In this commentary, I present another ethical dilemma that is not depicted in the examples provided. It crosses off each of Lefkowitz’s (Reference Lefkowitz2021) five categories: “opportunity to prevent harm,” “role conflict,” “values conflict,” “temptation,” and “coercion” in a single case. The example I provide follows a method of prevention to thwart the possibility for a breach in ethics from arising in the first place.
For nearly 19 years my students and I have provided pro bono organizational development (OD) consulting work with (typically) nonprofit (or start-up) organizations that cannot afford hiring a consultant or firm. Students do this work as part of a course in OD, consulting, or a capstone course. This type of engagement not only helps the organizations but also provides the students invaluable experience (experiential learning), supervised by a faculty member who also engages in consulting. My first priority in the engagement is the protection of the students, myself, the university, and all stakeholders associated with the organization. For this reason, I ascertain a written understanding of the work we are doing, in at least four different ways, including email, client letter of participation and understanding, contract, and IRB protocol and approval. These four documents are discussed below. It is important to note that the students are not only aware of all four documents but also responsible for creating the third and fourth documents. The students must learn the seriousness of the engagement we are about to take. They learn why we have to be protective of our stakeholders, as well as of ourselves.
Document 1: Email trail of agreement
Prior to engaging my students with a client, I have (what I believe is) a clear communication about ethical responsibilities we, as practitioners must maintain with any people involved in the OD engagement. I explain my role as a professor and supervisor and define their role as a client providing an opportunity for the students’ growth and development through a real-world project. I explain that I cannot guarantee the quality of the results but will do my best to ensure that they will be of the highest caliber possible. Clients are also informed at this stage about the tight turnaround for information and collaboration, as well as how project rescoping might be required if barriers to project completion are introduced. I also explain the utmost importance of protecting the confidentiality of any responses to interviews, surveys, or observations. Until recently, I would never experience any pushback on the matter. I typically receive, “of course, that’s understood” responses.
I also express that any survey administered will have to be reviewed by the institutional review board (IRB) of my institution to ensure proper protections are in place, including informing participants of confidentiality and how data may be used. We have always presented findings to the organization’s leadership and community. Depending on the project, we sometimes anticipate data collection that could yield a conference presentation and/or journal publication. In those cases, I also specify those possibilities and discuss how the client feels about them. When the client disagrees with publicizing beyond the client and organization’s community, the students stipulate that constraint in the contract, as well as the IRB protocol. After the meeting(s), I summarize the conversation(s) in an email and make sure the client agrees through a written email reply, which I then save.
Document 2: Client letter/statement of understanding about confidentiality
I then ask the client to prepare a letter on client letterhead (sometimes I am asked to share some language to convey) that the client signs and dates before an engagement begins. The letter stipulates their invitation to have my students and I engage in an OD assessment and report on findings. They also confirm understanding that no data will be shared, all information will remain confidential, only aggregate findings will be presented, and that the client will have no information about who has participated in interviews or surveys or who was around during observations. The client also expresses agreement to help our student team(s) access the stakeholders for data collection purposes and that the client will be the ones primarily responsible for either giving the student team(s) access to their stakeholders to administer surveys or distributing the surveys themselves. This letter is included with the IRB protocol.
Document 3: Client–consultant contract
After meeting the client on the first day of class, with the aforementioned letters and our combined notes on the client’s stated needs, my students prepare a contract. In that contract, the agreement over confidentiality is restipulated, as are scope of work, milestones and deliverables, and risk management. Risk management should be in any contract, and this is a great opportunity to educate students about avoiding ethical dilemmas by thinking about all the ways a project can go wrong. The students document what happens if the client is not timely with feedback or delays access to data collection efforts or delays providing other resources. For the course, such stipulations are all the more important not only because the work is pro bono but also because students have only one semester (about 15 weeks) in which to complete the agreed upon project. There is little to no room for delays, and veering off by even 1 week can create a need for rescoping the project entirely or withdrawing from it. These risks are also communicated in written form in advance of the client agreeing to the experiential learning engagement.
