Squeezing the DBA

  • There are many situations with different areas of gray on this. I have had experience with two. One company I was a DBA in - they were running around 600 illegal copies of this very popular software. I knew if I reported it there would be an audit in no time. They also treated lot of people badly - many times over lunch or coffee we would discuss reporting the issue for audit. They would know that someone who worked there did it, for sure and many people were not sure what that would do to their jobs. Long story short, I quit and someone else reported the matter. But guess what, they hired a CIO who knew some top brass in the software company and the matter went completely unnoticed. The poor guy who was reported got a bad review for no reason and was forced to quit. In the second story the company had falsified books of account. One for Uncle Sam, one genuine. As DBA I had no access or knowledge of this but someone who worked in accounting did. He reported the matter anonymously (I dont know how) and they had an IRS audit which they..PASSED. Nobody knew what happened to the 'bad books' except that the guy lost his job soon after.

    If I saw someoone in a bad situation like some of those described yes to me it would be something I had to report. But in corporate situations and those with gray areas I'd rather watch my back.

  • Good points, dma. There is a lot of gray in the world.

  • We had no official ethics courses that I know of, aside from possibly something in the social sciences dealing with ethics in research, but our entire school was made to sign a very specific Honor Code when we first arrived on campus. We were bound to report (and there was a vehicle for doing this anonymously) any infraction of the honor code that we witnessed or were approached about and it would be dealt with. Even if it didn't teach us specifics of what we needed to do in order to cover ourselves in such a situation, it made us much more wary of doing anything unethical. I think something covering any legal options we had in such a case would be of great benefit.

    Currently, any changes we're asked to make to any data is almost always due to a fumble-finger error on the part of a user, and we need documentation from the user authorizing it. We take a backup of the data before we change anything so we both have an audit trail and information on what to put back if we're asked to later. None of this has been anything the least bit dodgy though. I'd hope that the people I work with and I are ethical enough that we'd make the same kind of audit trail if we had to make the changes, if for no other reason than that we'd have some kind of documentation of what was done when we reported it. I'd also hope that all of us are ethical enough to refuse to do it if possible and document and report it later if not. But as someone said above, you never know what you're going to do until you're faced with the situation.

    Jennifer Levy (@iffermonster)

  • Robert DeFazio (9/3/2009)


    Was the my choice right? Well, it did cause hardship for my family, and it did reduce my income; however, remaining true to one's principles has no price tag. At the end of the day when you are trying to go to sleep, you have to live with yourself and your own approval or disapproval of your actions. I am a believer in the notion that there is a clear distinction between right and wrong. Sometimes the price of being right is high, but it is the only right option.

    //.........//

    Fear of losing one's job is never justification for cooperating in crime. At some point one has to stand up and be a man (or woman) of integrity and say, "Not on my watch!" It sounds a bit Pollyannaish, but principled behavior is the only antidote to the growing trend of cybercriminality and diminished business ethics. It lets employers know that they didn't hire people lacking a backbone.

    I totally agree with these two statements.

    Some folks here have stated that you don't know what you will do until you are in that situation. I believe that isn't really accurate. We've all been faced with situations where something wasn't right - what did we do then? We either did what we knew was right and felt ok about it, or we did what we knew wasn't right and suffered those consequences. We already know who we are inside. That's my opinion.

  • I am somebody who championed the underdog for a very very long period of time. One question i ask myself always - whom am I trying to save and is that person/place really worth it? Sometimes the answer is yes, more often or not it is no. Ethics in the business world is rarely black and white, today companies are warring and tomorrow they are partners. Ditto I would always say while championiong the cause of co workers, even women who suffer harassment. If money is offered 99% of the time people want to let go and are embarassed if you are the one holding on to it. I'd rather find genuine causes to fight for that makes the world better and makes me feel better - like the charities i work with, and people who are really in need of a better life. Within a corporation is everyone looking out for himself or herself that is all.

  • II have been asked on occasion over the years to “fix” data.

    If it’s a case where the change is a correction to the data and not a falsification, I request that the business officer in charge of that area give me a specific approval for the specific change.

    If I feel it amounts to intentionally falsifying data, I refuse outright. I usually send them an email stating my reasons for refusing, and copy my boss and their boss. There has never caused my career harm that I know of, and nothing has ever come of it. What are they going to do, fire me for refusing to commit fraud? Usually the requests have come from lower level people looking to pump their performance numbers. I have never received a request like that from an officer level person.

  • My first reaction on reading this editorial was to flashback to a recent interaction I had with a co-worker, DBA and creator of our agency's fiscal system. Me: "Does the data mean bla bla?" Him: "I don't know. I just do what they tell me."

    At the time I was shocked, because I firmly believe that in order to do a good job, one has to understand business content, not just technical know-how. Now I have another reason to be concerned: Without understanding content and business data rules, one could easily be "tricked" into immoral activity. If he trusts his team to always do right and if we had an immoral person on the team, he could be made the agent of illegal activity without knowing it. In this case, he would not be making the decision to act immorally. (One could say that the immoral decision was to not know the business better, but where is the line drawn? How much of the legal rules for the business does a DBA need to know? I would guess that posters here would say: All of them. But I also guess that the reality is that the majority of DBA's know little much beyond what is required for the DB to run smoothly.)

