Embed Size (px)
Citation preview
ORIGINAL PAPER
An ethical framework in information systems decision makingusing normative theories of business ethics
Utpal Bose
Published online: 16 December 2011
� Springer Science+Business Media B.V. 2011
Abstract As business environments become more com-
plex and reliant on information systems, the decisions
made by managers affect a growing number of stakehold-
ers. This paper proposes a framework based on the appli-
cation of normative theories in business ethics to facilitate
the evaluation of IS related ethical dilemmas and arrive at
fair and consistent decisions. The framework is applied in
the context of an information privacy dilemma to demon-
strate the decision making process. The ethical dilemma is
analyzed using each one of the three normative theories—
the stockholder theory, stakeholder theory, and social
contract theory. The challenges associated with the appli-
cation of these theories are also discussed.
Keywords Ethical decision making � Normative theories
of business ethics � Information systems � Information
privacy
Introduction
Ethical dilemmas faced by managers when making infor-
mation systems related decisions have received increased
attention as information technology continues to become
omnipresent in our lives. However, there has been only
limited progress in the development of a framework that
would facilitate the application of normative theories of
business ethics towards resolving ethical problems in the
information technology (IT) business environment (Stahl
2008). Three major theories of normative business ethics,
namely, stockholder theory, stakeholder theory, and social
contract theory are particularly relevant in this context
(Laudon and Laudon 2009). The stockholder theory posits
that managers should resolve ethical problems by taking
actions that enhances long-term shareholder value without
violating the law or engaging in fraud or deception. The
stakeholder theory, on the other hand, suggests that man-
agers should resolve ethical problems by balancing stake-
holder interests without violating the rights of any
stakeholder. Finally, the social contract theory argues that
managers should strive to increase social welfare above
what it would be in the absence of the existence of cor-
porations without violating the basic principles of justice.
The purpose of this paper is to address the question, ‘‘How
can IS managers effectively and accurately evaluate potential
ethical problems that are often encountered in the new tech-
nology based business environment?’’ In doing so, we discuss
the usefulness and application of the above theories to IS-
related ethical problems and develop a decisional framework
that can be applied to the analysis of ethical problems
encountered by information systems (IS) managers in the
corporate business environment. In addition, the challenges
associated with each of these theories will be explored.
The information systems ethics literature
In order to develop a framework to evaluate ethical
dilemmas, it is important to consider the values we uphold
as a society, the ethical principles that we are guided by, and
the role of IT in the decisions that have to be made in the
corporate world. An example of the values that we as a
society uphold are found in the Charter of Fundamental
Rights of the European Union (2000), and include human
U. Bose (&)
Finance, Accounting, and Computer Information Systems
Department, University of Houston Downtown,
One Main Street, Houston, TX 77002, USA
e-mail: [email protected]
123
Ethics Inf Technol (2012) 14:17–26
DOI 10.1007/s10676-011-9283-5
dignity, freedom, democracy, human rights protection,
pluralism, non-discrimination, tolerance, justice, solidarity,
and gender equality. These values are key to the construc-
tion of all policies of the European Union. Of particular
interest is Article 8 which emphasizes protection of per-
sonal data, and thus is of considerable significance in an
information technology based business environment. The
article defines an individual’s right to the protection of
personal data. It says that such data must be processed fairly
for specified purposes and on the basis of the consent of the
person concerned or some other legitimate basis laid down
by law. Everyone has the right of access to data which has
been collected concerning him or her, and the right to have
it rectified. The article further stipulates that compliance
with these rules shall be subject to control by an indepen-
dent authority. The Council of Europe’s convention for the
Protection of Human Rights and Fundamental Freedom in
its Article 8 as amended by Protocol 11 addresses the right
to respect for private life, his home, and his correspondence
(Council of Europe 2010). The EU’s Data Protection
Directive (95/46/EC) identifies a set of fair information
practices or principles which are important in any consid-
eration of ethical issues that might arise in matters affecting
privacy and data protection. As such, these values can be
viewed as being particularly relevant in the evaluation of
the ethical dimensions of IS decisions.
With respect to the ethical principles, a number of
studies have examined the role of traditional philosophical
theories for the purpose of framing IS related decision
making questions (van den Hoven and Weckert 2008).
Such theories can be broadly classified into two categories
–rule based and consequentialist. The rule-based perspec-
tive postulates that an action is ‘‘right’’ if it follows a rule
that guides ethical behavior. The consequentialist per-
spective, on the other hand, focuses on the consequences
that follow from a particular action. The literature on
philosophical ethical principles is discussed in greater
detail in the following section.
It is becoming apparent that the ethical dimensions of IS-
related business decisions cannot be safely ignored. Because
of this, growing attention is being paid to ethics in IS cur-
ricula, and researchers are devoting an increasing amount of
attention to deeper analysis of such issues (Bucciarelli 2008;
Litzky and Oz 2008; Matchett 2008). Typically, when IT is
involved in a decision, the consequences of which are
debatable, there is a tendency to treat the IT as a black box.
However, it must be remembered that technologies are
neither neutral nor value free (Wright 2010). The actions of a
decision maker and the consequences that follow are often
shaped by the technologies that played a role in the decision
or its implementation. Verbeek (2009) advises that we
should pay greater attention to the role of technology when it
plays an increasingly important role in our decision making.
