Case Summary
Leikessa Jones owns her own consulting business, and has several people working for her. Leikessa is currently designing a database management system for the personnel office of ToyTimeInc., a mid‐sized company that makes toys. Leikessa has involved ToyTimeInc management in the design process from the start of the project. It is now time to decide about the kind and degree of security to build into the system. Leikessa has described several options to the client. The client has decided to opt for the least secure system because the system is going to cost more than was initially planned, and the least secure option is the cheapest security option. Leikessa knows that the database includes sensitive information, such as performance evaluations, medical records, and salaries. With weak security, she fears that enterprising ToyTimeInc employees will be able to easily access this sensitive data. Furthermore, she fears that the system will be an easy target for external hackers. Leikessa feels strongly that the system should be more secure than it would be if the least secure option is selected. Ms. Jones has tried to explain the risks to ToyTimeInc, but the CEO, the CIO, and the Director of Personnel are all convinced that the cheapest security is what they want. Should Jones refuse to build the system with the least secure option?
Solution
The case involving Leikessa Jones goes beyond the aspects of the code. There are several rather tricky questions that, in this form, the situation leaves unanswered. As the head of the consulting company, Jones had the right, after analysis, to offer only quality products, excluding the cheap one from the personal offer for ToyTimeInc. Likes Jones is honest with herself and the company, but she is not confident in her product. Perhaps, it was worthwhile to immediately raise the question of price, as a result of which Leikessa Jones would immediately understand that there was no need to get involved with this project so that difficult decisions would not have to be made later.
Security is again touched upon by the code, which this time has a more pronounced public interest. Personal information of employees, some of whom are not even aware of the existence of such a system and its easy accessibility to hackers, is a prominent enough victim. The code in this situation is to communicate to stakeholders as soon as possible about any conflicts of interest or objections based on beliefs that the professional has (ACS, 2014). Consequently, three directors must decide on this security system and the entire working team, which provided their personal data. In addition, according to the first paragraph of this code, the activities should strive to maintain the confidentiality and confidentiality of the information of others (ACS, 2014). Public interest and safety issues are at the forefront; therefore, Jones must refuse a client without confirmation from all staff.
In matters of integrity, the holistic approach also raises several questions for Jones. The Code states that it is imperative not to mislead the customer, knowingly or the potential customer, about the suitability of a product or service (ACS, 2014). In part, Leikessa Jones, by providing the cheapest option, misled the client so that after she was not satisfied with the security level of this option. In addition, as the head of his own consulting business, he directly declares that its product will be of poor quality for this company. However, the question remains open whether the cheapest option will be of poor quality only within the framework of this company or whether it is of poor quality in itself. In this case, it is not specified how Jones had reason to suspect enterprising employees of the company or the possibility of a hacker attack. She remained honest in all of these reasons. Finally, from the code’s view of competence, if Jones’ security system cannot guarantee security, it is clear that it should refuse ToyTimeInc’s board of directors to avoid future problems.
By gaining access to salary levels, medical records, and performance estimates, employees will manipulate other employees, blackmail their superiors, and have constant access to personal data by selling it to third parties. It is only an insignificant part of the consequences that the imperfection of the security system can lead to, up to criminal liability. Consequently, the consequences for the company will turn into a blow to reputation, the sheer unattractiveness of vacancies, and a lack of employee satisfaction and engagement. As a result, this fact threatens the collapse of the team, a deterioration of the atmosphere, and a decrease in productivity indicators.
In the place of Leikessa Jones, I would undoubtedly refuse clients, once again describing all the reasons. Moreover, I would offer a specific discount for more expensive products, or let us assume the possibility of an installment plan and payment delays since it turns out that the company itself refuses the service offered. Referring to the code, I would seek the consent of every employee who was alerted to the risks of an unreliable security system, and only in this case would I allow the establishment. However, in no other case, the deployment of this system is impossible since the consequences can be highly destructive.
Finally, being the manager involved on ToyTimeInc, I would endeavor to bring the case back to the rest of the board. In general, buying a cheaper option is economically justified, and perhaps the company does not even have such funds for more expensive options. This fact is entirely contrary to the code, which requires maintaining the confidentiality and placing the public interest in protecting personal data above the company’s economic interests. In the worst case, understanding the consequences that can lead to the destruction of the company and complicate the lives of many employees should have the desired effect in increasing funding for this aspect. The quality of life of employees and customers is also postulated in the second paragraph of the code, and any activity should have a positive dynamic in this matter.
Reference
ACS. (2014). ACS Code of Professional Conduct. Australian Computer Society. Web.