Document 4: Email confirming understanding of IRB protocol, including informed consent
Finally, the IRB protocol, including the informed consent form, is shared with the client for their review and understanding. Among other matters, the informed consent form stipulates “Survey data will be completely anonymous. Any information learned and collected from this study in which I might be identified will remain confidential and will not be disclosed under any circumstances without my explicit written permission.” The client reviews the informed consent form and survey itself, and is reminded again of the very important confidentiality clause and is asked to confirm understanding via email.
The value of a paper trail
Why is this paper trail needed? Is this excessive? On simpler occasions, the paper trail was helpful during the students’ presentations about the project and findings. On occasion, clients have tested the waters by asking students questions that could rattle them to inadvertently divulge names, but the students never have. Instead, the students reminded the clients of the confidentiality clause and asked them not to inquire about specific individuals. On one occasion, however, I learned that the paper trail was not excessive and had come to be an important “witness” to a project in which a client, without authorized access, shared access to the data with others and proceeded to claim the data as their own.
Reflection on an applied experience
Inadvertently and unbeknownst to me, a student had shared raw data with the client over shareware. It appeared the student was purging university files from their own computer and chose to upload all files associated with the project to the location where students had shared articles with each other. It was also the same space, but not the same folder, in which the final report was saved for the client. Instead of the client informing me or the students that they were given unauthorized access to the data files, they proceeded to share the access with others at another institution with whom they also had a connection. Immediately upon discovering the unauthorized access, I screenshot the names of those who had unauthorized access, removed their access, and contacted the IRB committee administrator of my university and the contact person at the client organization (here on out called OrgX) to ask that they delete all versions of any data files they have and to inform any other people with whom they shared the data to do the same. Furthermore, as I could find the contact information of some of those individuals at the other institutions who had unauthorized access to the data, I informed them that they must discard and cease using the data. This is where more problems began.
At first the individuals at the other institutions tried to claim the data belonged to OrgX (because that is what OrgX executives told them). The individuals at the other institution refused to cease and purge the data until I looped in the head of their research arm. That is when they realized that they were breaching ethical guidelines and quickly confirmed that they had purged the data. Unfortunately, the contact of OrgX not only refused to purge the data but also claimed that they owned the data and brought in OrgX’s attorney. As a result, I brought in the university’s attorney. I shared all emails and documents with the university’s attorney who drafted several letters to OrgX’s attorney. OrgX continued to claim ownership of the data. They claimed that by sending announcements over social media asking their stakeholders to complete the survey, that they somehow have ownership over the data. They continued to fail to understand their violation of their stakeholders’ trust by pressing on that they have the rights to the data (beyond the detailed findings report they received, along with an appendix with the survey template). After 4 months of nearly biweekly communications with OrgX’s attorney, they wrote a statement that they had purged the data, but along with the statement they issued a veiled threat to me and the university, accusing us of costing them money over their attorney’s time. It was evident to me that the claim over the data was due to a deep desire for the findings to be disseminated broadly and widely, but they wanted to give those data to others to analyze—people who had a personal stake in OrgX—rather than considering the ethical responsibility over confidentiality promised to the respondents.
Final thoughts
I share this piece here, because I believe categorizing ethical dilemmas is helpful for comparison, but each has its own unique twist and more important than categorizing is preventing ethical dilemmas in the first place. Lefkowitz (Reference Lefkowitz2021) provided some examples of ethical dilemmas, as do Lowman (Reference Lowman2006) and Lowman and Cooper (Reference Lowman and Cooper2018). However, there is little guidance about what preventative actions should be taken to protect one from possible breaches of ethics and, if in a dilemma, how to handle it. In the case of OrgX, having had the aforementioned four documents likely resulted in OrgX finally documenting, in a signed letter, that they had purged the files. They tried to coerce me, they tried to create a conflict of interest situation, gave unauthorized access to others (temptation), they expressed little care about the need to protect others from malfeasance, and clearly had their own values come into conflict.
As industrial-organizational psychology professionals, who have a responsibility to ensure no harm is done to any of our stakeholders, we must constantly engage in risk assessment and management. When educating students through experiential learning, our actions to protect everyone involved becomes all the more important. We must protect ourselves, the students, the university, and all the stakeholders involved with the organization. I now have a real personal case to share with students; I wish it on no one, but I hope everyone will use this commentary of lessons learned as an example of preparation should any consulting engagement turn sour.