IT evolves rapidly and the contexts in which the IT artifacts
are used also dynamic. Consequently, when researchers
assume the IT artifacts as unchanging in studies that
examine the impact of those artifacts, it limits our ability to
fully understand its implications for individuals, organiza-
tions, and society (Orlikowski and Iacono 2001). As IT
evolves and there is convergence with other technologies,
the ethical implications also simultaneously become more
complex. Wright (2010) proposes that ethical impact
assessment should take into consideration not only the ethics
of the technology but its values, how the use of the tech-
nology is perceived, how it is being currently used and how it
might be used in the future. He further advocates assessing
not just the standalone implications of the technology, but
also as a component of a larger technological network.
A number of research studies have examined ethical
implications of decision making in specific situations
involving IT. These have used behavioral models to assess
which actions are perceived by the decision maker as
ethical or not. For example, the study by Konstantakis et al.
(2010) investigated the attitudes, behaviors, and reasoning
of computer science students towards computer software
piracy and found that the students in Greece blamed this
behavior on the cost of genuine software, academic envi-
ronment, coincidental stereotypes, and their student status.
Others have developed theoretical frameworks that have
guided ethical analysis in either a laboratory or a field
setting (Hinduja 2007). Several IS ethicists have used the
traditional philosophical theories as a framework for
evaluating ethical dilemmas (Bishop 2000; Mason et al.
1995; Reynolds 2009). While consensus on the efficacy of
individual approaches has been lacking, it has generated
considerable discussion and analysis. The vast majority of
ethical dilemmas that affect segments of the population
rather than just individuals exist in corporate decision
making, in which the decision maker is constrained to
make an ethical choice not just as an individual but as an
employee of a corporation (Stevens 2008). In our study, we
choose the same corporate environment to explore how
normative theories of business ethics can be applied to
resolve ethical quandaries. We next review the traditional
ethical theories based in philosophy and present the link-
ages to normative theories before we apply the normative
theories to ethical decision making in IS related issues.
The philosophical theories of ethics
Moral philosophy provides the basis for ethical theories that
guide our ethical decision making. The commonly referred
ethical theories developed by philosophers and ethicists
are the utilitarian moral principle (Mill 1965), the rights
moral principle (that is, deontology, Kant’s Categorical
18 U. Bose
123
Imperative) (Kant 1785/1959), and the distributive justice
moral principle (that is, Rawlsian principles of distributive
justice) (Rawls 1971). These approaches have a focus on
either the outcome of a situation—a consequentialist view—
or upon the process or means to that outcome—a rule-based
view. In other words, whether an action can be viewed as
being ‘‘right’’ depends on whether the action follows a rule
for ethical behavior (i.e., the rule-based perspective) or
whether the consequences that follow from the action are
viewed as being appropriate (i.e., the consequentialist per-
spective). One example of consequentialist or teleological
philosophies is utilitarianism while rule-based approaches
include deontological approaches such as those advocated by
Immanuel Kant. Kant’s theory is often associated with the
moral rights and duties of an individual in which an indi-
vidual has the right to expect to be treated according to
universal moral laws and is also expected to behave
according to such laws. The particular moral law according
to which people should behave is known as the ‘‘categorical
imperative’’ to which Kant proposed several versions. Kant’s
categorical imperative is readily understood by reference to
the ‘‘Golden Rule’’: ‘‘Do unto others as you would have them
do unto you’’.
The utilitarian moral principle says that the moral worth
of an action is determined solely by its usefulness in max-
imizing utility and minimizing negative utility as summed
among all beings. It adopts the consequentialist perspective
and it emphasizes that the goal of greater happiness can be
achieved only by nurturing the decency of individuals so
that all can benefit from the honor of others rather than
focusing on just one individual’s happiness.
The Rawlsian principle of distributive justice argues that
if individuals are unaware of their place in society, their
class position or social status, such ignorance will lead to
privilege of not any one class of people, but develop a
scheme of justice that treats everybody fairly. Being in this
state of impartial rationality, individuals would create a
social system that would allow them a built-in social
impetus to recover from otherwise uncontrollable personal
and financial setbacks of various kinds. Rawls then pro-
poses that from this ‘‘original position’’ (a state of igno-
rance of the current social system, or living under a ‘‘veil of
ignorance’’), rational persons would adopt a maximin
strategy which would maximize the prospects of the least
advantaged member of the society.
While the philosophical ethical theories have been dis-
cussed and referred to extensively in ethics literature, several
researchers (e.g., Cavanagh et al. 1995; Hasnas 1998) have
argued that the abstract nature of these theories makes it
rather difficult for individuals to relate them to the complex
details of business decision making. Hasnas (1998) contends
that terms such as ‘‘deontological requirements’’ and ‘‘rule
utilitarianism’’ which are used in traditional philosophical
ethics do not figure in the vocabulary of an average business
professional with little or no philosophical training. Not
surprisingly, they find it difficult to extract any guidance
from those abstractions. Similarly, Cavanagh et al. (1995)
have argued that the ethical theories, particularly those of
Kantian deontology, are too obscure, complex, and vague to
be of much use to managers in their decision making role.
