Research Ethics & Intellectual Integrity
Session at a Glance
Research ethics history and principles; Belmont Report; informed consent; plagiarism and IPR; GDPR and DPDP Act 2023; algorithmic fairness; research misconduct
Ethics self-assessment checklist; participant consent form drafting; plagiarism detection exercise
2 hrs Lecture + 12 hrs Lab/Project
Ethics self-assessment & consent form draft
Learning Objectives
By the end of this session, you will be able to:
- Trace the historical evolution of research ethics from the Nuremberg Code to contemporary frameworks, and explain why ethical safeguards exist
- Apply the three Belmont principles — Respect for Persons, Beneficence, and Justice — to evaluate the ethical dimensions of a proposed capstone research design
- Differentiate among types of plagiarism and identify the legal and institutional consequences of intellectual property violations in both academic and professional contexts
- Compare GDPR and the DPDP Act 2023, identifying key provisions that affect student research involving human participants or personal data
- Assess a research project for ethical risks — including algorithmic bias, data privacy vulnerabilities, and questionable research practices — and design appropriate mitigation strategies
Session Planner
Suggested breakdown of the 4-hour contact session.
| Time | Segment | Activity | Mode |
|---|---|---|---|
| 0:00–0:08 | Opening | Recap Week 5 literature review; transition: "Now that you have your RQs and are building your lit review — how will you conduct this research ethically?" | Whole class |
| 0:08–0:25 | Lecture 1 | Historical cases (Nuremberg, Tuskegee, Milgram, Facebook emotional contagion); Nuremberg Code; Declaration of Helsinki; why ethics is not a bureaucratic hurdle | Lecture |
| 0:25–0:42 | Lecture 2 | The Belmont principles; informed consent — components and special populations; traditional vs. online consent | Lecture |
| 0:42–1:00 | Lecture 3 | Plagiarism types and IPR; GDPR & DPDP Act 2023; algorithmic fairness; research misconduct — fabrication, falsification, QRPs | Lecture |
| 1:00–1:15 | Activity | Case analysis: given 4 research scenarios, identify which ethical principles are implicated and recommend corrective actions | Pairs |
| 1:15–1:30 | Discussion | Share case analyses; debate grey-area scenarios where multiple principles are in tension | Whole class |
| 1:30–1:45 | Break | — | — |
| 1:45–2:05 | Lab Briefing | Ethics checklist walkthrough; consent form template; plagiarism detection demonstration with Turnitin/Urkund | Demo |
| 2:05–3:25 | Lab Work | Part A: Ethics self-assessment for capstone project; Part B: Consent form drafting; Part C: Plagiarism detection exercise | Individual/Pairs |
| 3:25–3:50 | Peer Review | Exchange consent forms and plagiarism analyses; peer critique using structured prompts | Pairs |
| 3:50–4:00 | Exit Ticket | Submit ethics checklist and consent form draft; self-assess confidence with ethical reasoning | Individual |
1. Why Ethics Matters in Research — The Lessons of History
Research ethics may feel like an abstract, bureaucratic exercise — a box to tick before you can start collecting data. But the modern ethical framework exists because real people were harmed, sometimes fatally, by research that treated human beings as means rather than ends. Understanding this history transforms ethics from a compliance exercise into a professional responsibility.
Research ethics is the application of fundamental moral principles to the planning, conduct, and reporting of research. It governs how researchers treat participants, handle data, report findings, and manage the broader consequences of their work. Ethics is not a constraint on good research — it is a precondition for research that is trustworthy, reproducible, and worthy of public confidence.
1.1 Four Cases That Shaped Modern Research Ethics
Each of these cases revealed a gap in the ethical framework of its time — and each led directly to reforms that shape how you will conduct your capstone research today.
Nazi physicians conducted forced experiments on concentration camp prisoners — exposure to extreme temperatures, infectious diseases, and untested drugs — without consent, often resulting in death. The subsequent trials produced the Nuremberg Code (1947), which established voluntary informed consent as the absolute prerequisite for human research.
The US Public Health Service studied the natural progression of untreated syphilis in 600 African American men — 399 with the disease, 201 without — without informing them of their diagnosis or providing treatment, even after penicillin became the standard of care in 1947. Participants were deceived (told they had "bad blood") and actively prevented from accessing treatment. The study ran for 40 years before a whistleblower exposed it. It led directly to the Belmont Report (1979).
Stanley Milgram at Yale told participants they were in a "learning experiment" and instructed them to administer increasingly severe electric shocks to a "learner" (an actor) when the learner gave wrong answers. Despite hearing screams and pleas, 65% of participants administered shocks up to the maximum 450-volt level. The study revealed powerful psychological distress caused by deception — many participants experienced acute anxiety during the experiment. It catalysed debriefing requirements and stricter limits on deception in research.
Researchers at Facebook and Cornell manipulated the News Feeds of 689,003 users — without their knowledge or consent — to test whether emotional states could be transmitted through social networks. Users shown fewer positive posts produced fewer positive posts themselves, and vice versa. Published in PNAS, the study triggered widespread condemnation: users had not consented to be experimental subjects, and the manipulation could have harmed vulnerable users. The case forced the computing research community to confront the ethical gap between what is technically possible and what is ethically permissible, and contributed to the development of research ethics guidelines for computational social science.
The Nuremberg Code gave us informed consent. The Declaration of Helsinki (1964, revised 2013) extended protections to all human subjects and required independent ethics committee review. The Belmont Report (1979) codified three organising principles. The Facebook study (2014) forced computing research to catch up with social science ethics. Each generation learns from the failures of the previous one. Your capstone is conducted within a framework that these cases built — not in spite of them.
