Business Ethics/Legality For IT Administrators

As a system administrator, are there things that may not be obvious that should not be done ethically or legally even when instructed to do it? I am more interested in legally, what sort of actions could seriously damage your future carrier or get you in trouble with the law.

For example, is it ever not okay to delete certain types of files even when the Boss requests it?

In particular, I am wondering about the United States. Also, I am not in a situation like this at the moment, another question just got me thinking that this is information I should know.

Really, I am not trying to trigger a discussion of ethics, or complicated scenarios where it would be best to call lawyer. But a checklist, or some literature, or some laws every IT person should know about.

Solution 1:

Ethically speaking, you could do a lot worse than follow http://lopsa.org/CodeOfEthics

Solution 2:

I think if you keep a paper/electronic trail of what's asked of you by your superiors, it should keep you safe from any legal trouble

i.e. don't just delete some records because your boss told you to while chatting at the water cooler because it might end up dragging you into sh*t that you don't know about and your boss can deny ever having told you to do such a thing. If your boss tells you something verbally, go back to your office and send him/her an e-mail "confirming" their request of you.

Ethics is a really tricky thing for a sys admin since we touch so many aspects of the business, but if something smells fishy to you, then get it in writing or print before doing it.

Solution 3:

As an american, if you are responsible for CMS systems that retain financial data, you should familiarise yourself with the Sarbanes-Oxley Act, which places obligations on businesses to retain certain types of financial records for a set period of time.

(Obligatory: IANAL)