They proposed a model in which the ethical theories provide
philosophical justifications and rationales for more familiar
and more specific action-guiding norms. They invoked
Kant’s categorical imperative to explain why certain specific
rights are morally justified in business relationships; the
Rawlsian principles of distributive justice to explain why
certain specific rules of justice are morally justified; and
Bentham and Mill’s utilitarian moral principle to explain
why certain specific efficiency norms are morally justified.
The applicability of Rawl’s principles to the real world
has been doubted because of the stark difference between
pure idealism in the concept of the ‘‘original position’’ and
the reality of widespread inequalities in existing society
(Velasquez 2006). Others reject Rawl’s claim that rational
individuals would attempt to protect themselves from major,
negative outcomes (Laczniak and Murphy 2008). They point
to the risk-taking behavior prevalent amongst successful and
intelligent business professionals in the context of stock
market investments and casino gambling. Critics have also
found it problematic to apply the difference principle in
Rawl’s formulations which proposes that social policies be
evaluated on the basis that any inequalities in the policies be
arranged in a manner that benefits the least well-off. Who
exactly are these least well-off? The bottom 10%? Or the
bottom quintile? Does it apply to only impoverishment, or
also to lack of health care and higher education? Rawl
himself later observed that the difference principle was
designed with a North American, Western European context
in mind, and it might not be suitable in the context of
developing or underdeveloped economies (Laczniak and
Murphy 2008). On the other hand, it can be argued that the
Rawlsian maximin principle has the underpinning to help
create public policy concerning distribution of the primary
social goods—liberty and opportunity, income and wealth,
and the bases of self-respect—among the members of the
society. An example of how some governments are applying
the principle is the adoption of a progressive tax policy.
Whether such a policy is providing the desired impact is also
typically measurable by means of appropriate analysis of
data collected from the affected economy.
Normative theories of business ethics
It is common knowledge that people, who have been
trained in engineering, computer science, and information
An ethical framework 19
123
systems, as well as other business professions, frequently
have little training in ethics, philosophy, and moral rea-
soning. Without a vocabulary with which to think and talk
about what makes up an ethical computing issue, it is
difficult to have business professionals conduct discussions
that lead to the development of ethical decision making
norms (Loch and Conger 1996). Rather than requiring
working managers to learn the refinements of formalism
and arcane philosophical logic, some researchers (Hasnas
1998; Cavanagh et al. 1995) have proposed ethical con-
structs based on the principles that are embedded in the
philosophical theories of ethics. These theories are con-
sidered to be intermediate level principles that mediate
between the highly abstract philosophical ethical theories
that we introduced in the earlier part of this paper, and the
real life ethical dilemmas that managers face in the busi-
ness context. While philosophical ethics provides us with
guidance in all aspects of our lives, a normative theory of
business ethics attempts to target ethical predicaments in
business environments (Hasnas 1998). Cavanagh et al.
(1995) used a three-level process to apply ethics to evaluate
real-life ethical dilemmas. The first level has the ethical
theories with their embedded principles. A second inter-
mediary level is made up of specific and more familiar
norms of utilities, rights, justice, and caring that are justi-
fied by the ethical theories on the first level. The third level
is comprised of the application of these intermediary and
familiar norms to specific situations.
By adopting such approaches, business ethicists have
developed ‘‘normative theories of business ethics’’ (NTBEs)
(Hasnas 1998). Using an approach similar to that discussed
above, these theories attempt to derive intermediate level
ethical principles expressed in language accessible to the
ordinary business person and which can be applied to the
actual problems of the business environment. The NTBEs
focus exclusively on interactions that involve business
relationships. Because they are normative, they outline
obligations that managers ‘‘should’’ or ‘‘ought’’ to fulfill,
and which distinguishes them from descriptive statements,
which describe how the world ‘‘is’’. The three leading
NTBEs are the stockholder theory, the stakeholder theory,
and the social contract theory. Next, we briefly discuss these
theories including their linkages to traditional ethical prin-
ciples, comment on their applicability to the ethical dilemma
of information privacy and highlight some of the challenges
faced by managers in applying these theories.
The stockholder theory
Stockholder theory maintains that corporate executives have
a fiduciary responsibility to the stockholders of the corpo-
ration to maximize shareholder value. That is because the
stockholders invest in the corporation by purchasing shares
with the intent of maximizing their return on investment
(ROI). The executives are then obligated as agents of the
stockholders to raise the corporation’s profitability within
the law and without engaging in fraud or deception.
According to Milton Friedman, ‘‘…There is one and only
one social responsibility of business—to use its resources
and engage in activities designed to increase its profits so
long as it stays within the rules of the game, which is to say,
engages in open and free competition, without deception or
fraud.’’ (Friedman 1962 p. 133). Stockholder theory also
expects managers to maximize long-term shareholder value.
It dictates that managers should not indulge in actions that
boost short-term gains at the expense of the corporation’s
long-term financial health (Friedman 2007).