1.2 Key Ethical Documents Every Researcher Should Know
| Document | Year | Key Contribution | Relevance to Capstone |
|---|---|---|---|
| Nuremberg Code | 1947 | Voluntary consent is essential; research must yield fruitful results for society; avoid unnecessary physical and mental suffering | Foundation for all consent procedures |
| Declaration of Helsinki | 1964 (rev. 2013) | Research on human subjects must be reviewed by an independent ethics committee; vulnerable populations require special protection | IRB/IEC approval requirements |
| Belmont Report | 1979 | Three organising principles: Respect for Persons, Beneficence, Justice; practical application to research design | Core framework for ethical analysis (Section 2) |
| ACM Code of Ethics | 1992 (rev. 2018) | Computing-specific ethical guidance; harm avoidance; respect for privacy; algorithmic transparency | BCA capstone projects involving software, AI, or data systems |
| GDPR | 2018 | Comprehensive data protection framework for the EU; data subject rights; consent requirements; territorial scope beyond EU borders | Any project collecting EU resident data (Section 5) |
| DPDP Act 2023 | 2023 | India's data protection framework; consent managers; Data Protection Board; penalties up to ₹250 crore | Any project collecting personal data in India (Section 5) |
2. The Belmont Principles — A Universal Ethical Framework
The Belmont Report (1979) identified three principles that have become the universal grammar of research ethics. They apply regardless of discipline — a BBA student surveying consumers and a BCA student training a recommendation algorithm are both bound by them.
| Principle | Definition | Application — BBA | Application — BCA |
|---|---|---|---|
| Respect for Persons | Individuals must be treated as autonomous agents. Those with diminished autonomy (children, prisoners, cognitively impaired) are entitled to additional protection. | Informed consent from survey respondents and interview participants; no coercion (e.g., manager "requiring" employees to participate); right to withdraw at any time without penalty | Transparent disclosure when collecting user data (not buried in Terms & Conditions); opt-in, not opt-out; users must know what data is collected and why; click-wrap consent must be meaningful, not a formality |
| Beneficence | Maximise possible benefits and minimise possible harms. The risk-benefit ratio must be favourable. "Do no harm" is the minimum; actively protecting participants is the standard. | Anonymising survey data so individual respondents cannot be identified; avoiding questions that could cause psychological distress or social harm; securing data against breaches | Testing algorithms for fairness before deployment; considering dual-use risks (could this model be used for surveillance?); assessing whether model errors could cause harm (e.g., incorrect credit scoring) |
| Justice | The benefits and burdens of research must be distributed fairly. No group should bear disproportionate research burdens, and no group should be systematically excluded from research benefits. | Selecting participants fairly — not limiting to convenient populations (e.g., only urban, English-speaking, high-income) when findings claim to generalise; ensuring marginalised groups are not excluded from beneficial research | Ensuring training data represents diverse populations; testing model performance across demographic subgroups; not deploying models that work well for majority groups but poorly for minorities |
2.1 Institutional Review — IRB and IEC
The Belmont principles are operationalised through Institutional Review Boards (IRBs) — also called Independent Ethics Committees (IECs) or Institutional Ethics Committees in India. These are independent bodies that review research proposals before data collection begins.
- Risk-Benefit Analysis: Are the risks to participants justified by the potential benefits of the research? Are risks minimised?
- Informed Consent: Is the consent process adequate? Are consent forms clear, comprehensive, and free of coercion?
- Participant Selection: Is recruitment equitable? Are vulnerable populations appropriately protected?
- Data Management: How will data be stored, secured, anonymised, and eventually destroyed?
- Conflicts of Interest: Does any researcher have financial or personal interests that could bias the research?
IRB review is an iterative process, not a one-time checkbox. You may be asked to revise consent procedures, clarify data security measures, or justify your sample selection. This is normal — it means the system is working. A project that sails through IRB without a single question is not necessarily a well-designed project; it may be one whose ethical dimensions have not been examined closely enough. For your capstone, your faculty supervisor is your first line of ethical review. The institutional IRB/IEC is the formal gatekeeper.
3. Informed Consent — The Cornerstone of Ethical Research
Informed consent is not a signature on a form. It is a process by which a potential participant understands what the research involves, comprehends the risks and benefits, and voluntarily agrees to participate — free from coercion or undue influence.
3.1 The Three Components of Valid Consent
Participants must receive all information a "reasonable person" would want before deciding: purpose of the research, procedures involved, expected duration, foreseeable risks and benefits, alternatives to participation, confidentiality measures, and contact information for questions and complaints. Information must be in a language the participant understands.
The participant must actually understand the information — not just receive it. This means: using plain language (not technical jargon), tailoring explanations to the participant's education level, and verifying understanding (asking the participant to explain the study in their own words). If the participant cannot comprehend (child, cognitive impairment), consent must be obtained from a legally authorised representative.
Consent must be given freely, without coercion (explicit threats), undue influence (excessive compensation, authority pressure), or manipulation. A manager asking subordinates to "volunteer" for a study, or offering a grade incentive for student participation, compromises voluntariness. Participants must know they can withdraw at any time without penalty — and this must be true in practice, not just on paper.
3.2 Traditional vs. Online Consent
| Dimension | Traditional (Face-to-Face) | Online / Digital |
|---|---|---|
| Format | Printed consent form; researcher present to answer questions; participant signs in person | Digital consent form (web form, click-wrap, e-signature); researcher may not be present |
| Verification | Researcher can observe whether participant understands; can answer questions in real time | Difficult to verify comprehension; participant may scroll past without reading; questions are asynchronous |
| Record-Keeping | Physical signed forms stored securely; separate from data to maintain anonymity where possible | Digital records (IP address, timestamp, e-signature); must be stored on secure servers, not in survey tools where consent is linked to responses |
| Withdrawal | Participant informs researcher; data removed; straightforward in face-to-face settings | Must provide a clear mechanism (email, form, link); data deletion must be technically feasible; consider that anonymous data cannot be withdrawn after collection |
| Special Risks | Power dynamics (researcher-participant relationship); privacy during sensitive interviews | Data security breaches; third-party platform terms of service; participants may not be who they claim to be (minors posing as adults) |
3.3 BCA-Specific: Consent for Data Collection in Software Research
BCA capstone projects often involve collecting data from users — app usage logs, clickstream data, API responses, or survey responses within a web application. The following principles apply:
- Click-wrap consent must be meaningful: A pre-ticked checkbox buried in a 40-page Terms of Service document does not constitute informed consent. The consent request should be separate, prominent, and written in plain language.
