.html
You may be aware of other organisations that produce standards and codes for their
members.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Creating a code of ethics Once the need for a code of ethics is identified, how does an organisation go about creating
one? The code will need to reflect the legal and organisational requirements and the client
expectations, so the first step might be to examine the organisation’s business operations and
client base.
It is also important to know who might determine who the stakeholders are. Stakeholders are
the people who will have a role in developing, approving and implementing the code.
Creating a code of ethics might follow a process like this:
1 consideration of legal, organisational, client and community requirements and
expectations
2 examination of existing codes from industry bodies and similar organisations
3 preparation of a draft code for review
4 consultation with stakeholders and integration feedback
5 approval and finalisation processes
6 publication of the code
A process similar to this might be used to create a range of workplace policies and
procedures.
Producing work procedures As described earlier in this reading, a workplace procedure contains practical information and
directions on how an activity is to be carried out to an acceptable standard. An ethical
procedure is one that is fair and equitable, is appropriate in terms of privacy and
confidentiality, and complies with relevant standards and legislation.
Creating a simple procedure may involve writing a number of dot points explaining, for
example, how to use a piece of equipment correctly.
For more complex procedures, like setting out how to conduct an interview or report
workplace harassment, you might need to include references to forms that must be completed
during the procedure, legislation or standards that apply, and people who need to be advised
of the activity.
Look at some examples of a work procedures used in your place of work that refer to one or
more of the following:
o privacy or confidentiality
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Implementing the policies, procedures and codes
Reviews and skills updates
Promoting ethical conduct in the workplace continues beyond the publication of the code,
policy or procedure. For these to be effective, employees must become familiar with the
documents. Ways of keeping employees informed about the documents include:
staff orientation and training programs
a Policy and Procedures Manual (PPM)
publication of codes and PPM in print and online.
Compliance and monitoring
Once implemented successfully, compliance may be managed through regular monitoring
processes. A range of formal and informal strategies can help ensure standards are
maintained. These could include:
formal processes such as documentation of tasks, performance reviews, audits,
inspections, quality control processes and staff
informal channels such as team meetings and individual discussion to communicate the
expectations of ethical conduct.
These are just some of the activities an organisation may perform to ensure that staff
members understand their legal obligations, and follow the policies and procedures. Other
monitoring activities might include:
consultation with clients to ensure their needs are met
monitoring of client relations, business activities and work procedures ensure all
personnel are following the code of ethics.
Summary In this reading you examined the requirements for developing ethical policy and procedures
in the IT industry. You looked at some examples of the policies and procedures that
organisations have published to help ensure their employees maintain organisational
principles and practice, and at a process for creating policies, procedures and codes for your
workplace.
The topic also covered the implementation of policies and procedures, and strategies to
monitor the organisation and its employees to ensure that the policies and procedures in place
are followed.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Identify Australian IT-related legislation and standards
Inside this reading Relevant legislation and standards 7
Commonwealth Government legislation 7
The legal framework 8
Accessing legislation 8
How Acts are referenced in other documents 9
Legislation for IT and other industries 10
Industry-specific standards, policy and legislation 12
Summary Error! Bookmark not defined.
Feedback to activities Error! Bookmark not defined.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Relevant legislation and standards As an IT professional your work is governed by Australian legislation and industry standards.
These may include:
Australian Commonwealth legislation
Australian state and territory legislation
legislation and standards that apply to the IT industry
legislation and standards that apply to the client’s core business
international IT and business standards.
Commonwealth Government legislation Commonwealth Government legislation refers to the laws enacted by the Government, and to
the legislative documents that set out these laws. The legislation includes Acts of Parliament
and subordinate Regulations that are the law, and may be supported by Government policies
and guidelines. Some of this legislation covers all industries across Australia, while other
legislation is either industry- or state- specific.
The IT industry is governed by various Commonwealth and State legislation, including
general legislation such as privacy and copyright law, and legislation specifically enacted in
response to new technologies, such as recent anti-spam laws.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
The legal framework As shown in the diagram below, only Acts and Regulations are law. Policies, codes,
standards and guidelines are not law; however compliance may be mandatory as a condition
of employment or professional membership.