You have
Access
In this commentary, I present another ethical dilemma that is not depicted in the examples provided. It crosses off each of Lefkowitz’s (Reference Lefkowitz2021) five categories: “opportunity to prevent harm,” “role conflict,” “values conflict,” “temptation,” and “coercion” in a single case. The example I provide follows a method of prevention to thwart the possibility for a breach in ethics from arising in the first place.
For nearly 19 years my students and I have provided pro bono organizational development (OD) consulting work with (typically) nonprofit (or start-up) organizations that cannot afford hiring a consultant or firm. Students do this work as part of a course in OD, consulting, or a capstone course. This type of engagement not only helps the organizations but also provides the students invaluable experience (experiential learning), supervised by a faculty member who also engages in consulting. My first priority in the engagement is the protection of the students, myself, the university, and all stakeholders associated with the organization. For this reason, I ascertain a written understanding of the work we are doing, in at least four different ways, including email, client letter of participation and understanding, contract, and IRB protocol and approval. These four documents are discussed below. It is important to note that the students are not only aware of all four documents but also responsible for creating the third and fourth documents. The students must learn the seriousness of the engagement we are about to take. They learn why we have to be protective of our stakeholders, as well as of ourselves.
Document 1: Email trail of agreement
Prior to engaging my students with a client, I have (what I believe is) a clear communication about ethical responsibilities we, as practitioners must maintain with any people involved in the OD engagement. I explain my role as a professor and supervisor and define their role as a client providing an opportunity for the students’ growth and development through a real-world project. I explain that I cannot guarantee the quality of the results but will do my best to ensure that they will be of the highest caliber possible. Clients are also informed at this stage about the tight turnaround for information and collaboration, as well as how project rescoping might be required if barriers to project completion are introduced. I also explain the utmost importance of protecting the confidentiality of any responses to interviews, surveys, or observations. Until recently, I would never experience any pushback on the matter. I typically receive, “of course, that’s understood” responses.
I also express that any survey administered will have to be reviewed by the institutional review board (IRB) of my institution to ensure proper protections are in place, including informing participants of confidentiality and how data may be used. We have always presented findings to the organization’s leadership and community. Depending on the project, we sometimes anticipate data collection that could yield a conference presentation and/or journal publication. In those cases, I also specify those possibilities and discuss how the client feels about them. When the client disagrees with publicizing beyond the client and organization’s community, the students stipulate that constraint in the contract, as well as the IRB protocol. After the meeting(s), I summarize the conversation(s) in an email and make sure the client agrees through a written email reply, which I then save.
Document 2: Client letter/statement of understanding about confidentiality
I then ask the client to prepare a letter on client letterhead (sometimes I am asked to share some language to convey) that the client signs and dates before an engagement begins. The letter stipulates their invitation to have my students and I engage in an OD assessment and report on findings. They also confirm understanding that no data will be shared, all information will remain confidential, only aggregate findings will be presented, and that the client will have no information about who has participated in interviews or surveys or who was around during observations. The client also expresses agreement to help our student team(s) access the stakeholders for data collection purposes and that the client will be the ones primarily responsible for either giving the student team(s) access to their stakeholders to administer surveys or distributing the surveys themselves. This letter is included with the IRB protocol.
Document 3: Client–consultant contract
After meeting the client on the first day of class, with the aforementioned letters and our combined notes on the client’s stated needs, my students prepare a contract. In that contract, the agreement over confidentiality is restipulated, as are scope of work, milestones and deliverables, and risk management. Risk management should be in any contract, and this is a great opportunity to educate students about avoiding ethical dilemmas by thinking about all the ways a project can go wrong. The students document what happens if the client is not timely with feedback or delays access to data collection efforts or delays providing other resources. For the course, such stipulations are all the more important not only because the work is pro bono but also because students have only one semester (about 15 weeks) in which to complete the agreed upon project. There is little to no room for delays, and veering off by even 1 week can create a need for rescoping the project entirely or withdrawing from it. These risks are also communicated in written form in advance of the client agreeing to the experiential learning engagement.
