|
|
|
SSCertifiable
Group: Moderators
Last Login: Thursday, March 11, 2010 10:33 AM
Points: 6,371,
Visits: 950
|
|
I don't think ethics is that easy, and I'd rate myself pretty high on the ethic-meter. Don't lie/dont' steal are fine, but what about gray areas?
- As mentioned, a SQL injection vulnerability that you know could expose privacy/credit card data? Do you quit? Call the FBI? How long do you give them to fix?
- What if an employer wants you to provision a new SQL Server, but wait to pay for the SQL license when SQL 10/11 ships. Technically stealing, do you say no? Quit? Report them?
- How about if your CIO asks for a spreadsheet of all customers with a credit line of more more than $25k (name, address, account #). Do you provide it? Ask him to state he's not going to mis-use it?
- Or you discover that your offsite backup plan consists of the network guy taking the unecrypted tape home with him every night, he's a drunk, getting divorced, and has money problems - what is your role in heading off possible data loss?
Maybe it does come down to don't lie/don't steal. I think the problem with very fixed rules is that they actually give us a way to avoid the gray areas, and that's where the pain often is.
I'm just arguing my view, but it's a good discussion.
Andy
SQLShare - Learn One New Thing Each Day
SQLAndy - My Professional Blog
Connect with me on LinkedIn
Follow me on Twitter
|
|
|
|
|
SSChasing Mays
Group: General Forum Members
Last Login: 2 days ago @ 7:45 AM
Points: 641,
Visits: 758
|
|
roger.plowman (2/5/2009)
A written code of ethics is an admission of failure… Those who are ethical do not require a written code…
I wholeheartedly agree! Codes of conduct are born out of abuse and/or failure of a particular system. Just look at the current financial mess the country is in. The only hope of curtailing this behavior is to hold people accountable for their actions (different from regulation), which usually means some sort of punishment. Most DBAs know what is at stake and what will happen if they conduct themselves incorrectly.
|
|
|
|
|
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, January 06, 2010 12:19 PM
Points: 25,
Visits: 332
|
|
Doctors have a code of ethics yet know of them quit their job when insurance tells them they can't perform the surgery that saves the life of a patient. 
|
|
|
|
|
Hall of Fame
Group: General Forum Members
Last Login: Monday, March 15, 2010 2:27 PM
Points: 3,003,
Visits: 1,844
|
|
I will not belabor the points mentioned. For taking leadership on ethics my responses are:
- Microsoft - NO, NO, a thousand times NO !!! (nor Oracle, nor Sybase or any other software vendor for that matter)
- PASS - NO - it is too dedicated to SQL Server and Microsoft
- SQL ServerCentral - no - even though the community has depth and breadth, it is still not diverse enough
There already is a professional organization that crosses all platforms, vendors and boundaries that has been in existence since 1951 - that's 58 years. It is the Association of Information Technology Professionals - http://www.aitp.org/
As for a statement of ethics, they have had one in force for quite a while. It is straight-forward and pretty encompassing of all of the issues mentioned.
http://www.aitp.org/organization/about/ethics/ethics.jsp
And a version suitable for printing:
http://www.aitp.org/join/SCOH17CodeEthicsStdsCdt.pdf
For something that has been around for so long the ethics espoused are quite eloquent.
Regards
Rudy Komacsar
Senior Database Administrator
"Ave Caesar! - Morituri te salutamus."
|
|
|
|
|
Ten Centuries
Group: General Forum Members
Last Login: 2 days ago @ 9:52 AM
Points: 1,107,
Visits: 1,493
|
|
As Andy said, ethics has a lot of gray areas. If you look at the American Medical Association's code of ethics, there are 200 opinions attached that relate to specific situations, and can change over the course of time in response to society.
IMHO the best statements related to integrity are found at the American Institute of Certified Public Accountants, Code of Professional Conduct:
http://www.aicpa.org/about/code/et_54.html
|
|
|
|
|
SSC Rookie
Group: General Forum Members
Last Login: Tuesday, March 16, 2010 2:44 AM
Points: 34,
Visits: 119
|
|
[quote
- As mentioned, a SQL injection vulnerability that you know could expose privacy/credit card data? Do you quit? Call the FBI? How long do you give them to fix?
