Norman A. Mooradian on records and information management ethics
Acutely aware that RIM professionals require a professional ethics to guide them in their daily practice and to form a basis for organizational policies, Norman A. Mooradian did the logical thing: he wrote a book on the subject. His new text Ethics for Records and Information Management offers a rigorous principles/rules based work as vital to current professionals as it is to students. In this interview we discuss Mooradian's career background, the historical currents that have led to the discpline, and why he considers whistle-blowing a critcal issues for records and information managers.
Your career has had a dual path; you’ve worked both in academia and as an information management professional. In regards to information ethics, how did that influence your approach in writing the book?
The book is really a confluence and synthesis of these two areas of knowledge. I started out my career in higher education and studied ethical questions and ethical systems as part of it. After transitioning into the information technology field a few decades ago, I continued researching and writing about ethical issues such as information privacy, sales ethics, knowledge management, and values in virtual reality. I also taught business ethics at a state university for a number of years, all the time working full time in an information field. In writing this book, I asked myself how this ethical knowledge informed my work as an information professional and in particular, what concepts and theories were directly relevant to my work and what others were less relevant, interesting though they may be. The topics that emerge are reflection of this intersection of professional personas. Also, because of this dual path, I bring a unique vision to how I approach the subject matter that includes the rigor of an academician and the sensibility of a practitioner who has direct experience working in organizational contexts, solving problems, and meeting deadlines. This allows me to understand firsthand the pressures and concerns that form the background of information professionals in their working environment.
Another way my dual career influenced my writing is that I used information principles such as taxonomy development to organize my presentation of ethics. The book takes a principles-based approach to ethics. One of its original contributions is to organize those principles and ethical knowledge using a taxonomic approach that provides greater structure and precision. Other approaches have stopped at a handful of high-level principles or appealed to principles in isolation. This takes a step forward by organizing principles and rules in a structured manner.
Historically, when did records managers start taking ethical considerations seriously and systematically? Was there an event or a series of events that triggered that shift?
I think that in the U.S. real momentum began in the 1990s and early 2000s with the emergence of laws such as HIPAA, Graham-Leach-Bliley, Sarbanes-Oxley, and Safe Harbor (in relation to the EU Directive). These privacy and financial governance laws, among others, are inherently ethical and they played a part in motivating the information governance movement. In my last chapter, I provide a characterization of information governance and describe its intrinsic relation to ethics. Despite this momentum, the profession has not directly addressed ethics as fully as it might have. As I argue in the book, a fundamental condition of being a professional is to have a well-developed code of ethics. ARMA’s IMJ published some articles on ethics over the last two decades (e.g., Stevens’ article from 2002 on the Enron scandal). Probably the most significant event (with respect to publications), was Richard Cox’s Ethics, Accountability, and Record Keeping in a Dangerous World, published shortly after 9/11. His book brought to light the importance to Archives and Records of whistle-blowing and impartiality (among other issues) in the face of pressures from government and business to hide wrongdoing and abuses of power. Apart from the continued interest in ethically relevant laws (e.g., GDPR), there has not been sufficient progress in developing a professional ethics for the records management field. And I think this is important if the field is going to thrive and assume the importance it deserves. The main motivation of writing this book was to lay the groundwork for a professional ethics that will be comparable to other professional such a those of law, medicine, accounting, engineering, and other fields.
Briefly, what are some guiding principles for balancing transparency and access with privacy and security?
The first thing I would advise is to not take the metaphor of balancing too strictly. It suggests a binary approach that forces tradeoffs and compromises, and that locates the correct answer as somewhere in the middle of a continuum. Sometimes this is the only way to relate these values, but I would not start there. Rather, I would start first by asking how one structures and organizes these different values. Take as an example public law regimes at the Federal and state levels. They normally start with some presumption of disclosure (transparency), but have exceptions for personal information (privacy) as well as intellectual property. These exceptions are based on legitimate considerations that do not undermine the overall objectives of the disclosure and publication principles. So, if properly structured, the laws may actually optimize putative competing values. Where there is tension, some balancing may be required, but here the advice to an information professional is to use his or her skills to minimize that tension in a way that promotes the plurality of values in conflict. For example, if transparency requires that a public agency publish its contracts online and they contain personal information, that information can be redacted. In this way, transparency and privacy are promoted. Now, there may be some residual areas of tension that cannot be resolved. To continue with the example of public records law, ongoing investigations are confidential. In this case, there is a legitimate exception based in the objectives of an investigation. In my book, I cover the topic of legitimate exceptions and show that they do not detract from ethical principles, they just make them more nuanced. So, if one wants to use the word “balance," that is fine, but I think what information professionals are doing is structuring their ethical responsibilities in a way that maximizes multiple objectives and values.
