Managing electronic information: an ethics perspective
The Authors
Mayur S. Desai, Jesse H. Jones School of Business, Texas Southern University, Houston, Texas, USA
Thomas J. von der Embse, Indiana University Kokomo, Kokomo, Indiana, USA
Abstract
Purpose – The paper addresses the contemporary and very important area of electronic information (EI) management – the ethical dimension and implications. Specifically, this paper aims to analyze EI activities and management practices, the ethical dilemmas and implications; to relate effectiveness in EI ethics activities in the context of organizational ethics policy and practice, and to suggest a framework for handling ethical dilemmas in managing the major EI activities.
Design/methodology/approach – A survey of mid- and first-level managers in six industries was conducted. Subjects were asked to describe organization practices in 11 areas of ethics policy application. Respondent firms were compared according to high and low numbers of ethical safeguards: an ethics code, a credo or values statement, written ethics policies – general and specific, ethics training and development, ready access to ethics guidelines at all levels, and a cohesive, supportive ethical culture.
Findings – EI ethics need to be addressed in the context of the organization's policies and practices. This extends to specific EI activities as well, where the ramifications of misbehavior – or upright behavior – are magnified.
Practical implications – The organization that invests in ethics safeguards provides the needed supports and reaps substantial returns in employee morale, performance and ultimately, the bottom line – profits. In this area of EI management, the atmosphere of trust that results lightens the burden for all involved.
Originality/value – This research has a value that is relevant to the current issues related to the privacy and security of information.
Article Type:
Research paper
Keyword(s):
Ethics; Information management; Information systems.
Journal:
Information Management & Computer Security
Volume:
16
Number:
1
Year:
2008
pp:
20-27
Copyright ©
Emerald Group Publishing Limited
ISSN:
0968-5227
Introduction
Information is power and its magnitude is gauged by its impact in various situations. The computer technology used for generating electronic information (EI) has ethical implications as do the functions of originating, processing, storing, distributing and using the data and information. Moreover, each function carries responsibilities for those who perform and manage them, affecting the lives and work of people – the ethical dimension.
A great deal of attention has focused on employee practices such as internet use, perhaps because of legal concerns. However, do the same concerns extend to the other EI activities noted above? Perhaps, the methods of collecting data lack the same legal scrutiny, but they do require decisions having ethical overtones. Further, the ethical considerations should address not only the behavior, but also the intent, judgment, the consequences and the decision maker's own values. The authors examine the full spectrum of EI management activities, developing a practical analytical framework and recommendations for managers.
Importance of the study
EI is the lifeblood of the effective functioning organization today. While the benefits of EI are known and harvested universally, the consequences of mishandling and misusing information can be severely damaging and costly to an organization. Unlike other major organizational resources, information has wings. Once generated it is difficult if not impossible to suppress. Thus, it must be handled with utmost care. The ordinary user often assumes that information is reliable and trusts in the sources as authentic. Yet, the potential for errors – or misbehavior, as chronicled in numerous reports over the past decade, is virtually unbounded. This vulnerability can be reduced and even avoided by vigilant attention and various controls. Technical measures are necessary and together with ethical safeguards reinforce management's efforts and build trust in EI activities. Moreover, ethics' focus is proactive, focusing on self-direction, prevention, improvement and success rather than on defensive controls and surveillance alone (Paine, 1994).
Ethics can only thrive in an atmosphere of trust, which in turn emanates from managers' own value systems, as Walton (1988) suggests. Jennings (2002) notes further that trust is earned. With respect to EI activities, she emphasizes that electronic business transactions place a greater premium on trust than ever before. While Jennings' focus is on external commerce, the same observation applies to internal communications. Thus, considering how a breach of trust in just a single business transaction can damage a firm, it is difficult to overemphasize the importance of ethics in EI.
Objectives
The paper addresses the contemporary and very important area of EI management – the ethical dimension and implications. Specifically, this paper aims to:
- analyze EI activities and management practices, the ethical dilemmas and implications;
- relate effectiveness in EI ethics activities in the context of organizational ethics policy and practice; and
- suggest a framework for handling ethical dilemmas in managing the major EI activities.
