Preventing Unethical Behavior in the Workplace: Technology Staff and Supervisor Roles and Responsibilities

Abstract

This You Decide scenario poses serious ethical concerns, business problems, and heightened legal risks to the company. Reported widespread employee visitations to gambling and pornography websites while at work are ethical breaches symbolizing problems associated with lost productivity, compromised technological security structures, employee disgruntlement, and internal quality controls that are ineffectively encouraging upper management to act on critical information affecting company assets. Technology staff and supervisor roles and responsibilities related to preventing unethical behavior and information security breaches at work are addressed. Legal implications associated with company installed internet controls and filters are discussed concerning: (1) avoiding revenue draining legal expenses associated with both potential technology security breaches and workplace harassment claims; (2) preventing negative and unproductive work environments; (3) ensuring that employee workplace privacy expectations are delineated by clear behavior protocols; and (4) building towards a workplace culture more aligned with company goals and objectives.

Preventing Unethical Behavior in the Workplace: Technology Staff and Supervisor Roles and Responsibilities

Reported employee use of gambling and pornography websites while at work are ethical breaches symbolizing problems associated with lost productivity, compromised technological security structures, and ineffective quality controls that technology staff is especially well suited to address. Any company’s failure to install and enforce adequate technology security protocols places it at an increased risk of business losses and legal peril. This report outlines these issues and provides recommendations for remediation and future prevention.

Technology Staff Role in Preventing Security Breaches and Unethical Behavior

Technology staff promotes maximum productivity workflows using company computing and storage-related assets. Productivity achievements are often measured by revenue metrics, which are compromised by unethical behavior and security breaches. Ethical questions are at play in this scenario “because the risks associated with inappropriate behavior have increased, both in their likelihood and in their potential negative impact.” (Reynolds, p. 6). All company stakeholders (shareholders, employees, customers, and vendors) have greater risks of loss because of unethical behaviors reported here.

Even if the company in this scenario was based in pornography and/or gambling industries, monitoring employee's non-work oriented Internet surfing on adult and gambling websites plays a key role in protecting core company assets. Unless the company was a nonprofit religious organization, the technology staff’s role is not as a moralist, which would represent simply enforcing one’s personal beliefs about “right and wrong. . . based on age, cultural group, ethnic background, religion, life experiences, education, and gender.” (Reynolds, p. 5). Since ethics in technology is intertwined with questions of work productivity and profits, staff should, therefore, take steps to remediate the current problems identified.

Technology staff should pay particular attention to aggressive viruses, worms, and malware known to exist on adult and gambling sites. Here, the issues reported by Connie (workers visiting pornographic and gambling websites) and Betsy (work stations with hate group links and images) suggest that whatever software outage problems now exist may be caused by workers personally using these “high risk” sites. If true, not only does productivity drop in the short run, but unrecognized or unaddressed security breaches could represent long term liabilities. Target provides a recent example, when it suffered sensitive customer data losses, evaporation of customer goodwill, and simultaneously increased expenditures associated with ongoing customer call hotlines and credit monitoring. Especially when companies store confidential customer and vendor data in the cloud, these risks are simply too great to ignore.

Supervisor Role in Prevention, Detection, and Discipline

While a supervisor may not be responsible for watching the minute details of the technology staff’s daily tasks, he or she should take seriously any reported or suspected data breaches and unethical behavior in the workplace. Companies are liable for their employees’ actions, even when they act in a manner contrary to corporate policy and direction. As Reynolds, p. 29, makes clear: “General business managers must assume greater responsibility for these decisions, but to do so they must be able to make broad-minded, objective decisions based on technical savvy, business know-how, and a sense of ethics.” Therefore, no supervisor may turn a blind eye to breaches of security or unethical behavior; the risks of company liability and possible personal regulatory penalties or criminal actions (depending on the severity of the actions or inactions involved, and the losses incurred) demand immediate attention and possible discipline, based on company policies and procedures.