- Granular consent: Users should be able to consent to some data uses but not others (e.g., consent to usage analytics but not to data sharing with third parties).
- Data minimisation: Collect only the data you need for your research question, not everything that is technically possible to log.
- Platform compliance: If you collect data through a third-party platform (Google Forms, SurveyMonkey, a mobile app store), you are also bound by that platform's data policies. Read them — ignorance is not a defence.
Children (under 18), prisoners, pregnant women, cognitively impaired individuals, economically disadvantaged populations, and employees/subordinates of the researcher are considered vulnerable populations. Research involving these groups requires additional safeguards: surrogate consent, assent from the participant in addition to surrogate consent, independent advocates, and stronger justification of why the research cannot be conducted with a non-vulnerable population. If your capstone involves any of these groups, flag this early with your supervisor.
4. Plagiarism & Intellectual Property Rights
4.1 Plagiarism — More Than Copy-Paste
Plagiarism is presenting someone else's work, ideas, or words as your own — whether intentionally or through negligence. Most students understand that copying a paragraph verbatim without quotation marks and a citation is plagiarism. But plagiarism takes many forms, some of which are less obvious.
| Type | Definition | Example | How to Avoid |
|---|---|---|---|
| Direct Plagiarism | Copying text word-for-word from a source without quotation marks and citation | Pasting a paragraph from a journal article into your literature review without attribution | Use quotation marks for verbatim text + in-text citation + page number. But minimise direct quotes — paraphrase instead. |
| Mosaic Plagiarism | Patching together phrases and sentences from multiple sources, changing a few words, but retaining the original structure | Taking sentences from 3 papers, replacing some words with synonyms, and presenting the result as original writing | Synthesise across sources (see Week 5). If the structure of your paragraph mirrors a single source, you're not synthesising — you're paraphrasing too closely. |
| Self-Plagiarism | Reusing your own previously submitted or published work without disclosure or permission | Submitting the same literature review section for two different courses; republishing your own conference paper in a journal without noting it is an extended version | Always disclose prior use. Cite your own previous work as you would cite any other author. Check your institution's policy — some allow limited reuse with disclosure. |
| Paraphrasing Without Credit | Rewriting someone else's idea in your own words but not citing the source | Reading a paper's argument, restating it in your own language, and not providing a citation because "I wrote it in my own words" | Paraphrasing does not eliminate the obligation to cite. If the IDEA came from a source, cite the source — even if the words are entirely your own. |
| Idea Plagiarism | Using someone else's unique concept, framework, or research design without attribution | Adopting a novel methodology or theoretical framework from an unpublished conference presentation without crediting the originator | Cite the originator of ideas, not just the originator of text. If you learned about a concept from a source, cite that source — even if the concept is now "well-known." |
| Accidental Plagiarism | Failing to cite due to carelessness, poor note-taking, or misunderstanding of citation norms | Keeping notes without recording the source; later treating the note as your own thought; writing it into your paper uncited | Maintain meticulous notes with source information. Use reference management software (Zotero, Mendeley) from Week 4. When in doubt, cite. |
Your institution almost certainly uses plagiarism detection software — Turnitin, Urkund (Ouriginal), or Grammarly's plagiarism checker. These tools compare your text against: published academic literature, web content, and a database of previously submitted student work (including from other institutions). They detect mosaic plagiarism, not just direct copying — paraphrasing that is "too close" to the original will be flagged. The best defence is not to outsmart the tool but to write genuine synthesis (Week 5 skill). A similarity score of 15–20% or below is typical for a well-written literature review (citations and common phrases will always produce some matches). A score above 30% warrants serious revision.
4.2 Intellectual Property Rights (IPR)
Intellectual property law protects the products of creative and intellectual labour. As a researcher, you are both a consumer of others' IP (through your literature review) and a producer of IP (through your capstone dissertation and any artefacts you create).
| IPR Type | What It Protects | Duration (India) | Relevance to Capstone |
|---|---|---|---|
| Copyright | Original literary, dramatic, musical, artistic works; computer programs; databases with originality in selection/arrangement | Author's lifetime + 60 years | Your dissertation is automatically copyrighted. Using others' copyrighted work (figures, survey instruments, code) requires permission or must fall under fair dealing. |
| Patent | Novel, non-obvious inventions with industrial applicability — products, processes, methods | 20 years from filing date | If your BCA capstone produces a novel algorithm, system architecture, or technical method, discuss patentability with your supervisor and the institution's IP cell BEFORE publicly disclosing it. |
| Trademark | Distinctive signs — names, logos, slogans, sounds — that distinguish goods/services of one enterprise from another | 10 years (renewable indefinitely) | Less relevant to most capstones. Relevant if your project involves branding or commercialisation of a product/service. |
| Trade Secret | Confidential business information that derives economic value from not being publicly known | Indefinite (as long as secrecy is maintained) | If your capstone involves a company's proprietary data or methods, you may be under a non-disclosure agreement (NDA). Understand your obligations before signing. |