Compliance with the relevant legislation is mandatory, and may be controlled in the
workplace through documentation and certification requirements, and formally monitored
through processes such as audits and inspections.
Accessing legislation The full range of Commonwealth and state legislation governing Australians and Australian
business is available online, and libraries and operational areas within the workplace may
also keep print copies of relevant legislation. Referring to the online version is preferable, as
the legislation may have been amended or repealed since a hardcopy was printed.
You can view current legislation online at:
http://www.comlaw.gov.au/ for Commonwealth legislation
http://www.legislation.nsw.gov.au for NSW State legislation
Some government agencies make important information more accessible by publishing
guidelines in ‘plain English’ and a range of other languages.
Navigating legislation websites to find information
At times, you may need to review current legislation or find specific information within an
Act or subordinate document. Learning every piece of relevant legislation would be an
unrealistic expectation, but it is a useful skill to be able to find and review the legislative
documents online.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
How information is organised within the legislative document
The title, date version and other identifying information are shown on the first page of the
Act. The body of the Act is divided into parts, sections and subsections. Part 1 contains
preliminary information such as definitions.
How Acts are referenced in other documents Generally, references to legislative documents give the title of the legislation, the year it was
enacted, and the section number where the specific information can be found. It may also
specify whether the legislation is state or Commonwealth; for example:
Your obligations as an employee are set out under the Occupational Health and Safety Act
2000 (NSW) s 20. Here is how you would find the information online:
1 Go to the NSW legislation site: http://www.legislation.nsw.gov.au.
2 From the top navigation, choose ‘Search in force’ (searches for legislation that is
currently in place).
3 Search for the exact phrase ‘Occupational Health and Safety Act’.
4 Choose the document ‘Occupational Health and Safety Act 2000 No40’.
5 From the ‘content’ menu of this document, select ‘20 Duties of Employees’.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Plain English guides to legislation
While it’s important that you know how to access legislation and how information is laid out
within an Act or Regulation, you should not feel that you face the overwhelming task of
learning every law that you need to comply with, or that you need to be able to interpret the
‘legalese’ used to write the documents. Government and industry bodies develop guidelines
and explanations bodies set out the important issues in ‘plain English’, and these cover much
of what you need to know in your day-to-day work. In the case of common law, you probably
know the right thing to do without having to refer to legislation.
If you do need to refer to legislation, make sure it is up-to-date, and relevant to the state or
territory in which your business operates. Both Commonwealth and state legislation is
published online, and this is a good place check the currency of legislation.
Finally, if you are not absolutely certain of your legal position, get advice from an expert.
Breaking the law, knowingly or through misunderstanding or negligence, puts you at risk of
serious penalties.
Legislation for IT and other industries Legislation relevant to IT professionals in NSW in Australia includes the generic legislation
that applies to all industries, workplaces or individuals. Legislation that determines the rights
and obligations of employees and employers, service providers and customers includes:
privacy
copyright and intellectual property
occupational health and safety
equal opportunity and access and equity
anti-discrimination
fair trading
industrial relations
workers compensation and rehabilitation.
Tip: To see a range of general and IT-related legislation that could apply to the IT industry
across Australia, check out the Primary Legislation section of the Oz NetLaw site at:
http://www.oznetlaw.net/home.asp
Occupational health and safety legislation
Occupational health and safety legislation is one example of legislation that is relevant to all
industries, including the IT industry. The legislation is intended to protect workers and others
from workplace-related accident or injury. Each Australian state and territory is responsible
for making and enforcing their OHS laws, and the National Occupational Health and Safety
Commission (NOHSC) sets standards for some industries that are not law, but may be
adopted as law by the state or territory.
Under OHS law both employers and employees have obligations, also known as a ‘duty of
care’ to maintain a safe workplace.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Find out more about your legal obligation to ensure workplace health and safety: Workcover New South Wales provides comprehensive workplace health and safety
information and links at: http://www.workcover.nsw.gov.au/default.htm
Occupational Health and Safety Act 2000 (NSW)
Equal opportunity, access and equity
Equal opportunity and anti-discrimination laws are intended to prevent unfair treatment on
the basis of personal attributes such as disability, race, gender and other social or physical
difference. The Commonwealth laws that protect against discrimination include:
Disability Discrimination Act 1992 (Cwlth)
Racial Discrimination Act 1975 (Cwlth)
Sex Discrimination Act 1984 (Cwlth)
Privacy laws
Privacy laws are an important example of how the IT profession is governed by legislation.
