BI+Ethics

= = =Ethics and Business Intelligence= Thursday, May 1

**Topic overview:**
It has been said that "with great power comes great responsibility". In this class we will wrap the course up with a discussion of the ethical implications of Business Intelligence Tools. We will explore and wrestle with some of the ethical issues that can arise with a BI program and try to arrive at some basic principles and guidelines for how these tools can be used ethically.

**Preparation for class:**
In preparation for our ethics discussion, you should read/review John Hooker's article "Ethics in Six Not-So-Easy Lessons". This reading is available in your coursepack or online at: http://wpweb2.tepper.cmu.edu/ethics/primer.pdf

In addition to the readings, you must post a one or two paragraph description of a hypothetical ethical dilemna relating to the use and application of a BI tool and/or its the underlying data to this page. //You must post your scenario no later than 8am on Thursday May 1//. I have posted a sample scenario below to get things started. I will select a subset of the submitted scenarios for discussion in class. To reduce locking conflicts while numerous people add scenarios, I suggest that you compose your scenario description in your favorite text editor and then quickly paste it into the wiki page that you are editing.

Slides:

**Ethical dilemnas:**

 * //FindTrueLove.com//** [fictional scenario submitted by Bob Monroe]

After five years of running an online matchmaking service, FindTrueLove.com has run out of cash and filed for bankruptcy. The parties involved in the bankruptcy have decided to liquidate the company’s assets. Not surprisingly, the creditors have pushed to sell off the company’s assets to the highest bidder. One of the company’s most valuable assets appears to be the data warehouse it has assembled to store information on the 950,000 members of the site. When people signed up for the FindTrueLove service they filled out a survey containing very personal information. In addition to this initial survey information, the data warehouse contains detailed information on contacts between members and dates arranged by the service. When these members signed up, the membership agreement indicated that this information would be held in strict confidence, used only by FindTrueLove.com for the purpose of making effective matches, and not shared with any third parties.

A number of potential buyers have signalled interest in purchasing the company’s assets. One potential buyer has offered significantly more money for the data warehouse than others have offered for the full company. As the current CEO of the company (appointed by the bankruptcy court) you don’t believe that this buyer has any intention of honoring the customer agreement relating to use of the data, though they have not formally stated what they intend to do with the data. What should you do?


 * //Health Care records//** [fictional scenario submitted by Oscar Casado]

Due to the increasing expenses in Health Care, Hospitals are gradually moving towards the adoption and usage of electronic records and business intelligence applications. The need to better track and easily access a patient’s history, along with the convenience of analyzing and forecasting revenue per patient are becoming a critical part of revenue/cost management.

A critical ethical dilemma involves protecting patient confidentiality and privacy while expanding access to information. Hackers can potentially access electronic medical records on a network, and mistakes could result in confidential medical information being sent to the wrong destination.

To give to examples: In August 2000, due to human error, the confidentiality of 858 members of the Kaiser Permanente Health Care System was breached. In January 2001, the University of Washington Medical Centre affirmed that a hacker had gained access to administrative databases containing confidential records of at least 5,000 patients.

Ads_R_us is an internet advertising clearinghouse that stores and shares a lot of private data without complete user understanding or consent. The data is collected from a number of disparate applications, including partner websites, such as email and web searches and used to build profiles that allow Ads_R_us to better connect the user with advertisers. For example, Ads_R_us matches advertisers with users based on the profiles that the firm creates. They allow advertisers to customize ads, such as by advertising flights from Pittsburgh to Las Vegas for a user that they know lives in Pittsburgh and has recently done some web searches on gambling. This information is collected in transactional databases and is made available in aggregated forms to advertisers via BI tools, but is it possible that advertisers could disaggregate the data they receive to learn more about individual user profiles than Ads_R_us intended? What is the firm’s moral responsibility if such a concern exists?
 * Ads_R_us** [Tim Darling]


 * IMS Health** [Erin Butler]

IMS Health, the largest dating mining company in the health sector, maintains large databases of detailed records of what prescription drugs are prescribed by nearly every doctor in the United States. This data is stripped of patient names and sold to pharmaceutical companies to target doctors who are more likely to prescribe their drugs. There are many questions raised by this practice including the fact that many doctors are unaware of the detail of information that is collected and ultimately used by drug sales representatives. There is a large push by state governments to eliminate or restrict these practices, citing ethical and privacy concerns. Is it ethical for IMS Health to resell this information? does this violate patient's rights? doctor's rights? Is it ethical for pharmaceutical to use this information to target doctors? Essentially patients with more widely prescribing doctors may gain access to drugs that patients of more conservative doctors would not.