4.3 Fair Use (US) vs. Fair Dealing (India) — What Can You Legally Use?
| Dimension | Fair Use (US — Section 107, Copyright Act 1976) | Fair Dealing (India — Section 52, Copyright Act 1957) |
|---|---|---|
| Approach | Flexible, open-ended: four factors are weighed case-by-case by courts | Exhaustive list: specific purposes are enumerated; uses outside the list are not protected |
| Permitted Purposes | Criticism, comment, news reporting, teaching, scholarship, research — but the list is illustrative, not exhaustive | Private study, research, criticism/review, reporting current events — the list is a closed set |
| Key Factors | (1) Purpose and character of use; (2) Nature of the copyrighted work; (3) Amount and substantiality of portion used; (4) Effect on the potential market for the original | Purpose must fall within the enumerated list; use must be "fair" in the specific context — courts consider the extent and purpose of the dealing |
| Capstone Implication | Quoting a few paragraphs from a paper in your lit review with proper attribution is clearly fair use | Same — research and private study are explicitly protected. Reproducing an entire survey instrument or a full journal article is not fair dealing (and requires permission) |
Many academic and open-source works are licensed under Creative Commons (CC) licences, which grant permission in advance for specific uses. CC BY (attribution only) is the most permissive; CC BY-NC (non-commercial) prohibits commercial use; CC BY-SA (share-alike) requires derivative works to use the same licence; CC BY-ND (no derivatives) prohibits modifications. When using CC-licensed content in your capstone, check which licence applies and comply with its terms. For code, open-source licences (MIT, GPL, Apache) serve a similar function — understand the licence before incorporating open-source code into your BCA project.
5. Data Privacy & Protection — GDPR and the DPDP Act 2023
Data protection law has undergone a seismic shift in the last decade. The European Union's General Data Protection Regulation (GDPR, 2018) set a new global standard, and India followed with the Digital Personal Data Protection Act (DPDP Act, 2023). Both have direct implications for student research that collects or processes personal data.
Any information relating to an identified or identifiable natural person. This includes obvious identifiers (name, email, phone number, Aadhaar, IP address) and less obvious ones (location data, behavioural patterns, cookie identifiers, device fingerprints) when they can be linked — directly or indirectly — to an individual. Anonymised data (from which identification is irreversibly impossible) is generally not personal data. Pseudonymised data (where identifiers are replaced with codes but re-identification is still possible with a key) IS still personal data and remains subject to data protection law.
5.1 GDPR vs. DPDP Act 2023 — Side-by-Side Comparison
| Provision | GDPR (EU, 2018) | DPDP Act 2023 (India) |
|---|---|---|
| Territorial Scope | Applies to any organisation processing personal data of individuals in the EU — regardless of where the organisation is located. A student in India collecting survey responses from EU residents is subject to GDPR. | Applies to processing of digital personal data within India, and to processing outside India if it involves offering goods or services to individuals in India. Covers data collected online and data collected offline that is subsequently digitised. |
| Legal Basis for Processing | Six lawful bases: consent, contract, legal obligation, vital interests, public task, legitimate interest. Consent is only ONE basis — research may fall under "legitimate interest" or "public task" in some cases. | Consent is the primary basis. A "deemed consent" provision exists for specified legitimate uses including — notably — research purposes, but this is narrower than GDPR's legitimate interest basis. |
| Consent Requirements | Freely given, specific, informed, and unambiguous; must be a clear affirmative act; pre-ticked boxes are invalid; must be as easy to withdraw as to give; special categories of data (health, biometrics, ethnicity) require explicit consent. | Free, specific, informed, unconditional, and unambiguous; clear affirmative action required; a notice must be provided describing the data collected, purpose, and rights. Consent Managers — registered intermediaries — are a unique feature enabling individuals to manage consent across platforms. |
| Data Subject Rights | Right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing including automated decision-making. | Right to access, correction, erasure, grievance redressal, and the right to nominate another individual to exercise rights in the event of death or incapacity. The right to data portability is not explicitly included in the current Act. |
| Data Protection Authority | Independent supervisory authorities in each EU member state; the European Data Protection Board (EDPB) ensures consistency. | The Data Protection Board of India (DPBI) — a central adjudicatory body with the power to investigate complaints, impose penalties, and direct remedial measures. |
| Penalties | Up to €20 million or 4% of global annual turnover, whichever is higher. | Up to ₹250 crore (approximately €28 million) for certain violations. The DPDP Act does not link penalties to turnover — it specifies penalty ceilings for different contraventions. |
| Breach Notification | Must notify the supervisory authority within 72 hours of becoming aware of a data breach; must notify affected individuals without undue delay if the breach poses a high risk. | Must notify the Data Protection Board and affected individuals in the event of a personal data breach, in the manner and within the period prescribed (detailed rules awaited as of 2025). |
| Student Research Exemption | No blanket exemption. Student research that processes personal data must comply with GDPR. Some member states provide limited exemptions for academic research, but these vary and must be verified. | The Act includes provisions for research and statistical purposes, but these are not blanket exemptions. Student capstone projects collecting personal data in India should comply — particularly with consent and data security obligations. |
5.2 Practical Implications for Capstone Research
- If you collect ANY personal data, you need consent. This includes survey responses with names or email addresses, interview recordings, app usage logs linked to user IDs, and any dataset that can be linked to individuals.
- Anonymise early. Replace names with participant codes as soon as data is collected. Store the key (linking codes to identities) separately from the data — ideally in a password-protected file on a different server. Once analysis is complete, destroy the key if you no longer need it.
- Secure your data. Store data on institution-provided, access-controlled servers — not on personal laptops, unencrypted USB drives, or public cloud storage with open sharing permissions. Password-protect all files containing personal data.
- Data minimisation is not optional. Do not collect data "just in case it might be useful." Define your variables in advance (Week 3 skill) and collect only those. Every additional data point is an additional liability.
