This Information Age article forms part of a 7-part series on Ethics, covering artificial influencers, facial recognition, IoT, security and more. The series will culminate in an online panel on 11 December. Register to take part in the discussion and send your questions to the ACS Ethics Committee.
After coming to Australia to study IT a few years ago, Priya is very excited because she's landed her first job as an assistant systems administrator at Baby Buggies R Us.
After a few months in the job the company’s HR director comes to her and asks her to download and install keylogging software on all PCs at head office.
The HR director explains that somebody has been anonymously posting really negative reviews of the safety of the company's products and making comments about its internal quality processes --and it looks like it's coming from inside head office.
Priya wants to make a good impression at her new job but is feeling a little unsure so she asks you, a colleague who's been working for the company for a few years, for some advice.
How would you advise Priya?
Response from Mark, IT Manager
The actions presented in the scenario whilst legal, are unethical for a number of reasons.
I would advise Priya to not comply with the request and to notify her department head.
The Human Resources (HR) Director is deliberately exploiting the fact that Priya is an assistant systems administrator.
If the request was considered ethical and not an attempt to covertly discover the source of the negative commentary, then the HR Director would have approached Priya’s supervisor.
Priya’s inexperience and unfamiliarity with normal workplace practices in Australia also place her into a difficult position with regards to what is considered ethical in an Australian context.
In doing so, the HR Director has placed Priya into a situation where she cannot say no to a senior person.
No mention is made of any company policy regarding surveillance of staff computing activities, so we must assume that this exercise will be covert which also unethical.
Staff should be notified that their activities are monitored and they should exercise common sense whilst using company resources.
Finally, the HR Director’s actions will potentially lead to further negative commentary from staff once the keylogging software is discovered by someone else in the company.
Response from Ian, Senior Consultant
I would suggest Priya go back to the HR Director to ask the following questions:
· Does this instruction come from the CEO?
· Has the company sought legal counsel on this issue?
· Does her direct manager know of this request?
· Can she have the directive in writing?
Essentially, my advice to Priya would be to ask for further clarification from the HR manager and voice her reservations about whether this is appropriate action to take.
Depending on the answers she receives, she should raise the issue with her direct manager.
If the answer to all the questions above is ‘yes’, then Priya really has no option, and in fact it would be to her advantage to be seen as a reliable employee helping out in a difficult situation.
A company may be within their right to install such monitoring software, however if I was the CEO, I would openly discuss the issue with the whole company, requesting that the posting of negative reviews stop immediately, reminding staff that it is (presumably) breaching confidentiality agreements.
And if the person is caught they could be fired, and that if it doesn’t stop, the company may need to take other action that might include adding keylogging software to all computers.
I think the method of implementation suggested, that is, asking a new employee to install the software secretly without explaining it or informing other employees, as unethical and poorly judged.
Response from Michael, member of ACS Ethics Committee
There are many ethical issues at play in this scenario.
Power
There is a large inequality in power between the HR Director and Priya, a very new and junior employee. Why is the exec not going through Priya’s manager to make her request? Priya should go and speak to her own manager before agreeing to anything.
Limits on duties of an Employee
While Priya has a duty to her company, does this include breaking the law though? Are you even allowed to monitor employees in this way? If it’s legal, is it ethical? And what about downloading the keylogging tool? If that is against company rules, would Priya take the blame if it wasn’t officially sanctioned?
Duties of the Company
Is it fair to monitor all employees (and possibly find out all sorts of private information about them) to stop one employee posting what may be valid concerns?
Privacy
Would Priya be sacrificing the reasonable expectations of privacy of many employees to satisfy the desire of the company to stop unflattering commentary? And who will be checking the monitoring logs anyway? Priya? The HR department? Whoever it is will have access to lots of sensitive information.
What about public interest?
Does the fact that there are safety issues with items for use by babies concern Priya? Should she therefore refuse the HR Director’s ‘request’ to find the leaker?
Your advice to Priya
Should you intercede on Priya’s behalf? That could hurt her career. Remember, she has only asked for your advice. You would have to think about your duty too. Are any of these issues serious enough that they cause ethical concerns for you if you don’t do something? Who would you take it to and how would you keep Priya’s confidence while doing so?
Let’s hear your thoughts below.
Michael Wildenauer is Professor of Practice in Management, La Trobe Business School, and Vice Chair, ACS Ethics Committee.
Register to take part in our Ethics online discussion on 11 December.
Read our entire 2018 Ethics series:
Part 1: Artificial influencers
Part 2: Facial recognition unmasked
Part 3: When IoT goes wrong
Part 4: Who’s to blame for phishing breaches?
Part 5: Could encryption legislation increase risk of being hacked?
Part 6: Would you install a keylogger at your workplace?
Part 7: Do you abide by a professional code of ethics?
