We've had a lot of questions about IT and ethics come up on the NTEN Discussion list lately. Very interesting. Today, I received an email from a member who wanted to post a question to this, but remain anonymous. We posted this question:

I'm the IT Manager for a non-profit whose Executive Director expects total access to every aspect of the LAN (domain admin privileges). Not only that, but he actively shadows users in Citrix and goes through the home directories of all employees. Now of course a case can be made that as head of the organization, there's no reason why he can't or shouldn't be able to access everything, and that everything on the LAN belongs to the organization. But in the absence of any suspicious activity by any employee, I believe that as ED he should be occupied with other issues. My question is: how has your organization dealt with defining these responsibilities? And second, how might a lowly manager broach the subject? I look forward to a lively discussion.

What do you think?