A moral argument of teleological nature in the stock-
holder theory is that by pursuing profits, individuals will
also be promoting the interests of the society (Evan and
Freeman 1988; Quinn and Jones 1995). However, critics
have argued that externalities and coercive monopolies can
and have impacted the operability of free market and con-
tribute to instances of market failure. As such, a single-
minded quest for profit cannot be relied upon to deliver the
best interests of society (Evan and Freeman 1988). A sec-
ond moral argument of the stockholder theory, which is
deontological in nature, posits that if executives use
stockholders’ investments in the pursuance of goals not
authorized by stockholders, then the executives would be
spending someone else’s money without their permission,
which is wrong no matter what the consequences are
(Friedman 1962). However, it can be argued that as long as
the money is spent on promoting the interests of the society
within which the corporation operates, it is morally justifi-
able to spend such resources without the investors’ consent
(Donaldson 1982). In reality, when an investor purchases a
firm’s stock shares, it is deemed that he has approved the
firm’s published vision, mission, and value statements that
may include the firm’s corporate social responsibility to
spend money on corporate philanthropy (Bowie and Free-
man 1992). In this example, the stockholder theory is not
violated when executives decide to spend investors’ money
for public good in accordance with their corporate mission.
The stakeholder theory
The stakeholder theory states that executives have a fidu-
ciary duty not only to the company’s stockholders, but also
to its stakeholders. A stakeholder is anyone or any group
with an interest in the company’s success in delivering
intended results and in maintaining the viability of the
company’s product and service. It also includes those who
can be affected by the actions of the firm. Such parties
typically include customers, employees, suppliers, com-
munity, creditors, and stockholders, with the government
20 U. Bose
123
and competitors being left out by most normative stake-
holder theorists (Smith 1994). It can include other parties,
too, who are important to the survival and success of the
company. According to the stakeholder theory the ethical
rights of the stakeholders must be assured. Moreover,
managers must act in the interest of stakeholders as their
agent, and they must adopt corporate policies that ensure
the survival of the firm while taking care of the long-term
stakes of each stakeholder (Evan and Freeman 1988).
Stakeholder theory is based on the same Kantian prin-
ciple of respect for persons as the stockholder theory.
Managers may not treat their corporation’s stakeholders
merely as means to corporate ends but must recognize that
all stakeholders are entitled to ‘‘agree to and hence par-
ticipate (or choose not to participate) in the decisions to be
used as such’’ (Evan and Freeman 1988). Proponents of the
stakeholder theory have reasoned that this implies that the
stakeholders have a right to play a role in the determination
of the future direction of the corporation. However,
because it is impossible to consult with every stakeholder
on every decision to be made, management should take
into consideration the interests of all stakeholders in an
equitable manner when making business policies. More-
over, they are expected to manage the firm in a way that
conflicting interests among the groups are equitably
addressed in managerial decisions.
Critics of the stakeholder theory have contended that
while it is important to respect the autonomy of a stake-
holder group, it does not mean that the group has to have a
say in every decision that affects their interests (Evan and
Freeman 1988). For example, a customer who earns loyalty
rewards from a product manufacturer based on how much
he/she buys from the firm will have his/her interests cru-
cially affected by the percentage rate of the rewards.
However, it would be erroneous to argue that this auton-
omy is violated when he/she is not given a say by the
manufacturer in decisions involving what the reward rates
ought to be. While various stakeholder theorists have
suggested ways to rank order the stakeholder interests,
critics point out that there are currently no algorithms to
process the often conflicting interests of the various
stakeholders in an effort to arrive at optimal decisions
(Donaldson and Preston 1995).
The social contract theory
The social contract theory states that all enterprises are
ethically obliged to promote the welfare of society by
satisfying the needs of the members of the society in their
capacity as consumers and employees (Donaldson 1982).
Unlike the stockholder and stakeholder theories which
invoke the categorical imperative, the social contract the-
ory is grounded in deontological reasoning. Viewed
another way, social contract theorists pose the question—
under what agreement should a corporation be allowed to
operate in a society? The hypothetical agreement has two
aspects—a social welfare term and a justice term. The
social welfare term recognizes that members of the society
will support the existence of a corporation provided that
they stand to benefit from it. In other words, the manage-
ment of a firm is obligated to improve the well-being of the
members of the society (as consumers and employees) in
their pursuance of corporate profits. The expectation from
the justice term of the hypothetical agreement is that cor-
porate executives will operate in a way that ‘‘avoids fraud
and deception … shows respect for their workers as human
beings, and … avoids any practice that systematically
worsens the situation of a given group in society …’’, such
as the practice of discrimination (Donaldson 1982). The
notion that society will accept the existence of a corpora-
tion if it meets the expectations of the social welfare term
and the justice term is inspired by the deontological stream
of traditional philosophical ethics.
It has been argued that the social contract espoused in
theory does not become a real contract unless all parties
agree to it. Given lack of consensus between firms and the
other members of the society, firms might find it surprising
if they are expected to make tradeoffs in corporate profits
in order to accommodate the needs of society (Kultgen
1985). Even if a corporation subscribes to the principles
advocated in social contract theory, it would perhaps be
reasonable for it to address specific aspects of a contract
rather than fully agree with everything stated in social
contract theory. To counter the criticism that this results in
the trivialization of the social contract theory, supporters
have argued that the strength of this theory is the hypo-
thetical nature of it which makes it a moral force. ‘‘If the
contract were something other than a ‘fiction’, it would be
inadequate for the purpose at hand: namely revealing the
moral foundations of productive organizations’’ (Donald-
son 1989).