- Know your data's jurisdiction. If you collect data from EU residents, GDPR applies regardless of where you are. If you collect data in India, the DPDP Act applies. If both — both may apply. Consult your supervisor.
A common misconception: "I'm just a student — data protection law doesn't apply to my capstone." This is incorrect. GDPR and the DPDP Act do not have blanket exemptions for student research. Your institution may have specific policies or arrangements, but the default position is that you must comply. The good news: the compliance burden for a well-designed student project (small sample, clearly defined purpose, proper anonymisation) is manageable. The bad news: claiming you didn't know about the law will not protect you or your institution.
6. Algorithmic Fairness & Research Ethics in Computing
This section is primarily directed at BCA students, but BBA students should engage with it too — algorithms increasingly mediate the consumer behaviour, financial markets, and organisational processes that BBA research examines.
6.1 Three Sources of Algorithmic Bias
The training data does not represent the population the model will serve. Examples: a face recognition system trained primarily on light-skinned faces; a credit scoring algorithm trained on data from a period when certain groups were systematically denied credit; a language model trained predominantly on English text applied to code-mixed Hindi-English queries. Mitigation: Audit your dataset for demographic representation before training; augment under-represented groups; document dataset limitations transparently.
The model amplifies patterns in the data or introduces bias through its optimisation objective. Examples: a recommendation system that optimises for engagement amplifies sensational content; a hiring model trained to predict "job success" using historical promotion data learns to prefer candidates who resemble past promotees. Mitigation: Choose fairness-aware learning objectives; test model outputs across subgroups; apply post-processing corrections.
A technically fair model is deployed in a context that produces unfair outcomes. Examples: a predictive policing model deployed in a neighbourhood with historically higher arrest rates creates a feedback loop — more police presence → more arrests → more data confirming the model's prediction. Mitigation: Consider the sociotechnical system, not just the model; conduct impact assessments before deployment; monitor outcomes after deployment and be prepared to withdraw the system.
6.2 Fairness is Not One Thing — Competing Definitions
| Fairness Definition | What It Requires | Limitation |
|---|---|---|
| Demographic Parity | The proportion of positive outcomes should be equal across groups (e.g., same percentage of male and female applicants are selected) | Ignores legitimate differences between groups (e.g., different qualification distributions); can result in selecting less-qualified candidates to achieve parity |
| Equalised Odds | False positive rates and false negative rates should be equal across groups (e.g., the model should be equally likely to mistakenly classify a qualified candidate as unqualified, regardless of group) | Requires ground truth labels (knowing who was "truly" qualified), which are often unavailable or themselves biased; does not guarantee demographic balance in outcomes |
| Individual Fairness | Similar individuals should receive similar predictions — regardless of group membership. "Treat likes alike." | Requires defining a similarity metric, which is itself value-laden; computationally expensive for large datasets; may not address systemic disparities |
The key insight: no single fairness definition works for all contexts. Choosing which fairness definition to optimise for is itself an ethical decision, not a purely technical one. You must justify this choice in your methodology chapter.
6.3 The ACM Code of Ethics — Computing's Professional Standard
The Association for Computing Machinery (ACM) Code of Ethics and Professional Conduct (2018) provides computing-specific guidance that complements the Belmont principles:
- General Ethical Principle 1.1: "Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing."
- General Ethical Principle 1.2: "Avoid harm. 'Harm' means negative consequences, especially when those consequences are significant and unjust."
- General Ethical Principle 1.6: "Respect privacy. The responsibility of respecting privacy applies to computing professionals in a particularly profound way."
- Professional Responsibility 2.5: "Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks."
- Professional Responsibility 2.9: "Design and implement systems that are robustly and usably secure."
Research intended for beneficial purposes can be repurposed for harm — this is the "dual use" problem. A facial recognition system developed for accessibility (helping visually impaired people recognise friends) can be used for mass surveillance. A natural language generation model built to assist writers can be used to produce disinformation at scale. As a BCA capstone student, you should ask: "What is the worst thing someone could do with my system? Is there a reasonable way to prevent or mitigate that?" This is not hypothetical — it is a standard component of responsible computing research and should be addressed in your ethics self-assessment.
7. Research Misconduct — Falsification, Fabrication, and Questionable Practices
Research misconduct is not always as dramatic as inventing data from thin air. Many cases involve researchers who, under pressure to publish or graduate, took shortcuts that crossed ethical lines. Understanding the spectrum — from clear fabrication to subtle questionable practices — is essential for protecting your own integrity.
7.1 The Three Categories
| Category | Definition | Example | Consequence |
|---|---|---|---|
| Fabrication | Making up data or results and recording or reporting them as if they were real | Creating survey responses from "participants" who were never surveyed; generating experimental data that was never collected; Diederik Stapel — Dutch social psychologist who fabricated data in over 50 publications over a decade — 58 papers retracted, PhD revoked | Paper retraction; loss of degree; termination of employment; permanent loss of research credibility; legal liability if funded by grants |
| Falsification | Manipulating research materials, equipment, or processes, or changing or omitting data or results such that the research is not accurately represented | Removing outliers that don't support the hypothesis without reporting it; "cleaning" data to remove inconvenient results; Photoshopping a Western blot image to make bands appear stronger or remove unwanted bands | Paper retraction; institutional investigation; damage to the lab and collaborators; questioned integrity of all prior work by the same researcher |
| Questionable Research Practices (QRPs) | Behaviours that violate responsible research conduct but fall short of fabrication/falsification — a "grey zone" that is more common than outright fraud | p-hacking, HARKing, selective reporting of outcomes, failing to report failed replications, inadequate sample sizes justified post-hoc, excluding participants based on results rather than pre-registered criteria | Undermined reproducibility; inflated effect sizes in published literature; the "replication crisis" in psychology and social sciences; less likely to trigger formal investigations but damaging to scientific credibility |
7.2 QRPs Explained — The Slippery Slope
Running multiple statistical tests or data analyses and selectively reporting only those that produced statistically significant results (p < 0.05). For example: testing 20 different variable combinations, finding 2 that are significant, and writing the paper as if you hypothesised those 2 from the start. Prevention: Pre-register your hypotheses and analysis plan before collecting data. Report ALL tests conducted, not just significant ones.
