Section 5: Agency

Week 13: Professional ethics, resistance, and the data practitioner's obligations

What do you do when your employer directs you to do something legal but harmful — and what does it cost?

This week’s central question. Professional codes tell practitioners what they should do. They do not tell them what actually happens when they do it. Every case on this week’s timeline involves a practitioner who acted on an ethical obligation and bore a cost for doing so. The question this week asks is not whether the practitioners were right — in most cases they were. The question is whether individual ethics is sufficient without institutional structure to support it, and what governance design would reduce the cost of doing the right thing.

This week asks the question the course has been building toward since Week 1: what does a data professional do when their employer directs them to do something legal but harmful? The governance frameworks, legal analysis, ethical reasoning, and technical controls of Weeks 1 through 12 are now brought to bear on the most personal question the course raises. The answer is not clean. That is the point.

The professional codes — ACM, IAPP, and DAMA — provide the formal framework. The comparison shows what each code requires, where they agree, and where they are silent. The silences are as important as the provisions: the ACM code is the strongest on employer conflict and whistleblowing; the IAPP code is the most relevant to this course’s subject matter but the weakest on institutional conflict; the DAMA code is largely silent on ethical obligations beyond competence and quality.

The teaching cases represent the full range of professional ethics situations: a live current case (DOGE refusals) where practitioners acted and bore consequences; a high-profile corporate whistleblower (Haugen) who used legal and media channels; a historically transformative illegal act (the Media break-in) whose ethical status remains genuinely contested; and a corporate AI ethics case (Gebru) that tests the structural limits of ethics functions inside organizations.

The week closes with the structural argument: individual ethics is necessary but not sufficient. The practitioners who refused DOGE access requests, who disclosed Facebook’s internal research, who broke into the FBI field office, and who refused to retract their research all acted on individual ethical judgment. Some prevailed; some did not; all bore costs. The governance design question is what institutional structures reduce the cost of ethical action and make it possible for ordinary practitioners to do the right thing without requiring heroism.

Learning Objectives

By the end of this session, students will be able to:

Compare the ACM, IAPP, and DAMA professional codes and identify where each is explicit, implicit, and silent on employer conflict and whistleblowing obligations.
Apply the professional codes to the teaching cases and evaluate whether each practitioner’s action was consistent with their professional obligations.
Distinguish between individual ethics and institutional ethics and explain why individual ethics is necessary but not sufficient for governance.
Identify the structural conditions that make ethical action costly and propose governance designs that would reduce that cost.
Evaluate the Media break-in case using the Week 2 ethical frameworks and articulate why it does not have a clean answer.
Connect the professional ethics discussion to the course’s central argument: accountability without enforcement is not accountability, and individual virtue without institutional support is not governance.

Hour 1 — Professional codes: what they require and where they are silent

Open with the codes comparison. Students should have read all three codes before class. The analytical move of Hour 1 is identifying the silences: where does each code fail to give a practitioner clear guidance for the hardest situations? The IAPP silence on employer conflict is the most directly relevant to this course’s subject matter. The ACM’s explicit whistleblowing provision is the strongest guidance available, and it still does not tell a practitioner what to do when they report to appropriate authorities and nothing happens. Close with the question that frames the rest of the session: the codes tell you what you should do. Who tells you what it will cost?

Hour 2 — The DOGE refusals: live whistleblower material

Walk through the DOGE refusal case in detail. This is the live case — some of the practitioners involved are still in their situations as the course is being taught. The key analytical points: the practitioners who refused did so on statutory and policy grounds (Privacy Act, IG Act, Federal Records Act) rather than professional code grounds, because professional codes have no enforcement mechanism in federal employment. The practitioners who were placed on administrative leave or reassigned bore immediate personal costs for actions that produced institutional and legal consequences. Ask students: was the outcome proportionate to the obligation? And what governance structure should have made refusal easier and less costly?

Hour 3 — The full case range: from legal channels to illegal acts

Walk through the remaining three cases, moving from the most institutionally supported (Haugen — legal counsel, press, Congress) to the most morally complex (the Media break-in — an illegal act that produced the legal framework governing federal data today). The Gebru case sits between them: a corporate ethics researcher who used professional channels, was terminated, and whose case exposed the structural problem of corporate AI ethics functions that report to the organizations they evaluate. The Media break-in should generate the most sustained discussion: apply the Week 2 frameworks. Was it consequentially justified? Deontologically permissible? What does virtue ethics say about breaking the law to expose a larger lawbreaking? There is no clean answer. Sit in it.

Hour 4 — Governance design: reducing the cost of ethical action

Close the week by moving from analysis to design. Students work in groups: given the structural argument that individual ethics requires institutional support, what governance designs would reduce the cost of ethical action in a specific organizational context? Groups should propose a whistleblower protection mechanism, an independent ethics function, a professional licensing regime with enforcement, or an anonymous reporting channel — specifying what makes each real rather than performative. The closing question: what is the difference between an institution that supports ethical action and one that merely requires it?

