PCE 6: Professional Ethics

6Unit 6

Professional Ethics

Class hours

Topics

0/7 done

Progress0/7 topics

Why This Unit Matters

Technology professionals hold enormous power over people's data, systems, and lives. This unit examines the ethical frameworks, professional codes, and real-world dilemmas that define responsible practice in IT.

Professional Ethics in IT

Professional ethics are the moral standards and principles that govern how a professional acts in their work context. In IT, where decisions affect millions of people's data, privacy, and safety, ethical reasoning is not optional.

Why Ethics Matter in IT

IT professionals hold vast power over personal data
Technology decisions affect entire societies
Systems can cause harm if built unethically
Professional reputation depends on trust
Legal liability for negligent or unethical practice

Core Ethical Principles in IT

Beneficence — act in the user's best interest
Non-maleficence — do no harm
Autonomy — respect users' right to self-determination
Justice — ensure fair access and treatment
Honesty — transparent about capabilities and limitations

Exam Tip

Define "professional ethics" and list 5 reasons why ethics matter specifically in IT. This is a frequent 5-mark question.

Codes of Ethics: ACM, IEEE & AITP

Professional bodies have developed formal codes that IT professionals are expected to follow. These codes create accountability standards for the profession.

ACM (Association for Computing Machinery)

Founded 1947. Focus: computing as a profession with societal responsibility. Key provisions: contribute to society and human well-being; avoid harm; be honest and trustworthy; respect privacy; give proper credit; access computing resources only when authorised.

IEEE (Institute of Electrical and Electronics Engineers)

Focus: engineering professionals. Key provisions: hold safety, health, and welfare of the public paramount; be honest and realistic; reject bribery; treat all persons fairly; avoid injuring others.

AITP (Association of IT Professionals)

Focus: IT management and practice. Key provisions: protect members of the public; perform duties with competence; avoid dishonest gain; protect privacy; report unprofessional behaviour through proper channels.

Shared Principles Across All Three Codes

•Public safety and well-being first

•Honesty and transparency

•Respect for privacy

•Competence and due diligence

•Rejecting bribery and corruption

•Fairness and non-discrimination

•Reporting unethical behaviour

•Protecting intellectual property

ACM Code of Ethics — Key Provisions (Detailed)

Provision	What It Means	Real-World Example
Contribute to society and human well-being	Technology must serve people. Professionals should consider the social impact of their work.	Building accessible websites so disabled users can access services equally.
Avoid harm	Do not create systems that cause physical, financial, or emotional damage to users.	Refusing to build a predatory lending algorithm that targets vulnerable populations.
Be honest and trustworthy	Do not deceive users, employers, or the public about capabilities or risks.	Disclosing that a software product has known security vulnerabilities before release.
Be fair and do not discriminate	Technology must not reinforce bias based on race, gender, age, or socioeconomic status.	Auditing an AI hiring tool to ensure it does not penalise female applicants.
Respect privacy	Collect only necessary data, store it securely, and never use it beyond its stated purpose.	Implementing data minimisation — collecting only the fields a feature actually needs.
Honour confidentiality	Protect proprietary and personal information entrusted to you.	Not sharing client database schemas with a competitor, even informally.
Give proper credit	Acknowledge the work of others. Do not plagiarise code or claim others' ideas.	Attributing open-source libraries used in your project in the README.
Access resources only when authorised	Do not use systems, data, or networks beyond your approved access level.	Not accessing a colleague's email even if you have admin credentials.

Exam Tip

Know 5 key provisions from each code. ACM and IEEE are the most commonly tested. "Hold safety of the public paramount" is from IEEE.

Whistle-Blowing

Whistle-blowing is the act of an employee (or former employee) disclosing information about illegal, unethical, or dangerous activities within an organisation to the public or to a regulatory authority.

Arguments For Whistle-Blowing

Serves the public interest and safety
Upholds moral responsibility over loyalty to employer
Prevents long-term, larger-scale harm
Necessary when internal channels fail
Some codes (ACM, IEEE) require reporting unethical acts

Arguments Against / Risks

Breach of loyalty and confidentiality
Risk of job loss, blacklisting, legal action
Emotional and financial stress
May harm innocent colleagues
Information may be incomplete or misunderstood

When is Whistle-Blowing Justified?