Hypothesising After the Results are Known — presenting a post-hoc finding as if it were an a priori hypothesis. Patterns discovered in the data are rewritten as predictions the researcher had all along. This makes exploratory research masquerade as confirmatory research. Prevention: Clearly label exploratory analyses as exploratory. Distinguish between hypotheses you had before data collection and patterns you noticed during analysis.
Reporting only the dependent variables, experimental conditions, or subgroup analyses that "worked" while omitting those that didn't. Also includes: stopping data collection when results reach significance, not when the pre-planned sample size is reached. Prevention: Register your study design including all outcome variables. Report results for all variables — significant and non-significant. Non-significant results are not "failed" results; they are data.
The pressure to produce "significant" or "interesting" findings is real — your capstone is a major assessment, and null results can feel like failure. But the habits you form now will follow you into professional and academic life. A researcher who p-hacks their capstone is a professional who will be tempted to falsify data when a client demands a specific result. The capstone is not just about producing a dissertation — it is about becoming the kind of researcher and professional who can be trusted with data, with participants, and with the truth. Your integrity is your most valuable professional asset. Do not trade it for a p-value.
8. The Ethics Review Process for Your Capstone
Ethics is not a one-time gate you pass through and forget. It runs throughout the research lifecycle — from design through dissemination. The following framework will help you integrate ethical thinking into every stage of your capstone.
8.1 Capstone Ethics Self-Assessment — Before You Collect Data
Complete this checklist honestly. A "Yes" answer does not mean your project is unethical — it means the issue needs to be addressed in your research design and documented in your methodology chapter.
| # | Question | Yes | No | N/A |
|---|---|---|---|---|
| 1 | Does your research involve human participants (surveys, interviews, experiments, observations, user testing)? | |||
| 2 | Will you collect personal data that can identify individuals (names, emails, phone numbers, IP addresses, device IDs, biometric data, location data)? | |||
| 3 | Are any of your participants from vulnerable populations (minors, prisoners, pregnant women, cognitively impaired, economically disadvantaged, employees/subordinates)? | |||
| 4 | Does your research involve deception (withholding the true purpose, using confederates, providing false feedback)? | |||
| 5 | Could your research procedures cause harm — physical, psychological, social, economic, or reputational — to participants? | |||
| 6 | Will you access or use third-party data (company records, social media data, website scraping, secondary datasets) where the data subjects did not consent to research use? | |||
| 7 | Does your BCA project involve training ML/AI models on data that may contain demographic biases? | |||
| 8 | Could your BCA project's outputs be repurposed for surveillance, discrimination, disinformation, or other harmful applications (dual-use risk)? | |||
| 9 | Do you or any team member have a financial, personal, or professional conflict of interest related to the research? | |||
| 10 | Will your research involve collecting data from or about organisations without their knowledge or consent? | |||
| 11 | Do you plan to publicly share or publish your dataset or model after the capstone? | |||
| 12 | Have you completed your institution's required research ethics training or certification? |
8.2 Ethics Through the Research Lifecycle
Complete ethics self-assessment. Identify risks and design mitigation strategies. Write the ethics section of your methodology chapter. Submit for IRB/IEC approval if required. Draft consent forms and data management plan.
Obtain informed consent from every participant. Anonymise data at the point of collection. Securely store consent records separately from data. Document any deviations from the approved protocol and report them to your supervisor.
Maintain data security during analysis. Test for algorithmic bias if using ML models. Report all analyses conducted, not only significant results. Clearly distinguish confirmatory from exploratory analyses. Do not p-hack, HARK, or selectively report.
Ensure all sources are properly cited — no plagiarism. Acknowledge limitations honestly, including ethical limitations. Respect participants' confidentiality in all reporting. If publicly sharing code, models, or data, ensure they are stripped of personal information and comply with the consent you obtained. Consider the dual-use implications of making your model or dataset publicly available.
The ethical grey areas in research are rarely resolved by a checklist alone. When you encounter a situation that doesn't fit neatly into a "Yes/No" answer — ambiguous consent, unexpected findings with ethical implications, data you didn't anticipate collecting — consult your supervisor BEFORE proceeding. A five-minute conversation can prevent an ethical violation that damages your capstone, your reputation, and your participants. Your supervisor, your institution's ethics committee, and (for BCA students) the ACM Code are resources — use them.
Think Deeper — Cross Questions
Discuss in pairs before sharing with the class.
Imagine a researcher proposes to study the effectiveness of a new financial literacy programme in a low-income community. The study design involves a control group that receives no financial literacy training for two years, while the treatment group receives the programme immediately. Apply the three Belmont principles to this design. Which principle raises the most concern, and what would you change?
You are building a dataset for your BCA capstone by scraping public social media profiles. The profiles are "public" — anyone can view them. Users did not consent specifically for research use, and the platform's Terms of Service explicitly prohibit scraping. Is this research ethical? Consider: (a) the distinction between public availability and research consent, (b) the platform's ToS as an ethical constraint, not just a legal one, (c) whether the data can be truly anonymised given that public posts can be reverse-searched, and (d) what GDPR/DPDP Act would require.
You train a resume-screening model that predicts job performance from resume features. You discover that the model recommends male candidates at a 2:1 ratio over equally qualified female candidates because the training data reflects historical hiring patterns that favoured men. Is this a technical problem, an ethical problem, or both? Who bears responsibility — the researcher who built the model, the organisation that provided the data, or the organisation that deploys it?