An online social network site creates a space for people to network and communicate with friends and family. The social site allows users to add third-party applications to enhance their online experience. Typical online user information includes: your political views, hobbies, your dating interests, your relationship interests, network affiliations, copies of photos in your photo albums, metadata, list of user IDs mapped to your friends, your social timeline, etc, etc. Users may set profiles to private (to limit access from others) however they can still install third-party applications. If a user wants to install an application, he //must// grant that application full privileges. The online social network disclaims all liability from what happens to that information. Is it ethical for the online social network to allow third-party applications on their site when these applications “have not been approved, endorsed, or reviewed in any manner?” Is it up to the online network to create better standards to protect user information, or is left to the user?
 * Online Social Networks & Privacy Protection: ** [Maria Guzman]

Surveymonk.com is a fast growing online survey company that enables people to create their own surveys easily and quickly. Their systems so far have been catered to take care of individual surveys created by people. The management team sees a huge potential in combining the data created by individual surveys and creating market analysis reports. Sale of these reports could be used as an additional revenue source for the company.
 * Outsourcing BI : [Ajit Janardhanan]**

Everyone at Surveymonk.com realized that creating a data warehouse was a necessity at this time for the company.Given their limited experience with building data warehouses, they decided to outsource this project. The team realized that they would have to share a lot of personal information of the sites users to accomplish this. Is this practice ethical....??

In 2006, AOL mistakenly published on the internet the search data of approximately 670,000 AOL members that used the proprietary software to conduct searches over a three month period. The data was included in a compressed text file that contained twenty million search keywords for users, and it was intended for research purposes. According to AOL, the data was posted by someone who had not gone through the proper internal procedures; "it was an innocent attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted...," they said. Despite the fact that the names of the users were not directly disclosed, it was proven possible to discover the identity of several searchers. The data was pulled back as soon as AOL realized the problem, but it had already been mirrored and distributed on the internet. Was it ethical that AOL gave access to this information to its employees and did not supervise the use they gave to it? Additionaly, this data was obviously very valuable for a lot of researchers, who didn't do anything wrong and "found" it legally.Was it ethical to make use of this information given that it was inadvertently published and it has already been removed?
 * AOL Search Data** [Arlette Toledo]

Baby Compare, a relatively new company, found that parents are always stressed out about whether their baby was ‘normal’ or not. They decided to start a database that would collect and compile data from hospitals and willing parents. The data collected would be milestones reached by children, and age. For instance- first word spoken, appearance of first tooth etc. The parents could then look at the averages and compare their child with that of the average. The founders were also considering adding scenarios of correlation between the age at which the milestone was reached, and assigning ratings of ‘normal’, ‘below average’ and ‘above average’ to the children- and possibly relate that to IQ and other measures of success. The founders are wrestling with the ethical aspect of providing such BI capability to an already competitive society and subjecting children to such comparisons at such a young age.
 * Baby Compare** [fictional scenario, Rashmi Gowda]

//**Watcha!**// [fictional scenario, Giancarlo Raicovi] “Minera Alvallisoletano Nilamano” (MAN) is the largest mining Company in South America. Recently, it has acquired “Watcha!”, a Security Business Intelligence tool originally created by the FBI to monitor and cross information about stakeholders, news, events, activities and their influence. “Watcha!” has available some information provided by the local Government, the FBI and CIA. MAN expects to use this tool to address more effectively some environmental concerns, to identify local leaders that incite the population against its Operations and to track movement, activities and influence of environmental leaders around the world.

Oscar, a newly hired programmer is developing the new MAN’s Contact Management System. “Watcha!” is one of the sources he is using to perform this task. Casually, he was granted more privileges in “Watcha!” that he should have. Navigating through “Watcha!” he found that Arlette, his neighbor, is constantly monitored. Oscar does not know exactly how this information is going to be used nor how to interpret these results. Should he warn her friend about this situation?

BI and the US Government, Leonard Coyer Homeland security has become a topic of significant importance since the events of September 11, 2001. Illegal wire tapping allows the federal government access to random phone conversations between civilians or specific phone conversations of a suspected terrorist, but the USA Super Patriot Act created an extensive database of credit card purchases, loan applications, bank account balances, and more all tied to an individual’s social security number. Essentially, the federal government has access to your phone calls, your Internet surfing history, your emails, and all your personal information and can do with it as it pleases because of claims that this knowledge will insure your safety. Should the federal government have access to all this information because of these claims? Further considering the private sector, should an Internet search engine or social networking site have access to all your Internet activity? What are some of the ethical issues that arise regarding access and use?