Donaldson and Dunfee (1994, 1999) propose the Inte-
grative Social Contract Theory (ISCT) which stipulates
that rational parties—businesses, individuals, and other
members of the community—enter into a hypothetical
contract related to the norms to which members of the
broader community must conform. These norms, however,
must not conflict with the larger moral standards that are
visualized as being universally applicable, thereby
becoming principles so fundamental that they serve to
evaluate lower-order norms, reaching to the root of what is
viewed as being ethical for humanity. Donaldson and
Dunfee (1994, 1999) named these hypernorms. In this
concept that reflects pluralism, a broad range of ethical
viewpoints exist that may be chosen by communities and
cultures. While it is possible that there could be conflicting
An ethical framework 21
123
ethical positions in different cultures that are equally valid,
there could also be a viewpoint of a community or culture
that is invalid due to either to a universally binding moral
principle or to the priority of the view of another culture or
community. It can be argued that the concept of moral free
space (Donaldson and Dunfee 1999) gives individuals the
freedom to choose whether they ought to join and remain in
communities that maximize their goals, resources, and
experiences. For such communities to survive, a majority
in the community must subscribe to the same goals,
resources, and experiences. This appears to be consistent
with utilitarianism because it involves the greatest satis-
faction for the greatest number.
Using the normative theories of business ethics
The three NTBEs—stockholder, stakeholder, and social
contract along with the integrated social contract theory—
provide ethical guidance to managers. These include IT
professionals who are often asked to resolve critical ethical
dilemmas. The normative theories provide the norms and
standards that help guide a manager’s own ethical argu-
mentation on issues such as the ethicality of a supervisor’s
orders or even the validity of organizational rules and
policies. This not withstanding that a firm, organization, or
society may impose a value system on its members and
enforce it through means ranging from rewards to penalties
and other options in between.
We next provide an example that illustrates how NTBEs
can be applied to the analysis of a business decision
wherein an IS manager is faced with an ethical dilemma.
We also explore the options available to the manager. Most
organizations, including non-profit entities, maintain
extensive databases on their customers or members. As
advances in IT makes it cheaper to build and maintain large
databases and mine the data stored therein, it has become
easier, convenient, and more cost-effective for businesses
including, the small and medium sized enterprises to find
out everything about their customers and members. It can
be meaningfully argued that the personal information col-
lected by a business or agency belongs to the individual
and not the business or agency. Such information is pro-
vided by the individual to the business to facilitate business
transactions in providing some product or service. If there
are legal stipulations that deny a business access to the use
of the customer data in a way that violates customer
expectation, then use of such data should be considered
unethical. This kind of a situation can arise in the health-
care industry, where organizations often have access to
significant personal/medical information on individual
patients. On the other hand the law may simply stipulate
that businesses disclose to their customers how they might
use customers’ personal information in their operations and
not be further controlling. In such a case, even after a
business discloses its information privacy policy to its
customers, how it uses customer data may land it in
ambiguous ethical space if decisions are not carefully
thought through in ethical terms.
We take the example of a video rental company that may
want to add to its revenue stream by selling its customer data
to telemarketers. The management may see it as ethically
acceptable to share customer information with outside par-
ties provided they have disclosed the policy to their cus-
tomers and their customers benefit from the process (e.g.,
they receive discounts on the products of the outside party).
While this may generate additional revenues at little cost in
the short-term, such an action can leave customers feeling
violated that their personal information has been shared
without their say. Other negative consequences may include
being criticized by industry analysts for lack of ethical
judgment and the loss of moral standing that may financially
hurt the company in the long run. We next analyze the eth-
icality of selling customer data by applying the NTBEs.
The stockholder theory based analysis
Following the stockholder theory, executives are free to sell
the personal information of their customers as long as they
ensure that the sale does not violate any federal, state, or
local laws, does not fall under the domain of deceptive
practices, and improves company profitability. Because
privacy laws vary from country to country and from state to
state within a country, careful attention should be given to
the law that is applicable in the jurisdiction being consid-
ered. Moreover, consideration needs to be given to privacy
laws specific to an industry, and the norms prevalent in the
industry that might require self-regulation on the part of the
company. Using the video rental industry as an example, a
firm may consider selling its customer database to tele-
marketers for them to plan targeted marketing campaigns. If
the law pertaining to the protection of customer privacy in
this context prevents the disclosure of the movie title related
data only but not the subject matter of such rentals, then
selling the customer data such as name, address, and phone
number along with the movie genre of rentals would fall
within the purview of the law. In this context, the firm will
be in conformity with the first requirement of the stock-
holder theory since it has not engaged in illegal activity. As
long as the firm does not use fraudulent or deceptive ways to
obtain the information, it will be in agreement with the next
constraint prohibiting such practices.
Because stockholder theory implies that decisions be
aimed at maximizing shareholder gains, it is necessary to
assess the outcome of executive actions from that stand-
point. Even though the firm does not release the movie title
22 U. Bose
123
data, because a customer’s movie genre preferences can be
revealing about the person’s personal life-style choices—
something that telemarketers would love to know in order to
target their marketing, customers may question the ethi-
cality of giving away those personal information to the
marketers. To express their displeasure with the firm’s
decision, there is a strong possibility that some customers
will go public via social networking websites, blogs, and
customer complaint portal websites, which may then be
picked up by bloggers and the TV media. That, in turn, can
generate significant negative publicity for the company and
the customer data selling actions. If the news story does
indeed go ‘‘viral’’, media backlash may result in lost cus-
tomers with negative implications for the firm’s financial
performance. If the situation deteriorates enough to
adversely affect the firm’s long-term financial health, then it
would go against the stockholder theory’s goal to maximize
stockholder wealth. By this analysis, the business managers
should carefully assess the risk of such an eventuality and if
they think that the risk level is low, then they are obliged to
make the sale of customer data according to the stockholder
theory. On the other hand, if risk analysis indicates that
selling the customer information has a high chance of
hurting the company’s reputation and trust with current and
potential customers thus causing a significant drop in its
financial performance in the long run, then it should not sell
any customer information to telemarketers because it would
violate the primary requirement of the stockholder theory of
maximizing long-term value to the stockholders.
