Ethical codes can fill in the gaps in which laws and regulation
fail to reach or simply can not be applied. Most professions have an ethical
codes in which they must follow. Those codes signifies or states what they hold
most dear. For example CPA'S and doctors each have a code of ethics that
represent each of their professions values and principles.
Most IT Professionals, unlike Doctor's and other professionals,
do not have a general rule making body, they may have many professional
organizations specialized to specific groups.
·
Association of
Information Technology Professionals(AITP)
·
CyberSecurity
Institute (CSI)
·
Independent Computer Consultants (ICCA)
·
Information Systems Security Association (ISSA)
·
Association for
Computer Operations Management(AFCOM)
·
Computing Technology
Industry Association(CompTIA)
In fact the existence of these bodies signify a lack of respect
for ethics in society in general, requiring not only the validation of this
types of bodies but also rely on their power to enforce sanctions when ethical
violation occur. Something that could be well covered by the state and the academia.
It can be argued that these ruling bodies should be in fact
unnecessary, since ethical considerations do not depend on ones profession,
even if very specific considerations can seem restricted in the function they
will be shared by another professions. It could also be stated that this is a
function of the state and the legal system, that delegating these functions in
non governmental, even if public organizations, is detrimental to the public
good, and overall block to transparency of procedures. These bodies will also
promote the exertion of corporative influence toward their specific groups
interests, one such interest is reducing competition by limiting or increase
the difficulty of access to functions and a general increase in prices since
they permit a coordinated fixing of payments in a monopolistic way and promote
the practice of obtaining special treatment and recognition for those that
depend on their specific activities.
10 code of ethics in IT professional
1. I will promote public knowledge,
understanding and appreciation of Information technology.
2.
I will consider the general welfare and public welfare and
public good in the performance of my work.
3.
I will advertise goods or professional services in a clear and
truthful manner.
4.
I will comply and strictly abide by the intellectual property
laws, patent laws and other related laws in respect of Information Technology.
5.
I will accept the full responsibility for the work undertaken
and utilize my skills with competence and professionalism.
6.
I will make truthful statements on my areas of competence as
well as the capabilities and qualities of my product and services.
7.
I will not disclose or use ant confidential information obtained
in course of professional duties without the consent of the parties concerned
except when required by the laws.
8.
I will strive to atain the highest quality in both the products
and services that offer.
9.
I will knowingly participate in the development of the
Information Technology.
10. I
will uphold and improve the IT professionals’ standards through continuing
profession in order to enhance the IT profession.
The following is an example
of ethical codes in a company
ACM Code of Ethics and Professional Conduct
1.1 Contribute to society and
human well-being.
This principle concerning the
quality of life of all people affirms an obligation to protect fundamental
human rights and to respect the diversity of all cultures. An essential aim of
computing professionals is to minimize negative consequences of computing
systems, including threats to health and safety. When designing or implementing
systems, computing professionals must attempt to ensure that the products of
their efforts will be used in socially responsible ways, will meet social
needs, and will avoid harmful effects to health and welfare.
In addition to a safe social
environment, human well-being includes a safe natural environment. Therefore,
computing professionals who design and develop systems must be alert to, and
make others aware of, any potential damage to the local or global environment.
1.2 Avoid harm to others.
"Harm" means injury
or negative consequences, such as undesirable loss of information, loss of
property, property damage, or unwanted environmental impacts. This principle
prohibits use of computing technology in ways that result in harm to any of the
following: users, the general public, employees, employers. Harmful actions
include intentional destruction or modification of files and programs leading
to serious loss of resources or unnecessary expenditure of human resources such
as the time and effort required to purge systems of "computer
viruses."
Well-intended actions,
including those that accomplish assigned duties, may lead to harm unexpectedly.
In such an event the responsible person or persons are obligated to undo or
mitigate the negative consequences as much as possible. One way to avoid
unintentional harm is to carefully consider potential impacts on all those
affected by decisions made during design and implementation.
To minimize the possibility of
indirectly harming others, computing professionals must minimize malfunctions
by following generally accepted standards for system design and testing.
