Ytdyklly

Is it ethically wrong to have peek at staff paycheck?

Yes, and illegal in a lot of countries. Don't do this, and if you did hope no one will ever know or you risk your job and maybe more.

I agree fully with the answer of @Snow. Besides that:

• Never use administrative access to "peek" at things. In 99% of the cases there is no credible explanation that you actually need to look at a real live document as an IT person, unless you need to give support on a specific case.




• If you happen to come across such information without being explicitly permitted and asked to by the administration of your company, keep it absolutely confidential and never ever talk about it - but inform your boss that some procedure is not OK (see next point).




• If you have a support role where you get in touch with personal information and your company has not given you a dedicated training/explanation on it, including introducing the person actually responsible for this, then something is severely wrong in the administration. In a well organized company, there is no way that somebody gets in contact with salary information without that being addressed explicitly, including precise limitations and procedure how to handle things, and a form which you have to sign that you understood what was said.

Yes. You should only be accessing the data you need to access to do your job, especially when it comes to financial data.

Most companies, looking at someone else's paycheck without having a valid business reason is a reason for immediate termination. Also, many companies log such read access, and there are audits about it.

Because you are in a small company, it seems this isn't tracked or formalized, but there is a good chance that the owner would terminate you anyway if he found out.

Other than what all the other answers have said about your question, what do you hope to gain by knowing what a colleague's salary is? Do you hope to feel good because you are paid more? What if he earns more than you? You can't use that information as grounds for requesting/negotiating an increase anyway. That information might very well cause all sorts of problems for you on all sorts of levels. Just be let it be.

Is it ethically wrong to have peek at staff paycheck?

Yes, and legally.

I would stop and go to your boss immediately with the following:

1. You're accessing LIVE data and there's a risk you can break it.


2. You're able to see pay information. Are you able to see PII information as well? If so, I would immediately stop.

You risk not only your job but also legal problems. Maybe jail or a heavy fine. It only takes one person to understand what you're doing and they go to the proper authorities or lawyer in your country and begin the process. You need to email this to your boss and save that email with the following:

Boss, I am accessing an API that shows our staff's PII and pay information. I am able to access this without restriction and modify the data. I need a test bed and not be able to see this data as it is a violation of [insert country's privacy law]

Being an IT worker at your company gives you access to data that is confidential, but that does not entitle you to read it. You should treat it no differently than it being a physical file in a cabinet. Just because the filing cabinet is in the same room as you and you have the key, does not mean you should be perusing through it at your leisure. It is morally and ethically wrong, and it may also have legal consequences. Not only would you put your job at risk, but you may be subjecting yourself to prosecution.

You should only be accessing data that pertains to your job. If you do happen to come across confidential information during your routine duties, you must never disclose this information to others, or use it for personal gain. There may also be controls on this system that you are not aware of. You should treat your access as if someone is always looking over your shoulder. You may never know that someone is watching over you until you are being marched out of the building by security, so please keep that in mind.

As others have said, you should look into having a separate server instance with fake data to develop against. As a developer, there is no reason to test against a live system. If something ever went wrong, you wouldn't want to be the one that people are pointing fingers at.

People get fired for this. I even know someone who got fired for not immediately firing someone who was caught doing what you suggested.

Accessing records which you're not authorized to access is trouble. And before you ask, having the ability to access data is not at all the same as having the authority. Forget "ethically", your problem is "contractually" and "legally", either of which carry significantly harsher consequences than "ethically".

While most answers address the legal and personal ethics, there is also the code of ethics that is established by the relevant professional body/ies in your country or that you may be a member of (personally, I use these despite not being a member).

In Australia, the relevant body is the Information Technology Professionals Association which is the successor of the System Administrator's Guild of Australia (SAGE-AU). The code of ethics produced by this organisation has been adopted by many professional bodies around the world.

There is a difference between coming across confidential information in the course of your duties and deliberately accessing confidential information.

In my opinion, it is unethical to deliberately access information that you haven't been given explicit authority to access. If you are a member of a professional body and they were to find out, then you would have your membership revoked (which could hamper future job applications); if you are not a member then you run the risk of being refused membership if they discover that you have done this (employer or another employee may report you to the body).

As IT professionals, we are entrusted with confidential information (our privilege) and we must protect that information (our responsibility) from all, including ourselves.

Is it ethically wrong to have peek at staff paycheck?

Of course it's wrong.

I'm guessing you already know that. But in case you aren't sure, ask your boss first.

Never use Production. Use a test system with simulated data.

Depends on what you consider ethically wrong. I for one would be curious and do it when no one is watching, not because it's right or ethical, but because I would want to know if I'm getting shafted with the pay. As the answers above pointed out, I would refrain if specifically requested not to or it's illegal to do so.