The “Tennessee Technology Center (at Shelbyville)” has an article posted on their blog that really hit home with me, about ethics and the IT Professional, that I want to expand upon. I encourage you to visit the site and read:
When I was in a working capacity as an IT Professional, at a small government agency, it was at that stage of the game where networking was coming into full play, the internet was the new fad, and people were still using WordPerfect. As I grew with the technology and the networking became a critical business process, I soon realized, as an IT Professional, I held the keys to every bit of information crossing that network.
It was my ethics, at that stage of the game, that I approached the managers to make them aware that I had the ability to access any information that was put out there. It was also at that point that I put into place written policy, that in essence, dictated what I did and how I did it. The reason I did this is because the business managers at that time, in places such as where I worked, did not understand anything about computers, networking or data management in general. I also wanted the managers to know these things to build their trust in me. Like Steve, in the TTC Shelbyville article, I never once abused my privilege.
Are there bad IT people? Of course there are… I often wondered, in the government position where I worked, why there were not more stringent hiring standards (extensive background checks) when recruiting for IT Staff. At that time, as I mentioned, many of these places looked at technology advancements as a trophy where they could stand back and say, “our place is networked”; not really caring about whether the data was safe or not. During my career I even heard some IT people, side on arrogance, and gloat about their abilities to access company secrets; OR, even destroy them if they wanted to.
The article posted by the Tennessee Technology Center (at Shelbyville) was posted by the instructor to remind the IT students that they may someday be in the position where they will be entrusted, at a very high level, to protect data; AND that policies and procedures should be put into place to protect not only the information, that the IT Professional is entrusted; BUT, to protect the IT Professional.