A Member of the IITPSA (Institute of Information Technology Professionals South Africa) will:
- Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing
- Avoid harm
- Be honest and trustworthy
- Be fair and take action not to discriminate
- Respect the work required to produce new ideas, inventions, creative works, and computing artifacts
- Respect privacy
- Honour confidentiality
- Not seek personal advantage to the detriment of the Institute, and will actively seek to enhance the image of the Institute.
Notes for Guidance
The eight principles set out above form the underlying foundation of the IITPSA’s Code of Ethics, and each member of the Institute, as a condition of membership, undertakes to adhere to these ethical principles. The ethical principles are clear, but have an inevitable appearance of generality. In the following pages each ethical principle is supported by a number of notes for guidance which will help in specific interpretation. Members of the Institute will readily appreciate that continued evidence of the determination to abide by the Code will ensure the public trust and confidence in computer professionals which is so necessary to the continuing effective use of computers.
The Institute is ready at all times to give guidance in the application of the Code of Ethics and the Code of Good Practice. In cases where informal resolution of difficulties is not possible, the Institute will invoke the disciplinary procedures defined in its Articles of Association. These procedures involve initial discussion to establish the background for a formal complaint, the appointment of a Committee of Enquiry and, if the latter find a case to answer, a Disciplinary Committee. The Disciplinary Committee is empowered to exclude from the Institute; to suspend from membership for a given period; to reprimand; to admonish or; of course, to dismiss the case.
The following conventions apply to the reading of this Code:
- “A member” includes all categories of corporate membership defined in the Institute’s Memorandum of Incorporation and accompanying Rules.
- “Client” is any person, or organisation for whom the member works, or undertakes to provide computer-based aid, in any way.
- “User” is any person, department or organisation served by computer-based systems.
- “System” means all applications involving the use of computer and information technology. The term does not imply any particular mode of processing, e.g. local batch or remote real time, etc. “System” may be interpreted as encompassing non-computer procedures and disciplines, e.g. clerical, manual, etc.
Ethical Principle 1
A member will contribute to society and to human well-being, acknowledging that all people are stakeholders in computing
This principle, which concerns the quality of life of all people, affirms an obligation of computing professionals, both individually and collectively, to use their skills for the benefit of society, its members, and the environment surrounding them. This obligation includes promoting fundamental human rights and protecting each individual’s right to autonomy. An essential aim of computing professionals is to minimize negative consequences of computing, including threats to health, safety, personal security, and privacy. When the interests of multiple groups conflict, the needs of those less advantaged should be given increased attention and priority.
Computing professionals should consider whether the results of their efforts will respect diversity, will be used in socially responsible ways, will meet social needs, and will be broadly accessible. They are encouraged to actively contribute to society by engaging in pro bono or volunteer work that benefits the public good.
In addition to a safe social environment, human well-being requires a safe natural environment. Therefore, computing professionals should promote environmental sustainability both locally and globally.
Ethical Principle 2
In this code, “harm” means negative consequences, especially when those consequences are significant and unjust. Examples of harm include unjustified physical or mental injury, unjustified destruction or disclosure of information, and unjustified damage to property, reputation, and the environment. This list is not exhaustive.
Well-intended actions, including those that accomplish assigned duties, may lead to harm. When that harm is unintended, those responsible are obliged to undo or mitigate the harm as much as possible. Avoiding harm begins with careful consideration of potential impacts on all those affected by decisions. When harm is an intentional part of the system, those responsible are obligated to ensure that the harm is ethically justified and to minimize unintended harm.
To minimize the possibility of indirectly or unintentionally harming others, computing professionals should follow generally accepted best practices unless there is a compelling ethical reason to do otherwise. Additionally, the consequences of data aggregation and emergent properties of systems should be carefully analysed. Those involved with pervasive, or infrastructure systems should also consider Principle 3.7.
A computing professional has an additional obligation to report any signs of system risks that might result in harm. If leaders do not act to curtail or mitigate such risks, it may be necessary to “blow the whistle” to reduce potential harm. However, capricious, or misguided reporting of risks can itself be harmful. Before reporting risks, a computing professional should carefully assess relevant aspects of the situation.
Ethical Principle 3
Be honest and trustworthy
Honesty is an essential component of trustworthiness. A computing professional should be transparent and provide full disclosure of all pertinent system capabilities, limitations, and potential problems to the appropriate parties. Making deliberately false or misleading claims, fabricating, or falsifying data, offering, or accepting bribes, and other dishonest conduct are violations of the Code.
Computing professionals should be honest about their qualifications, and about any limitations in their competence to complete a task. Computing professionals should be forthright about any circumstances that might lead to either real or perceived conflicts of interest or otherwise tend to undermine the independence of their judgment. Furthermore, commitments should be honoured.