Furthermore, it is often necessary to assess the social consequences of systems
to project the likelihood of any serious harm to others. If system features are
misrepresented to users, coworkers, or supervisors, the individual computing
professional is responsible for any resulting injury.
In the work environment the
computing professional has the additional obligation to report any signs of
system dangers that might result in serious personal or social damage. If one's
superiors do not act to curtail or mitigate such dangers, it may be necessary
to "blow the whistle" to help correct the problem or reduce the risk.
However, capricious or misguided reporting of violations can, itself, be
harmful. Before reporting violations, all relevant aspects of the incident must
be thoroughly assessed. In particular, the assessment of risk and responsibility
must be credible. It is suggested that advice be sought from other computing
professionals. See principle 2.5 regarding
thorough evaluations.
1.3 Be honest and
trustworthy.
Honesty is an essential
component of trust. Without trust an organization cannot function effectively.
The honest computing professional will not make deliberately false or deceptive
claims about a system or system design, but will instead provide full disclosure
of all pertinent system limitations and problems.
A computer professional has a
duty to be honest about his or her own qualifications, and about any
circumstances that might lead to conflicts of interest.
Membership in volunteer
organizations such as ACM may at times place individuals in situations where
their statements or actions could be interpreted as carrying the
"weight" of a larger group of professionals. An ACM member will
exercise care to not misrepresent ACM or positions and policies of ACM or any
ACM units.
1.4 Be fair and take
action not to discriminate.
The values of equality,
tolerance, respect for others, and the principles of equal justice govern this
imperative. Discrimination on the basis of race, sex, religion, age,
disability, national origin, or other such factors is an explicit violation of
ACM policy and will not be tolerated.
Inequities between different
groups of people may result from the use or misuse of information and
technology. In a fair society,all individuals would have equal opportunity to
participate in, or benefit from, the use of computer resources regardless of
race, sex, religion, age, disability, national origin or other such similar
factors. However, these ideals do not justify unauthorized use of computer resources
nor do they provide an adequate basis for violation of any other ethical
imperatives of this code.
1.5 Honor property rights
including copyrights and patent.
Violation of copyrights,
patents, trade secrets and the terms of license agreements is prohibited by law
in most circumstances. Even when software is not so protected, such violations
are contrary to professional behavior. Copies of software should be made only
with proper authorization. Unauthorized duplication of materials must not be
condoned.
1.6 Give proper credit
for intellectual property.
Computing professionals are
obligated to protect the integrity of intellectual property. Specifically, one
must not take credit for other's ideas or work, even in cases where the work
has not been explicitly protected by copyright, patent, etc.
1.7 Respect the privacy
of others.
Computing and communication
technology enables the collection and exchange of personal information on a
scale unprecedented in the history of civilization. Thus there is increased potential
for violating the privacy of individuals and groups. It is the responsibility
of professionals to maintain the privacy and integrity of data describing
individuals. This includes taking precautions to ensure the accuracy of data,
as well as protecting it from unauthorized access or accidental disclosure to
inappropriate individuals. Furthermore, procedures must be established to allow
individuals to review their records and correct inaccuracies.
This imperative implies that
only the necessary amount of personal information be collected in a system,
that retention and disposal periods for that information be clearly defined and
enforced, and that personal information gathered for a specific purpose not be
used for other purposes without consent of the individual(s). These principles
apply to electronic communications, including electronic mail, and prohibit
procedures that capture or monitor electronic user data, including
messages,without the permission of users or bona fide authorization related to
system operation and maintenance. User data observed during the normal duties
of system operation and maintenance must be treated with strictest
confidentiality, except in cases where it is evidence for the violation of law,
organizational regulations, or this Code. In these cases, the nature or
contents of that information must be disclosed only to proper authorities.
1.8 Honor
confidentiality.
The principle of honesty
extends to issues of confidentiality of information whenever one has made an
explicit promise to honor confidentiality or, implicitly, when private
information not directly related to the performance of one's duties becomes
available. The ethical concern is to respect all obligations of confidentiality
to employers, clients, and users unless discharged from such obligations by
requirements of the law
2. MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES.
As an ACM computing professional
I will ....
