The purpose of this paper is to analyze the
social and ethical responsibility of Database Administrators
(DBAs) in the Information Technology field. Do DBAs have a
social or ethical responsibility to the organizations they work
What is a
Database Administrator (DBA)?
A Database Administrator
is the person in charge of managing the relational database and
its access rights. Wikipedia defines a database administrator
(DBA) as the person who is responsible for the environmental
aspects of a database.
In general, these include:
Recoverability - Creating and testing Backups
Verifying or helping to verify data integrity
Defining and/or implementing access controls to the data
Availability - Ensuring maximum uptime
Ensuring maximum performance given budgetary constraints
Development and testing support - Helping programmers and
engineers to efficiently utilize the database.
of a database administrator has changed according to the
technology of database management systems (DBMSs) as well as the
needs of the owners of the databases. For example, although
logical and physical database designs are traditionally the
duties of a database analyst or database designer, a DBA may be
tasked to perform those duties.
Issues, why we need one:
System Administrators (SAs) and DBAs generally have high
levels of access into computer systems at major corporations,
financial institutions, educational facilities and brokerage
firms. The IT professionals have access to highly-confidential
information, prior to it becoming public knowledge, such as
IPOs, stock ratings, debt ratings, test questions and answers
just to name a few. Many times high-level executives do not even
realize when they are saving a Word document, Excel spreadsheet
or information to a database that most likely one or more
employees or contractors working within IT have the ability to
access this information. So what stops the IT professional with
high-level access to systems from reading and acting on this
information for their own purposes, even if their not a hedonist
who solely seeks pleasure for themselves no matter the cost to
ABC News in September 2015 reported a "computer
administrator at one of the nation's largest prescription drug
management companies admitted Wednesday he planted an electronic
"bomb" in the company's computer system." (Source: abcnews.com)
If this "logic bomb" would have executed it would have
erased critical patient information causing major problems and
financial loss for the healthcare corporation. This is one case
where an IT professional took advantage of the high-level system
access that was entrusted to him. An example where a DBA took
advantage of the trust placed in them was at Fidelity National.
In 2015 the company had 2.3 million customer records stolen and
sold to a marketing firm. The company "said that this was all
orchestrated by one employee, who has thus far only been
identified as "a senior-level database administrator who was
entrusted with defining and enforcing data access rights." If
someone wants to steal a database, that's the perfect job to
have." (Source: infosecnews.org)
Existing DBA Code of
Doctors take the Hippocratic Oath and are
entrusted with patient's well-being and are to preserve life.
Part of the oath is to never to do deliberate harm to anyone for
anyone else's interest. It is easy to understand why a physician
would be required to take such an oath considering the great
responsibility they hold in their hands. Engineers also have a
code of ethics. Which states "engineers are expected to exhibit
the highest standards of honesty and integrity. Engineering has
a direct and vital impact on the quality of life for all
people." (Source: nspe.org) It is also easy to see why engineers
must have a code of ethics as they design airplanes, buildings,
automobiles and many other items which people trust our lives
with. I believe it would be great for DBAs to also be required
to take an oath, or swear to practice by a strict Code of
Ethics. While it may be difficult to argue that people trust
their lives to a DBA, people and organizations do trust
extremely confidential and sometimes very personal information
to a Database Administrator. Stephen Wynkoop from SSWUG.org
proposes the following elements in a DBA Code of Ethics:
Be aware of and up to date on regulations
that impact data systems.
Keep the company advised of all
issues, honestly, openly and without unneeded drama.
complete information with all facts available.
best possible security for all data systems.
recoverable environment, with a recovery plan and awareness of
how to execute on that plan.
No silos - avoid segregating
knowledge about your systems, techniques.
Stay up to date on industry happenings.
Stay up to date on regulation and other non-technology things
that touch data systems.
Continue to learn new techniques,
new tools, understand best practices.
Strive to constantly be
tuning and improving approaches and procedures to existing
Responsibilities to Co-Workers
Be honest in all dealings
Protect co-workers from data systems.