Privacy concerns the personal information, and is different to confidentiality, which generally
concerns business and operational information.
As an IT professional you might have administrator access to personal information through
your organisation’s electronic records and communications. This type of information is
protected by privacy legislation, and administrative access does not give you the right to
view, use or pass on others’ personal information without their consent.
Personal information can include:
Name, address and contact details
Birth date or age
Marital status
Gender and sexual preference
Private details such as medical records or criminal history
Commonwealth and state governments have enacted privacy legislation to protect individuals
from misuse of their personal information. As a rule of thumb, Commonwealth legislation
governs how Australian public sector departments and agencies can use client information,
while state legislation applies to the private sector businesses in that state.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Find out more about privacy legislation at: Office of the Federal Privacy Commissioner http://www.privacy.gov.au/index.asp is a
good source of information on privacy legislation, and has specific information on IT and
Internet Issues, and privacy information sheets for business.
Office of the NSW Privacy Commissioner privacy information is published online on the
Lawlink NSW site: http://www.lawlink.nsw.gov.au/privacynsw
Allens Arthur Robinson provide a comprehensive list of privacy information and links at:
http://www.aar.com.au/privacy/index.htm
Industry-specific standards, policy and legislation
IT-related legislation
The rapid growth of the IT industry has led to the introduction of legislation governing IT-
related industries and digital content. In addition to the general Commonwealth and state
legislation that apply to IT and other industries, such as privacy and copyright law, IT
professionals must comply with specific IT-related legislation, in the areas, for example, of:
anti-spam
e-business
telecommunications
digital agenda amendments to copyright law.
IT professionals working within other industries may also be bound by specific legislation
that applies to that industry, and need to understand how this impacts on their IT function.
Tip: To see a range of general and IT-related legislation that could apply to the IT industry
across Australia, check out the Primary Legislation section of the Oz NetLaw site at:
http://www.oznetlaw.net/home.asp
Industry standards
Industry standards might be developed by Government bodies, or by international, national or
state industry organisations and professional associations. The standards are intended to
ensure that industry members conduct their business operations and provide services and
products to an acceptable professional standard. Industry standards are not necessarily legally
binding, but may be used to support legal argument.
Standards that have been adopted by the Australian IT industry include:
OECD standard
ISO standards
Australian Standards
W3C accessibility standards.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
OECD standards
http://www.oecd.org/ (browse ‘By Country’ to Australia)
Australia is one of thirty OECD (Organisation for Economic Co-operation and Development)
members. The OECD website has information and guidelines for range of IT-related topics,
including Privacy.
IS0 standards
http://www.iso.org
ISO refers to the voluntary standards for members of the International Organization for
Standardization, a non-government standards network based in Switzerland. ISO develops a
range of standards for the IT industry, including software development.
You may be familiar with the term ‘ISO 9001 compliant’. This refers to organisations that
meet the current ISO9001:2000 quality management certification.
Standards Australia
http://www.standards.org.au
Standards Australia is a developer of Australian Standards (AS), and is the Australian
representative for the International Organization for Standardization (ISO).
W3C accessibility standards
http://www.w3c.org.au
The Australian W3C Office promotes World Wide Web Consortium Accessibility Standards
(WC3). These standards aim to ensure that web content is accessible to all users, including
those with disabilities. W3C provides for strategies and alternatives that present content and
navigation in the most accessible format.
Policies
A policy is general statement of intention relating to legislation, standards or the values of an
organisation. Like the standards, a policy is not necessarily legally binding but may be used
to support legal argument.
Government policy
Government policy is not law, but sets out in general terms the position of the government in
relation to the subject of the policy. The policy may govern the conduct of government
officials and organisations and agencies, or provide voluntary guidance material in matters
associated with legislation.
Industry policy
An industry policy provides guidance for industry members in relation to the subject of the
policy, and sets out in general terms the position industry members should maintain.
