The BCS has produced a document on ethical issues facing IT professionals which provides some useful pointers on best practice, writes John Kavanagh.
The very fact that IT provides a way of both opening and restricting access to information puts IT staff in a special position, says the report from the society's Ethics Committee, based partly on a BCS seminar on this whole area.
"The point was made that the crucial role of IT in inhibiting or allowing access means that IT professionals may often find themselves in the role of information guardians and therefore affected more than members of many other professions regarding where the line between freedom and restriction is drawn," the report says.
One question is whether IT professionals should carry out actions that affect freedom of access to information that legally should be public, such as information about a public service.
Here there were seen to be degrees of restriction, from inconvenience - making it more difficult but not impossible to find information - to cover-ups, such as findings about dangers of certain foods.
The seminar felt this was a matter for personal conscience, except when legislation specifically demanded that information had to be available.
Decisions are less clear where confidentiality is concerned. "Some actions are clearly illegal. Others may be felt to be against the spirit of the BCS codes of conduct and practice. Other areas are greyer - information may not be clearly labelled as confidential and the authority for individuals to act may not be explicit. Design decisions may be taken that affect confidentiality," the report says.
"The extent to which the IT professional could be an active participant may vary from stealing information to agreeing to cut corners in testing software that prevents unauthorised access," it adds.
The report points to the Public Interest Disclosure Act, which protects people who blow the whistle on employers - but adds that the seminar still felt that individuals had to balance the factors involved, for example, weighing the gravity of the situation against the impact of disclosure.
IT professionals also need to be wary here of taking up good causes, the report suggests. Most people might agree that reporting the activities of a paedophile ring is a good cause, but what if someone thinks the dumping of radioactive waste by a quasi-public agency is dangerous?
The report says, "The degree to which the IT professional goes out of his or her way to gain access to the information could be significant. At one extreme, there may be a deliberate illegal hack into a system and, at the other end, information may be found during normal work."
The Ethics Committee report also considers the extent to which employers could control employees' access to information and use of the Internet.
"The seminar generally felt that firms should lay out a specific policy, agreed with any staff representatives, so that it is clear what is and is not allowed," the report says. "Enlightened employers would not be too restrictive, and agreement about the boundaries would be reached by consultation."