Paper on Employee Privacy

Employee Privacy v. Employer Rights
Introduction
One survey reports that employees waste one hour and fifty-two minutes each day at work on activities unrelated to their jobs, resulting in an estimated loss of $500 billion for employers (Miller and Wells, 2007). If employers are to curb this trend, the must monitor the activities of their employees. This brings into question the balance of obligations of employers and employees rights to privacy. The Constitution of the United States does not contain the word “privacy,” though Americans still expect respect for their human dignity and personal space (Miller and Wells, 2007) and the U.S. Supreme Court has “recognized an implied right to privacy” (Lenckus, 2007, p. 29) granting limited protection “from unreasonable intrusion into their private affairs” (Everett, Wong and Paynter, 2004, p. 295, and Shumaker, 2003). The courts and Congress have set privacy standards for employees in the United States successfully granting some protection from employer intrusion. Even with these legally sanctioned boundaries, employees still cannot expect complete privacy in the workplace or with employers (Genova, 2009, Miller and Wells, 2007, and “Surveillance Activities,” 2007).
Privacy is a complicated ethical issue; an issue that may never be fully resolved. There is a fine line between employee privacy and employer concerns (e.g., loss of productivity or legal liability following misconduct); it is considered a “fundamental moral obligation to respect [an] individual’s right to privacy and the legitimate requirements of employers to monitor the performance of their employees . . .” (Everett, Wong and Paynter, 2004, p. 296). In the aftermath of the New Jersey appellate court decision in Doe v. XYC Corp. in 2005, businesses are being held liable for employees’ illegal and unethical actions with the internet and other technologies, giving them more reason to “intrude” on employees’ privacy (Miller and Wells, 2007, and Lenckus, 2007). Many people would agree that employers should give some leeway when it comes to employees using company property (computers, phones, internet, etc.) for personal purposes in return for employees reasonably limiting such use (Davies, 2003). The question remains, where is the line between asserting employer rights and invading the privacy of employees?
History
The internet is an amazing invention with many benefits, and some drawbacks. Although the internet has made life easier in many ways, it has also provided more opportunity to be unproductive and unethical while on company time. Employers have the inherent right to monitor the workplace and internet use on company property, especially to promote safety, to minimize legal liability, to increase productivity and integrity, and to protect proprietary information (Genova, 2009, Lenckus, 2007, and Sotto and McCarthy, 2007). Although there aren’t laws that overtly and strictly define or protect it, privacy has been a key issue between employers and employees. Employers have experienced both extremes of the privacy spectrum, total privacy for employees and no privacy for employees. Companies have found that both ends of the scale provide potential problems and that there are great perils in mishandling employee privacy: lower profits, “lost revenue, [lower] productivity, legal or regulatory actions, declines in brand value and shareholder value, and recruiting and retention problems” (Krell, 2010, p. 44). The financial losses can be quite substantial. The FBI reported that, in 2005, businesses lost nearly $70 billion in computer crimes; their figures didn’t take into account costs of lost productivity, civil litigation or electronic pests like viruses and clogged networks (Miller and Wells, 2007). Effective monitoring programs and privacy policies could reduce that number. This FBI report and others like it prompt companies to monitor their employees and their actions. The surveillance of employees and the monitoring of their actions and work can border on invasion of privacy and sometimes cross the line. Companies that flirt with or cross the privacy line risk losing valuable employees, and if they receive a bad reputation regarding their privacy policies, they miss out on the best and most promising candidates for open positions. “Monitoring activities might protect the corporation from disruptive, illegal or deviant actions but can also challenge society’s notion of basic civil rights (Miller and Wells, 2007, p. 322). Civil rights are those guaranteed to all citizens because they are citizens; but is privacy a civil right? Has privacy ever been guaranteed in the workplace? Privacy expert Lewis Maltby, president and founder of the National Workrights Institute, says that “employees have virtually no privacy in e-mail communications, text messages or web sites that they visit at work” (Krell, 2010, p. 45). Some things are valued above privacy. Rand Corp. organized a study authored by senior social scientist Tora Bikson that “suggests that security and public safety trump personal privacy” (Privacy Issues, 2005, p. 9), but it is imperative to find equilibrium between employee privacy and employer/public safety and rights (Everett, Wong and Paynter, 2004).