Christopher Lee, a loan officer at the Cincinnati division of a large Wall Street financial corporation was down to tears to know he was fired from the company. When asked for an explanation, he was told that the company was in the middle of a financial crisis and that they were forced to lay off some employees to keep the company "healthy". Lee was not only surprised but also deeply depressed to find out that some of his ex-colleagues who were less efficient and less dedicated than himself survived that lay off. He used some of his personal contacts in the senior management to find out what went wrong.
 * Informal network analysis** [fictional scenario, Joseph Kuttikat]

Few months back the corporation hired few BI consultants for generating "valuable knowledge" on their company employees. The plan was to use BI capabilities to analyze and visualize the massive amount office communication logs data (originating from corporate communication channels such as email, phone calls, IM messages, etc) stored in their enterprise data warehouse. The objective of that BI assignment was to generate informal social networks within the company and to use that as a tool for the managers to increase their influence outside the inner circle.

At the time of crisis, Benjamin, Lee’s boss was under severe pressure in selecting loan officers that he had to lay off. A quick look at the financial performance of the loan officers didn’t help him much because they seemed to be unevenly fluctuating over years. Finally, Benjamin decided to use the newly created BI capability to decide the candidate for lay off. He looked at Lee’s network and found that he is not "well connected" to his coworkers. He was perceived not be a good team player and decided to lay him off.

Lee was shocked to hear how the management went about making that decision. Lee had very strong ties outside the firm, esp. with the firm’s clients. This was helping Lee to win more clients for the firm. None of those external ties showed up on the network because the analysis was done only using internal communication data.

Was Benjamin behaving ethically? Is it ethical to store the employee’s communication data? Is this compromising employee’s privacy? Is it ethical to use data to derive new knowledge (which may be incomplete)? Who has the authority to decide the correctness of such an analysis? Can the management use this data to make performance decisions?

Lund Networks, a large internet service provider start-up, has proprietary BI software and infrastructure that stores all incoming and outgoing Internet traffic for each customer in order to troubleshoot network problems and maximize bandwidth. As John Lund, a network IT specialist, troubleshoots a problem, he becomes baffled by a customer’s large and erratic bandwidth consumption patterns. Driven by curiosity, John uses BI software to drill down into the traffic coming from this consumer. As he goes through the report, John notices that this customer has been visiting many pro-Al-Qaeda websites and forums. Then, John uses a tool that decrypts an email message sent by this customer from Pittsburgh to someone in Afghanistan. To his amazement, the email reads, “The plan is set. Tomorrow morning, hell will be here and we shall get our revenge!” Stunned, John runs to the startup owner, Bernard Lund, and presents this information. Bernard is concerned but knows that John should not have decrypted the email. However, if this customer is going to be involved in nefarious activities with the help of Lund’s internet services, the bad publicity could destroy the startup. Alternatively, if he contacts the authorities only to find out that there was nothing nefarious about the customer, public knowledge of such an invasion of privacy could also destroy the startup. Should Bernard contact the authorities? Should Lund have kept such detailed information about the customer in the first place? Should the data have been scrubbed instead even though this would eliminate any competitive advantage? Should customers have been informed about the level of information being stored about them?
 * Evil Customer** [fictional scenario, Vinay Jain]

The Giant Hawk grocery store chain uses its loyalty card program to track customer’s consumption items and habits to better manage inventory levels and improve marketing. Jane Bluecross, a local health insurance executive, contacts Joe Cluster, the Director of BI at Giant Hawk, to see if she can buy a list of all Giant Hawk customers who have purchased cigarettes in the past two years. She is unwilling to describe exactly what she plans to do with this data, but indicates that she is willing to pay a lot of money for the list.




 * 1. Toysmart.com** [Real world scenario similar to **//FindTrueLove.com//** submitted by Prof. Monroe]

Toysmart.com, victim of dot-com burst, has only one asset left to cover the debts and provide return for its investors: its customer database. This database contains names, addresses, and shopping preferences of online toy shoppers, as well as family profile information including names and ages of children.

Should Toysmart be permitted to sell this valuable database to the highest bidder? If yes, then to whom?

Credit: Mining Data for Decision Making by Prof. Trick @ Tepper School of Business, CMU


 * 2. ChoicePoint.com** : Information and Ethics

ChoicePoint delivers comprehensive credentialing, background screening, authentication, direct marketing and public records services to businesses and nonprofit organizations. For almost a century ChoicePoint has been the trusted source and leading provider of decision-making information that helps reduce fraud and mitigate risk.