Workplace policy
A workplace policy will set out in general terms the position of the organisation in relation to
the subject of the policy. The policy should reflect legislation, industry policy, and the
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
specific values and operations of the business. The following policy example can be found on
the TAFE NSW website:
Use of TAFE NSW Internet and Intranet Services
The ‘Use of TAFE NSW Internet and Intranet Services’ document on
http://www.tafensw.edu.au/legal/useofservices.htm outlines expected user behaviour for all
staff and students who make use of TAFE NSW Internet and Intranet services including
email, email lists, web browsing, website publication, chat and news groups (forums).
Ensure the integrity and security of others’ information
An IT professional may be responsible for others’ personal or confidential data, or other data
and software critical to business operations. To ensure the integrity and security of
information means to make sure that it is not lost, corrupted or damaged in any way, and is
adequately protected from unauthorised access and use.
Legislation, policies and standards will guide you in maintaining the integrity and security of
information. As we have seen, this includes:
privacy legislation
copyright and intellectual property laws
government, industry and workplace policies.
Commonwealth and state governments have enacted new legislation in response to the
growth of IT-related communication. Examples of this include:
Spam Act 2003 (Cwlth)
This Act is aimed at limiting unwanted electronic communications, such as advertising
material in emails.
Electronic Transactions Act 1999 (Cwlth).
Maintain and work to industry and international standards
Standards organisations such as ISO, Standards Australia and OECD have developed a range
of standards that apply to the information technology industry and IT professionals in
Australia.
The standards are available for purchase, and most standards that apply to Australian business
are available from the SAI global online catalogue at: http://www.sai-global.com
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Identify quality processes
Inside this reading Quality processes 16
Industry and international standards 16
Implementing quality processes 17
Meeting clients’ needs 18
Summary 18
Feedback to activities 18
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Quality processes Quality is about ensuring that a high standard product or service is provided to the client or
employer in a cost-effective and timely manner.
Quality processes are designed to maintain and improve products and services on an ongoing
basis, and may form part of a formal organisation-wide quality management system.
Formal quality management systems can include:
Quality Assurance (QA)
Quality Management (QM)
Total Quality Management (TQM)
Continuous Improvement Processes
Quality Frameworks
These are generic terms used to describe similar approaches to
managing quality.
A quality framework describes a business management approach to meeting and maintaining
quality standards, based on a continuous cycle of performance evaluation and improvement.
This approach is usually highly structured and involves a comprehensive system of quality
documentation.
Quality processes can include ongoing monitoring and reviews, project management
procedures, client reports and sign-offs, and documents associated with the legal compliance,
management and operation of software and systems.
An organisation’s quality framework must ensure processes are in line with the appropriate
legislation, industry standards and other organisational guidelines.
Industry and international standards Almost all Australian industries are regulated by industry and international standards. Some,
such as safety standards, are a legal requirement and the product cannot be sold without
having met these. Others are voluntary, and provide assurance that the product or service has
met the standard of quality set by a relevant industry body or standards organisation.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Quality standards may apply to legal compliance, product quality, technical specifications,
for example, software testing and compliance standards, and standards relating to the
reliability, safety and robustness of equipment.
Often, meeting a recognised technical or business standard permits you to include an
identifying label or logo on your product or promotional material. This may be attractive to
potential clients who need reassurance that you will provide a quality product.
ISO compliance
The International Organisation for Standardisation (ISO) provides an international quality
system that that is common in Australia. ‘ISO 9001:2000 compliant’ refers to meeting the
current ISO Quality Management System Standard.
The 9000 Store website at http://www.the9000store.com/Intro-to-ISO-9001.aspx%20
includes some helpful ‘How to’ information that explains how a quality management system
works (although you should be aware that this is a US-based site).
Implementing quality processes In simple terms, implementing quality process is about following the workplace procedures
that are in place, and documenting and recording activities and outcomes so that these can be
used to review and improve products or services in future. It’s likely that you already
implement quality processes in the workplace; for example you might have completed a
testing and evaluation schedule, revised work practices based on customer feedback forms, or
fixed a problem identified in error logs.
Implementing a formal quality management process may involve analysing business
operations across the organisation, and developing a full range of quality documentation and
processes designed to ensure that the business can prove compliance with a specific standard
or set of standards. This may be a complex task and requires a dedicated quality management
role or, in a large organisation, a quality management team.