Electronic information (EI): an ethical perspective
Having observed in prior research how organizations apply their ethics codes, it is clear that EI practices coincide with other major organization activities. However, this area is also distinct from, for example, staffing, because it involves every member who originates, collects, processes, presents and uses EI. Thus, managing EI extends well beyond the chief information officer (CIO) and staff to virtually all organization managers. However, given that information systems values and ethics permeate the entire organization, the CIO must be a key participant in organizational strategic decision making (Oz, 1992, 2001; Petrovic-Lazarevic and Sohal, 2004). This includes decisions about ethics policy and application as well.
IS technology is a contemporary area where a proactive approach is useful. Mason (1986) identified the principal information age ethical issues as privacy, accuracy, property and accessibility. In this context, are the IS policies and subsequent operating decisions, as well as larger corporate values that enable members to effectively manage these issues. For instance, prospective investors may be either attracted or repelled by the way a company protects its proprietary information or the validity of its web information.
Every major decision has an ethical dimension. As defined elsewhere by the authors, ethics denotes the behavior standards expected by a group, organization or society and serves as a guide for individual and collective actions across the entire spectrum of human behavior (von der Embse and Desai, 2006). It is concerned with the human effects and consequences of behavior. In the realm of EI, there are at least six areas of activity having ethical implications. These are developed in Table II. Often, there are legal as well as ethical ramifications. For example, Pillsbury was sued for invasion of privacy for monitoring an employee's e-mail. In this precedent-setting case, the employee, Smyth, was fired after the company found that he had used the company e-mail system for what were described as defamatory remarks about his supervisor ( Smyth v. Pillsbury Co., 1996, E. Dist. PA) While the courts ruled for the company, the ethical question of electronic communication remained.
As demonstrated in the above and other instances, every manager, regardless of level and function, is an EI manager as well. Such cases also exemplify how the ethical, legal and moral dimensions interface. For example, electronic communication surveillance at work, though generally legal, gives rise to ethical questions concerning trusting and respecting employees as persons, while also raising moral issues for managers whose belief systems find the practice repulsive (von der Embse and Desai, 2006).
Further evidence of EI ethics' priority is shown in studies such as KPMG's of observed unethical behavior at work. Among several misconduct areas, improprieties in handling confidential information and privacy rights violations were near the top in percentage of employees having observed them (Organizational Integrity Survey, KPMG LLP, 2000). Increasingly, professional ethics codes are addressing EI security as well. Among the leading organizations is the Association for Computing Machinery (ACM) (code of ethics, www.acm.org/constitution/code) among its stated purposes is to serve as a guide for ethical decision making among its professional members. Perhaps, most indicative of EI's importance in today's organization is the magnitude of its learning investment in the area. The American Society of Training and Development's annual survey of business and industry has shown that, among 12 learning areas reported, IT and systems content ranks consistently among the top three in emphasis (Rivera and Andrew, 2006). While the training focuses mainly on competence-building, the learning platform today is likely to incorporate cultural, strategic and ethical considerations as well.
Ethics safeguards and EI management
The authors' study on the influence of ethical safeguards on how and how well ethics codes and policies are applied in practice offers a vantage point for examining EI communication. In a survey of mid- and first-level managers in six industries, subjects were asked to describe organization practices in 11 areas of ethics policy application. Respondent firms were compared according to high and low numbers of ethical safeguards: an ethics code, a credo or values statement, written ethics policies – general and specific, ethics training and development, ready access to ethics guidelines at all levels, and a cohesive, supportive ethical culture. The 11 ethical activity areas are those identified in Table I, with EI/communication listed first and highlighted. To provide the larger organizational picture, we also include the ten other areas in Table I, as reported in and adapted from von der Embse et al. (2004).
While beyond our present scope to analyze the full set of data, it is instructive to note the consistency of results across all areas, with seven of the 11 areas significant well beyond the 0.01 level, strongly reinforcing the observation that ethics safeguards do make a substantial difference in how well the codes and policies are applied in everyday practices (von der Embse et al., 2004). Concerning EI communication, and using a Likert-type scale, we asked those surveyed to describe their organization's practices in the following: enforcing their policies on web/internet access; the number of observed policy violations the past month; prohibition on use of e-mail for other than company business; employees' latitude in using their judgment in their internet and intranet communications; and the organizations electronic barriers – firewalls – to protect confidential information and break-ins.
