Both small and large-scale ICT projects pose ethical questions for individuals including business analysts, developers, business product owners and strategy makers.
Many questions may be raised including:
What ethical standards are applicable for projects?
Why are ethics important?
When should ethics be considered (before, during, after or continuously during a project)?
Who should ultimately be responsible for the creation, implementation, checking and continual improvement of compliance with ethical standards within companies?
How should ethical behaviour be developed practically within a company?
How should ethical standards be communicated within an organisation?
How should ethics be linked with agile project management and system development?
Ethics is a difficult matter in that what is legal is not always ethical and what is ethical is not always legal. The concepts of legal compliance and ethical compliance are not synonymous, nor are they of course mutually exclusive. Business can excellent in their knowledge of the law, such as those governing privacy, and in not technically breaching regulations; however there is often a grey area regarding ethics. The common human tendency to rationalise behaviour, arguing that the ‘means justify the end’, can lead individuals to perform unethical actions which they deem to be right. An organisational obsession on short-term goals and profits may lead them to condone unethical behaviour in particular in their use of technology and data. Rewarding short-term performance may put pressure on employees and can compromise their ability to clearly judge what is right and wrong, ethical and unethical.
Ethics in ICT projects is strongly linked to the concepts of data privacy, property, accuracy and accessibility. Any IT system functions on a platform of data, people, processes and technology. It is in the matter of data that business can fall into the trap of unethical behaviour. Sensitive data may be collected on customers that, although legal, is entirely unnecessary and inappropriate. A business may further breach the law, be clearly unethical, and collect data about customers which clearly violates their privacy. Customer data may also be used by the company not only for their use, but sold to third parties for profit. This has been done by large corporations such as FlyBuys which is known to sell customer data onto other corporations.
Data accuracy is important in that customer data may not maintain its integrity when used in systems. Invalid data may have consequences on customers, after which the company may not want to claim any responsibility for any damage incurred. Companies also need to be concerned about data accessibility as it could be construed to be unethical for certain individuals to have access to data across numerous departments, which may lead them to take advantage of their position and access to information for personal gain.
Clearly articulated ethical standards regarding data privacy, property, accuracy and accessibility are very important in all ICT endeavours as they function is the basis for trust between businesses and consumers. Ethics are important not only because they often lineup to what is legal, but because they place the customers best interests at top priority. Ethics need to be considered before, during and after an ICT project is completed and continuously assessed. The concept of kaizen is very relevant in this goal of the ethical compliance. Organisations need to continually seek ways to improve compliance with ethical standards; they need to focus on the greatest risks and implications first, they need to fix problems immediately when they are identified and they need to brainstorm possible ethical dilemmas that may arise in their sprint-cycles. Agile software development allows companies to continuously develop and assess their policies and strategies to properly guard sensitive customer data that needs to be collected and stored, insure that customers know their rights regarding their data and the use of their data (outlining what the system will use customer data to do), ensuring that there is data integrity throughout business processes and insuring that system architecture is developed in such a way that data is protected from access by unauthorised parties (be it outside or internal to the organisation).