Professional codes comparison — ACM, IAPP, DAMA

Dimension	ACM (2018)	IAPP	DAMA
Core obligation	Public interest: professionals should act in the public interest and contribute to society and human well-being.	Protecting privacy as a fundamental right and upholding data protection law; acting with integrity and competence.	Serve the best interests of employers and the public while adhering to professional standards.
When the employer directs unethical action	Explicit: members must not engage in actions harmful to the public even if directed by an employer. “The public good should always be the primary consideration.”	Members must not engage in activities that violate applicable privacy laws or harm individuals’ privacy rights. Less explicit on employer conflict than ACM.	Less explicit. Members should advocate for ethical data practices within their organizations. No clear guidance on what to do when advocacy fails.
Whistleblowing	Explicit: an obligation to report unethical practices, including those of an employer. “Report violations of the Code to appropriate authorities.”	No explicit whistleblowing obligation. Members report code violations to IAPP. Silent on reporting employer violations to external authorities.	No explicit whistleblowing provision. Silent on external reporting obligations.
Accountability for harm	Explicit: members are accountable for harms caused by their work. “Fully responsible for their own work.” Cannot delegate accountability to the organization.	Implicit: members bear professional responsibility for privacy violations they enable. Less explicit on personal vs. organizational accountability.	Implicit: members bear responsibility for the quality and integrity of their data management work.
Where each code is silent	What happens when the member reports violations and nothing changes. Does not address the structural limits of individual ethics.	Employer conflict beyond legal compliance — the gap between legal compliance and ethical behavior that is the course’s central argument.	Virtually everything beyond competence and quality. The weakest of the three on institutional conflict.

On the codes — relevance and limits. The IAPP code is the most directly relevant to this course’s subject matter, but it is the weakest of the three on institutional conflict: it does not tell a practitioner what to do when their employer directs them to violate privacy rights in a way that is technically legal. The ACM code is the strongest on that question but is designed for computing professionals broadly. The DAMA code is largely silent. The governance lesson: professional codes are a floor, not a ceiling — they provide moral authority and professional identity but inadequate guidance for the hardest situations a practitioner will face.

Teaching cases

Federal agency employees refusing DOGE system access (2025)

What was asked: DOGE personnel requested administrative access to agency systems — Treasury, SSA, USAID — outside normal authorization procedures, in some cases without standard vetting, documented authorization chains, or clear legal basis.
What the practitioners did: career officials at Treasury, SSA, and USAID refused or delayed access, citing Privacy Act obligations, IG reporting requirements, and agency data governance policy. Some sought legal counsel before acting. At least one official was placed on administrative leave.
Outcome: mixed. Some refusals were overridden by political appointees; some officials were reassigned or placed on leave; courts intervened in some cases. The refusals created a public record that supported subsequent litigation. The officials who refused bore personal professional risk; their refusals produced institutional and legal consequences that individual compliance would not have.
Codes applicable: Privacy Act of 1974, Federal Records Act, Inspector General Act; ACM Code principles 1.2 (avoid harm) and 3.6. No data-specific professional licensing exists — the obligation came from statutory and policy frameworks, not professional codes.

Frances Haugen — Facebook whistleblower (2021)

What was asked: Haugen, a product manager, observed internal research showing Facebook’s products caused measurable harm to teenage girls’ mental health and that Facebook was aware and chose not to act.
What the practitioner did: copied internal documents and provided them to the Wall Street Journal and the SEC; testified before Congress; engaged legal counsel and a PR firm before disclosing; disclosed her identity publicly rather than anonymously.
Outcome: Facebook (Meta) disputed her characterizations. Congressional hearings; SEC investigation; limited regulatory action to date; no criminal charges for Facebook; Haugen was not prosecuted but was sued by Meta in civil proceedings. The disclosures produced the most significant public scrutiny of social media harms in years and informed subsequent legislative proposals.
Codes applicable: no data-specific code governed her situation. The ACM Code’s whistleblowing provision most closely applies (“report violations to appropriate authorities”); the IAPP code does not address employer violations. The case demonstrates the limit of professional codes: they provide moral authority but not legal protection.

The Media, Pennsylvania FBI break-in — Citizens’ Commission to Investigate the FBI (1971)

What was asked: a group of activists concluded that the FBI was conducting illegal domestic surveillance (COINTELPRO) and that no legal or institutional mechanism existed to expose or stop it.
What they did: broke into an FBI field office in Media, Pennsylvania, took files, and distributed them to journalists and members of Congress. They were never identified. The files revealed COINTELPRO; the disclosures led to the Church Committee and the Privacy Act of 1974.
Outcome: COINTELPRO was exposed and formally ended; the Church Committee investigated; the Privacy Act passed; the activists were never charged. The governance architecture this course examines — FISA, the Privacy Act, IG oversight — exists in part because of this illegal act.
Codes applicable: none — the actors were not data professionals. The case is the most morally complex on the timeline: an illegal act that produced the legal framework that governs federal data today. It forces the question of whether the ethical obligation to expose wrongdoing can override legal prohibitions — one no professional code cleanly answers.