A student finds a perfectly written paragraph in a published paper that expresses exactly what they want to say. They rewrite the paragraph by changing approximately every third word with a synonym, keeping the original sentence structure and flow of ideas. They do not cite the source because "I wrote it in my own words." Is this plagiarism? At what point does paraphrasing cross the line into mosaic plagiarism? What specific standard distinguishes acceptable paraphrasing from plagiarism?
Quick Check — Ethics Scenario Diagnosis
Each scenario describes a research situation with an ethical dimension. Diagnose the primary ethical issue.
1. A student plans to distribute a survey to classmates during a lecture break. The survey introduction says "Your responses will help us understand student perspectives on campus facilities." The student does not mention that the data is for their capstone research or that responses will be published in their dissertation. When a classmate asks, "What is this for?" the student replies, "Just a general feedback form."
2. A BCA student is building a chatbot for mental health support as their capstone. The student trains the model on publicly available Reddit posts from mental health forums. The chatbot is deployed for testing with 50 university students. During testing, one student mentions suicidal thoughts, and the chatbot responds with generic advice ("try to think positive thoughts") rather than escalating to a human counsellor.
3. A student conducts a survey on consumer attitudes toward sustainable packaging. The survey yields 200 responses. During analysis, the student finds that removing 12 "careless" responses (respondents who completed the survey in under 2 minutes, when the median completion time was 8 minutes) changes the key finding from non-significant (p = 0.12) to significant (p = 0.03). The student removes those 12 responses and reports only the significant result, noting in a footnote that "incomplete responses were excluded."
4. A student's literature review contains the following passage: "Digital transformation has fundamentally altered the competitive landscape across industries. Organisations are increasingly adopting artificial intelligence and machine learning to enhance decision-making processes and create new value propositions for customers." The passage is a close paraphrase of a published paper's introduction, with some words changed, but the paper is not cited anywhere in the paragraph. When questioned, the student says, "These are just general background statements — everyone knows this."
Knowledge Check — Interactive Quiz
Test your understanding of research ethics and intellectual integrity.
Q1. Which Belmont principle requires that the benefits and burdens of research be distributed fairly across populations, and that no group be systematically excluded from the benefits of research?
Q2. Under the DPDP Act 2023, what is a "Consent Manager"?
Q3. A student submits the same literature review chapter for both their SEC701 Capstone and another course's term paper without informing either instructor. This is:
Q4. Which of the following is NOT one of the three core Belmont principles?
Q5. What distinguishes fabrication from falsification in research misconduct?
Lab Activity — Ethics in Practice
Part A: Ethics Self-Assessment for Your Capstone (30 min)
- Download or copy the 12-item ethics self-assessment checklist from Section 8.1.
- Complete every item honestly for your current capstone research design. For each "Yes" response, write a brief note describing how you will address the ethical concern (e.g., "Yes — I will survey employees. Mitigation: informed consent form, anonymity guaranteed, participation voluntary, manager not involved in recruitment.").
- Identify your top two ethical risks — the issues most likely to cause harm or require careful management. For each, write a specific mitigation strategy.
- Determine whether your project requires IRB/IEC approval. If yes, identify which committee at your institution handles student research and what the application process involves. If unsure, note this for discussion with your supervisor.
Use this format to document each ethical risk and your mitigation plan:
| Ethical Risk | Belmont Principle(s) Implicated | Likelihood (Low/Med/High) | Severity (Low/Med/High) | Mitigation Strategy |
|---|---|---|---|---|
| Example: Interview participants may feel pressured to participate because their manager recommended them | Respect for Persons (voluntariness) | Medium | Medium | Recruitment email will emphasise voluntary nature; manager will not be informed who participates; consent form will state that non-participation has no consequences |
| (Your risk 1) | ||||
| (Your risk 2) |
Part B: Consent Form Drafting (60 min)
Draft a participant consent form or data collection notice for your capstone project. Your document must include ALL of the following sections:
- Study Title and Researcher Information: Your name, course (SEC701), institution, and contact information. Supervisor's name and contact.
- Purpose of the Research: What are you studying and why? In plain language — imagine explaining it to a family member, not an academic audience.
- Procedures: What will participants actually DO? How long will it take? Where? How many people will participate?
- Risks and Discomforts: Be honest. Even minimal-risk research has potential discomforts (boredom, time cost, mild embarrassment). Acknowledge them.
- Benefits: What will participants gain? If there are no direct benefits, state this honestly. Do not overpromise. "This research may contribute to..." is acceptable; "You will personally benefit from..." requires justification.
- Confidentiality: How will you protect participants' identities? Will data be anonymised? Who will have access? When will data be destroyed?
- Voluntary Participation and Withdrawal: Statement that participation is voluntary, refusal has no consequences, and participants can withdraw at any time without penalty. Specify what happens to their data if they withdraw.
- Contact Information: Who should participants contact with questions? With complaints? Include both yourself and your supervisor, and (if applicable) your institution's ethics committee.
- Signature Lines: Participant name, signature, and date. Researcher name, signature, and date. For online consent: a clear "I consent" button with a record of the timestamp.
For BCA students: If your capstone collects user data (app analytics, usage logs, API data), draft a Data Collection Notice in addition to (or instead of) a traditional consent form. This should specify: (a) what data is collected, (b) how it is collected (automatically via the app, manually through forms), (c) purpose of collection, (d) storage duration, (e) whether data is shared with third parties, and (f) how users can access, correct, or delete their data (per GDPR/DPDP Act rights).
Part C: Plagiarism Detection Exercise (30 min)
Below are three pairs — each contains an original source and a student's writing. For each pair, identify: (a) Is this plagiarism? If so, what type? (b) What specifically makes it plagiarism (or not)? (c) How would you correct it?