Serious Harm

The harm involved is significant — safety, health, or fundamental rights.

Evidence

You have solid evidence, not just suspicion or rumour.

Internal Failure

You have exhausted internal channels without resolution.

Proportional

The disclosure is proportional to the harm — only what is necessary is revealed.

Whistle-Blowing Decision Guide — Step by Step

Step 1: Identify the IssueIs there genuine evidence of illegal, unethical, or dangerous activity? Not just disagreement or personal conflict — the issue must involve real harm or serious violation.

Step 2: Document EverythingCollect evidence: emails, screenshots, system logs, meeting minutes. Keep copies in a secure, personal location. Do not alter or fabricate evidence.

Step 3: Use Internal Channels FirstReport to your direct supervisor, HR department, ethics committee, or compliance officer. Most organisations have formal grievance or ethics reporting procedures.

Step 4: Escalate If Internal FailsIf the internal response is inadequate, dismissive, or retaliatory — escalate to higher management, the board of directors, or an internal ombudsman if one exists.

Step 5: Seek Legal AdviceBefore going external, consult a lawyer familiar with whistle-blower protection laws in your jurisdiction. Understand your legal rights and risks.

Step 6: External Disclosure (Last Resort)Report to a regulatory authority (e.g., data protection authority, consumer protection agency) or the media. This step is justified ONLY after internal channels have been exhausted and the harm is serious.

Step 7: Protect YourselfDocument the timeline of your reporting. Keep records of any retaliation. Know your country's whistle-blower protection laws (if any). Seek support from advocacy organisations.

Exam Tip

Define whistle-blowing and list 4 pros and 4 cons. Know the "when is it justified?" criteria — this is a 10-mark question pattern. The step-by-step process (internal first → escalate → external last) is a key exam framework.

Digital Rights & Privacy

As IT professionals, you are custodians of other people's data. Understanding digital rights is both a legal obligation and an ethical one.

Right to Privacy

Individuals have the right to control their personal data. IT systems must be designed with privacy-by-design principles.

Right to Access

People have the right to access their own data held by organisations and know how it is used.

Right to be Forgotten

In many jurisdictions, individuals can request deletion of their data from systems.

Informed Consent

Data collection must be transparent and users must actively consent — not through hidden checkboxes.

Intellectual Property

Software, algorithms, and digital content are protected by copyright and patents. Infringement is unethical and illegal.

Cybercrime & Liability

Unauthorized access, data breaches, and digital fraud are criminal. Professionals are liable if negligence contributed.

Workplace Ethical Challenges — Ethics Scenarios

Ethical vs Unethical IT Behaviour — Real Scenarios

Scenario	Ethical Response	Unethical Response
You find a security vulnerability in production	Document it, report to your security team immediately, and help fix it	Ignore it because reporting would delay the release deadline
A client asks you to build a feature that collects user location data without disclosure	Explain that informed consent is required and propose a transparent opt-in design	Build it as requested without questioning — "the client is always right"
Your colleague copies proprietary code from a previous employer	Privately advise them of the legal risk and report if they continue	Say nothing because they are your friend and the code works fine
You are asked to write fake positive reviews for your company's app	Refuse and explain that this violates consumer trust and advertising laws	Write the reviews because "everyone does it" and your manager asked
You discover your AI model produces biased results against a minority group	Flag the bias, halt deployment, retrain with balanced data, and document the fix	Ship it anyway because the overall accuracy metric is high enough
A manager asks you to access a terminated employee's personal files	Verify through HR and legal that this is authorised and follows company policy	Access the files immediately because a manager told you to

Apply ethical reasoning to real IT workplace dilemmas. Select the best course of action, then reveal the analysis.

The Leaked Database

You are a junior developer at a healthcare company. While working on a routine bug fix, you discover that a database containing 50,000 patient records is publicly accessible due to a misconfiguration. Your manager says "don't worry about it, the lawyers will handle it." What do you do?

The AI Surveillance Request

Your company asks you to build a system that monitors employees' keystrokes, browsing history, and webcam activity during work hours — without their knowledge. Your manager says this is legal and approved by HR.

