PurposeThis study aims to investigate the ethical issues related to the internet of Things (IoT) deployment in small- and medium-sized enterprises (SMEs) from an individual employee's perspective. To provide researchers and practitioners with concrete tools for examining these matters, an ethical framework dedicated to IoT is introduced.Design/methodology/approachFirst, the applicability of Mason's original privacy, accuracy, property and accessibility (PAPA) framework is studied in the IoT context. Second, issue category additions are proposed based on the identified coverage limitations of PAPA.FindingsWhile the original PAPA framework can be utilised as a generic ethical evaluation tool, it lacks coverage of several IoT-specific issue areas. To thoroughly address the ethical risks associated with IoT, two additional categories are introduced.Research limitations/implicationsThe new framework requires further validation to ensure its applicability and to identify potential modification requirements in continuously evolving IoT ecosystems.Practical implicationsConsidering the lack of ethical IoT frameworks, this study provides organisations with a practical framework for analysing the ethical issues in IoT deployment.Social implicationsEthical standards for IoT have not been sufficiently addressed in the current literature and frameworks, making the ethical considerations dependent on subjective stances. Thus, there is an acute demand for a practical framework that outlines the general ethical standards, helping its users to thoroughly address the potential ethical issues.Originality/valueWhile the use of IoT keeps growing in SMEs, there is an apparent lack of ethical guidelines. This study contributes to the gap by introducing a preliminary framework for both practical use and further theoretical development.