Your diagnosis: _______________________________________________
Your diagnosis: _______________________________________________
Your diagnosis: _______________________________________________
Exit Ticket
Submit with your ethics self-assessment and consent form draft.
- Complete the ethics self-assessment checklist. What is the highest-risk aspect of your capstone project, and what is your primary mitigation strategy?
- Paste a section of your consent form draft that you found particularly challenging to write. What made it difficult?
- Identify one potential ethical grey area in your research design — a situation where the right course of action is not obvious. How do you plan to navigate it?
- Which of the three Belmont principles is most relevant to your specific project, and why?
- What one question about research ethics do you still have after this session? What aspect of ethics would you like more guidance on?
Key Takeaways — Week 6
Ethics is not a bureaucratic hurdle that stands between you and data collection. Well-designed ethical research produces more trustworthy findings, protects participants from harm, and builds the public confidence on which the entire research enterprise depends.
Respect for Persons, Beneficence, and Justice apply to BBA and BCA research alike. The specific application differs — a survey, an interview, an algorithm, and an app all raise different ethical questions — but the organising principles are constant across disciplines.
GDPR and the DPDP Act 2023 create enforceable rights and substantial penalties. Student research is not exempt by default. Consent, data minimisation, anonymisation, and secure storage are not best-practice suggestions — they are legal obligations.
Plagiarism, fabrication, and falsification end careers — in academia and in industry. Questionable research practices erode the credibility of an entire field. The capstone is where you build the habits of integrity that will define your professional identity. Guard them carefully.
Facilitator Notes
Preparation Checklist
- Prepare the 4 case scenarios for the in-class case analysis activity (Section 1.1 expanded). Include at least one computing/BCA case and one business/BBA case so both cohorts see themselves in the material.
- Have the 12-item ethics self-assessment checklist (Section 8.1) ready as a printed handout or editable digital document. Students will complete this during Part A of the lab.
- Prepare the consent form template (Part B) — a skeleton document with all 9 required sections labelled, so students fill in content rather than format from scratch.
- Identify 2–3 published retraction stories relevant to BBA and BCA domains. Retraction Watch (retractionwatch.com) is an excellent source. The Diederik Stapel case (social psychology) and a recent CS conference retraction provide domain-specific examples.
- Coordinate with your institution's ethics committee/officer to understand the actual approval process for student capstone projects. Share the specific forms, deadlines, and submission procedures with students — do not leave them to navigate the bureaucracy alone.
- For BCA cohorts: have the ACM Code of Ethics (2018) accessible as a reference document. Prepare 2–3 examples of algorithmic bias from recent news (facial recognition, hiring algorithms, credit scoring) to make Section 6 concrete.
Common Student Difficulties
- "My research is just a survey — ethics doesn't really apply to me": This is the most common and most dangerous misconception. Even minimal-risk survey research involves consent, confidentiality, data security, and honest reporting. Walk through a "simple survey" scenario and identify every ethical touchpoint — there are more than students expect.
- Conflating anonymity and confidentiality: Anonymity means even the researcher cannot identify participants (no identifying data collected). Confidentiality means the researcher knows who participants are but promises not to disclose their identities. These are different ethical commitments with different practical implications. Use concrete examples to illustrate the distinction.
- Difficulty distinguishing between acceptable paraphrasing and mosaic plagiarism: Students often believe that changing words = original writing. Use the three pairs in Part C of the lab to demonstrate the difference. Pair 1 (mosaic plagiarism — too close to source structure), Pair 2 (borderline acceptable — cites but structure mirrors original), and Pair 3 (good paraphrase — genuinely rewritten with citation) create a gradient that makes the distinction visible.
- "I'm not collecting names, so GDPR/DPDP Act doesn't apply": Students misunderstand the scope of "personal data." Explain that IP addresses, device fingerprints, behavioural patterns, and even cookie identifiers can be personal data if they can be linked to an individual. Pseudonymised data IS personal data.
- BCA students seeing algorithmic bias as purely a technical problem: Computing students are trained to think about accuracy and performance, not fairness. Use the resume-screening example from Cross Question 3 to demonstrate that a technically accurate model (correctly learning patterns from data) can produce ethically unacceptable outcomes. Fairness is an ethical choice, not an optimisation metric — though it can be operationalised as one.
- Reluctance to complete the ethics checklist honestly: Students fear that honestly identifying ethical risks will block their project. Emphasise that identifying risks is a strength, not a weakness — it demonstrates ethical competence and is exactly what IRB/IEC reviewers want to see. A project with no identified risks is either trivial or the student hasn't thought carefully enough.
Pacing Tips
- The historical cases in Section 1 are engaging but can consume too much discussion time. Limit each case to 2–3 minutes of presentation plus 2 minutes of discussion. The goal is to establish that ethics exists because of real harm — not to conduct a full historical analysis.
- The GDPR vs. DPDP Act comparison is dense regulatory content. Do not read the table aloud. Instead, highlight the 2–3 most surprising or counter-intuitive points (e.g., GDPR applies to Indian students collecting EU data; student research is not exempt) and let students read the table during lab time or as pre-reading.
- The lab activities are substantive and interconnected. Part A (ethics self-assessment) must be completed before Part B (consent form drafting), because the risks identified in Part A determine what the consent form must address. Plan the lab workflow accordingly — do not let students skip to Part B without completing Part A.
- Part C (plagiarism detection) can run in parallel — students can complete the three pairs individually while waiting for peer review of their consent forms. The pairs are designed to take 20–25 minutes, fitting within the peer review window.
- The exit ticket doubles as a formative assessment. Scan the responses — particularly Question 5 ("What one question do you still have?") — to identify which ethical concepts need reinforcement in Week 7. Common gaps: the distinction between anonymisation and pseudonymisation, and the scope of data protection law applicability to student projects.