2.1 Strive to achieve the
highest quality, effectiveness and dignity in both the process and products of
professional work.
Excellence is perhaps the most
important obligation of a professional. The computing professional must strive
to achieve quality and to be cognizant of the serious negative consequences
that may result from poor quality in a system.
2.2 Acquire and maintain
professional competence.
Excellence depends on
individuals who take responsibility for acquiring and maintaining professional
competence. A professional must participate in setting standards for
appropriate levels of competence, and strive to achieve those standards.
Upgrading technical knowledge and competence can be achieved in several
ways:doing independent study; attending seminars, conferences, or courses; and
being involved in professional organizations.
2.3 Know and respect
existing laws pertaining to professional work.
ACM members must obey existing
local, state,province, national, and international laws unless there is a
compelling ethical basis not to do so. Policies and procedures of the
organizations in which one participates must also be obeyed. But compliance
must be balanced with the recognition that sometimes existing laws and rules
may be immoral or inappropriate and, therefore, must be challenged. Violation
of a law or regulation may be ethical when that law or rule has inadequate
moral basis or when it conflicts with another law judged to be more important.
If one decides to violate a law or rule because it is viewed as unethical, or
for any other reason, one must fully accept responsibility for one's actions
and for the consequences.
2.4 Accept and provide
appropriate professional review.
Quality professional work,
especially in the computing profession, depends on professional reviewing and
critiquing. Whenever appropriate, individual members should seek and utilize
peer review as well as provide critical review of the work of others.
2.5 Give comprehensive
and thorough evaluations of computer systems and their impacts, including
analysis of possible risks.
Computer professionals must
strive to be perceptive, thorough, and objective when evaluating, recommending,
and presenting system descriptions and alternatives. Computer professionals are
in a position of special trust, and therefore have a special responsibility to
provide objective, credible evaluations to employers, clients, users, and the
public. When providing evaluations the professional must also identify any
relevant conflicts of interest, as stated in imperative 1.3.
As noted in the discussion of principle 1.2 on
avoiding harm, any signs of danger from systems must be reported to those who
have opportunity and/or responsibility to resolve them. See the guidelines for imperative 1.2 for
more details concerning harm,including the reporting of professional
violations.
2.6 Honor contracts,
agreements, and assigned responsibilities.
Honoring one's commitments is a
matter of integrity and honesty. For the computer professional this includes
ensuring that system elements perform as intended. Also, when one contracts for
work with another party, one has an obligation to keep that party properly
informed about progress toward completing that work.
A computing professional has a
responsibility to request a change in any assignment that he or she feels
cannot be completed as defined. Only after serious consideration and with full
disclosure of risks and concerns to the employer or client, should one accept
the assignment. The major underlying principle here is the obligation to accept
personal accountability for professional work. On some occasions other ethical
principles may take greater priority.
A judgment that a specific
assignment should not be performed may not be accepted. Having clearly
identified one's concerns and reasons for that judgment, but failing to procure
a change in that assignment, one may yet be obligated, by contract or by law,
to proceed as directed. The computing professional's ethical judgment should be
the final guide in deciding whether or not to proceed. Regardless of the
decision, one must accept the responsibility for the consequences.
However, performing assignments
"against one's own judgment" does not relieve the professional of
responsibility for any negative consequences.
2.7 Improve public
understanding of computing and its consequences.
Computing professionals have a
responsibility to share technical knowledge with the public by encouraging
understanding of computing, including the impacts of computer systems and their
limitations. This imperative implies an obligation to counter any false views
related to computing.
2.8 Access computing and
communication resources only when authorized to do so.
Theft or destruction of
tangible and electronic property is prohibited by imperative 1.2 -
"Avoid harm to others." Trespassing and unauthorized use of a
computer or communication system is addressed by this imperative. Trespassing
includes accessing communication networks and computer systems, or accounts
and/or files associated with those systems, without explicit authorization to
do so. Individuals and organizations have the right to restrict access to their
systems so long as they do not violate the discrimination principle (see 1.4). No one should enter or use another's computer
system, software, or data files without permission. One must always have appropriate
approval before using system resources, including communication ports, file
space, other system peripherals, and computer time.