Computing professionals should not misrepresent an organisation’s policies or procedures and should not speak on behalf of an organisation unless authorized to do so.
Ethical Principle 4
Be fair and take action not to discriminate
The values of equality, tolerance, respect for others, and justice govern this principle. Fairness requires that even careful decision processes provide some avenue for redress of grievances.
Computing professionals should foster fair participation of all people, including those of underrepresented groups. Prejudicial discrimination based on age, colour, disability, ethnicity, family status, gender identity, labour union membership, military status, nationality, race, religion or belief, sex, sexual orientation, or any other inappropriate factor is an explicit violation of the Code. Harassment, including sexual harassment, bullying, and other abuses of power and authority, is a form of discrimination that, amongst other harms, limits fair access to the virtual and physical spaces where such harassment takes place.
The use of information and technology may cause new, or enhance existing, inequities. Technologies and practices should be as inclusive and accessible as possible and computing professionals should take action to avoid creating systems or technologies that disenfranchise or oppress people. Failure to design for inclusiveness and accessibility may constitute unfair discrimination.
Ethical Principle 5
Respect the work required to produce new ideas, inventions, creative works, and computing artifacts
Developing new ideas, inventions, creative works, and computing artifacts creates value for society, and those who expend this effort should expect to gain value from their work. Computing professionals should therefore credit the creators of ideas, inventions, work, and artifacts, and respect copyrights, patents, trade secrets, license agreements, and other methods of protecting authors’ works.
Both custom and the law recognize that some exceptions to a creator’s control of a work are necessary for the public good. Computing professionals should not unduly oppose reasonable uses of their intellectual works. Efforts to help others by contributing time and energy to projects that help society illustrate a positive aspect of this principle. Such efforts include free and open source software and work put into the public domain. Computing professionals should not claim private ownership of work that they or others have shared as public resources.
Ethical Principle 6
The responsibility of respecting privacy applies to computing professionals in a particularly profound way. Technology enables the collection, monitoring, and exchange of personal information quickly, inexpensively, and often without the knowledge of the people affected. Therefore, a computing professional should become conversant in the various definitions and forms of privacy and should understand the rights and responsibilities associated with the collection and use of personal information.
Computing professionals should only use personal information for legitimate ends and without violating the rights of individuals and groups. This requires taking precautions to prevent re-identification of anonymized data or unauthorized data collection, ensuring the accuracy of data, understanding the provenance of the data, and protecting it from unauthorized access and accidental disclosure. Computing professionals should establish transparent policies and procedures that allow individuals to understand what data is being collected and how it is being used, to give informed consent for automatic data collection, and to review, obtain, correct inaccuracies in, and delete their personal data.
Only the minimum amount of personal information necessary should be collected in a system. The retention and disposal periods for that information should be clearly defined, enforced, and communicated to data subjects. Personal information gathered for a specific purpose should not be used for other purposes without the person’s consent. Merged data collections can compromise privacy features present in the original collections. Therefore, computing professionals should take special care for privacy when merging data collections.
Ethical Principle 7
Computing professionals are often entrusted with confidential information such as trade secrets, client data, non-public business strategies, financial information, research data, pre-publication scholarly articles, and patent applications. Computing professionals should protect confidentiality except in cases where it is evidence of the violation of law, of organisational regulations, or of the Code. In these cases, the nature or contents of that information should not be disclosed except to appropriate authorities. A computing professional should consider thoughtfully whether such disclosures are consistent with the Code.
Ethical Principle 8
A member will not seek personal advantage to the detriment of the Institute and will actively seek to enhance the image of the Institute
It is necessary to write this principle into the Code of Ethics to prevent misuse of the considerable influence that a professional Institute can have. Nevertheless, its impact is largely internal and the points that have been made should be read in that light.
A member should not bring the Institute into disrepute by personal behaviour or acts when acknowledged or known to be a representative of the Institute.
A member should not misrepresent the views of the Institute nor represent that the views of a segment or group of the Institute constitutes the view of the Institute as a whole. When acting or speaking on behalf of the Institute, members should, if faced with conflict of interest, declare their position. Members should not serve their own pecuniary interests or those of the company which normally employs them when purporting to act in an independent manner as representatives of the Institute, save as permitted by the Institute following a full disclosure of all the facts.
Members are expected to apply the same high standard of behaviour in their social life as is demanded of them in their professional activities insofar as these interact. Confidence is at the root of the validity of the qualifications of the Institute and conduct which in any way undermines that confidence (e.g., a gross breach of a confidential relationship) is of deep concern to the Institute.
Members should conduct themselves with courtesy and consideration towards everyone they come into contact in the course of their professional work.