ChoicePoint has become an information giant since it formed in 1997. It has acquired more than 50 other companies and has more than 100,000 customers, including most Fortune 500 corporations, local, state and federal law enforcement, and every major federal government agency. The company says it has 19 billion records that are routinely delivered in reports and analyzed for an array of reasons, including fraud detection, police investigations and journalism.

ChoicePoint in 2004 delivered thousands of electronic reports containing names, addresses, Social Security numbers and, in some cases, credit histories to people in the Los Angeles area posing as legitimate debt collection, insurance and other small-business officials. As many as 4,500 residents in the District, Maryland and Virginia were among up to 145,000 people whose names, addresses, Social Security numbers and, in some cases, credit files were electronically shipped by ChoicePoint Inc.[1]

Most of people whose information was shared did not have any clue whether a company named ChoicePoint exists and it has so much information about them. What are the responsibilities of such company? Why does Government not come up with laws to make sure that this information is not shared with scammers? Should government itself use companies like Choicepoint to gather information about individuals?

Reference: [1] http://www.washingtonpost.com/wp-dyn/articles/A40379-2005Feb20.html

and to make things more complicated, it is no more US owned: Reed Elsevier[Owner of Lexisnexis, UK based company] Buys ChoicePoint for $3.6B http://biz.yahoo.com/ap/080221/reed_elsevier_choicepoint.html

 Kevin is a software tester for a large hospital chain’s data warehouse. Part of Kevin’s testing requires him to look at real medical records of real people to verify the data warehouse is returning correct information. The hospital chain has not given him any direction on whose records Kevin can look at or not look at, so he typically just picks medical records at random.  Kevin heard on the news that celebrity Britney Spears was admitted to one of his employer’s hospitals. That means her medical records are in the data warehouse. Britney has been acting very strangely recently (completely shaving her head, etc.). Even though he does not know Britney personally, Kevin is curious about her. He is tempted to look at her medical record for data warehouse testing purposes instead of looking at a random record. He has to look at somebody’s medical record, he might as well look at hers. Of course, Kevin would never share or sell Britney’s medical information. Kevin knows that is wrong because he once took a “Business Intelligence Tools and Techniques” class that discussed ethics. But is it wrong to look just to satisfy his personal curiosity when his job requires him to look at somebody’s medical record anyway?  Bonus Complication: Say the situation is different and Kevin is not a stranger to Britney, but is actually her ex-husband Kevin Federline (commonly known as K-Fed). K-Fed shares custody of two kids with Britney and is concerned about whether she has medical problems that prevent her from properly taking care of their kids. K-Fed asks Britney about her medical problems directly, but she refuses to answer him. How does K-Fed personally knowing Britney change things, if at all? Should K-Fed “conveniently” use Britney’s medical record for his data warehouse testing? <span style="font-size: 12pt; font-family: 'Arial','sans-serif'"> <span style="font-size: 12pt; line-height: 115%; font-family: 'Arial','sans-serif'">Note: This is a largely fictional scenario, but it is based on real Britney Spears news. See http://www.latimes.com/news/local/la-me-britney15mar15,0,1421107.story?page=1.
 * Employee Curiosity** [largely fictional scenario submitted by Ray Loo]

<span style="font-size: 10pt; font-family: 'Arial','sans-serif'">**What are my salespeople up to?!** [fictional scenario, Submitted by Salahaldin Hussein] <span style="font-size: 10pt; font-family: 'Arial','sans-serif'">You are the Head of Strategic Technology Group at ITSE, a medium-size IT solutions company. ITSE provides IT solutions to businesses, nonprofits, educational institutions, governmental agencies, and home users. ITSE has a BI program, an initiative you started 16 months ago because you believed that accessing richer and cleaner data would help sales teams determine who the most profitable customers were and which customers they should cross-sell new products to. The program has been a success and you were recently awarded the employee-of-the year award for innovation. <span style="font-size: 10pt; font-family: 'Arial','sans-serif'"> <span style="font-size: 10pt; font-family: 'Arial','sans-serif'">The VP of sales calls you early Monday requesting a report that fully details his salespersons’ BI activity over the last year. You are now scratching your head and feeling a little worried; the report, that this VP requested, is essentially a log of what every sales person has done with the BI tools in the past 16 months. If the sales teams find out they are being monitored in this manner, the company’s morale could suffer seriously and you will forever be known as the bad cop around. On the other hand, there are not many people at ITSE who would say no to this VP; he is tough and commanding, he made the company millions of dollars through various aggressive sales campaigns, and he believes that this report would be valuable. How would/should your proceed?


