Three years ago, Diane started her own consulting business. She has been so successful that she now has several people working for her and many clients. Their consulting work includes advising on how to network microcomputers, designing database management systems, and advising about security.
Presently she is designing a database management system for the personnel office of a medium-sized company. Diane has involved the client in the design process, informing the CEO, the director of computing, and the director of personnel about the progress of the system. It is now time to make decisions about the kind and degree of security to build into the system. Diane has described several options to the client. Because the system is going to cost more than it had planned to spend, the client has decided to opt for a less secure system. Diane believes that information that they will be storing is extremely sensitive. It will include performance evaluations, medical records for filing insurance claims, salaries, and so on.
With weak security, employees working on microcomputers may be able to figure out ways to access this data, not to mention the possibilities for on-line access from hackers. Diane feels strongly that the system should be much more secure. She has tried to explain the risks, but the CEO, the director of computing, and the director of personnel all agree that the less secure system will do.
[ From "Using the New ACM Code of Ethics in Decision Making" by Ronald E. Anderson, Deborah G. Johnson, Donald Gottarbarn, and Judith Perolle, in Communications of the ACM 36(2):98, February 1993. ]