Laws
Although some laws and regulations have been enacted and put in place to help find the privacy equilibrium, there isn’t one authoritative law regarding privacy in the United States (Sotto and McCarthy, 2007). There are about 30 state and federal statutes that, along with many judicial decisions, define privacy rights in the United States (Miller and Wells, 2007). The Supreme Court has interpreted the Fourth Amendment to the U.S. Constitution as protecting personal privacy in the public sector, and personal privacy in the private sector is protected by many statutes, case law and public policy (Everett, Wong and Paynter, 2004). U.S. employers are clearly given the legal right to monitor employee behavior to protect corporate interests (there are few state or federal statutes that restrict the monitoring or surveillance of employees) because it is simply and principally an issue of ownership (Miller and Wells, 2007). Congress began taking a hard look at privacy in the 1960s, the same time they began addressing civil rights. The Federal Omnibus Crime, Control and Safe Streets Act of 1968, aka the Federal Wiretapping Law, set rules regarding wire communications, prohibiting the interception of wire communications without consent, expressed or implied, by at least one party involved in the communication (Sotto and McCarthy, 2007). In 1970, Congress passed the Fair Credit Reporting Act (FCRA) establishing national standards for consumer reporting agencies that provide businesses with consumer reports, and requiring that businesses inform applicants that they are obtaining a consumer report outlining the applicants “character, general reputation, personal characteristics, and mode of living” from a variety of specified sources to check the applicants’ backgrounds (Sotto and McCarthy, 2007, p. 2). The FCRA was amended in 2003 through the Fair and Accurate Credit Transactions Act (FACTA), which prescribed the legal process of handling investigations into employee misconduct without the permission of the employee; FACTA allows employers to re-check employees’ backgrounds and at least look at private matters involving employee actions that may result in disciplinary actions or termination (Sotto and McCarthy, 2007). Although Congress addresses privacy from time to time, “the U.S. government has not passed a sweeping privacy law since the Electronic Communications Privacy Act (ECPA) of 1986” (Krell, 2010, p. 44). The ECPA, modified by the Stored Communications Act the same year, extends the Federal Wiretapping Law and regulates electronic communications, how they are obtained, used and disclosed. Under these acts, employers are still allowed to monitor employee email because the companies are considered to be the internet service providers, but it leaves questions about stored emails and if they are free to be monitored (Sotto and McCarthy, 2007, and “Employee Privacy,” 2002). Privacy concerns can accompany disabilities, so the Americans with Disabilities Act of 1990 sets standards of confidentiality and privacy in the application and employment processes (Krell, 2010).
One of the biggest problems facing employers has been the disparate laws and practices of the various legal jurisdictions, whether it is dissimilar laws from state to state or nation to nation. A step toward international uniformity was taken in 1997 when the International Labor Office proposed a nonbinding “Code of Practices on the Protection of Workers’ Personal Data” that outlines a fundamental right to privacy and sets guideline for lawmakers and administrators to follow (Everett, Wong and Paynter, 2004). This code is completely voluntary, but it is at least a model that can be followed and adapted by any government.
Health and Labor privacy were big questions in the 90’s. In regards to health issues, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), enforced by the Department of Health and Human Services (HHS), protects the security and privacy of employees’ health information (Krell, 2010, and Sotto and McCarthy, 2007). HIPAA is one of the most serious privacy laws in the United States; employees’ health status and information are tightly protected. There are many circumstances that require special attention to privacy issues, organized labor being one of those situations. Concerning employers who use union labor, the National Labor Relations Board (NLRB) declared that employees could not be prohibited from using computers in employee “work areas” for personal emails (Sotto and McCarthy, 2007). The definition of work areas varies based upon work environment.
Today’s world is experiencing many problems regarding individual and national safety [which trump individual privacy (Privacy Issues, 2005)]. Following the attacks at the World Trade Center in 2001 and the international war on terror, the USA PATRIOT Act was enacted, giving more power and authority to the federal government to monitor electronic communications (“Employee Privacy,” 2002). Another problem related to privacy that individuals are encountering is the protection of their identities. The Federal Trade commission, in response to increasing numbers of identity theft cases, issued requirements in 2004 that employers take reasonable measures regarding the disposal of consumer report records for individuals (Sotto and McCarthy, 2007) meaning that employers can be held responsible for carelessly disposing of employees’ private information. Social Security numbers are especially vulnerable, and by 2006, at least 25 States had laws on the books that confine the utilization of Social Security numbers (Sotto and McCarthy, 2007). Employers can check backgrounds, find information about employees, monitor the employees and keep records, but they have to record and dispose of those records responsibly. Medical records (regulated by HIPAA) may be available to employers conducting background checks, yet the Genetic Information Nondiscrimination Act of 2008 “prevents employers from using genetic information, including family medical histories, in staffing decisions” (Krell, 2010, p. 44-45).