The formal process is also likely to include elements such as:
Audits. This is where quality managers or other authorised persons review documentation
and workplace practices to ensure that established quality measures are being complied
with.
Continuous improvement schedules. This involves the regular monitoring of processes to
identify any problems or gaps.
Controlled documents. These are operational documents and forms that are strictly
controlled to ensure that they are not adapted by unauthorised persons. Version control
ensures that only the latest version is available for use.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Meeting clients’ needs One important reason that many organisations develop and implement quality processes is to
ensure that the needs of their clients are being met.
An effective quality process might include the documentation and procedures that you would
use to identify client needs, track progress and report on project status, perform testing
procedures and evaluate finished products and outcomes.
Summary In this topic you learned that quality doesn’t just happen, and that as an IT professional you
need to implement quality processes to maintain a standard of work.
The topic examined how national and international standards apply to the IT industry, and
how by implementing quality processes you can meet these standards, and ensure that
products and services continue to meet the needs of your client or employer.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Maintain ethical conduct in IT
Inside this reading:
What is an ethical service? 20
Legal and industry controls 20
Your ‘ethical barometer’ 21
Ensure correct representation 21
Professional presentation 22
Providing unbiased information 22
Accurate quoting and estimating 22
Acknowledging others’ work 23
Protect client interests 24
Reliability and security 24
Confidentiality and proprietary rights 26
Value for money 26
Identify conflicts of interest 26
A word on whistle-blowing 27
Summary 27
Feedback to activities Error! Bookmark not defined.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
What is an ethical service? The Macquarie Dictionary defines ethical, amongst other ways, as ‘in accordance with the
rules and standards of a profession’.
To provide an ethical IT service is essentially to act in an honest and professional manner. IT
professionals will ensure that they and their organisation are correctly represented, that their
clients are advised of any conflict of interest, and that the interests of the client, internal or
external, are properly protected.
As an IT professional you should be able to recognise potential ethical problems and decide
on the appropriate action needed. Before you act, you’ll need to know:
Who decides what is the right thing to do (eg does responsibility lie with the
organisation, the client or customer, or the individual employee)?
How much influence do government, industry and others have in determining ethical
behaviours?
What are the ethical concerns that apply to IT professionals?
Legal and industry controls Professional ethics are governed by legislation, industry standards and workplace policies and
procedures. These controls usually reflect community expectations and commonly held
personal values, although occasionally conflicts arise. For this reason it is important there are
guidelines for professional conduct when dealing with clients and customers, and that
employees understand their obligations.
Legislation
A range of commonwealth and state legislation governs Australians and Australian business.
You can view current legislation online at:
http://www.comlaw.gov.au/ for commonwealth legislation
http://www.legislation.nsw.gov.au for NSW State legislation.
Some government agencies make important information more accessible by publishing
guidelines in ‘plain English’ and a range of other languages.
Industry codes and standards
Many industry bodies and associations publish codes and standards that govern the conduct
of their members. The Australian Computer Society (ACS) Code of Ethics and Code of
Professional Conduct and Professional Practice for IT professionals are available from the
ACS website at http://www.acs.org.au/.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Workplace policies and procedures
Workplace policies and procedures reflect the legislation, standards and values relating to the
business operations. These may be available in print, on the company intranet, or on the
company’s website.
Your ‘ethical barometer’ The term ‘ethics’ comes from the Greek word ethikos, which describes the authority of
custom or tradition, a form of common law. This can be far more complex than ‘right versus
wrong’; it can be a topic full of dark corners, grey areas and divided opinions.
It may help to think of the people around you as an ethical barometer. Before you act, think
about how others might react—or ask them directly. Consider:
What would a legal adviser say?
What would your client, colleagues or employers say?
What would others in your profession or the wider community say?
What would your family and friends think?
How do you feel about it?
If you rely on the advice of others, be aware that some unethical people may try to influence
your thinking. Ethical decision-making is not based on peer pressure or coercion.
Ensure correct representation A qualification alone does not make you a professional. You must act like a professional,
demonstrate honesty and fair play, and correctly represent yourself, your organisation and
your products and services in all business dealings with clients.