As we mentioned above, when applying the stockholder
theory it is necessary to ascertain that the action chosen
does not break any law. Keeping up with legal implications
in IS related decisions can be a challenge since the tech-
nology related laws are being created at a steady rate at
different levels of the federal, state, and local government
(Burk 2005). Another challenge faced by managers in
applying the stockholder theory is to continue to remain
aware of deceptive and fraudulent practices circulating in
the digital world of data transactions. For example, there
have been instances of conmen posing as telemarketers to
deceptively buy customer data to sell them to spammers.
Being able to assess the benefits and costs associated with
decision alternatives is another challenge faced by business
executives because, according to the stockholder theory,
options chosen ought to maximize the stockholder benefits
while minimizing any losses or costs.
The stakeholder theory based analysis
In using stakeholder theory based analysis, the first step
involves the identification of the stakeholders and their
interests in the company. Some of the stakeholders,
namely, the company’s suppliers, employers, and local
communities are unlikely to be particularly interested in
how the sale of customer database is handled. The stake-
holders whose interests do have significance are (1) the
current video rental customers whose personal data is being
considered to be sold because their privacy is at stake, (2)
the stockholders of the company because they stand to gain
from any profits that the company may make from the sale
of the customer data, and (3) potential new customers—the
telemarketing companies and other marketers—who stand
to expand their business activities by using the video rental
customers’ personal data that they seek to purchase.
According to the stakeholder theory, the executives are
seen as agents of all stakeholders including the stock-
holders, and must ensure that the moral rights of any
stakeholders are not violated. A reasonable view involves
the consideration of customers as the primary stakeholders
with the basic right of not having their privacy violated.
Violating their privacy by selling their information to
telemarketers without them having a say in the decision
goes against the principle that they should be treated as an
ends to themselves. Since selling the data is likely to
increase the firm’s financial gains, the perception arises that
the customers are being used as means to that end, thereby,
violating Kant’s Categorical Imperative. Customers, as
stakeholders, have the right to be informed of the possi-
bility of their information being sold and have a say in how
they can control their own information. However, if man-
agement do not mislead the customers about how their
personal data would be used and provides them the free-
dom to decide whether they want their data to be sold or
not, and refrain from the adoption of deceptive or fraudu-
lent practices in the collection of such data, then the con-
straint about not violating the rights of any stakeholder will
be met.
Next, as per the stakeholder theory, it needs to be
examined whether the legitimate interests of the stake-
holders have been balanced. Of course, if the rights of the
customers to privacy and to be informed about how their
information will be used and have a say in it are violated,
then there is no purpose in moving forward to examine the
interests of other stakeholders, and the stakeholder theory
demands that the sale of customer data be rejected. On the
other hand, if the management consider the alternative in
which they acknowledge the video rental customers’ right
to privacy and provide them control over the information
that is being disclosed to marketers, a compromise might
be reached by balancing the interests of all stakeholders—
those being the customer data selling firm, the stockholders
of the firm, and the purchasers of the customer data. The
sale of such data, in such circumstances, would be ethically
acceptable.
A key challenge in the use of stakeholder theory
involves the accurate identification of stakeholders. While
An ethical framework 23
123
some stakeholders are easy to identify, such as the cus-
tomers, stockholders, employees, or business partners
depending on the context of the decision being considered,
other stakeholders, such as the broader community, who
are ‘‘vital to the survival and success of the corporation’’
can be more difficult to identify. Establishing the rights of
the stakeholders can also be difficult because the rights can
go beyond just the legal rights. When the rights of one
stakeholder conflict with those of another, resolving the
stalemate can pose serious challenges. One approach
involves the application of the revisionist school of thought
about Kant’s Categorical Imperative which posits that there
are higher and lower obligations, with the higher order
obligations taking precedence in decision making. Another
challenge involves figuring out the precise interests of the
stakeholders. It can be tricky because some interests may
be too abstract to get adequate attention. Once the interests
are known, balancing them fairly can be a challenge as
well. One way to ensure that all stakeholders are treated
fairly is to apply the Rawlsian principle of distributive
justice. Invoking the difference principle of Rawlsian jus-
tice, a fairness policy can be established that provides
greater weight to the interests of less powerful stakehold-
ers. This, however, raises another challenge, namely what
metrics to use to identify the least well-off stakeholders and
which stakeholders are the least well-off—the bottom 10 or
the 20% or something else.
