Henry Magruder made a mistake—he left a CD at the coffee station. Later, when Iris Majwubu was topping off her mug with fresh tea, hoping to wrap up her work on the current SQL code module before it was time to go home, she saw the unlabeled CD on the counter. Being the helpful sort, she picked it up, intending to return it to the person who’d left it behind.

Expecting to find perhaps the latest device drivers, or someone’s work from the development team’s office, Iris slipped the disk into the drive of her computer and ran a virus scan on its contents before opening the file explorer program. She had been correct in assuming the CD contained data files, and lots of them. She opened a file at random: names, addresses, and Social Security numbers appeared on her screen. These were not the test records she expected; they looked more like critical payroll data. Concerned, she found a readme.txt file
and opened it. It read:

Jill, see files on this disc. Hope they meet your expectations. Wire money to account as arranged. Rest of data sent on payment.

Iris realized that someone was selling sensitive company data to an outside information
broker. She looked back at the directory listing and saw that the files spanned the range of every department at Sequential Label and Supply—everything from customer lists to shipping invoices. She saw one file that appeared to contain the credit card numbers of every Web customer the company supplied. She opened another file and saw that it only contained about half of the relevant data. Whoever did this had split the data into two parts.

That made sense: payment on delivery of the first half. Now, who did this belong to? She opened up the file properties option on the readme.txt file. The file owner was listed as “hmagruder.” That must be Henry Magruder, the developer two cubes over in the next aisle. Iris pondered her next action.

Iris called the company security hotline. The hotline was an anonymous way to report any
suspicious activity or abuse of company policy, although Iris chose to identify herself. The
next morning, she was called to a meeting with an investigator from corporate security,
which led to more meetings with others in corporate security, and then finally a meeting with
the director of human resources and Gladys Williams, the CIO of SLS.

1. Why was Iris justified in determining who the owner of the CD was?
2. Should Iris have approached Henry directly, or was the hotline the most effective way
to take action? Why do you think so?
3. Should Iris have placed the CD back at the coffee station and forgotten the whole
thing? Explain why that action would have been ethical or unethical.

Public Answer

37JT0R The First Answerer