CIOs and IT managers are increasingly being asked to commit illegal and unethical acts, with ruthless bosses hoping the technology department will assist them in carrying out their dirty deeds, according to ethics and legal experts.
The shocking ethical dilemmas facing many technology professionals came into sharp public focus last week during the committal hearing of Jim Selim, owner of now-defunct natural medicine wholesaler Pan Pharmaceuticals.
Selim has been charged with procuring another person to destroy or make inaccessible material which he knew or believed may be required as legal evidence.
Pan's IT manager Karl Brooks gave evidence before a Sydney court he was ordered by Selim to wipe incriminating data from a hard drive to prevent auditors from the Theraputic Goods Administration discovering irregularities in chemical concentrations of Pan's Travacalm formula.
All Pan's products were pulled from shelves early in 2003 in Australia's largest ever medical product recall after people became ill after taking some of Pan's products.
Brooks told the court his boss had told him to "Change the dates. Just do it", and also told him to ensure incriminating records were made irretrievable. According to Stephen Ross, corporate solicitor for IT specialist law firm Gadens, IT managers are at particular at risk of potentially committing offences if they do not inform themselves of their legal responsibilities.
Ross said while most CIOs "would smell a rat" if asked to suddenly destroy data, plenty of pitfalls still exist and the situation is getting worse as the government looks at widening liability for individuals.
"Employees with a high degree of responsibility, for example CIOs, could be liable under the corporations act. Many employees [in senior IT positions] are not aware that director's duties may extend to officers of a corporation - people who make significant decisions."
However, many senior IT professionals may not even be aware of their obligations, Ross says, noting that in his experience, "many people are not very well informed generally" about their professional liabilities and this included CIOs and IT managers.
The Pan case has also captured the attention of Australian Computer Society president Edward Mandla, who feels the IT industry needs enforceable professional standards that could see rogue operators and cowboys struck off and banned from operating.
Mandla complained ICT professionals "are seen as still risky - you don't know whether they are qualified, certified or registered."
"It's one of the reasons people demand unlimited liability insurance on projects," Mandla said.
He added that while the ACS had actively pursued formal IT professional accreditation and registration similar to accountants, lawyers and doctors, some elements of the IT industry complained bitterly that the ACS was trying to tell them what to do.
"It's one of the really big problems the industry has," Mandla said.
Ploys at work
Offering anonymity, Computerworld contacted more than a dozen IT managers and questioned if they had been asked to perform unethical acts by their superiors. These are some of the comments:
Call centre network operations manager, Melbourne: "Yes. Our biggest problem is HR. Every time they want to reduce headcount they expect us to find something to pin on people. It's really damaging for morale in IT."
Government IT manager, Canberra: "There are strict procedures in place to ensure transparency, including regular audits. That said, most people know how to write a request for tender to get it awarded to the people you want. Most tenders are really filled before they're put out - if they weren't, nothing would ever get done."
IT security manager, Big Four Bank: "I've seen business done on accounts where product is bought because a manager knows someone at the company. It's probably not strictly ethical, or always the cheapest - but at least you get a relationship. It's not always black or white."