Results, as noted, closely parallel those in other activity areas, reinforcing the view that EI ethics need to be addressed in the context of the organization's policies and practices. This extends to specific EI activities as well, where the ramifications of misbehavior – or upright behavior – are magnified. In the following section, we analyze six of these major activity areas, summarized in Table II.
A framework for assessing major electronic information activities
EI can be defined as information that has been generated, stored, maintained, distributed, and used using computer technology. Subsequently, computer technology used for generating EI has ethical implications. In general, information is generated by processing data in the context of a problem. This implies that accuracy of information is dependent on the data. There can be a number of reasons for the data to be in error – data entry error, invalid source of data, improper methods used in collecting data, and the incorrect logic used in processing data. It is the responsibility of individuals to ensure that such errors do not occur. Since, EI can be stored in a computer and be available for others using network technology it is vulnerable to its improper access. In order to protect it from improper access, the organization's management must provide necessary measures such as proper firewalls and software controls. In this regard the ethics are of utmost importance. For example, if management employs loose software controls and does not provide sufficient firewall technology to protect individual information in order save money then it implies that management, by omission, has acted unethically. Providing sufficient controls and firewalls to protect and secure individual information should not be viewed as a mere expense but as a display of ethical obligation to all the firm's stakeholders (Desai et al., 2002).
Table II shows the activities involved in the generation of EI. Attention to ethics should be given during each activity, considering too that the activities are interdependent and thus careless behavior in one area reverberates in others. For example, inattention to confidentiality in data collection erodes the integrity of the process, no matter how ethically the other tasks are performed.
What data to collect?
Businesses collect data for marketing purposes; however the data collected may not meet the ethical standards. Eventually the use of such data may end up harming people. The ethical evaluation of decisions and actions in the area of privacy and security is therefore highly complex (Stahl, 2004).
How data are collected
Businesses may collect data without the consent of individuals which violates the ethical standard. A video camera or any other form of electronics use which individuals may not be aware of may be illegal and is ethically questionable. As noted in the above case situation, management can monitor employee internet activity, especially where the company system is being used and/or where there is potential harm to the organization.
How data is processed
Data collected should be processed such that it does not distort the meaning of the data. Data should be processed in proper context in order to maintain the purpose for which the data were collected.
How the data are presented
The presentation of the data should be such that the data are not accessed or seen by the unauthorized individuals. For example, if the data are presented in the paper media and if the data are sensitive then such form of data should be well protected. If the data is presented in the electronic form and is made available on the network then proper firewalls should be put in place so that only the authorized individuals may access it. If the company is trying to save money by not properly guarding the presented data in any form violates the ethical guidelines. Some interaction designs are better than the other and sometimes ethics also needs to be considered in making interaction design decisions (Robertson, 2006).
What is the purpose of the data?
Even if the data are collected within ethical guidelines, businesses should make sure that the data should not be used for the purpose other than their intended use. In this scenario, the business manager may try to save money or time and use the data for multiple purposes without informing the individuals. For example, at present there are concerns regarding violations of currently accepted principles governing the fair use of electronically recorded data when applied to genetic information (Cavanaugh, 2000).
The extent of its impact
If using the data will impact a large number of individuals, businesses should take additional precautions in how the data are collected, processed, presented and used. Any compromise made in order to save money results in the breach of ethical guidelines. Issues of IT ethics have recently become immensely more complex. The capacity to place material on the world wide web has been acquired by a very large number of people (Phulkan, 2005).
Ethical consideration and improper handling of data or information are even more critical for relatively new businesses (Neubaum et al., 2004). New businesses are faced with the liability and scarcity of resources, which tempts the managers to make decisions without properly following the basic ethical guidelines. It is critical that the management defines the proper guidelines for using computers and also provides training (Hilton, 2000). Any compromise made may result in ethical violation. Organizations may be able to develop realistic training programs for IT professionals and managers and incorporate deterrent and preventive measures that can curb the rising tide of undesired misuse (Leonard et al., 2004).