    To clarify: We have a great team here and no corruption that I know of. I also believe that a certain amount of agency trust is good and appropriate. I'm just exploring the idea: Just because a DBA is involved, does it mean that the DBA knew what he/she was doing?

  • The real problem, IMO, isn't the movie plot threat. It's the legal tangle that we all live in which is so complex that you're breaking a law right now just sitting there reading this. If you're in a DBA job for a company that makes money, has assets or public exposure (like a government agency), you should have an attorney's business card in your wallet or purse so that you know who to call when something goes sideways. Especially if it's a publicly traded company.

    And I don't mean "your cousin Vinny" (no offense to Joe Pesci), but you'll need somebody with both corporate and criminal experience... which can be hard to find. They don't need to know you, but you need to pick somebody with a solid track record who's respected (in her profession, not necessarily generally, after all, she is an attorney).

    Any time somebody asks you to do something that doesn't involve an electronic or paper trail, your spidey sense should go off. You have been warned.

    :hehe:

  • If something seems to be illegal there are ways to report it anonymously. Anonymity keeps you safe while keeping you from being party to something you find morally or legally repugnant.

  • I don't think the editorial covers any particularly new ground, but I believe it's valuable for the implicit forewarning. I don't think the moment when you're asked to do something unethical is the point at which you should decide what to do; if you're in a position of responsibility, sooner or later you'll have someone test out your ethical boundaries, so you should expect the advances and work out your own plans of action ahead of time.

    And not just these particular ethical problems, of course. There are other moral issues that are part and parcel of being a DBA, so expect them to come sooner or later and be prepared for them. For example, I recently had to perform some "forensics" to clarify for a disciplinary certain things an employee had and hadn't done. I was also asked if I was prepared for my findings (and therefore my involvement) to be divulged to that employee - someone I happen to like. Unpleasant, but it wouldn't have been fair to anyone if I'd refused, and I'd come to that conclusion years ago so I had no problem with giving my answer.

    Semper in excretia, suus solum profundum variat

  • On the other hand, yesterday, drug maker PFizer admitted to fraud and 6 "whistle blowers" will split a share of the 102 Million Dollar settlement for reporting this crime. I truly hope one (or more) of those people might be a DBA who came forward when he or she saw data was being played with.

    The sad thing is the DBA or developer who knows about these things are usually contractors long gone and when internal maybe transferred or let go so I don't think they will be part of the settlement.

    Some folks here have stated that you don't know what you will do until you are in that situation. I believe that isn't really accurate. We've all been faced with situations where something wasn't right - what did we do then? We either did what we knew was right and felt ok about it, or we did what we knew wasn't right and suffered those consequences. We already know who we are inside. That's my opinion.

    These things comes in many flavors not just falsifying financial data, it also includes working on something that you know is wrong that will affect many lives. How do you sleep at night if the layoff of 50,000 to 70,000 was converted to more than one million jobs lost permanently and the largest industrial failure in US history and you did not say the math was wrong at the time.

    Kind regards,
    Gift Peddie

  • I have actually been in this 'situation' twice in my career. The first time working for a CLEC in 2000. A VP asked for some financial data to be 'modified' - this was occurring just prior to a Chapter 11 filing. I said no, raised a very large 'rucus' with my manager's support and the end result was termination of the VP - no legal action though. The second time I was working for a county run health care provider in 2006. The Director of IT wanted me to 'modify' (i.e. remove) data in the organization's web utilization tracking system related to him - it was on a SQL Server based system. I said no. Then he asked if I could 'modify' (again remove) information from the organization's key card system - again another SQL Server system. I said no. This time my manager raised the 'rucus' for me with the CIO. Shortly thereafter the Director of IT was no longer present.

    In both instances there was absolutely no doubt or question in my mind about the 'right' course of action. As a DBA, the 'steward' of an organizations data, there should not be. What is right is right.

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

  • Excellent point majorbloodnock. Thank you for your post.

    Sorry you had to go through something like that. Despite knowing ahead of time what you would do, I imagine it would be very hard given your relationship with the person in question.

  • Too wishy-washy. A lot of conflicting advice in this editorial. Either take a stand one way or the other or don't even bother writing an editorial like this in the first place. I don't tend to like editorial advice that rides the fence post, particularly when it comes to commtting, or being an accessory to a crime.. I personally like my freedom more than just keeping a job. Anyway, this is a no brainer IMHO. This kind of stuff is carrying very stiff prison terms with it nowadays. Just say NO!

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"

  • Asking someone to commit a crime is a valid reason to leave the company and collect unemployment benefits. Under no circumstances would I do this for ANYONE and ANYTIME. I am entrusted to guard the data at all times. In fact, the data is my supervisor! I'd rather quit and collect a small unemployment check while I look for a new job than risk committing a crime and going to jail. Even if there was no risk of getting caught, no jail time, I just could not do it to make someone else look better. DBA's are held to a higher standard much like system admins. We are trusted. Once we invalidate that trust, we fail everyone in the profession.

Viewing 15 posts - 16 through 30 (of 42 total)

You must be logged in to reply to this topic. Login to reply