Exam Tip

Expect scenario-based questions: "What would you do as an IT professional?" Apply ACM/IEEE code provisions, whistle-blowing criteria, and privacy rights in your answer.

IT Professional Responsibilities

An IT professional is not merely a technical worker — they are a trusted steward of systems that affect people's lives, data, safety, and rights. These responsibilities exist whether or not they are formally specified in a job description.

🎯 Competence & Quality

Maintain and update technical skills continuously
Deliver work to the best of your ability
Acknowledge when a task exceeds your competence and escalate
Test thoroughly before deployment — bugs in production affect real users
Document your work so others can understand and maintain it

🧑‍💼 User & Public Welfare

Design systems accessible to all users, including those with disabilities
Prioritise user safety over delivery speed
Consider the environmental impact of systems you build (energy, e-waste)
Ensure your system does not cause physical harm (medical, transport, infrastructure systems)
Respect user autonomy — do not design for manipulation

🔒 Data & Privacy

Collect only data that is necessary for the stated purpose (data minimisation)
Store data securely and protect it from unauthorised access
Inform users clearly about what data is collected and why
Delete data when it is no longer needed
Never sell or share user data without explicit informed consent

📋 Honesty & Transparency

Provide honest assessments of project feasibility, timelines, and risks
Disclose conflicts of interest
Report security vulnerabilities promptly and responsibly
Do not hide or minimise system failures
Be transparent about AI use in products and decisions affecting users

🏢 Organisational Responsibility

Protect employer confidential information
Use company systems only for authorised purposes
Report illegal or unethical instructions to appropriate channels
Do not accept gifts or benefits that create conflicts of interest
Support colleagues' professional development and wellbeing

🌐 Professional & Social Responsibility

Consider the social consequences of systems before building them
Refuse to build systems you know will be used to harm people
Contribute to the profession through knowledge sharing
Comply with applicable laws in all jurisdictions where your system operates
Support the rights of users to understand decisions made about them by automated systems

Nepal IT Context

Nepal's Electronic Transactions Act 2063 (2006) governs digital offences, electronic signatures, and cybercrime — IT professionals must know this law.
The Privacy Act 2075 (2018) establishes data protection rights — relevant for any system that handles Nepali citizens' personal data.
Many Nepali IT companies serve international clients — professionals must also comply with GDPR (EU), PDPA (India), and other jurisdiction-specific requirements.
Nepal's tech sector lacks the dense professional certification infrastructure of more developed markets — individual professionals bear more personal responsibility for maintaining ethical standards.

Exam Tip

IT Professional Responsibilities appear in 10-mark scenario questions: "An IT professional discovers X — what are their responsibilities?" Structure your answer using the six responsibility areas above.

Ethical Decision-Making Framework

Ethics rarely presents as a clear choice between good and evil. Real professional dilemmas involve competing legitimate interests, incomplete information, and organisational pressure. A structured framework prevents panic-driven or self-serving decisions.

The 7-Step Ethical Decision-Making Framework

1. Identify the ethical issueWhat exactly is the ethical problem? Who is affected? What rights, duties, or interests are at stake? Many professionals skip this step and jump to solutions — but misidentifying the problem guarantees a bad solution.

2. Gather the factsWhat do you actually know vs. what are you assuming? What are the relevant laws and policies? Who has authoritative information? Do not reason from incomplete or second-hand information.

3. Identify the stakeholdersWho will be affected by each possible course of action? Include: users, colleagues, the organisation, clients, the public, future users. Ethical decisions affect people beyond the immediate transaction.

4. Identify the optionsWhat are all the possible courses of action — including doing nothing? List at least three before evaluating any. "There's no other choice" is almost never true; it is usually a rationalisation for the option you have already decided on.

5. Apply ethical frameworksTest each option against multiple frameworks: (a) Consequentialism — which produces the best outcomes for the most stakeholders? (b) Deontology — which fulfils your duties and respects rights, regardless of outcome? (c) Virtue ethics — what would a person of good character do? (d) Code of ethics — what do ACM/IEEE/AITP require in this situation?

6. Make a decision and actSelect the option that best satisfies your ethical analysis. Document your reasoning. Act — indecision is not neutrality in ethical situations; it is a choice to allow the current situation to continue.

