Ethics and IS 1

IS, Ethics and the Law

Ethics and IS 2
What Do We Mean By
Ethics?

The purpose of ethics is to enable us to
behave honourably..
Richard Spinello, Ethical Aspects of Information
Technology (Prentice Hall, 1995)
Ethics and IS 3
Definitions..
Beliefs regarding right and wrong
behaviour
Behaviour that conforms to generally
accepted social norms
The purpose of ethics is to help us
behave honourably
Ethics and IS 4
Integrity
Acting in a way that is consistent with
your principles
Cornerstone of ethical behaviour
Extend to all persons the respect and
consideration that you would like to
receive
Ethics and IS 5
Good Business Ethics
Protect the organisation from legal
action
Organisation operates consistently
Avoid unfavourable publicity
Gain the goodwill of the community
Promotes good business relationships
Ethics and IS 6
To answer questions.
Should we use data mining tools?
What are my responsibilities as a
consultant?
What should I do if I think the system
being designed is not secure enough?
How can I resolve a conflict of
interest?
Ethics and IS 7
Arent we reinventing the
wheel?
Yes

There is nothing new under the sun

But
There are complications inherent in IT

Ethics and IS 8
Complications
Scale global, pervasive
Sophistication robots, space, medical
imaging
Knowledge amount, type
Technology power, pervasiveness


Ethics and IS 9
New Dilemmas or Old?
Ethics and IS 10
Ethical Decision Making
Get the facts
Identify the stakeholders and their positions
Consider the consequences of your
decision
Weigh various guidelines and principles
Develop and evaluate options
Review the decision
Evaluate the results of the decision
Ethics and IS 11
Frameworks For Ethical
Analysis
Basic ethical theories
Rights based (universal rights grounded in
human nature)
Duty based (moral law is rigid and
universal)
Utilitarianism (the greatest happiness of
the greatest number)
Normative principles
Ethics and IS 12
If you want to know more. .
There are lots of books
Ethics
Philosophy

Ethics and IS 13
Need for Computer Systems
Sophisticated computer systems are
needed because of:
The need to handle massive amounts of
data
The need to deliver vital information to
decision makers

Ethics and IS 14
IS and IT and Ethics
Possible problem areas:
Software
Networks
Hardware
Expert systems
Ethics and IS 15
Computer Software
Who owns the information?
How do we balance the right to privacy
with the need for information?
What about property rights to the
software?
Can copyright and patent laws protect
software?
Ethics and IS 16
Networks
How do we cope with viruses?
How do we ensure computer networks are
secure?
Who will be liable if there is a breach of
security?
Should people at risk from security
breaches have some say in security
decisions?
Ethics and IS 17
Computer Hardware
What about using computers for
performance monitoring?
When does monitoring become intrusive
and a form of harassment?
What about the power of the vendors?
What are the customers rights?
Ethics and IS 18
Expert Systems
Who owns the knowledge?
The company or the expert?
What if its wrong?
Or the expert wont share it?
Who is responsible if there is a problem
or malfunction?
The programmer, the expert, the
knowledge engineer, or the end user?
Ethics and IS 19
Professional Bodies
IEEE
http://www.ieee.org/about/corporate/
governance/p7-8.html

BCS
http://www.bcs.org/upload/pdf/condu
ct.pdf

Ethics and IS 20
The Law
Privacy and Electronic Communications
Directive (2003)
Freedom of Information Act (2000)
Data Protection Act (1998)
Human Rights Act (1998)
Health and Safety at Work Act (1974)
Copyright, Designs and Patents Act 1988
inc The Copyright And Related Rights
Regulations 2003 SI No: 2498
Ethics and IS 21
Privacy and Electronic
Communications Directive (2003)
Applies to marketing by electronic
means
By fax, telephone, email, text message,
picture and automated calling systems


Ethics and IS 22
Freedom of Information Act
(2000)
The right of access to information held
by public authorities including:
Central Government
Local Authorities
NHS
Schools
Police

Ethics and IS 23
Freedom of Information Act
(2000)
Full implementation from January 2005
You can obtain information from a
public authority from an approved
publication scheme (ie a guide to the
type of information routinely published
by that authority)
Exempt material does not need to be
provided
Ethics and IS 24
The Difference Between FOI
and DPA
Information about yourself, the DPA
applies
Information related to a public authority,
FOI
You have a general right of access to
recorded information held by public
authorities
Ethics and IS 25
Data Protection Act (1998)
Aims to strike a balance between the
rights of the individual and the rights of
organisations who have a legitimate
reason to use personal data
If you process personal data you need
to notify the Information Commissioners
Office
Ethics and IS 26
8 Principles of Good Practice
The data must be:
Fairly and lawfully processed
Processed for limited processes
Adequate, relevant and not excessive
Accurate and up to date


Ethics and IS 27
8 Principles of Good Practice
Not kept longer than necessary
Processed in accordance with the
individuals rights
Secure
Not transferred to countries outside the
European Economic area unless the
country has adequate protection for the
individual
Ethics and IS 28
6 Conditions for information to
be considered fairly processed
The individual has consented to the
processing
Processing is necessary for the
performance of a contract with the
individual
Processing is required under a legal
obligation (other than one imposed by
the contract)
Ethics and IS 29
6 Conditions for information to
be considered fairly processed..
Processing is necessary to protect the
vital interests of the individual
Processing is necessary to carry out
public functions eg administration of
justice
Processing is necessary in order to
pursue the legitimate interests of the data
controller or third parties (unless it could
unjustifiably prejudice the interests of the
individual
Ethics and IS 30
Sensitive Data
If sensitive data (racial or ethnic origin,
political opinions, religious or other
beliefs, trade union membership,
physical or mental health condition, sex
life, criminal proceedings or convictions)
is processed, extra conditions must be
met
Ethics and IS 31
Sensitive Data.
Having the explicit consent of the
individual
Being required by law to process the
information for employment purposes
Needing to process the information in
order to protect the vital interests of
the individual or another person
Dealing with the administration of
justice or legal proceedings
Ethics and IS 32
Human Rights Act (1998)
Became law in October 2000
A legal mechanism for recognising and
protecting human rights
Includes the right to privacy
Breaches of confidence
Telephone tapping and the interception
of communication
Ethics and IS 33
Health and Safety at Work Act
(1974)
Health and Safety (Display Screen
Equipment) Regulations 1992
Advice on the positioning and use of VDUs
and workstations in general to reduce the
risk of Upper Limb Disorders
Ethics and IS 34
Copyright, Designs and
Patents Act 1988
Including The Copyright And Related
Rights Regulations 2003 SI No: 2498
Covers intellectual property rights
Limited coverage of computer software
Legislation having an impact on ICT
development in Sri Lanka
http://www.icta.lk/index.php/en/programmes/ict-policy-leadership-
and-institutional-development-programme/99-e-laws/69-e-laws-
project
Information and Communication Technology Act
No.27 of 2003
Evidence (Special Provisions) Act No.14 of 1995
Intellectual Property Act No. 36 of 2003 (Sections
related to Copyright)
Electronic Transactions Act No. 19 of 2006
Computer Crimes Act No. 24 of 2007
Payment And Settlement Systems Act, No. 28 of
2005
Payment Devices Frauds Act No.30 of 2006

Ethics and IS 35