Timnit Gebru — Google AI ethics researcher (2020)

What was asked: Gebru co-authored a research paper identifying risks in large language models — including risks directly relevant to Google’s products. Google management asked her to retract or remove her name before publication.
What the practitioner did: refused to retract; was terminated; disclosed the termination publicly. The paper was subsequently published by other co-authors. Her case prompted the departure of other AI ethics researchers and a broader public conversation about the independence of corporate AI ethics functions.
Outcome: Google maintained the termination was procedural, not retaliatory; Gebru disputed this. No legal action. The case became a reference point in AI governance: can a corporate AI ethics function be independent when it reports to the organization whose products it evaluates?
Codes applicable: ACM Code principles 2.5 (thorough evaluation including risks) and 3.7 (care for systems integrated into the infrastructure of society). The case tests the ACM Code’s whistleblowing provision against a situation where the “appropriate authority” is the organization the practitioner is reporting about.

The structural argument — individual ethics is not enough

Every practitioner on this week’s timeline acted on individual ethical judgment. The outcomes ranged from transformative (Media break-in → Church Committee → Privacy Act) to incomplete (DOGE refusals → some injunctions, ongoing litigation) to professionally costly (Gebru termination, Haugen lawsuit). The pattern across all four cases:

Individual ethical action is necessary — without the practitioners who acted, nothing changed.
Individual ethical action is not sufficient — in every case, the practitioner needed institutional support (legal counsel, press, courts, Congress) to convert individual action into systemic consequence.
The cost of individual ethical action is asymmetric — practitioners bear the cost immediately; the benefits, when they arrive, are diffuse and delayed.
Professional codes provide moral authority but not legal protection — no practitioner on this timeline was protected from professional or legal consequences by their professional code.
The governance design question: what institutional structures — whistleblower protection law, independent ethics functions, professional licensing with enforcement, anonymous reporting channels — would reduce the cost of ethical action and make it possible for ordinary practitioners to act ethically without requiring heroism?

Seminar discussion questions

The federal employees who refused DOGE access requests acted on statutory obligations — the Privacy Act, the IG Act, the Federal Records Act — rather than professional codes. What does that tell us about the relative weight of statutory obligations versus professional codes when the two point in the same direction? And what does it tell us when they point in different directions?
Frances Haugen used legal counsel, press, and congressional testimony to convert individual ethical action into systemic consequence. The DOGE refusers used legal and administrative channels. The Media activists used an illegal break-in. All produced consequences. Does the ethical legitimacy of the action depend on the channel used — or only on the consequence it produced?
The Media break-in was illegal, yet the legal framework that governs federal data today exists in part because of it. Apply the Week 2 consequentialist, deontological, and virtue ethics frameworks. Do all three reach the same conclusion? If not, which conclusion do you find most analytically defensible?
Gebru’s case exposed the structural problem of corporate AI ethics functions: can an internal ethics function be independent when it reports to the organization whose products it evaluates? What governance design would make an AI ethics function genuinely independent — and what would that independence cost the organization?
The structural argument is that individual ethics is necessary but not sufficient. Design the governance structure that would have made it easier and less costly for the DOGE refusers to act on their obligations. Be specific: what mechanism, enforced by whom, with what protection for the practitioner?

Course thread

Coming from — Weeks 1–13 built the complete analytical, legal, technical, and ethical toolkit and stress-tested it against thirteen weeks of governance failures, live cases, and professional dilemmas. Students have everything they need.

Going to — Week 14 is the capstone: students present integrated governance program proposals that address all three pillars, show where the pillars conflict, and sit in the tensions the course has identified rather than resolving them too cleanly.

Required

Required reading

ACM Code of Ethics and Professional Conduct (2018) — full document, approximately 10 pages. If not already read from Week 2, required this week. Read it specifically for the employer-conflict and whistleblowing provisions.
IAPP Code of Ethics (current version) — full document, approximately 5 pages. Read it against the ACM code: where does it agree, where does it differ, and where is it silent?
Alison Frankel, “Facebook’s Lawsuit Against Frances Haugen” (Reuters, 2022) — approximately 8 pages. The legal response to Haugen’s disclosures; what legal exposure a whistleblower faces even when their disclosures are in the public interest.
Betty Medsger, The Burglary: The Discovery of J. Edgar Hoover’s Secret FBI (2014) — chapter 1 and conclusion, approximately 30 pages. The primary account of the Media break-in; the conclusion addresses the ethical question directly.

Recommended reading

Whistleblower Protection Act (5 U.S.C. § 2302) — the federal statutory protection for government whistleblowers. What it covers and what it does not.
Alasdair MacIntyre, After Virtue (1981) — chapter 1. The foundational critique of modern moral philosophy’s inability to resolve genuine ethical conflicts.
Ruha Benjamin, “Ethics Washing: Making the Case Against Ethics Boards” (2019) — approximately 10 pages. On why ethics boards and internal ethics functions frequently produce the appearance of ethical governance without the substance. Directly applicable to the Gebru case.
Jack Balkin and Jonathan Zittrain, “A Grand Bargain to Make Tech Companies Trustworthy” (The Atlantic, 2016) — the case for professional licensing in technology fields as a structural response to the inadequacy of individual professional codes.