In your book you devote an entire chapter to whistle-blowing and information leaks. Can you talk a little about why you feel this topic is so important?
I think whistle-blowing and information leaks are critical issues to the professional lives of people working in the information fields. With the exception of Cox’s book, the topic has not been well explored in the context of records and information management. It is a central topic in business ethics and professional ethics, and therefore should be part of the common knowledge of records professionals, but there are particular reasons why it is an important topic for information professionals. As Cox documented in the area of archives, archivists can come across evidence of wrong doing in archival materials. If we look at records and information management, that risk is even greater, as they are privy to the flows of current information and can act closer to the events that raise ethical concern. Also, the volumes of information are increasing, as are the technical capabilities and the concomitant opportunities to misuse them. Records and information professionals have direct insight into the brains of organizations and this puts them in a risk position as regards culpability. Also, given their roles as stewards of organizational information, they have responsibilities to prevent unauthorized disclosures and so have to be able to understand how to ethically discharge this responsibility, while not being complicit in covering up wrongdoing. For this reason they should have a seat at the table when formulating and implementing policies regarding internal reporting, security, and legitimately protected information.
You conclude your introduction by writing, “The most we can expect from professionals is that they put forth their best effort to arrive at sound decisions based on a continual process of self-education and an examination of any and all relevant information that they can acquire.” What advice for self-education would you give to readers who want to stay engaged even after they’ve finished your book?
Along with reading my book, I would encourage students and practitioners to read books dedicated to topics covered in the chapters, as well as relevant legal authorities. There are many excellent books on specific topics. My references are a good place to start. Among them and by topic are: Ethics; Gert; Privacy; Solove, Nissenbaum, Allen; Whistle-blowing and confidentiality, Bok; and many others. Legal authorities (both primary and secondary) are a great way of expanding your knowledge of ethics and connecting that knowledge to statutes, regulations and court opinions that regulate the sectors in which you practice. Primary legal authorizes are easy to access. Secondary authorities such as the Fair Information Practices Principles (FIPPs) OECD Principles and GDPR guidance are even easier to access and provide an excellent overview of the relevant laws from an inherently ethical perspective. In addition to individual study, I would advise collaborating with others to advance your knowledge. Join communities of interest or form groups within your organization on ethically relevant topics such as information privacy, transparency, intellectual property, etc. These fora provide an excellent source of information but are also good ways to test our ideas and collaboratively explore questions. Once you feel confident that you have gained competence in the areas of ethics relevant to your interests and work, a great way to deepen your knowledge is to engage in writing or educational activities on the topics. Creating training materials and delivering training sessions, doing presentations or knowledge transfers for your organization or professional chapter are a great way to help you refine you knowledge. Also, consider writing for internal portals or external facing blogs, doing a book review or writing an article for ARMA or SAA.
Finally, look for projects in your organization or professional communit(ies) that intersect with an ethical/legal issue. Is your organization is forming a committee to assess how new privacy laws impact your information systems? If so, volunteer for the committee. Is your organization putting out an RFP for an information system and needs subject matters to assess its information governance capabilities? Volunteer for the RFP committee. Is your organization considering implementing a whistle-blowing hotline? Ask the lead of that initiative if you can assist with the policies surrounding communications and records capture. This list can go on, but the idea should be clear. Projects will integrate your knowledge with practice and will increase your capabilities. Combined with writing or training, these activities will also give you greater visibility within your organizations and professional communities.
Learn more at the ALA Store.