The social contract theory based analysis
Applying the social contract theory to the sale of customer
database, the most likely conclusion will be that such a sale
will be unethical unless it can be demonstrated that the sale
results in benefits to the customers that outweigh the dis-
advantages. First, making the assumption that management
refrain from acting in a deceptive and fraudulent manner in
dealing with the transaction, and do not deprive the
employees of human qualities and do not engage in dis-
criminatory behavior towards any social group, they will
have satisfied the justice term. With respect to the social
welfare term, social contract theory requires that corporate
management act in the interests of the members of the
society in a way that the advantages accruing to customers
and employees are maximized and disadvantages mini-
mized. In this context it is difficult to justify the sale of
customer data to the marketing outfits. It is difficult to
perceive that the sale will be advantageous to the video
rental customers who do not want their personal data—
especially, data pertaining to their individual movie choi-
ces—be shared with parties they have not given consent to.
Additionally, there does not seem to be any benefit from
the perspective of the company employees from the
transaction. If the management can reliably estimate that
the sale of customer data will result in the customers
receiving benefits such as discounts on services and prod-
ucts, additional product and service information that will
enable them to receive a better product or service that they
desire, or preferential customer service that outweigh the
negatives such as interruptions from telemarketing calls
and concerns that one’s privacy has been lost, and that the
sale will boost the company earnings so extensively that it
will directly increase the employees’ income and indirectly
the customers’ benefits through, for example, cheaper pri-
ces, better services, and higher quality, then the ethicality
of the sale is not likely to be questioned. On the other hand,
if the negatives from the sale—the loss of privacy being the
prominent one—remain outstanding, then the social wel-
fare term of the social contract theory stands violated
making the sale of customer data unethical.
Conclusions
As the above analysis indicates, the normative theories of
business ethics can provide IS managers with a way to
analyze ethical problems in the IS field. Although the
theories themselves aren’t all encompassing and have
inherent limitations in their applicability, they do provide
IS managers with guidance and a structural framework that
can be used to examine the ethical dimensions of their
decisions. Very importantly, all of the theories differ from
traditional ethical analysis in that they are specifically
applicable to decisions in a business environment. This
allows IS managers with limited familiarity of ethical
teachings or principles to understand and apply the theories
with relative ease.
The example used in this paper represent only one
possible ethical problem that IS professionals face in a
rapidly changing and complex environment. In order to
fully develop an accurate and consistent framework to
guide IS managers, it is necessary to apply these theories to
a wider spectrum of ethical issues and the dilemmas they
pose for managers.
In order to develop a useful framework that IS managers
can use, actual ethical decisions that managers have
encountered and that are documented need to be applied to
the normative theories of business ethics. These ‘‘real
world’’ cases need to be evaluated within the guidelines
provided by each theoretical perspective to determine
whether they satisfy ethical norms. At this point in time,
results produced by the normative theories of business
ethics need to be compared to the actual results that
occurred from the ethical decision that was made in each
case.
By undertaking such a process, a history of cases can be
developed that will improve our understanding of the
24 U. Bose
123
effectiveness of normative theories of business ethics in
actual decisions involving IS managers. Two important
benefits are likely to accrue. First, the analysis of cases will
generate patterns that will, hopefully, show which catego-
ries of ethical decisions in an IS environment should be
handled by a specific NTBE. This is vital because, as
previously stated, only one theory maybe applied to a
particular situation. Therefore, it is important to understand
what specific theory should be used for a particular set of
ethical decisions. Managers will need to determine simi-
larities between a current ethical dilemma and past ethical
problems, and use the NTBE that has proven to provide the
most ethical and profitable results. Second, the framework
discussed in this paper will serve as a guide for decisions
that will generate a growing number of cases involving
ethical issues. Its use would be similar to that of case law in
the court system. Just as judges base their rulings on past
cases and rulings, so will IS managers when it comes to
ethical decision making. This will enable the framework to
change as the IS environment changes, thereby maintaining
its validity over time.
Issues of ethical decision-making are inherently complex
in any environment, and philosophers have debated for
centuries on the best way to deal with ethical decision-
making. The way to approach ethical decision-making is
evolving through a constant cycle of application and eval-
uation. Decisions involving ethics will always be the source
of debate and it is therefore necessary to establish a history
of past decisions to help guide future ones. Application of
the normative theories of business ethics to a broad spectrum
of ethics problems in an IS environment would help guide
managers in making the most ethically acceptable decisions
in the ever changing and complex IS environment.
Acknowledgments I thank Dr. Deepak Datta at the University of
Texas at Arlington, USA for his assistance with editing the manu-
script. I also extend my thanks to the reviewers, and specially
reviewer #3 for the detailed comments that greatly helped in
improving the clarity of the article.
References
Bishop, J.D. (2000). A framework for discussing normative theories
of business ethics. Business Ethics Quarterly, 563–591.
Bowie, N. F., & Freeman, R. E. (1992). Ethics and agency theory: An
introduction. In N. E. Bowie & R. B. Freeman (Eds.), Ethics andagency theory. Oxford: Oxford University Press.
Bucciarelli, L. L. (2008). Ethics and engineering education. EuropeanJournal of Engineering Education, 33(2), 141–149.
Burk, D. L. (2005). Legal and technical standards in digital rights
management technology. Fordham Law Review, 74(2), 537–574.
Cavanagh, G. F., Moberg, D. J., & Velasquez, M. (1995). Making
business ethics practical. Business Ethics Quarterly, 5(3), 399–418.
Council of Europe. (2010). Convention for the Protection of Human
Rights and Fundamental Freedoms amended as on June 1 2010.