Document 4: Email confirming understanding of IRB protocol, including informed consent
Finally, the IRB protocol, including the informed consent form, is shared with the client for their review and understanding. Among other matters, the informed consent form stipulates “Survey data will be completely anonymous. Any information learned and collected from this study in which I might be identified will remain confidential and will not be disclosed under any circumstances without my explicit written permission.” The client reviews the informed consent form and survey itself, and is reminded again of the very important confidentiality clause and is asked to confirm understanding via email.
The value of a paper trail
Why is this paper trail needed? Is this excessive? On simpler occasions, the paper trail was helpful during the students’ presentations about the project and findings. On occasion, clients have tested the waters by asking students questions that could rattle them to inadvertently divulge names, but the students never have. Instead, the students reminded the clients of the confidentiality clause and asked them not to inquire about specific individuals. On one occasion, however, I learned that the paper trail was not excessive and had come to be an important “witness” to a project in which a client, without authorized access, shared access to the data with others and proceeded to claim the data as their own.
Reflection on an applied experience
Inadvertently and unbeknownst to me, a student had shared raw data with the client over shareware. It appeared the student was purging university files from their own computer and chose to upload all files associated with the project to the location where students had shared articles with each other. It was also the same space, but not the same folder, in which the final report was saved for the client. Instead of the client informing me or the students that they were given unauthorized access to the data files, they proceeded to share the access with others at another institution with whom they also had a connection. Immediately upon discovering the unauthorized access, I screenshot the names of those who had unauthorized access, removed their access, and contacted the IRB committee administrator of my university and the contact person at the client organization (here on out called OrgX) to ask that they delete all versions of any data files they have and to inform any other people with whom they shared the data to do the same. Furthermore, as I could find the contact information of some of those individuals at the other institutions who had unauthorized access to the data, I informed them that they must discard and cease using the data. This is where more problems began.
At first the individuals at the other institutions tried to claim the data belonged to OrgX (because that is what OrgX executives told them). The individuals at the other institution refused to cease and purge the data until I looped in the head of their research arm. That is when they realized that they were breaching ethical guidelines and quickly confirmed that they had purged the data. Unfortunately, the contact of OrgX not only refused to purge the data but also claimed that they owned the data and brought in OrgX’s attorney. As a result, I brought in the university’s attorney. I shared all emails and documents with the university’s attorney who drafted several letters to OrgX’s attorney. OrgX continued to claim ownership of the data. They claimed that by sending announcements over social media asking their stakeholders to complete the survey, that they somehow have ownership over the data. They continued to fail to understand their violation of their stakeholders’ trust by pressing on that they have the rights to the data (beyond the detailed findings report they received, along with an appendix with the survey template). After 4 months of nearly biweekly communications with OrgX’s attorney, they wrote a statement that they had purged the data, but along with the statement they issued a veiled threat to me and the university, accusing us of costing them money over their attorney’s time. It was evident to me that the claim over the data was due to a deep desire for the findings to be disseminated broadly and widely, but they wanted to give those data to others to analyze—people who had a personal stake in OrgX—rather than considering the ethical responsibility over confidentiality promised to the respondents.
Final thoughts
I share this piece here, because I believe categorizing ethical dilemmas is helpful for comparison, but each has its own unique twist and more important than categorizing is preventing ethical dilemmas in the first place. Lefkowitz (Reference Lefkowitz2021) provided some examples of ethical dilemmas, as do Lowman (Reference Lowman2006) and Lowman and Cooper (Reference Lowman and Cooper2018). However, there is little guidance about what preventative actions should be taken to protect one from possible breaches of ethics and, if in a dilemma, how to handle it. In the case of OrgX, having had the aforementioned four documents likely resulted in OrgX finally documenting, in a signed letter, that they had purged the files. They tried to coerce me, they tried to create a conflict of interest situation, gave unauthorized access to others (temptation), they expressed little care about the need to protect others from malfeasance, and clearly had their own values come into conflict.
As industrial-organizational psychology professionals, who have a responsibility to ensure no harm is done to any of our stakeholders, we must constantly engage in risk assessment and management. When educating students through experiential learning, our actions to protect everyone involved becomes all the more important. We must protect ourselves, the students, the university, and all the stakeholders involved with the organization. I now have a real personal case to share with students; I wish it on no one, but I hope everyone will use this commentary of lessons learned as an example of preparation should any consulting engagement turn sour.