Here, Betsy indicated that following her audit’s identification of risks associated with inadequate staffing (a theme echoed by Connie), personal usages by employees of “high risk” websites (also echoed by Connie), and poorly controlled operation processes, the SOC Manager may or may not have remediated those issues. Being understaffed is not an adequate justification to overcome these and related concerns, including not knowing what the resolutions are. If technology staffing is perpetually shorthanded (as is suggested, but not proven) then this would suggest known heightened risks for allowing increased unethical behavior and security breaches. Based on potential legal liabilities and possible failure to follow internal operations protocol, the supervisor’s responsibilities to pursue further investigation, reporting, and possible discipline are certainly indicated.

Controlling Internet Access and Internet Filtering

Establishing Internet access safeguards such as firewalls and filtering software might do a great deal to reduce, if not eliminate, much of the serious problems that have been indicated by Connie and Betsy. Another viable approach would be to subscribe to an Internet service provider (like ClearSail) that performs the blocking. These methods would serve five valuable, even necessary functions: (1) removing future opportunities for employees (like perhaps Connie) to use blanket “blame it on the software” excuses; (2) reducing instances where internal auditors (like Betsy) feel exonerated by just “kicking it upstairs” to management, and not following up to find solutions; (3) reducing future opportunities for employees (like Allison) to point a retributive finger at their colleagues (Connie, in this instance) for what may actually be software related shortcomings, as opposed to possible use of phone and messaging software for personal use; (4) reducing the possibility of sexual and racially motivated harassment lawsuits associated with any employee’s unwilling exposure to objectionable websites on workstations; and (5) it would remove one known barrier to improved employee productivity.

CDA and COPA Implications

The Communications Decency Act (CDA) was federal legislation designed to protect children from pornography on the Internet. It levied $250,000 fines and prison sentences for transmitting indecent material over the Internet. An additional federal law, the Child Online Protection Act (COPA), imposed fines and criminal sentences for communicating material harmful to minors over the Internet. Although the Supreme Court overturned both the CDA and COPA for being overbroad and violating First Amendment freedom of speech rights, the company should not ignore other constitutionally sound laws that allow for criminal prosecution of those who possess child pornography. Although the facts here do not indicate that specifically child pornography was seen on employee workstations, the company does not want to appear it allows or condones employees engaging in this type of Internet surfing at work. The risks of civil liability, criminal prosecution, and veering away from business objectives are too great.

Defamation and Hate Speech Implications

The First Amendment protects free speech rights, but defamation laws are designed to prevent factually untrue statements from being made about someone else, which harms their ability to work. In this scenario, Allison’s statements about Connie “always talking on the phone and instant messaging her friends” would be appropriate to investigate, but it may also represent the perspective of one employee who felt like she was “set up to fail” by another. The workplace atmosphere is certainly poisonous when one employee feels compelled to ask her supervisor if “more ammunition” is needed to prove the truth of her perceptions, as did Allison here.

Images and links to known hate groups is a serious matter of concern because if left unchecked, this could signal that the company is at least passively purveying these messages at work, which could trigger hostile work environment lawsuits by employees, regardless of their gender, race, or ethnicity. Even if not criminally directed at specific individuals, this hot button issue must be addressed to ensure that employees know the company does not and will not tolerate engaging in offensive, hate group speech (even digital speech) at work.

Freedom Versus Privacy Implications

Adequate data exists to have the company draft and implement clear policies and procedures which would prevent all employees from using company technology assets to access adult, gambling, and/or hate group information. The company should also draft addenda to existing employment contracts indicating that employees acknowledge being notified that all of their activities related to the use of the company’s technological assets are subject to monitoring, to help assure that this new policy is being followed. If some employees resent now being explicitly restricted from such personal activities at work, business considerations make such a move advisable, and the law protects the company’s right to such monitoring, even if it is a public institution (like a public school).

This change would neither restrict employees from speaking freely after hours nor would it invade their privacy. Every employee may use privately-owned technology for personal interests after work. There is evidence indicating employees would welcome these steps since some have already suggested that these websites being accessed at work distract from core business imperatives, undermines morale, and creates a poor office environment. For all these reasons, the company must protect itself and its stakeholders by preventing these activities from occurring again in the future.

Reference

Reynolds, G. W. (2012). Ethics in information technology (4th ed.). Mason, OH: South-Western. 2015-10-29. VitalBook file.