Physicians, attorneys, accountants, engineers, realtors, and many other professionals have written guidelines designed to discourage misconduct and illegal activity, and to promote the ethical conduct of its members. In fact, according to the Sarbanes-Oxley act, all public companies in the United States are required to create and follow their own code of conduct.
However, despite the fact that DBAs are essentially protectors of an organization's knowledge, and privy to much confidential information, there are no clearly-defined set of rules, values, standards, and guidelines to help govern and guide their behavior.
In this article, I define what a code of conduct is, explain how it can be useful to DBAs and the organizations they work for, and consider if and how it could be enforced. Finally, I offer my take on a "Code of Conduct" for the Exceptional DBA. Rather than be prescriptive, my goal is simply to offer advice to DBAs on how they might conduct themselves within the bounds of the professional responsibilities of their job.
What is a Code of Conduct?
Generally speaking, a code of conduct is a set of formal, written rules, policies, standards, guidelines, obligations, behaviors, expectations, and principles that are voluntarily adhered to by a group of people with similar goals, values, and responsibilities. While other definitions exist, this one will serve our purpose well enough, as we seek to define the standards of conduct to which a DBA should adhere, while carrying out their professional duties.
How Can a Code of Conduct be Useful to DBAs?
To many people, a "Code of Conduct" means one thing: more rules. Most DBAs, myself included, would consider themselves mature enough to make their own decisions and choices, and are naturally resistant to the idea of someone telling them what to do and how to do it.
If this is the case, then why have I written this article? Well, first, my intent is not to offer a set of rules that have to be followed but, instead, a set of guidelines that can be useful for DBAs who want to fully understand and appreciate the nature and scope of their duties and responsibilities. In other words, it is intended to be educational.
At a fundamental level, most DBAs believe they understand what it means to behave "ethically". In my experience, instances of willful negligence, or blatantly unethical behavior, are relatively scarce in our profession. However, there are many "grey" areas where a DBA, especially a less-experienced DBA, can find themselves unsure of where their responsibilities end, and how exactly they should respond to a potentially compromising situation.
For example if, as a DBA, you identify criminal behavior within your organization, what do you do? Hopefully, your answer would be that you'd report it. However, is that the end of your responsibilities? What if the company you work for does not respond appropriately? What further action should you take, if any?
It's a sad fact that many organizations don't fully understand and appreciate the true role of a DBA. In their attempts to save money, they sometimes cut corners that can directly affect the integrity of their data, and so unwittingly place the guardians of their data in a difficult dilemma. If you find yourself in this situation then, hopefully, this code of conduct may help convince your organization of the importance of the role of the DBA, and the need to employ experienced DBAs to safeguard their business data. For example, if you are having difficulty convincing your manager to adhere to government regulation that affects the data you manage, then referring the manager to this Code of Conduct might be useful.
Perhaps above all else, the "Exceptional DBA's Code of Conduct" can be a source of pride to all of us who choose to adhere to it, and give us more confidence that we are doing the best we can at our jobs.
How Should a Code of Conduct be Implemented and Enforced?
Whenever the topic of a "code of conduct" is discussed, one of the first questions to be asked is: how can it be enforced? After all, if the code is not enforced in any way then, it is argued, who is it benefiting? There is no straightforward answer to the question of how to enforce such a code, or even if it should be enforced, rather than be voluntary.
One suggestion is that the code be enforced by an independent, professional organization, such as the ACM, AITP, or PASS. Anyone who fails to follow the established code of conduct could have their membership of the organization revoked. On the assumption that most businesses would regard membership of the organization a key requirement in their hiring process, then it could, in theory, prove an effective deterrent to malpractice.