 * Targeted Advertising and the Google, Facebook and Phorm Debate(Srinivas Abhinav Raj**)

The controversial online advertising system Phorm has sparked controversy about privacy that Google and Facebook still continue to raise. The argument about whether privacy is a human right is an argument of ethics. The Online Advertising industry uses Business intelligence with respect to mining and analyzing huge datasets for targeting customers.With firms of the likes of Google and Facebook having huge stores of data about individuals all over the world, the ethics of its use is a key question that begs attention. The question is also of the ethics of having your Internet Service Provider snooping on your browsing activity with ISPs os the size of Comcast caching web activity in the past.

At the World Wide Web's 15th birthday, its creator Tim Berners Lee rightly pointed out that the internet is still in its infancy. There are several questions about the ethics and Business Intelligence on the internet that need to be addressed. In the Information age of today, the freedom of the internet and its contribution to a flat world is unparalleled. However the ethics of its use has implications with respect to the large amount of data, information and knowledge avaliable on the internet today. When looked at through the prism of Business intelligence, the pyramid of data, information and knowledge will only be complete and ethical if capped with another layer -wisdom. --- Todd works for a big Wallstreet broker firm, SmartInvestors Inc. The firm has recently rolled out BI software. This software analyzes sales and revenues of different firms to predict the share prices of different NYSE listed companies. BI tools analyze the companies on different parameters like projects undertaken, forecasted growth, past histry etc.The firm offered Todd a key position in adminitering the BI tools and its maintenance. He has access to all the administrator accounts. His job is to ensure that the system is available 24x7 and report any issues to the vendor. He generally calls the technical support of vendors if any issues are reported. He was point of contact for BI related technical queries. He understands the how the tool works and knows most functionalities of the tool. He is not a analyst, he is technical guy and is concerned only with technical details of the tools.
 * //Share Market Scenario//**[Fictional Scenario by Shrikant Pandhare]

Todd was never interested in share market. He is simple person who loves to live in country side and loves farming. Todd's friend Ben is big time gambler and invests heavily in the share market. Ben came to know about Todd's new responsibities and he started demanding some insider information from Todd. Since Todd had admin access to BI tools he could have easily look at information and pass it on to Ben. Todd knew Ben since childhood. He knew that Ben will use this information for his own purpose and will not pass on the information to others. However, being person of high ethics Todd completely refused. However, Ben showed how just small information can help them make huge amounts of money from share market. Should Todd fall for his childhood friend's wishes?

Investment Bank Cross-selling (Sam Osman) Investment banks generally aggregate all consumer data into a single repository for purposes of cross selling. For example if the owner of a country seeks advisory services from the investment banking to sell his company, once the sale goes through the consumer and asset management divisions are notified that he may now become a potential customer to that division. Clearly this raises some ethical discussion, we would like to believe in complete privacy when it comes to matter of our finances, but banks quite often share private information all in the name of cross-selling. Another instance of this arises within the credit card division and the asset management practice. When banks forecast that consumers need extra disposable income instead of recommending that they sell securities with the firm (reducing the banks overall assets under management), the credit card division offers higher limits and cash withdrawal facilities. This from the bank’s point of view is clearly an excellent forecasting tool that generates tremendous revenues.

Call Centers (Rohit Chawla) Over the past decade, India has witnessed phenomenal growth with the BPO industry (Call centers in particular). These call center companies, often buy BI software to improve their efficiency and over a period of time, they built huge databases of their customers. Fictions scenario: A call center company has a large bank as its client. Over a period of time, the call center company has accumulated details about the banks customers (age, gender, location, personal income). However, another company that sells luxurious goods has approached this call center company and has offered to pay a handsome amount for banks customer profiles (no personal information required). They have assured that this will be confidential and will only be used for market study. Should I call center even think about it? Is this ethical?

__Paying for the Cure__ (David Blanchard) A pharmaceutical company has discovered the cure for aids. That is, a drug that completely eliminates the HIV virus from someone's body. They are now trying to determine how to best price the drug in order to recoup the millions of dollars they spent on Research and Development.

Some employees believe that the best way to do so, is to charge everyone a different price according to their income level. Through BI tools, they have been able to gathered enough information about drug use, health coverage, and other information that can accurately predict each of their customers' income level.

Others argue that such a practice would be illegal (and unethical), and thus believe that everyone should pay the same for the drug. This, however, might prevent some from acquiring the drug.

Do we use a utilitarian view and charge people according to what they can afford, and thus provide the greatest good for society? Or do we follow the law and thus do not discriminate based on income (and in the process prevent thousands from buying the drug due to lack of funds)? In addition, is it ethical to use BI tools to analyze data for secondary purposes (to predict income rather than to provide the best possible health coverage)?