Ethics in the IT Industry

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi guys. I have a question, which I suppose I'm directing mostly at those who already work in the industry.

What are your feelings on disclosing info you stumble across about users in the normal course of doing your job?

Yesterday I was setting up a new user, so I was going through the 'Documents and Settings' of the previous person who did the job in order to give the new person all the necessary shortcuts, links, access, documents. I found a personal document indicating that the previous employee had criminal convictions. Convictions that I'm positive my employer would want to know about, considering the nature of this particular job. (I don't know if HR already knows about the criminal record. If they did, and I knew that they did, this would all be moot.)

This person is already gone (by their choice), but maybe they were up to something while in our employment that hasn't been noticed yet? If this has happened, and I keep silent, aren't I helping a criminal? Or what if they end up working here again? Do I then have an obligation to inform my employer about what I'd found? Are there official, accepted guidelines about this sort of thing? If so, what or where are they?

My natural tendency is to keep my mouth shut, because at the end of the day, HR is supposed to deal with this sort of thing. But I'm curious about what you guys do in similar situations.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Now you know not to go snooping through files, if you hadnt done then this wouldnt be an issue ;) lol

In all fairness id keep quiet, im sure your job role doesnt involve this sort of thing unless asked too.

At best you could mention you found a CV and if they want to check they can, but imho id just move on.

 

If the person in question has left, and you were accessing the machine in the course of your duty then I would inform HR.

It is then their problem what, if anything, they do about it.

I'm surprised the machine wasn't wiped and reloaded when he left - that is certainly what happens here when someone leaves.

Harry.

 

I was in a similar situation when I found pr0n on a PHB's laptop. I discussed it with the other admin (but not mentioning names) and we decided that I should take it to the CEO. I did and eventually informed him of the persons identity and the CEO had a word to him.

If I was you I'd take it up with your boss (but no names at this point) and let him make the decision to take it further.

Saying that if the person has left then who cares doesn't really cut it. In the end you have a job to do and should do the right thing by your employers

 

You have to tread very carefully with this one
I would inform HR for the simple fact that you have possibly breached the Data Protection Act if the file you read was a personal one not a corporate one

by doing that your covering your ass by telling HR of the slip up, covering the companies arse by allowing them to take action against the DPA breach (if it is one, HR should know more) and then leaving it up to them to sort out the criminal record bit

Be very careful with the whole 'opening' files lark, as unless its specifically part of your role and the process, you may get pulled up as to why your doing it

 

It all depends on company policy, where i work everyone signs a waiver saying that any information stored on companies PC's are then regarded as company property, we usually state in inductions that we dont go through peoples files unless asked too by someone in management.

But going back to the question i doubt the OP has been asked to snoop through files, as they wouldnt have posted here asking, so they could risk disciplinary or worse dismissal.

Id just like to point out, that my day is filled with work, revision or occasional breaks, I would not put myself in the position where I was looking through files as being a member of the BCS and also an ethical person means i have no interest, nothing to gain and everything to lose by doing so.

One role i do have which involves checking emails for spam, usually I have to open emails to check the contents, obviously I will see confidential stuff, but i just delete the email as its against company policy anyways, and the users know this.
My orders are to do this and then not repeat any of this information, so i just read as little as possible to ascertain whether its personal or work related.

 

I wasn't poking through files on the PC for fun, I was looking for job-related material. 90% of the material in that My Documents folder was job-related. The name of the file didn't indicate that the contents held details of a criminal record. I didn't know what I'd find. My users aren't very sophisticated. They put documents everywhere... Desktop, My Documents, their personal folder on the file server, whether they're personal or work-related. I know this from all the user migrations I've done there.

Wiping the machine would erase the shortcuts set up on it, and erase potentially important data, or personal data the user may ask for after they've left the job.

I'm in Bermuda, which is a British Dependent Territory, but we don't abide by Britsh law. I'm not sure what legal ground I'm on here, but I doubt I've broken any local law.

I've already told my supervisor about it and showed him the document, so as far as I'm concerned it's up to him what happens next.

And when all is said and done, the user should have deleted any personal files before they left. And a sophisticated user would never have had that document on their work PC to begin with!

 

As long as you were requested to look for files, and the circumstances you describe mean you finding this information were purely coincidental, then I would say you have nothing to worry about.

 

Agree with alot of the above sentiment, however a waiver is very thin ice when it comes to a persons rights, they often don't stand the test of the courtroom

 

The first thing to do is obviously get that sorted, data storage should be controlled and in managable locations, not everywhere the user sees fit,
No one knows if you broke a law or not, that wasnt what we were getting at, I'm sure you are fine, but its good to check these things

It's not the users responsibility to delete his files before he leaves, and he has no guarantee they are not backed up anyway, I make a personal point to hand back any work laptop after I have gone over the HDD a few times with /dev/random, but not every user is expected to be tech savvy, and they still have rights

The debate is not 'whos fault was it' it was 'should I tell someone what I found' and the answer is most definitely YES, just be careful who you tell, and how much you tell them, move the ball out of your court into the court of someone with higher responsibility, and C.Y.A

 

[offtopicreply]

I can't believe you guys beat Cayman 3-1 on Sunday, I was at that game it was brilliant!

[/offtopicreply]

 

To be honest, if the document detailed criminal convictions, i'm not sure if you should have told HR or not.

Under English law, if you have any criminal convictions, dependant on what they are for, you are not legally required to disclose them unless specifically asked by your employer. So telling HR about someones convictions might have gotten them in trouble assuming HR had asked and not been told, but also it could get you in trouble, as if HR did know they could say that you had no right snooping and dislosing private information. And if the convictions were spent then they do not have to tell anyone anyway at any point.

And trying to cover your ass by telling HR anyway is also tricky. I remeber doing that in one job, informing a senior super about issues with another person, just so i was covered if something should happen, only for the super to talk to management who then called me into the office to bawl me out for starting gossip! And then when the guy was caught i was blamed for not telling anyone!

In the end i think it best not to mention anything and jsut let it be. But also if i had been taht user i wouldnt have detailed things like that ona company pc, left there for someone to snoop on, so would only have myself to blame if i did.

 

I'm sorry, but I had to laugh when I saw the title of this thread.

IT and ethics don't seem to have a whole lot of correlation these days. In fact, it seems to me that ethics exist in IT is pretty much a logical non sequitur.

You don't believe it? Take a look at what MS just did to the ISO standards process. If ethics in IT was norm, then this could never have happened. Also, when the most corrupt corporation in the world, Microsoft, is also the largest IT corporation in the world by far, then ethics in IT had have gotten left far, far behind.

Most of what I've seen that seems to pass for ethics in IT these days is doing what's right because it is in a person's own best self interest. Well, sorry, but that is not being ethical. That is acting in your own self interest. Being ethical is when you do what's right because it is right, not because it is in your own best interest. If the two align, great, if they don't, then the ethical person still does what's right....

 

Freddy, don't confuse ethics in IT with ethics in Business
MS pushing the ISO of OXML was a business move, nothing to do with 'IT' and its nothing unique to MS