Teradata Magazine Cover Teradata Magazine Online  
Register Help Password
Password:
Quick Links
Current Issue
Archives
Teradata.com
Teradata Magazine Rss Feed
ARCHIVES Search Teradata Magazine Online:  
ENTERPRISE VIEW

Printable versionPrintable version Send to a colleagueSend to a colleague

Ethics in business intelligence

A practical approach

by Richard Hackathorn

Enterprise View Graphic

From the loss of customer information to ownership rights of pop music, ethical issues about information are cropping up in many unexpected places. The ethical issues involving business intelligence (BI) and data warehousing (DW) are particularly subtle in their complexity and implications, but they share some common characteristics with other IT-related issues.

In the past, IT professionals have been able to pass these issues on to executives, saying simply, "It's not my problem; let the boss decide." However, for many companies that approach is no longer acceptable, as the number and complexity of ethical issues have become a veritable tidal wave that no one can ignore.

We must first recognize that ethics is a touchy subject. Ethical issues are messy in our diverse and global culture. Most want to avoid the subject altogether, evading controversy that may cause ill will among colleagues. It is difficult and sometimes impossible to find compromises that provide a balanced solution for all aspects in a given ethical issue. There is uncertainty as to where an ethical discussion will lead. Resolutions of an ethical issue may be inconclusive, complex or confusing. And, of course, discussions of ethics can degenerate into one-sided arguments driven by people with strong, predefined opinions.

The world is changing rapidly, and so is the technology that drives that change, especially with BI and DW. There are many analysis activities that were inconceivable a few years ago. Now, these analyses are possible and performed daily at an acceptable cost. We are able to do so much more with BI/DW technology that we have not taken the time to determine where the boundaries really are—or should be. With declining levels of trust for corporations, there is a great anxiety to be "squeaky clean" about any ethical issue.

What are IT professionals to do? Let's start with the basics.

What is ethics?
Consider the following situation: "Todd is a business analyst for a large bank. At a training class for using a new query tool with their customer database, he was fascinated by the power of the tool. Seeking the perfect mate, he retrieves the names of females between the ages of 21 and 25 within walking distance of his apartment. Was Todd behaving ethically?"

Whether Todd was behaving ethically is a small aspect of this situation. What was the company's policy about handling customer data? Is there any such policy? Why was the class using live data? Did the instructor mention any restrictions on the use of customer data within the class? What may be the legal liability to the company? And so on. This situation becomes quite complex. However, it reveals the important policy issues that companies must manage.

So, when we use the word "ethics" what do we really mean? The word comes from the Greek "ethos," meaning the distinguishing character or guiding beliefs of a society. In other words, ethics is what is considered by a society to be acceptable behavior, whether at a personal level or corporate level.

Over time, descriptions of acceptable behavior are codified into laws. The legal system then monitors and guides that behavior. The problem is that with each wave of new technology, society does not have time to digest its implications and formulate accompanying guidelines of acceptable behavior. There is a delay, potentially causing legal behavior to be out of sync with ethical behavior.

Law and ethics matrix
Figure 1  

There is a myth that if something is legal, it is then ethical. One does not necessarily imply the other. In figure 1, all the combinations from legal/illegal and ethical/unethical are shown. Cases A and B are the typical situations where law and ethics are in sync. However, Cases C and D are the troubling situations. IT professionals sometimes find themselves in Case C. What they are doing does not seem right, but it is legal.

Take the example of Todd, the business analyst. Many people might say that it is unethical for him to use information obtained through his company's database. However, if his company has no policies prohibiting personal use of company data, then Todd is acting legally. He would fall into category C.

This legal-ethical distinction becomes increasingly significant when companies must deal with regulatory compliance in financial reporting, handling personal data, or the like. Note that "to be in compliance" could imply (as in Case C) doing something in order to meet compliance regulations that may be considered unethical by the company. Or "to be out of compliance" could imply (as in Case D) doing something that is illegal but considered ethical. Given the ethical consideration, compliance takes on a more complex perspective for doing "the right thing."

In English, as in many other languages, there is a subtle but important difference between the words "can" and "should." Depending on one's moral beliefs, that difference can be quite deep. Whenever we use "should" in a sentence, we are implicitly referring to some moral framework that gives us the basis for that statement. To understand and resolve ethical issues, we must understand that framework and reveal it through discussion.