Lack of action on your manager's part isn't a lack of action on your part. And I imagine most managers would want this fixed fairly quickly. Don't quit, just do the best you can to fix the issue
- What if an employer wants you to provision a new SQL Server, but wait to pay for the SQL license when SQL 10/11 ships. Technically stealing, do you say no? Quit? Report them?
The DBA isn't (usually) in charge of licensing compliance. It's against the licence agreement and it's breaking the law to install it. Legal issue.
- How about if your CIO asks for a spreadsheet of all customers with a credit line of more more than $25k (name, address, account #). Do you provide it? Ask him to state he's not going to mis-use it?
Is it a DBA's business what data a company pulls from it's database? no. If he loses the file on a train it'll be his fault, not yours. The CIO more than anyone knows the value of that data.
- Or you discover that your offsite backup plan consists of the network guy taking the unecrypted tape home with him every night, he's a drunk, getting divorced, and has money problems - what is your role in heading off possible data loss?
As DBA, you make sure the data gets safely transported to an offsite location. Giving it to a drunk guy is not a good idea. Find another employee. Or better yet, DIY! and it should be encrypted, of course, but who makes it happen. If it's not you then approach the person who is in charge of it.
[/quote]
I personally don't take responsibility without taking control. I would never point at someone and try to pass the blame for the same reason.
If you're at a company where things aren't right, all you can do is your best to make them so. That's your moral obligation as a conscientious employee.
Tom
|
|
|
|
|
SSCertifiable
Group: Moderators
Last Login: Thursday, March 11, 2010 10:33 AM
Points: 6,371,
Visits: 950
|
|
Rudy, William, I will take a look at both links - good to see what others are doing and try to learn from that.
And that's a really interesting point about PASS (or SSC or ...) being too small an umbrella. I see the challenge if you're in a job where you do Oracle/mySQL/SQL Server and having 3 different sets of ethics! At the same time, going back to the idea of the AMA opinions, maybe there is a place for some SQL Server specific guidance/opinions that layer on top of more broad reaching ones?
Andy
SQLShare - Learn One New Thing Each Day
SQLAndy - My Professional Blog
Connect with me on LinkedIn
Follow me on Twitter
|
|
|
|
|
Forum Newbie
Group: General Forum Members
Last Login: Thursday, January 07, 2010 12:04 AM
Points: 9,
Visits: 31
|
|
| We all SHOULD have an imbedded code already, given to us by our parents. As we can see in today’s world even a well written code of ethics can and will be broken by those of us that don't have this “Thou shalt not steal” part already there. NOT stealing the data is what it’s all about for us DBA’s.
|
|
|
|
|
SSC Rookie
Group: General Forum Members
Last Login: Tuesday, February 09, 2010 7:48 AM
Points: 37,
Visits: 266
|
|
As one of the previous posters pointed out, there are many positions that have access to confidential data. A DBA position should not be singled out.
I think a better way of ensuring ethics are not violated are by division of responsibilities, security procedures, and auditing.
An example of division of responsibilities is that DBAs and Developers are different roles.
An example of security is giving individuals the least amount of authority to do their job. Also, encryption of confidential data is a good security measure.
An example of auditing is logging logins and activity of users.
When ethics violations are encountered and documented, such as stealing, the employer most likely has a section in the company handbook that states how to proceed with such violations.
Creating some kind of federal bureaucracy or “governing body” is unnecessary, because real ethics violations are already prosecutable by law.
As far as any “grey areas”, as a senior DBA, I make recommendations to the company. They can either take my recommendations, come up with another solution, or ignore them. I have never been asked to deliberately do something wrong. However, if that situation ever presented itself, I would explain my position, and try to come up with an alternative. If no satisfactory alternative could be found, I would document our conversation in an email as an audit, and send it to them, I would hold my position, sleep well at night, and wait for the employer’s decision.
|
|
|
|
|
SSCrazy Eights
Group: General Forum Members
Last Login: 2 days ago @ 2:45 PM
Points: 8,681,
Visits: 4,953
|
|
Formulating a set of ethical guidelines is a good thing. Yes, common sense needs to dictate basics, like "don't deliberately sabotage your employer because you're annoyed at your boss". But published standards are easier to comply to than "everybody knows that!" standards. That applies to ethics just as much as it does to coding.
- GSquared
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
|
|
|
|
