Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12345»»»

Guest Editorial: Do DBAs Need a Code of Ethics? Expand / Collapse
Author
Message
Posted Wednesday, February 4, 2009 11:51 PM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, October 16, 2014 10:06 AM
Points: 176, Visits: 728
Comments posted to this topic are about the item Guest Editorial: Do DBAs Need a Code of Ethics?

Brad M. McGehee
DBA
Post #650586
Posted Thursday, February 5, 2009 2:07 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Monday, November 17, 2014 6:00 AM
Points: 1,049, Visits: 3,012
Sadly, I don't think we're up to the challenge. Not because we're unable to agree a set of guidelines, but because we've no power to enforce them.

All the examples Brad has given are ones where there is a degree of enforcement. In most of those cases, it's enshrined in law - a doctor who's struck off is no longer legally allowed to either practice medicine or call themselves a doctor, so (s)he has no choice but to abide by the rules. On the other hand, anyone can call themselves an estate agent, but if they fail to abide by their industry guidelines they'll lose their customers, so the guidelines still have teeth.

As for DBAs, I see very few examples of wilful negligence. I see plenty of examples of DBAs being forced into ethically compromised situations by their employers in the name of expedience, but, being cynical, I suspect a DBA who's prepared to put company before ethics is likely to be more, not less, employable. I also see plenty of examples of DBAs who've overstated their true abilities to get the job, but that's not an issue of guidelines, it's an issue within the recruitment process, since there are plenty of inept accountants and engineers too.

So, unless governments are inclined to put a legal definition and associated obligations to the term Database Administrator, we're severely limited in the clout we can associate with any set of guidelines. The only workable solution I can see is, as Brad suggested, that all the major database manufacturers include a clause in their certifications which allows the certification to be withdrawn if a specified code of conduct isn't followed. Employers like certifications, so that's the only way misbehaving DBAs could be forcibly made less employable, although it would remain to be seen how companies would view any new qualifications that might run counter to their wishes.

Apologies for waffling on, but in short I believe the bulk of our effort should be in lobbying the RDBMS manufacturers to incorporate an ethical code in their certs rather than fine-tuning the ethical code itself.


Semper in excretia, sumus solum profundum variat
Post #650628
Posted Thursday, February 5, 2009 3:15 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, July 9, 2010 5:33 AM
Points: 34, Visits: 125
Morning, all.

I was intrigued by the thought of a code of ethics for DBAs. But having read through the latest one from OracleGiants.com (2007) I have changed my mind and no longer think we need one.

Most ‘ethical’ decisions made by a DBA are nothing to do purely with being a DBA, just with being a person with inside knowledge/access. I think I read it on this website that a DBA owns the database but NEVER the data.

A DBA has a position of trust, given that they have unfettered access to data which is very likely to be privileged, confidential and security related. But so do the finance department, the HR department and anyone else who has access to anything that isn’t theirs. You don’t need to be a skilled senior employee to do that. There are people much lower down the tree who have access to just as much personal data.
Consider the clerk who enters your company’s payroll data. A junior role entrusted with the utmost private information.

My point is this: A DBA making unethical use of their power is no different to anyone else doing the same. I don’t want my bin man going through my rubbish but I don’t expect there to be an industry approved code of conduct for him. He just needs to use some common sense.

I wouldn't want someone looking through my data out of their own curiosity, so I don't do it. I don't steal things, and that includes data. Two ethical decisions but the DBA aspect is irrelevant.


Tom


Before I get back to prying through the home directories of our company’s directors I thought I would post a list of job roles which could do with codes of conduct, some of them maybe have?

Personal trainer
Teacher
Journalist
Carer
Laundrette worker
‘Santa clause’ at the shopping centre
Ice cream man
Guys who invented facebook
Post #650672
Posted Thursday, February 5, 2009 3:43 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: 2 days ago @ 3:13 AM
Points: 142, Visits: 1,728
There may be a case for emphasising the DBA aspects, but this is really a subtopic of professionalism, and how you go about establishing it. University courses are covering ethics in IT, and if you are a member of a professional body, or become a Chartered professional, you will normally have signed up to a Code of Conduct or Code of Ethics. It is up to employers, encouraged by the professional bodies, to require membership of the appropriate body, with all that it implies about an individual's commitment to act with integrity.

Examples:
BCS Code of Conduct
BCS Code of Good Practice
UKCHIP Code of Conduct
Post #650683
Posted Thursday, February 5, 2009 4:17 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: 2 days ago @ 10:11 AM
Points: 246, Visits: 1,540
As mentioned by another contributor IT workers (inc DBA's) do not belong to professional bodies such as Doctors, Nurses etc where you can only get a job if you are a member of these bodies. Any members of these bodies who are struck off cannot work until reinstated. There are no such bodies in the IT industry.

Having said this, in the EU there are already existing laws under which you can feasibly be prosecuted for disclosures/theft of data albeit the organisations that enforce/investigate these breaches are largely toothless and do not operate outside of the EU.