7. Review and learnAfter the situation resolves, evaluate: Was the decision correct? What did you learn? What would you do differently? Ethical competence is built through reflection, not just through correct individual decisions.

Worked Example: The Bonus Database

Scenario: You are a junior developer. While fixing an unrelated bug, you discover that the company's HR database is misconfigured — all employees' salary and bonus data is accessible to anyone with basic network access. Your supervisor, when you report it, says: "Don't worry about it — it's been like that for years and nobody's noticed. Just fix the bug you were assigned."

Identify the issueA serious data security vulnerability exists. Employees' sensitive financial data is exposed. The supervisor is instructing you to ignore it.

Gather factsIs this a legal violation? (Almost certainly — violates most data protection laws.) Who is affected? (All employees whose salary data is exposed.) Is the supervisor aware of the legal risk?

StakeholdersEmployees (whose privacy is violated), employer (legal and reputational risk), clients (if client data is also accessible).

Options(1) Obey the supervisor and fix only the assigned bug. (2) Fix the vulnerability without telling anyone. (3) Report it again, in writing, and document the response. (4) Escalate to a higher authority or data protection officer.

Apply frameworksConsequentialism: Option 1 risks ongoing harm. Option 4 produces the best outcome. Deontology: ACM Code 2.9 requires "design and implement systems that are robustly and usably secure." Virtue: A trustworthy professional does not ignore known vulnerabilities.

DecisionDocument the vulnerability in writing, report it to the supervisor and to whoever holds data protection responsibility. If ignored, escalate. This is a whistle-blowing situation if internal channels fail.

Exam Tip

The 7-step framework is used to answer scenario-based 10-mark questions. Structure your answer step-by-step. Always name the ethical framework you are applying (consequentialism, deontology, ACM code) — this demonstrates depth.

Ethical Vocabulary

Ethics has a technical vocabulary. Using these terms precisely in exam answers demonstrates understanding — and provides concise, examinable language for complex ideas.

Term	Definition	IT context / example
Ethics	The study of what is morally right and wrong, and the principles that guide behaviour	IT ethics applies general moral principles to decisions about systems, data, and users
Morality	The personal or cultural beliefs about right and wrong that guide behaviour	Different from ethics (systematic), morality is internal — what a person actually does when no one is watching
Integrity	Consistent adherence to moral principles, especially in difficult situations	An IT professional who discloses a security flaw even when it creates problems for their employer is acting with integrity
Accountability	Being answerable for the outcomes of your decisions and actions	If a system you designed causes a data breach, you are accountable for the design decisions that enabled it
Transparency	Openness about what you are doing, how, and why	Transparent AI: telling users when they are interacting with an automated system, not a human
Conflict of interest	A situation where personal gain or loyalty might compromise professional judgment	A developer who owns shares in a vendor they are recommending for a company contract has a conflict of interest
Confidentiality	Keeping information known in a professional relationship private	Client data, proprietary code, employee records — all are protected by professional confidentiality
Autonomy	The right to make one's own informed decisions	Users have autonomy: they have the right to know what a system does with their data and to choose not to use it
Non-maleficence	The duty to avoid causing harm	Building a system you know will be used for harassment violates non-maleficence
Beneficence	The duty to actively do good, not merely avoid harm	Designing for accessibility, building tools that serve underserved communities — these are acts of beneficence
Consequentialism	An ethical framework where the rightness of an action is determined by its outcomes	"The greatest good for the greatest number" — relevant when evaluating trade-offs in system design
Deontology	An ethical framework where actions are right or wrong regardless of outcomes, based on duties and rules	ACM Code principles are deontological: "Do not harm" applies even if harm would produce a better overall outcome
Virtue ethics	An ethical framework focused on the character of the actor, not the action or outcome	"What would a person of good character do?" — relevant when no rule clearly covers the situation
Whistleblowing	Reporting illegal or unethical behaviour within an organisation to an appropriate authority	An IT professional who reports a company secretly sharing user data with advertisers is whistleblowing
Due diligence	Taking reasonable precautions to identify and address risks before acting	Testing a system thoroughly before deployment is due diligence — shipping untested code is not
Informed consent	Agreement to a process after receiving complete, understandable information about it	Users must give informed consent for data collection — burying consent in unreadable terms-of-service is not informed

Exam Tip

These terms appear in definition questions ("Define whistleblowing / integrity / informed consent — 2 marks each") and in essay answers where using precise vocabulary lifts your marks. Know the distinction between ethics/morality, and between consequentialism/deontology.