Share, teach and help grow the collective knowledge base.
What can be made
better with these existing code of ethics?
I like how
the SSWUG Code of Ethics calls-out the DBAs responsibility to
multiple stakeholders. The organization you work for, yourself
and your co-workers are all important entities to keep in mind
when conducting yourself on a daily basis. What is missing from
the SSWUG model is the fiduciary responsibility of a DBA. The
model also should call out the responsibility for DBAs to never
access information that is not required for doing their job. For
example looking up a colleague's salary out of curiosity should
be called out as unethical. Also the model should have a more
professional tone to set the proper environment for how a DBA
should conduct themselves.
My proposed Code of
Preamble This Code of Ethics sets forth ethical
principles for all Database Administrators (DBA). The DBA Code
of Ethics is intended to be used as a guide for all involved in
the profession of database administration for promoting, and
maintaining the highest standards of ethical practice, personal
behavior, and professional integrity. The guidelines expressed
in the Code are not to be considered all-inclusive of situations
that could evolve under a specific principle and are designed to
be additive to such other professional codes as may be
applicable (such as: psychology, social work, nursing,
manufacturing such as cGMP, validated systems, etc.). This code
of ethics is primarily based upon the four cardinal virtues as
laid down by Aristotle (384-322 bce). As Aristotle said we are
all "looking for excellence". As DBAs we should be seeking
excellence in our daily practice in the database administration
profession. It also has roots in Catholic moral tradition.
This draft Code of Ethics was originally written to be
high-level and condense in nature. As I receive feedback I will
incorporate this into the code. This is merely a draft to work
from and build on with others input. This input does not need to
come solely from fellow DBAs. It would have more impact and a
far reaching effect if input was obtained from other fields.
Prudence is defined as the ability to know
the good end and the rights means to get there. To be sure a DBA
is being prudent they must seek counsel, look at facts and
consider the general norms of society. When in doubt regarding a
questionable situation the DBA should consider the facts,
without jumping to conclusions; seek the advice of another DBA;
and/or consider what society would consider being the prudent
and proper decision for the common good of all. "The common good
concerns the life of all. It calls for prudence from each, and
even more from those who exercise the office of authority."
(Source: http://thesocialagenda.org/article4.htm#10) Certainly
DBAs hold an office of authority when one considers the trust
placed in them and the high-level access a DBA possesses to
many, if not, all the databases within an organization.
Principle 2 (Justice)
Justice is defined as giving each their rightful due.
The Member accepts responsibility for the exercise of sound
judgment and professional competence. The DBA respects the
rights and dignity of all individuals and promotes well-being
for all involved. Be honest in all dealings with co-workers.
Protect co-workers from data systems.
Principle 3 (Temperance)
Temperance is defined as knowing when to hold back. The
DBA must show temperance before viewing or acting on information
considerable by a reasonable person to be confidential.
"Usurping another's property against the reasonable will of the
owner" is considered theft. (Source: Catechism of the Catholic
Principle 4 (Courage)
Courage is defined as knowing when
to take a risk. The Member honors all professional and volunteer
commitments. Keep the company advised of all issues, honestly,
openly and without unneeded drama. Provide complete information
with all facts available.
Responsibility is having control over
and accountability for appropriate events which happen in your
domain. For the DBA this involves being responsible and
accountable for the databases they are trusted to control.
Trustworthiness is being creditable
and worthy of trust. When you are trustworthy people can count
on you to do your best, to keep your word and to follow through
on your commitments. You do what you say you will do.
Creating a Database Administration Code of Ethics is not a task
to be taken on by a single person. A large collective input must
be taken; a cross-functional team must be brought together with
the goal of creating a universal Code of Ethics for the Database
Administrations Professional. The Code of Ethics would likely
never be enforced, other than what is considered to be unlawful,
however the code is about striving to be a more cohesive
profession when it comes to what we do and how we do it.