So until the IT industry actually has a professional body with all the cumbersome overheads and membership dues all the talk about DBA ethics is interesting but unenforceable.

Post #650703
Posted Thursday, February 5, 2009 5:07 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: 2 days ago @ 3:13 AM
Points: 142, Visits: 1,728
Richard Bradford (2/5/2009)
So until the IT industry actually has a professional body with all the cumbersome overheads and membership dues all the talk about DBA ethics is interesting but unenforceable.

In the UK this is exactly what the BCS is trying to achieve - complete with [rather painfully high] membership dues. It is held back (I think) by the youth of the IT profession (compared eg with medicine and law) and by the speed of change and innovation. You cannot practice as a doctor or a solicitor without the right professional standing and qualifications, but there is no similar need to be Chartered before you can work as an IT professional. And bright younger people with the latest skills can do it now, as well or better than time-served professionals who qualified with yesterday's skills. Employers want the technically able before those who are registered professionals.

I am describing rather than criticising this situation - there are pluses and minuses - but it is why we still worry that ethics and professionalism are not embedded in IT.
Post #650723
Posted Thursday, February 5, 2009 5:40 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Friday, July 16, 2010 2:10 AM
Points: 863, Visits: 295
Is the problem with a blanket set of rules not that DBAs work in varying industries? Many of these industries, particularly those with personal data, are covered by their own "code of ethics" and that applies to all staff, not just DBAs. Certainly in the financial industry in the UK, quality of data, accuracy of reporting, accessing data only with legitimate reasons and many of the other suggestions from the previous articles are already covered. Do we need separate legislation when we're already subject to the suggested restrictions?
Post #650744
Posted Thursday, February 5, 2009 6:00 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, November 13, 2014 6:14 AM
Points: 31, Visits: 341
Ethics has gone by the way side. I have gone into numerous systems from desktop to server to databases. That have no logic on how they where setup, design and/or managed. If an Code of Ethics is setup how is it enforced. You lose you membership? I don't know how things work in the world, but I have worked in states from the east coast to west coast in the US and even if you are required a license you can get by it with some loop hole or another.
If certain requirements are put in place then who pays for them to be kept up to date. Customer are screaming about what fees we charge and don't realize how much time is put into any project. To pass on the cost of maintaining requirements will cause more problems.
Post #650755
Posted Thursday, February 5, 2009 6:13 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Friday, October 24, 2014 7:52 AM
Points: 1,832, Visits: 596
Brad,

A code of ethics is a nice idea but without a governing body that we all have to join I believe it is entirely unenforceable. Also most of us work for an employer who sets the rules for our behavior. What if we sign a code of conduct and our employer asks us to do something that violates the DBA code of conduct? The employer is paying the bills. Also I would be strongly against any vendor, Microsoft, Oracle, etc., setting the code of conduct. Who says they are ethical?
Post #650766
Posted Thursday, February 5, 2009 6:14 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, May 7, 2012 9:23 AM
Points: 304, Visits: 716
Generally speaking, DBAs do not run companies and therefore some general code of ethics for DBAs does not seem to me to be any effective effort. In fact, it might have the opposite result from the intent. I mean, if we have a DBA code of ethics, do we need an Administrative Assistant code of ethics? How about a janitorial code of ethics? Any given position below the executive level should be governed by the executive level. Thus, I think it would be more fruitful to come up with agreements DBAs would sign at the time of employment, and then monitor and enforce those codes from the top-down. I don't think DBAs need to be singled out anymore than programmers, data entry clerks or information collectors - all of whom also work with sensitive data.

Over the years I find I am more concerned that the industry still has no real definition of what a DBA "is" - that is, I have interviewed many people applying for DBA positions who were not really DBAs. I don't consider someone who "did SQL backups" and yet cannot write a simple query, a DBA, although many who have applied over the years do.

As well, granting some DBA code of ethics seems to me to be clapping with one hand. Are people in general now so lax in their basic ethical behavior that we need to spell this out with some formal document? And what if we do? Does this mean that an unethical DBA is suddenly going to behave? I don't think so.

This sounds more like some narcissistic, self-important, "oh look at me, I'm ethical" monkey business - a complete waste of time serving no purpose and surely not being enforceable. What are we going to do? Send unethical DBAs to a prison on some island like say, Cuba?

I would rather put my efforts (and see other's efforts) go to just plain good old fashioned ethical behavior because that is the right thing to do. Lets face it, as we see today with all the Wall Street baloney, unethical behavior might make you rich for a while, but it hurts thousands and can screw up an entire country if not world. If thats not a big enough incentive for people to behave themselves, then no code of ethics is going to matter - we would be truly doomed.

It would be much better if people would just do the right thing because its the right thing to do.




There's no such thing as dumb questions, only poorly thought-out answers...
Post #650767
« Prev Topic | Next Topic »

Add to briefcase 12345»»»

Permissions Expand / Collapse