3. ORGANIZATIONAL LEADERSHIP IMPERATIVES.
As an ACM member and an
organizational leader, I will ....
BACKGROUND NOTE:This
section draws extensively from the draft IFIP Code of Ethics,especially its
sections on organizational ethics and international concerns. The ethical
obligations of organizations tend to be neglected in most codes of professional
conduct, perhaps because these codes are written from the perspective of the
individual member. This dilemma is addressed by stating these imperatives from
the perspective of the organizational leader. In this context"leader"
is viewed as any organizational member who has leadership or educational
responsibilities. These imperatives generally may apply to organizations as
well as their leaders. In this context"organizations" are
corporations, government agencies,and other "employers," as well as
volunteer professional organizations.
3.1 Articulate social
responsibilities of members of an organizational unit and encourage full
acceptance of those responsibilities.
Because organizations of all
kinds have impacts on the public, they must accept responsibilities to society.
Organizational procedures and attitudes oriented toward quality and the welfare
of society will reduce harm to members of the public, thereby serving public
interest and fulfilling social responsibility. Therefore,organizational leaders
must encourage full participation in meeting social responsibilities as well as
quality performance.
3.2 Manage personnel and
resources to design and build information systems that enhance the quality of
working life.
Organizational leaders are
responsible for ensuring that computer systems enhance, not degrade, the
quality of working life. When implementing a computer system, organizations
must consider the personal and professional development, physical safety, and human
dignity of all workers. Appropriate human-computer ergonomic standards should
be considered in system design and in the workplace.
3.3 Acknowledge and
support proper and authorized uses of an organization's computing and
communication resources.
Because computer systems can
become tools to harm as well as to benefit an organization, the leadership has
the responsibility to clearly define appropriate and inappropriate uses of
organizational computing resources. While the number and scope of such rules should
be minimal, they should be fully enforced when established.
3.4 Ensure that users and
those who will be affected by a system have their needs clearly articulated
during the assessment and design of requirements; later the system must be
validated to meet requirements.
Current system users, potential
users and other persons whose lives may be affected by a system must have their
needs assessed and incorporated in the statement of requirements. System
validation should ensure compliance with those requirements.
3.5 Articulate and
support policies that protect the dignity of users and others affected by a
computing system.
Designing or implementing
systems that deliberately or inadvertently demean individuals or groups is
ethically unacceptable. Computer professionals who are in decision making
positions should verify that systems are designed and implemented to protect
personal privacy and enhance personal dignity.
3.6 Create opportunities
for members of the organization to learn the principles and limitations of
computer systems.
This complements the imperative
on public understanding (2.7). Educational opportunities are essential to facilitate
optimal participation of all organizational members. Opportunities must be
available to all members to help them improve their knowledge and skills in
computing, including courses that familiarize them with the consequences and
limitations of particular types of systems.In particular, professionals must be
made aware of the dangers of building systems around oversimplified models, the
improbability of anticipating and designing for every possible operating
condition, and other issues related to the complexity of this profession.
4. COMPLIANCE WITH THE CODE.
As an ACM member I will
....
4.1 Uphold and promote
the principles of this Code.
The future of the computing
profession depends on both technical and ethical excellence. Not only is it
important for ACM computing professionals to adhere to the principles expressed
in this Code, each member should encourage and support adherence by other
members.
4.2 Treat violations of
this code as inconsistent with membership in the ACM.
Adherence of professionals to a
code of ethics is largely a voluntary matter. However, if a member does not
follow this code by engaging in gross misconduct, membership in ACM may be
terminated.
copywrite:
http://en.wikibooks.org/wiki/Ethics_for_IT_Professionals/Professional_Code_of_Ethics#
https://www.aitp.org/?page=EthicsConduct
https://www.sans.org/security-resources/ethics.php
https://mistercomputer.com/2010/06/09/code-of-ethics-of-the-filipino-it-professionals/