Conclusion
In conclusion, the study and assessment of ethics in EI supports the belief that ethical practices in this area impact the entire organization. Further, IS management operates within the larger organization context and the ethical quality of its actions reflects that of the organization culture. While IS professionals dedicate themselves to behaving responsibly and ethically, if the climate is corrupted by misbehavior elsewhere, they may succumb to the pressures of expediency imposed upon them, regardless how principled they may be. Supports – safeguards – are essential for guiding and reinforcing their worthy intentions.
The implications for organizations are clear and replete with caveats. On the positive side, though, the organization that invests in ethics safeguards provides the needed supports and reaps substantial returns in employee morale, performance and ultimately, the bottom line – profits. In this area of EI management, the atmosphere of trust that results lightens the burden for all involved. For the staff, it alleviates the stressfulness of having constant challenges to one's integrity. This enables them to focus their energy more completely on the task at hand and on their mission.
Table IComparisons of high and low ethical safeguard groups, by major organizational area of ethical practice
Table IIElectronic information activities and ethical issues
References
Cavanaugh, T.A. (2000), "Genetics and fair use codes for electronic information", Ethics and Information Technology, Vol. 2 No.2, pp.121-3.
Desai, M.S., Richards, T.C., von der Embse, T. (2002), "System insecurity – firewalls", Information Management & Computer Security, Vol. 10 No.3, pp.135-9.
Hilton, T. (2000), "Information systems ethics: a practitioner survey", Journal of Business Ethics, Vol. 28 No.4, pp.279-84.
Jennings, M. (2002), "Ethics in cyberspace", BizEd, January-February, pp.18-23.
KPMG LLP (2000), Organizational Integrity Survey: A Summary, Integrity Management Services, KPMG LLP, New York, NY, .
Leonard, L.N.K., Cronon, T.P., Kreie, J. (2004), "What influences IT ethical behavior intentions-planned behavior, reasoned action, perceived importance, or individual characteristics?", Information & Management, Vol. 42 No.1, pp.143-58.
Mason, R. (1986), "Four ethical issues of the information age", Management Information Systems Quarterly, Vol. 10 No.1, pp.5-12.
Neubaum, D., Mitchell, M., Schminke, M. (2004), "Firm newness, entrepreneurial orientation, and ethical climate", Journal of Business Ethics, Vol. 2 pp.335-47.
Oz, E. (1992), "Ethical standards for information systems professionals: a case for unified code", Management Information Systems Quarterly, Vol. 16 No.4, pp.1-12.
Oz, E. (2001), "Organizational commitment and ethical behavior: an empirical study of information systems professionals", Journal of Business Ethics, Vol. 34 No.2, pp.137-43.
Paine, L.S. (1994), "Managing for organizational integrity", Harvard Business Review, March/April, pp.106-17.
Petrovic-Lazarevic, S., Sohal, A. (2004), "Nature of e-business ethical dilemmas", Information Management & Computer Security, Vol. 12 No.3/4, pp.167-77.
Phulkan, S. (2005), "Using information technology ethically: new dimensions in the age of the internet", The Business Review, Vol. 4 No.1, pp.234-40.
Rivera, R.J., Andrew, P. (2006), State of the Industry in Leading Enterprises: ASTD Annual Review of Trends in Workplace Learning and Performance, American Society for Training & Development, Alexandria, VA, ASTDResearch@astd.org, .
Robertson, T. (2006), "Ethical issues in interaction design", Ethics and Information Technology, Vol. 8 No.2, pp.49-59.
Smyth v. Pillsbury Co. (1996), 914 F. Supp. 97, E.D. PA, .
Stahl, B.C. (2004), "Responsibility for information assurance and privacy: a problem of individual ethics?", Journal of Organizational and End User Computing, Vol. 16 No.3, pp.59-78.
von der Embse, T.J., Desai, M.S. (2006), "A blueprint for an ethics-based strategy", Proceedings Society for the Advancement of Management International Conference,, .
von der Embse, T.J., Desai, M.S., Desai, S. (2004), "How well are corporate ethics codes and policies applied in the trenches? Key factors and conditions", Information Management & Computer Security, Vol. 12 No.2/3, pp.146-53.
Walton, C. (1988), The Moral Manager, Ballinger, Cambridge, MA, .
Corresponding author
Mayur S. Desai can be contacted at: desaims@tsu.edu