Readings: "The Digital Citizen" & "The Necklace"

Conceptual Essay

Source: Course Reader

Genre: Digital civics / Ethics

Unit 6 — Digital age citizenship

"The Digital Citizen"

This essay argues that the digital revolution democratised participation — anyone could publish, anyone could access information — but created a new set of civic responsibilities that no one was prepared for. Being a digital citizen is not just about having internet access. It requires actively protecting the information commons, exercising epistemic responsibility, and recognising that for IT professionals, these responsibilities are structurally amplified.

Full Summary

The essay begins by tracing the original promise of the internet: radical democratisation of voice and access. For the first time in history, someone in a remote village could publish to a global audience at zero cost. This transformed journalism, activism, commerce, and governance. But the open architecture that enabled this came without built-in accountability mechanisms. The same system that let a citizen expose government corruption also let anyone spread health misinformation or coordinate harassment campaigns.

Digital rights mirror traditional civil rights but operate in a new space. Privacy in the digital age means controlling your data — not just your physical space. Freedom of expression online means the right to speak without algorithmic suppression. Access to information means not just connectivity but the right to uncurated, non-manipulated information flows. Equal access means recognising that the digital divide is a civil rights issue — those without reliable internet access are excluded from an increasingly essential civic space.

With rights come responsibilities. The essay identifies epistemic responsibility — verifying information before sharing it — as the central obligation of digital citizenship. Every unverified share contributes to the degradation of the information ecosystem that Maria Ressa described (Unit 2). Civil discourse online, respecting others' privacy, acknowledging sources, and reporting illegal content are all framed as civic duties, not just etiquette.

The essay's most important argument for BCA graduates: IT professionals are super-citizens. A biased recommendation algorithm shapes how hundreds of thousands of people access information. A privacy-violating data collection system affects the civic possibilities of every user. An inaccessible app excludes users from digital civic life. The developer who builds these systems has magnified moral responsibility — their personal ethics manifest as structural conditions that affect entire populations.

Key Quotes

"Digital citizenship is not just about having internet access — it is about exercising that access responsibly."

▸ Access without responsibility is a civic hazard. The essay argues that literacy in digital citizenship is as important as technical literacy for IT professionals.

"The IT professional is a digital citizen with amplified responsibilities."

▸ A developer who writes a privacy-respecting data policy protects thousands of users. One who doesn't violates thousands. Individual ethical choices, multiplied by scale, become social infrastructure.

"Epistemic responsibility: verify before you share."

▸ In an information ecosystem where false stories travel six times faster than true ones (MIT study, 2018), the individual decision to verify information before sharing it is a civic act, not just a personal standard.

Themes

Digital Rights vs Responsibilities

Rights without responsibilities create civic hazards; responsibilities without rights create oppression.

IT as Super-Citizenship

Developers' ethical choices manifest as structural conditions affecting entire user populations.

Epistemic Responsibility

Verifying information before sharing is a civic obligation in the age of algorithmic amplification.

Platform Design & Civic Life

How platforms are designed shapes what civic participation is possible on them.

Information Ecosystem

The shared information commons — like the physical commons — requires active stewardship to remain healthy.

Analytical Questions

Short Story

Guy de Maupassant

La Parure, 1884

Genre: French Realism

"The Necklace" (La Parure)

Guy de Maupassant (1850–1893) was a French realist and master of the short story. "The Necklace" (1884) is his most famous work and one of the most widely anthologised short stories in world literature. It is an almost perfectly constructed story about the catastrophic consequences of a single moment of dishonesty. It has been read as a parable about vanity, class anxiety, gender, and the compounding cost of deception for over 130 years.