A professional:
Dresses and acts appropriately
Respects others’ differences
Is fair and honest in their business dealings
Abides by legal, industry and workplace standards.
For the professional, correct representation means to:
Represent your capabilities, services, or products accurately
Offer unbiased advice and disclose all relevant information
To provide accurate quotes and work estimates.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
The consequences of misrepresentation can be disastrous. There are industries that, as a
whole, are perceived as unethical because of the behaviour of a few ‘professionals’.
Businesses may fail and workers lose jobs because of unethical conduct on the part of others.
And let’s not forget the often spectacular fall of corporate high-fliers whose dishonest
dealings are eventually exposed.
Let’s take a closer look at correct representation for IT professionals.
Professional presentation Professional representation is about presenting skills, knowledge and qualifications in an
honest and professional manner. Create a good impression and you will inspire confidence in
what you or your company have to offer.
Professional presentation means:
Representing your capabilities, services, or products accurately
Offering unbiased advice and disclose all relevant information
Providing accurate quotes and work estimates.
To lie about, over-exaggerate or misrepresent expertise and experience in order to create a
good impression would be unprofessional. Nor would it be professional to create a poor
impression through negligence, or to misrepresent another’s skills.
Providing unbiased information A bias is a preference for or against a product, organisation or person, usually for personal or
financial reasons. While a bias is not in itself unethical, clients may rely on your expertise to
make the best decisions for their business. As a professional you must be careful to provide
fair and unbiased information. What would you do in this situation?
Accurate quoting and estimating Accurate quoting and estimating means providing an external client or an internal department
or employer, with a realistic picture of the time, costs, equipment and people needed to
complete a job.
You might use estimating worksheets and formulas based on past projects, or conduct
detailed assessment of the project requirements to do this. Whatever method you use, you
should aim to provide your client with figures that are as accurate as possible, and discuss
with them anything that may affect this later.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Experience is perhaps the best tool available for preparing accurate quotes and estimates. If
you’re not sure that you have it right, ask someone more experienced to look over your
figures first.
Acknowledging others’ work You have a legal and ethical obligation to correctly acknowledge the work done by others.
Source code and digital content are protected under copyright law, and giving credit where
credit is due is an important part of teamwork.
When you use someone else’s work, or where they worked with you on a project, it is only
fair to acknowledge their efforts. For example:
‘Graphics created by Sally Smith’, for unpublished works, or
‘Smith, S. Lifeworks (2001) Moss Publishing’, for published material.
You might also acknowledge assistance informally, or during a presentation. You must also
ensure you do not misrepresent others’ work, or claim it as your own.
Copyright
Copyright protects published and unpublished original works such as:
images, audio and video
source code
other original work.
You have a legal obligation to obtain copyright permissions and correctly acknowledge all
products and services developed by others.
Copyright and intellectual property (IP) is a complex legal issue.
Tip: For an overview of copyright law see the brochure: ‘Copyright Law in Australia - A
short guide’ from the Attorney-General’s website: http://www.ag.gov.au. Use the search
function to look up the word ‘copyright’ then choose ‘A short guide to copyright’.
If you are unsure about copyright, check with someone who knows.
Moral rights
Among other things, moral rights include the right to be acknowledged as the author of a
work, regardless of who owns the copyright. This means that original work produced by an
employee may belong to the employer or client, but they cannot claim authorship.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Intellectual property (IP)
Intellectual property includes copyright of publicly available material, but also extends to less
tangible assets and knowledge, such as patents, trademarks, designs, trade secrets and ‘know-
how’.
Freeware and shareware
It is a common misconception that freely available web content, freeware and shareware are
copyright free. This is rarely the case, for example:
Some websites allow restricted copying for non-commercial purposes as long as the
material is correctly acknowledged.
Freeware and shareware is not necessarily free. Commercial use is often restricted, and
you still need permission to copy any source code or content.
For commercial products you should seek written permission use or reproduce others’ work.
It may be acceptable to use small examples or quotes as long as they are correctly attributed.
Protect client interests Protecting client interests is about doing what is best for your client’s business operations.
This may be an external client, an internal department, or a colleague. It may also be an
individual whose details are stored by your organisation.
Your client will expect:
Security and reliability
Confidentiality
Value for money
Professional service
Appropriate IT solutions.
