License to Practice

What other industry can give such power of functionality and access to data as IT? There are few professions that require such implicit trust and reliance on professionalism - and yet anyone can do it. If you asked the bloke on the street (who is asked everything, so must be quite knowledgeable) which professional could have access to their credit cards, personal data,medical information and their finance details within a single week they would be hard pushed to think of an IT-professional. Sometimes, it scares me the responsibility inferred upon us and we have nothing but trust to make sure we keep ourselves honest, or maybe a contract or non-disclosure agreement, but what are they really worth?

If you think of what happens to a doctor if they make a mis-diagnoses (often amidst much more stressful conditions than many of us are likely to experience), where they often lose their license to practice which inevitably ends their career, you have to wonder what do IT professionals have to not only make sure they operate within professional bouondaries but also that protects them?

I have always found the idea that computers are becoming easier to use a bit frustrating, not because it widens the use of IT and access to the Internet, etc. this is a great thing, but because it starts to become too easy for people to dabble. My view is that to work in IT, you need at least a recognised IT-related degree or similar qualification to even be recognised as being capable. If you come in to IT from another sector as part of your career progression, then years served is also a great qualifier. But qualification doesn't necassarily infer suitability.

What we need is a License to Practice. Doctors have them, Accountants have them, Social Workers have them. These people all have access to sensitive data and can cause signficant change in people's circumstances for better or worse. So can IT. If I worked in an e-commerce environment, I am trusted to maintain confidentiality and not to mis-use data when dealing with credit cards. If I worked as a contractor for the government, it would be easy for me to stumble across patient data, or other sensitive data, such as tax records. (With the British Governments performance, I'd probably be just as likely to stumble upon such sensitive data on a public bus the rate they keep losing CD's with our data on) Other than an employment contract and maybe a non-disclosure agreement, there is nothing to prevent me from serruptitiously mis-using such data.

So what if I get caught? The gamble of potentially accessing a lot of money either directly or indirectly by selling personal data to criminals or competitors, could pay off enough to mitigate potentially losing my job or being sued either by the state or my employer. It might be difficult to find a job, supposing that prospective employers can access your history (which would require some significant research on their part), but the hard times would pass. You'd be able to get back into the industry eventually, maybe even a different position with similar benefits - but a job none the less.

A License to Practice would work in two ways. First, it would work to prevent IT-professionals from leaking or mis-using data or functions of the data by threatening real and serious penalties. Such penalties could be set according to the indiscretion, but could range from fines through to revocation of the license, meaning that the individual could no longer apply for any position in IT as it would become easy for employers to search for the individual against the licensing body. Secondly, the License would protect us by the fact that it would infer professional trust on the IT-worker. If data is lost, and three people have had access to the data, one of which is a Licensed IT professional, it would be logical to think that the other two people would be potentially have less to lose. In a court setting, a legally accepted License would also protect us in terms of acting as a Witness, and also in the unfortunate event of us being tried for any charges brought against us.

A License to Practice would not be an impenatrable shield, behind which we can hide and act with impunity. It would come with certain obligations, which may be a requirement to renew the license, to pay a subscription fee (although this would certainly not be the only requirement), requirement to keep references current or requirement to keep ones qualifications current wither by academic study, or through professional qualifications.

This idea is not new, and is not my own. The British Computer Society, of which I am a member, has a long standing objective to provide a similar benchmark of professionalism which could be used as a requirement to operate either within a particular job or even the industry as a whole. I pay an annual subscription to the BCS to be a member, but this infers nothing on me other than my managers or colleagues I have worked with have recommended me for membership. As far as I can tell, it is quite easy to become a member. The fact I am a member will no doubt attract prospective employers and clilents. It at least shows that I take my position seriously. I am aware of the responsibility and risks associated with my work, and I pay £x hundred pounds a year to act as a guarantee that I am serious about it. There is a structure of memberships with the BCS. The next one I aim to go for is CITP, Chartered IT Professional. This requires a higher annual payment, but more importantly, requires a serious amount of work to go towards establishing qualification to operate (both in terms of academic qualification and years served) and to face an interview panel to establish suitability for the position. This is possibly a little higher than where I would see a License to Practice to operate, to be honest, as it is quite challenging to obtain - and with reason.

In my work up to now I have seen many examples of a requirement of a License to Practice in my own work. Most recently, for example, I was charged with the private membership details of users on a web-site. I was responsible for the data, as the technical role within the web-site, and as such I was required to treat the data with utmost security. This, I did, to the best of my ability, using security mechanisms like encryption and firewalls as only part of the solution, coupled with business procedures and limited access to ensure that not only was the data safe, but also that my professionalism was safe even though it made it quite difficult to do my own job. Other examples are quite frustrating, people "tinkering" with computers, resulting in me "finishing the job". If you weren't an electrician, you wouldn't tinker with the ring-main, so why tinker with your PC or web-site?

Whether we will ever see this I don't know. Without a body with more teeth than the BCS has, I don't see it happening. While the BCS is held in high regard by government and companies as a means of establishing a professional benchmark, without a serious IT event whereby data is lost or mis-used on a massive scale, I can't see any reason to require a Licence to Practice being seen as a necessity. That said, with the Government's ability to manage IT-projects and data currently under serious question - and their ill-thought out ID card plans - it may only be a matter of time before they fall over their IT obligations big-time.

 

Read the complete post at http://bloggingabout.net/blogs/program.x/archive/2008/03/08/license-to-practice.aspx

Posted 03-08-2008 10:23 by Nathan J Pledger
Filed under: , ,
Powered by Community Server (Non-Commercial Edition), by Telligent Systems