Full Summary

Mathilde Loisel is a beautiful woman married to a minor government clerk. She believes she deserves luxury — she fantasises constantly about silks, jewels, and elegant dinners. One day her husband brings home an invitation to an elaborate Ministry dinner. Mathilde is initially thrilled, then devastated: she has nothing to wear. Her husband sacrifices his savings (intended for a hunting trip) to buy her a dress. She still needs jewellery. She borrows a diamond necklace from her wealthy friend Madame Forestier. At the party, Mathilde is a sensation. She dances all night, admired by everyone. She is, for one evening, the woman she always believed she was meant to be.

But at 4am, rushing away (afraid her husband's borrowed coat will reveal their poverty), she discovers the necklace is gone. The couple searches desperately. They find no trace of it. Rather than confess to Madame Forestier, they take out crushing loans and buy a replacement — a real diamond necklace worth 36,000 francs (an enormous sum — the equivalent of hundreds of thousands of dollars today). They return it wordlessly. Madame Forestier notices nothing.

The next ten years: Mathilde and her husband live in grinding poverty paying off the debt. She scrubs floors, does laundry, haggles over every centime. Her beauty fades. Her grace disappears. She becomes coarse and worn. Her husband works extra jobs at night. They repay the debt completely — but at the total cost of their youth, health, and any chance at the life Mathilde had imagined.

The ending: One Sunday Mathilde sees Madame Forestier in a park — still beautiful, still wealthy, unchanged. Mathilde decides to tell her everything. She explains the lost necklace, the replacement, the ten years of sacrifice. Madame Forestier is shocked. "Oh, my poor Mathilde! But mine was false. It was worth at most five hundred francs!" The real necklace, the one they sacrificed everything to replace, was worth roughly 1.4% of the cost of the replacement. The entire catastrophe was caused not by losing the necklace but by the choice not to disclose that it was lost.

Key Quotes

"She suffered endlessly, feeling herself born for every delicacy and luxury."

▸ This establishes Mathilde's tragedy: she is defined by the gap between her expectations and her circumstances. This gap, not poverty, is her prison. The necklace gives her one evening of becoming who she believes she is — which makes losing it catastrophic.

"What would have happened if she had never lost that necklace? Who knows? Life is so strange, so changing!"

▸ Maupassant inserts himself as narrator to ask the counterfactual. This line is deliberately ambiguous: is the story's moral "honesty would have saved her" or "life is random and cruel"? The question is unanswerable, which is why the story endures.

"But mine was false. It was worth at most five hundred francs!"

▸ The devastating final line. The revelation is not just that the original necklace was fake — it is that the real necklace Mathilde has spent ten years paying for has replaced something worth nothing. The only thing that was ever truly valuable — and was lost — was the truth that could have been told at the beginning.

Themes

Honesty & Disclosure

A single honest disclosure at the start of the crisis would have cost nothing. Silence cost everything.

Pride & Vanity

Mathilde's pride — the refusal to admit the loss — is the true subject of the story, not the necklace.

The Compounding Cost

One deception compounds over 10 years into total destruction. Small dishonesty has exponential consequences.

Class Anxiety

The entire tragedy is driven by Mathilde's desire to appear wealthier than she is for one evening.

Fate vs Agency

Is the story fatalistic (life is cruel) or moral (honesty saves)? Maupassant refuses to resolve the tension.

Analytical Questions

Practice & Quiz

Active Recall Questions

Whistle-blowing justification and the 3 codes of ethics (ACM/IEEE/AITP) are very likely to appear in exams.

What are the 5 core principles of professional ethics in IT?

What is whistle-blowing? What are the 4 criteria for justified whistle-blowing?

Name the 3 major codes of ethics in IT. What principles do they share?

List 6 digital rights and explain 2 in detail.

What ethical themes does "The Necklace" by Guy de Maupassant illustrate?

Exam-Style Questions

Ethics questions expect analysis and your own perspective supported by frameworks.

Analyze the ethical dilemma of whistle-blowing in IT. Is it always justified? Use criteria to support your answer. [5 marks]

5 marks

Compare the ACM, IEEE, and AITP codes of ethics. What principles do all three share? [5 marks]

5 marks

What are digital rights? Why is data privacy especially important for IT professionals? [3 marks]

3 marks

Quick Revision

How to Remember

How to Remember Unit 6

Unit 6 is about professional ethics in IT: the principles, codes of conduct (ACM/IEEE/AITP), whistle-blowing, and digital rights. Ethics questions reward clear structure and supported arguments — these frameworks provide exactly that.