Let’s take a look at some of the ways client interests can be protected.
Reliability and security Interests such as data security, reliability and efficiency of systems, processes and equipment
are obviously important to the client, as these are often the heart of their business operations.
Two types of threat to the continuity of service are:
accidental loss of data or services resulting from system failure, human error or act of
nature
deliberate or incidental loss or damage from hacking or other unauthorised actions.
In organisations that deal with sensitive information a security flaw, hacking incident or
misuse of access privileges may also threaten continuity of service. Even if the system is
otherwise intact it may need to be quarantined until the appropriate level of security can be
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
re-established. Properly protecting your client’s interests and ensuring the continuity of
service could include:
Software and data protection: Take all possible measures to prevent system crashes,
viruses and other disasters, and to minimise downtime and loss of data should a critical
incident occur.
Hardware: Ensure hardware is well-maintained and protected from power failure or
surges. Forward planning will minimise disruption caused by old, obsolete or inadequate
equipment.
Process: Develop efficient processes. Hardware and software solutions are only as good
as the processes that support them.
People: Ensure that key staff and trained personnel are available to support computing
services.
Firewalls, virus protection and system backups would be basic requirements for most IT
functions. Further to this, client requirements for security and reliability should be discussed
as part of the provision of IT services.
As part of providing a professional service you may need to advise clients on what’s needed
to ensure the security and reliability of their system. This will largely depend on the
operational aspects of the client organisation, such as the sensitivity of the data, how much
the organisation can afford, and any national and international standards that apply.
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
Confidentiality and proprietary rights The IT professional often has access to information that is confidential or commercially
sensitive.
Confidentiality is about protecting the client’s proprietary rights. These are the patents,
copyrights, trademarks, trade secrets, knowledge (know-how) and other intellectual property
rights that belong to the client, and are not public knowledge. It is so important to some
employers that they will require you to sign a confidentiality agreement or undergo security
clearances before you can work for them.
Confidentiality covers business and operational information, such as tenders, data, systems,
security, product details, financial dealings and product specifications. This is different from
privacy, which protects the rights of individuals.
Value for money
‘Wants’ versus ‘needs’
While pleasing your client is important, you should be aware that what the client wants and
needs may not always be the same thing.
Another aspect of protecting client interests is to ensure that the products and services
provided represent value for money while at the same time meeting current and projected
operational needs.
Finally, protecting client interests is also to ensure that the project remains within legal and
ethical guidelines, and that the client is advised of any potential threats or conflicts in these
areas.
Identify conflicts of interest A conflict of interest is a situation where you or your organisation has goals or values that
conflict with the client’s or employer’s needs. This situation may create an appearance that
you are not acting in the best interests of the client or employer, whether or not you actually
do so.
It is a professional responsibility to advise the employer or client of any conflict of interest as
soon as possible. If the conflict cannot be resolved, it may be necessary to withdraw from a
project or refuse a contract. Some examples of a conflict of interest include:
financial or personal gain at the client’s expense
professional or personal involvement with the client’s competition
non-professional relationships
involvement in a project for client’s business rival
CONTRIBUTE TO COPYRIGHT, ETHICS AND PRIVACY IN AN IT ENVIRONMENT
an inappropriate business connection through a friend, partner or relative
personal or ethical bias against the client or their business.
Managing potential conflicts
There are two steps that may be taken when a conflict of interest is identified.
notify the client and employer as soon as possible
admit any bias when providing information.
Let’s look at some examples of conflict of interest that might occur in the IT industry. What
would you do in this situation?
A word on whistle-blowing You may have heard the term ‘whistle-blowing’. This is when an insider to an organisation
alerts the outside world about perceived wrongdoing within that organisation, rather than just
reporting internally. As in real cases of whistle-blowing, the consequences for whistle-
blowers can be severe, such as becoming very unpopular with other staff and even losing
their job.
Summary In this reading you examined a range of issues relating to ethical conduct, and the ethical
concerns that may arise in your work as an IT professional. You were also introduced to the
legal, professional and ethical responsibilities of IT professionals, including:
representing yourself and your organisation correctly
identifying and managing conflicts of interest
protecting the interests of your client.