Questions on the case study
- The undocumented knowledge in the above case on Marriot Resorts Company was for the purpose of spoofing the employees through the falsification of their comments which they provided on the household chores which they hated but which were later edited to look as if they were describing what it was like to have sex with their partners.
- Spoofing attacks which were directed on the company employees are illegitimate and less important. These attacks were illegitimate as they involved the invasion of privacy and violation of the rights of the employees within the working environment. These attacks were less important as they did not have any financial or other benefit to the organization or the employees. Instead, the spoofing attacks only served to damage the reputation of the employees and negatively impact the employees working in the organization. In addition, the information gathered by the company through the invasion of privacy was not designed for the achievement of any personal and professional objectives.
- The knowledge sought by the company through the invasion of privacy is not relevant to its justifying purpose. The company sought information on the comments of employees and their spouses on the household chores which they hated and this information was not relevant to the justifying purpose which was to launch spoofing attacks on the employees by making them seem like they were describing their sexual experiences with their partners. If the company wanted information on the sexual experiences of the employees with their partners, it could have directly asked that from the employees who could have either provided or declined to provide the information because they have a right to their own privacy.
- Invasion of privacy is not the only or least offensive means of obtaining the knowledge from the employees. There are other means the company could have used to obtain the information. For instance, the company could have asked for permission from its employees to obtain the information on their sexual experiences with their partners. Those employees who did not feel offended to provide such information would gladly have done so. However, those employees who are not at ease to provide such information could have opted out. Through this process, there could be no invasion of privacy and no violation of rights. The use of spoofing was a very offensive means of obtaining the knowledge from the employees.
- In this case, the company did not place any restrictions or procedural restraints on the privacy invading techniques. One of the restrictions placed on the privacy-invading techniques are that companies have to seek employee authorization to release private and confidential employee information. Personal autonomy of the individual workers has to be respected through the provision of personal space within the organizational environment. The company failed to indicate where the personal space ends within the working environment.
The company has not put in place any measures to protect the knowledge once it has been acquired. Measures for the protection of acquired knowledge are contained in organization policies and procedures, statement of values, and mission statement. For instance, there are no policies adopted by the company for the protection of employee privacy. Such policies should hold the company responsible for the end result of what it does with technology. The mission statement of the organization should stress on ethical values and there should be a statement of values within the organization for the prevention unethical conduct by both the organization and its employees.