Mnemonics

5 Core Ethical Principles

IACCF

IIntegrity — be honest, no falsification

AAccountability — own your work and its outcomes

CConfidentiality — protect sensitive data

CCompetence — only work you're qualified for

FFairness — equitable treatment, no bias

Whistle-blowing — 4 Justification Criteria

SIEP

SSerious harm — real risk to public safety/rights

IInternal failed — reported internally, ignored

EEvidence — documented proof, not just suspicion

PProportional — severity justifies the personal cost

3 Codes of Ethics (AI²)

ACM IEEE AITP

ACMComputing — public interest, privacy, avoid harm

IEEEEngineering — safety, no conflicts of interest

AITPIT practitioners — service, truth, education

6 Digital Rights

PAFSRE

PPrivacy — control your personal data

AAccess — right to internet and information

FFreedom of expression online

SSecurity — protection from digital attacks

RRight to be forgotten — request data deletion

EEqual access — no digital divide

Memory Tricks

🔔

Whistle-blowing — The 4-Gate Test

Before blowing the whistle, mentally pass through 4 gates: Gate 1 (serious harm? → yes), Gate 2 (tried internally? → yes), Gate 3 (have evidence? → yes), Gate 4 (benefits > personal cost? → yes). Only if all 4 gates open is whistle-blowing justified. One closed gate = reconsider.

Gate 1 ✓ Serious → Gate 2 ✓ Internal → Gate 3 ✓ Evidence → Gate 4 ✓ Proportional

⚖️

ACM vs IEEE vs AITP — The 3 Professions

Think of 3 professionals: a software developer (ACM), an electrical engineer working on systems (IEEE), and an IT manager (AITP). They all agree: be honest, protect the public, maintain competence. But each has their specific domain focus. All three agree whistle-blowing is a professional obligation when public is at risk.

ACM = developers · IEEE = engineers · AITP = IT managers

💎

The Necklace — The Cost of Deception

The Necklace's entire tragedy stems from one decision: not telling the truth. Mathilde lost the necklace but was too ashamed to confess. 10 years of poverty followed. The lesson: the short-term discomfort of honesty is always less than the long-term cost of deception. Integrity = the right choice when no one is watching.

One confession → 'It was fake anyway!' → no 10 years of poverty

🌐

The Right to be Forgotten — GDPR Article 17

Under GDPR (EU), you can ask Google and companies to delete personal information about you. Think of it as an 'undo' button for your digital history — but it's contested against freedom of information. Courts balance privacy vs public interest. IT professionals must implement this technically (database deletion + cache clearing).

Article 17 GDPR = erase my data on request (vs public interest exceptions)

🏗️

Ethics = Structure for Hard Choices

Ethics frameworks don't give you easy answers — they give you structure to think through hard ones. IACCF gives you a checklist. De George's 4 criteria prevent impulsive whistle-blowing. ACM/IEEE codes remind you that public welfare outranks employer loyalty. In the exam, always structure your answer around a framework.

Any ethics question → name the framework → apply it → reach a justified conclusion

🔐

Data Privacy — Why IT Professionals Are Different

A regular employee might handle some private data. An IT professional can access the data of millions of users simultaneously. A single line of poorly written code, a misconfigured database, or a sloppy API key can expose millions of people's medical records, passwords, or financial data. Scale = responsibility.

1 programmer mistake → 100M user records exposed. Ethics is not optional.

Before the Exam: Unit 6 Checklist

✓Know 5 core ethical principles for IT professionals (IACCF)

✓Can explain whistle-blowing and its 4 justification criteria (SIEP)

✓Know ACM, IEEE, and AITP — issuing bodies and focus areas

✓Can list shared principles across all 3 codes of ethics

✓Know 6 digital rights with 2 in detail (PAFSRE)

✓Can analyze the whistle-blowing dilemma with pros and cons

✓Know ethical themes in "The Necklace" (honesty, cost of deception)

✓Understand GDPR and the right to be forgotten

✓Can explain why data privacy is critical specifically for IT professionals

✓Can apply De George's 4 criteria to a given IT scenario