The workplace can be an environment where many types of privacy-invasive monitoring may take place. This may include drug testing, closed-circuit video monitoring, internet monitoring and filtering, email monitoring, instant message monitoring, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging. There is a wide variety of reasons why employers choose to monitor, including addressing security risks, sexual harassment and to ensure acceptable performance of employees. Developments in technology have also increased employers’ ability to monitor employees both at work and outside of work.
Challenges in Workplace Privacy
Changes in the workplace have made it necessary to reassess boundaries in the employer-employee relationship. In the US, many workers are not protected with due process guarantees against arbitrary discharge. Without state law or contract, employers can often dismiss an employee for any reason, or no reason, even if the decision to terminate is based on false information.
Increased employee monitoring activities raise the risk that false inferences can be drawn about employee conduct. An employee network-monitoring appliance can detect access to inappropriate sites, but not the intention of the employee. New monitoring tools definitely have the potential to draw false inferences. For this reason, it’s even more important for employees to have basic due process protections; the right of notice of the violation and an opportunity to be heard.
US law includes very few privacy protections for workers. There are certain situations where an employee may have a due process right to access, inspect, or challenge information collected or held by the employer. A few state and federal laws grant employees limited rights. For example, under federal law, private-sector employees cannot be subjected to a polygraph examination. However, there are no general protections of workplace privacy except where an employer acts tortuously, where the employer violates the employee’s reasonable expectation of privacy.
Major Workplace Privacy Issues
There are several main issues under workplace privacy in which privacy rights have been established, whether in federal, state or local law. These issues include:
- Personnel Records – Employees generally have a right to privacy in their personnel records. Employers are normally not permitted to disclose personnel records to third parties without a legal obligation to do so, or the employee’s permission. This is protected by state statutes, codes or judicial case law. In most states, employees have the right to request access to their personnel files upon proper notice.
- Social Security Numbers – In order to respond to an increase in identity theft, a number of statutory laws have been enacted to protect the privacy of social security numbers. State laws limit and/or prohibit the use of all or part of SSNs as computer passwords or ID numbers. Certain laws also limit whether and to what extent SSNs can be used on itemized wage statements.
- Monitoring and Eavesdropping – Extensive anti-eavesdropping laws prohibit tapping into telephone conversations, voicemail systems and electronic communications systems. Camera surveillance is also subject to various legal requirements regarding notice and disclosure to employees.
- Medical Records – Federal and state laws protect the privacy of employee medical information and require various disclosures about how the information is maintained, who has access to it and how it may be used.
- Drug Testing – Employers who conduct drug testing are required to maintain the confidentiality of the test.
- Background Screening – Employers who conduct background checks as part of the employment process must maintain the confidentiality of the background information received. There are notice requirements if this information is used to make an adverse employment decision.
PPSC Report 1977
The Privacy Protection Study Commission (PPSC) released a report covering workplace privacy in 1977. The report recognized that employers collect a broad range of information on their workers. It forced on delineating lines of fairness on the collection and use of employee information. The report recognized that much had changed since the development of common law employment norms. American employees do not always have the power to bargain the terms of their employment and the PPSC approach recognized that “People with a given employment status must adhere to many terms of employment set by the organization they work in if they are to work at all.”
The PPSC pursued three public policy objectives:
- Minimize intrusiveness in hiring, specifically to reduce the practice of obtaining information about the employee from a third party (e.g. credit reporting agency).
- Maximize fairness, by reducing the arrest information and ensuring that information collected is accurate, complete and timely.
- Create a legitimate and enforceable expectation of confidentiality in employment records.
In the report, the PPSC made 34 recommendations to meet these objectives.
Employee monitoring includes a broad range of activities, including drug testing, closed-circuit video monitoring, internet monitoring and filtering, email monitoring, instant message monitoring, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging. This article takes a look at employee monitoring and the US approach to workplace privacy.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:
- Workplace privacy concepts – HR management (IV.A.a.i.)