There are many possibilities. The framework could be a religious faith. It could be a secular conviction in the Golden Rule ("Do to others as you would like them to do to you.") It could be a utilitarian common sense (good reasoning), societal good (best for the majority), a materialistic goal (best for the bottom line) or even popular opinion (everyone is doing it). Unfortunately, many moral beliefs are forged from ignorance, indifference or apathy.

Ethic Definition
Figure 1

Current ethical issues
There are many ethical issues facing IT professionals today. Many issues are hidden, but one issue that is clearly visible is the unintentional disclosure of personal information, which can lead to identity theft. In the first half of 2005, several major companies—from banks to retailers—have confirmed that data about several million persons (either customers or employees) had been stolen. Among this data: full names, addresses, Social Security numbers, driver's license numbers, credit card information and family member information. And in each instance, the number of personal records exposed was in the hundreds of thousands. The potential for widespread identify theft in the hands of skilled criminals is huge, resulting in the potential loss of billions nationally.

These events have caused widespread concern among some people. We can only imagine the possible implications to the future of customer databases. IT professionals must be proactive in exploring the ethical issues surrounding the collection and use of personal information, especially about customers and employees. Currently there is a mostly superficial acceptance of its importance, which must mature into a deep sense of responsibility toward personal information.

Another issue is compliance with the Sarbanes-Oxley Act and other financial accountability regulations. Because this legislation is new, the lack of clear interpretation has caused anxiety and uncertainty among IT professionals and unrealistic expectations from the BI/DW perspective.

There are new IT requirements for data security, data auditing and the like, along with a belief that BI analytics will detect all negligence and fraud. But will it? Given the increasing complexity of global business and government regulation, ethical issues will demand more management attention and smart policy formulation.

Conclusions
Dealing effectively with ethical issues has always been a central part of any competent business. In the past, this role was performed informally, mainly through the character of executives and the traditions of the corporation. However, in today's complex global economy, ethical issues come hidden in many forms, requiring corporations to devote more formal attention to them. This will require executives and IT professionals to work together on both the business and technology aspects of these problems. It is a partnership that is essential in properly managing the information assets of an enterprise. T

Practical steps

A COMPANY MUST BE PREPARED. In other words, start thinking and discussing the issues before they hit you directly in the face. Management must take time to engage in dialogue with everyone affected and to manage the issue over the long term. Here are a few simple steps to keep you on track:

1. Be aware of ethical issues that may have significant impacts on your business. Officially recognize those issues by labeling each one and defining its boundaries and objectives. Make the discussion of these issues acceptable as part of everyone's responsibilities to the company. Also, make the discussion professional by providing guidelines and direction, which lead to better business practices for your company. For example, if the privacy of customer information is an issue, label it as "Protecting Jane" (as the prototypical customer) and state the potential benefits and consequences to Jane and to the company.

2. Gather the facts and identify the dimensions specific to your company. Be as open and honest about the issue as possible. For example, the Protecting Jane issue would be pursued by determining what data is gathered, how the data is maintained, how it is secured, and who has access to the data for what purposes.

3. Reach a decision about what is and is not ethical for your company. State it as corporate policy, with penalties as appropriate. For example, the Protecting Jane issue becomes a corporate policy that lists the specific responsibilities of all employees when they are handling customer information.

4. Learn from dealing with specific incidents and adjust the policy over time. For example, by monitoring the Protecting Jane policy, there might have been 14 incidents of questionable use of customer data that, when reviewed, led to refinements in the policy.

In applying these steps, one should be open and honest when dealing with ethical issues. Hiding parts of the issue seems to magnify the eventual problem. It is important that ethical discussions are acceptable within your culture and conducted in a 'professional' manner directed to corporate objectives, rather than personal feelings. Finally, always seek qualified legal advice surrounding any issues, but do not let it dominate the discussion.

Dr. Richard Hackathorn is president and founder of Bolder Technology, Inc., a consultancy in Boulder, Colorado. He has over 30 years of experience in the IT industry and is a well-known technology innovator and international educator.

© Teradata Magazine-September 2005


back to top



Copyright by Teradata Corporation 2001-2007.