Available at: http://conventions.coe.int/treaty/en/treaties/html/
005.htm.
Donaldson, T. J. (1982). Corporations and morality. Englewood
Cliffs, NJ: Prentice-Hall.
Donaldson, T. S. (1989). The ethics of international business. New
York: Oxford University Press.
Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception
of business ethics: Integrative social contracts theory. TheAcademy of Management Review, 19(2), 252–284.
Donaldson, T., & Dunfee, T. W. (1999). The social contract for
business. Ties that bind: A social contracts approach to businessethics. Boston, MA: Harvard Business Press.
Donaldson, T., & Preston, L. K. (1995). The stakeholder theory of the
corporation: Concepts, evidence, and implications. Academy ofManagement Review, 65–91.
European Parliament and Council. (1995). Directive 95/46/EC of 24
October 1995 on the protection of individuals with regard to the
processing of personal data on the free movement of such data.
Available at: http://ec.europa.eu/justice/policies/privacy/docs/95
-46-ce/dir1995-46_part1_en.pdf.
European Union. (2000). Charter of fundamental rights of the
European union, 7 December 2000. Official Journal of the
European Communities, 18 December 2000 (2000/C 364/01).
Available at: http://www.unhcr.org/refworld/docid/3ae6b3b70.
html.
Evan, W. M., & Freeman, R. E. (1988). A stakeholder theory of the
modern corporation: Kantian capitalism. In T. L. Beauchamp &
N. E. Bowie (Eds.), Ethical theory and business (3rd ed.,
pp. 97–106). Englewood Cliffs, NJ: Prentice-Ball.
Friedman, M. (1962). Capitalism and freedom. Chicago: University
of Chicago Press.
Friedman, M. (2007). The social responsibility of business is to
increase its profits. Corporate Ethics and Corporate Gover-nance, 173–178.
Hasnas, J. (1998). The normative theories of business ethics: A guide
for the perplexed. Business Ethics Quarterly, 8(1), 19–42.
Hinduja, S. (2007). Neutralization theory and online software piracy:
An empirical analysis. Ethics and Information Technology, 9(3),
187–204.
Kant, I. (1785/1959). Foundations of the metaphysics of morals(trans: Beck, L. W.). New York: Liberal Arts Press.
Konstantakis, N. I., Palaigeorgioub, G. E., Siozosa, P. D., &
Tsoukalasa, I. A. (2010). What do computer science students
think about software piracy? Behaviour & Information Technol-ogy, 29(3), 277–285.
Kultgen, J. (1985). Donaldson’s social contract for business. Businessand Professional Ethics Journal, 5, 28–39.
Laczniak, G. R., & Murphy, P. E. (2008). Distributive justice:
Pressing questions, emerging directions, and the promise ofRawlsian analysis. Journal of Macromarketing, 28(1), 5–11.
Laudon, K. C., & Laudon, J. P. (2009). Management informationsystems: Managing the digital firm. Englewood Cliffs, NJ:
Prentice Hall.
Litzky, B. E., & Oz, E. (2008). Ethical issues in information
technology: Does education make a difference? InternationalJournal of Information and Communication Technology Educa-tion, 4(2), 67–83.
Loch, K. D., & Conger, S. (1996). Evaluating ethical decision making
and computer use. Communications of’ the ACM, 39(7), 74–83.
Mason, R. O., Mason, F. M., & Culnan, M. J. (1995). Ethics ofinformation management. Thousand Oaks, CA: Sage.
Matchett, N. J. (2008). Ethics across the Curriculum. New Directionsfor Higher Education, 142, 14.
Mill, J. S. (1965). In J. B. Schneewind (Ed.), Mill’s ethical writings.
New York: Collier Books.
An ethical framework 25
123
Orlikowski, W., & Iacono, S. (2001). Research commentary:
Desperately Seeking the ‘IT’ in IT research–a call to theorizing
the IT artifact. Information Systems Research, 12(2), 121–134.
Quinn, D. P., & Jones, T. M. (1995). An agent morality view of’
business policy. Academy of Management Review, 20(1), 22–42.
Rawls, J. (1971). A theory of justice. Cambridge, MA: Harvard
University Press.
Reynolds, G. (2009). Ethics in information technology. Stamford,
USA: Course Technology.
Smith, H. J. (1994). Managing privacy: Information technology andcorporate America. Chapel Hill, USA: University of North
Carolina Press.
Stahl, B. C. (2008). The ethical nature of critical research in
information systems. Information Systems Journal, 18(2), 137–
163.
Stevens, B. (2008). Corporate ethical codes: Effective instruments for
influencing behavior. Journal of Business Ethics, 78(4), 601–
609.
van den Hoven, J., & Weckert, J. (2008). Information technology andmoral philosophy. Cambridge: Cambridge University Press.
Velasquez, M. G. (2006). Business ethics: Concepts and cases. Upper
Saddle River, NJ: Pearson Prentice Hall.
Verbeek, P. P. (2009). The moral relevance of technological artifacts.
In P. Sollie & M. Duwell (Eds.), Evaluating new technologies:Methodological problems for the ethical assessment of technol-ogy developments (pp. 63–79). Dordrecht: Springer.
Wright, D. (2010). A framework for the ethical impact assessment of
information technology. Ethics and Information Technology.
doi:10.1007/s10676-010-9242-6.
26 U. Bose
123
