minoanmiss (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
minoanmiss) wrote in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png)
agonyaunt2021-02-12 03:49 pm
minoanmiss) wrote in agonyaunt2021-02-12 03:49 pm
Entry tags:
Ask a Manager: Software, Anonymity, and Ethics
Long but/and interesting.
My company develops a customizable system that we sell to various companies, and my team is responsible for providing support to the hundreds of companies who buy and utilize our system.
Recently, one of my coworkers was asked by one of our customers to provide the name of the user who wrote an anonymous feedback on their system. We can apparently see this information on our database, but my coworker was obviously uncomfortable providing this information and the topic was then raised for discussion during our weekly team meeting.
Our team leader, manager, and head of department all unanimously agreed that if the customer asks for any information pertinent to their system, all we can really do is make sure they understand the implications of providing said information and confirm that they’re sure they still need/want this, and if they say yes then to simply provide this info. Their point of view is that the customer is responsible for managing the data within their own system, and we’re just the middlemen there to assist them as necessary; whether doing this is ethical or not is up to the customer to decide, not us. Same way we can advise them not to breach general data protection guidelines, but in the end if they want to do something that would ultimately go against these guidelines it’s not really our place to stop them from doing so. We cannot tell them *how* to manage their data, we can only advise, instruct, and provide support for the system they purchased from us as requested.
Both my coworker and I were still uneasy about this. I spoke up and argued that anonymous feedback is anonymous for a reason, and that I’m not sure we should even be storing information about which user wrote which anonymous feedback on our database, as that defeats the entire purpose of feedback being anonymous. Our boss used some examples of when knowing/providing this info would make sense, like when the customer fears for a user’s well-being, but my coworker and I were still concerned about being potentially responsible, even if indirectly, for people being punished or exposed over more heated and sincere feedback that they otherwise wouldn’t write if it didn’t have the promise of anonymity behind it. “Outing” the user felt to us like breaking their trust and defeating the purpose of the tool. Our bosses reminded us that it should and will never be on us if the information we provide to the customer as requested is used unethically, and whatever happens after we help the customer is out of our hands, as it is their responsibility to manage their own data as they see fit.
Although we understand all of this and will not go against company rules, it still didn’t sit 100% right with either of us. What says you?
P.S. As far as I know, this is the first time a customer has requested this sort of information, so this isn’t something we’re just distributing willy-nilly to everyone all the time. It was just this one customer who, for some reason, wanted/needed to see who was behind an anonymous feedback submitted to their system. I also do not know what the feedback said and I didn’t ask. Finally, the users who use our system are usually employees of the company who buy our software, so the sort of retaliation my coworker and I fear is specifically getting someone fired for airing their grievances under the promise of protection our system has made to them.
Different companies handle this differently. The way your company is choosing to handle it isn’t uncommon … but they’re acting like this is the only option they have, and that’s not true.
If they wanted to, they could:
* Make it clear to customers from the get-go that anonymous info is really anonymous and won’t be released (except in cases where required by law, like with a subpoena).
* Or, clearly warn users that nothing they do on your system is fully anonymous and that while “anonymous” feedback doesn’t initially include names, those names can be provided upon the customer’s request.
When your managers say that “all they can do” is to make sure the customer understands the implications of providing the information but then provide it if they still want it, what they really mean is that they’ve decided that’s all they will do.
And that’s certainly their prerogative. It’s an approach lots of companies use. But they (a) shouldn’t throw up their hands and act as if it’s not a deliberate decision and (b) should clearly warn users of the policy.
I don’t know how much capital you want to spend on this, but if it’s something you want to pursue, you could point out that if users learn that “anonymous” isn’t really anonymous, over time your system will become less useful because people will use it differently. (And if it really gets out, there’s a risk of public backlash, like the sort Microsoft experienced earlier this year about its “productivity scores.”)
My company develops a customizable system that we sell to various companies, and my team is responsible for providing support to the hundreds of companies who buy and utilize our system.
Recently, one of my coworkers was asked by one of our customers to provide the name of the user who wrote an anonymous feedback on their system. We can apparently see this information on our database, but my coworker was obviously uncomfortable providing this information and the topic was then raised for discussion during our weekly team meeting.
Our team leader, manager, and head of department all unanimously agreed that if the customer asks for any information pertinent to their system, all we can really do is make sure they understand the implications of providing said information and confirm that they’re sure they still need/want this, and if they say yes then to simply provide this info. Their point of view is that the customer is responsible for managing the data within their own system, and we’re just the middlemen there to assist them as necessary; whether doing this is ethical or not is up to the customer to decide, not us. Same way we can advise them not to breach general data protection guidelines, but in the end if they want to do something that would ultimately go against these guidelines it’s not really our place to stop them from doing so. We cannot tell them *how* to manage their data, we can only advise, instruct, and provide support for the system they purchased from us as requested.
Both my coworker and I were still uneasy about this. I spoke up and argued that anonymous feedback is anonymous for a reason, and that I’m not sure we should even be storing information about which user wrote which anonymous feedback on our database, as that defeats the entire purpose of feedback being anonymous. Our boss used some examples of when knowing/providing this info would make sense, like when the customer fears for a user’s well-being, but my coworker and I were still concerned about being potentially responsible, even if indirectly, for people being punished or exposed over more heated and sincere feedback that they otherwise wouldn’t write if it didn’t have the promise of anonymity behind it. “Outing” the user felt to us like breaking their trust and defeating the purpose of the tool. Our bosses reminded us that it should and will never be on us if the information we provide to the customer as requested is used unethically, and whatever happens after we help the customer is out of our hands, as it is their responsibility to manage their own data as they see fit.
Although we understand all of this and will not go against company rules, it still didn’t sit 100% right with either of us. What says you?
P.S. As far as I know, this is the first time a customer has requested this sort of information, so this isn’t something we’re just distributing willy-nilly to everyone all the time. It was just this one customer who, for some reason, wanted/needed to see who was behind an anonymous feedback submitted to their system. I also do not know what the feedback said and I didn’t ask. Finally, the users who use our system are usually employees of the company who buy our software, so the sort of retaliation my coworker and I fear is specifically getting someone fired for airing their grievances under the promise of protection our system has made to them.
Different companies handle this differently. The way your company is choosing to handle it isn’t uncommon … but they’re acting like this is the only option they have, and that’s not true.
If they wanted to, they could:
* Make it clear to customers from the get-go that anonymous info is really anonymous and won’t be released (except in cases where required by law, like with a subpoena).
* Or, clearly warn users that nothing they do on your system is fully anonymous and that while “anonymous” feedback doesn’t initially include names, those names can be provided upon the customer’s request.
When your managers say that “all they can do” is to make sure the customer understands the implications of providing the information but then provide it if they still want it, what they really mean is that they’ve decided that’s all they will do.
And that’s certainly their prerogative. It’s an approach lots of companies use. But they (a) shouldn’t throw up their hands and act as if it’s not a deliberate decision and (b) should clearly warn users of the policy.
I don’t know how much capital you want to spend on this, but if it’s something you want to pursue, you could point out that if users learn that “anonymous” isn’t really anonymous, over time your system will become less useful because people will use it differently. (And if it really gets out, there’s a risk of public backlash, like the sort Microsoft experienced earlier this year about its “productivity scores.”)