The United States has addressed privacy issues over the years, as has the rest of the developed world although the United States is more conservative in its view of employee privacy (tending to protect the safety and rights of businesses over the privacy of individuals). Compared to the United States, the European Union and Canada have passed more stringent laws concerning privacy. Europeans are guaranteed the right to privacy under the European Convention on Human Rights (Davies, 2003). They consider monitoring employees to be “an unacceptable invasion of [employee] privacy” under most circumstances (Miller and Wells, 2007). Europeans almost seem to consider their privacy to be sacred, and typically do whatever is necessary to protect the sanctity of that individual right.
Privacy Today
In the United States, why are employees more willing to cede some of their privacy at work? Companies are buying the time and energy of their employees and can reasonably expect a productive return on their investment, and reserve the right to monitor that investment as it pertains to the company (Everett, Wong and Paynter, 2004). Employees understand that there is a trade-off or an exchange, and as long as the issues and privacy policies are clear, they are willing to accept that trade. HR plays an important role in this privacy management and many companies are employing a chief privacy officer who’s “position reflects the growing importance of corporate privacy management” and who is responsible for communicating the company’s privacy policy to the employees (Krell, 2010, p. 44). Employers are implementing privacy policies and adapting them as technology advances. They are finding that these policies have to be clear and expressed for legal protection and employee motivation and understanding (underscoring the role of the privacy officers); some employees may view being monitored as a practice of an Orwellian Big Brother, even though the primary reasons for surveillance are protection of proprietary information and defense against hackers, viruses and service disruptions (Miller and Wells, 2007). Employers and HR departments are tasked with determining the employees’ “reasonable expectation of privacy” and extrapolating that when “employees do not expect privacy, they are not entitled to it in most cases.” according to John Barber, an attorney for Risk & Management Society Inc (Lenckus, 2007, p. 29). It is safe to develop privacy and monitoring policies that are comprehensive and clearly written, and understood by the informed employees—proven by a signed statement (Sotto and McCarthy, 2007). When employees have a clear understanding of their privacy rights at work, they are more willing to accept these conditions and less likely to sue their employers if they are terminated after inappropriate actions that were caught during monitoring or surveillance (Shumaker, 2003).
Future Implications
As markets and businesses expand across the globe, privacy issues will become more complicated. They will remain complicated as long as privacy laws vary from State to State and internationally remain dissimilar and sometimes contradictory (Schramm, 2005, and Everett, Wong and Paynter, 2004). Adapting to the guidelines offered by the International Labor Office would be a great first stride toward uniformity, and having the courts set sound and consistent precedent would be another productive step. Difficult and complex court cases at the state and federal levels are setting such precedents that continually affect and shape privacy policies (Miller and Wells, 2007). The internet has opened up another proverbial “can of worms” for privacy issues. As more people use online social networks (OSNs)—roughly fifty OSNs had more than one million registered users as of a November 2008 worldwide survey, with Facebook leading all OSNs with around 125 million users (Cardon, 2009)—and blogs, the questions of privacy extend outside the traditional workplace. “[Regarding OSNs] many postulate that they do have an expectation of and indeed a right to privacy, especially in arenas used to express personal freedoms and exercise individualism that has no bearing on their workplace” even if these internet postings “might not be considered job-appropriate by their employer” (Genova, 2009, p. 97). There will be many future court decisions that will shape the realm of privacy on the internet.
Families are also shaping privacy policies as traditional families are becoming untraditional. More families than ever are having two breadwinners with both parents spending increasing amounts of time at work. Because of the decrease in personal time, workplace facilities are seeing increased use for personal activities. Businesses are feeling the need to find a balance between their security and rights and the desire of their employees for privacy (Miller and Wells, 2007, and “Surveillance Activities,” 2007). “Ideally future innovation will provide more sophisticated security tools that can differentiate between corporate and personal data. This would allow corporations to provide adequate protection for corporate assets without unduly invading employee privacy. Future change will occur at a faster rate, requiring re-evaluation of the corporate security-privacy tradeoff, as technology and society continue to evolve” (Miller and Wells, 2007, p. 327).
Summary
“As our concept of privacy in the marketplace evolves, HR professionals are going to have to step up. . .and get themselves educated on, and aware of, these issues” (Krell, 2010, p. 45). Everyone, not only HR professionals, should be aware of their rights and responsibilities regarding privacy. They should know the laws that have been passed that limit employees’ privacy and employers’ rights. Knowing the laws and regulations, regardless of how disparate they may be, is half the battle. Americans do expect a degree of privacy and employers need to respect that. Employers expect professionalism and productivity and, as long as it remains legal and ethical, they should monitor their employees (which employees should also expect) and adapt their policies as technology and laws progress. No matter how much technology advances, it remains true that an ounce of prevention is worth a pound of cure—whether that prevention be the act of monitoring employees to prevent the liability that stems from misconduct or the implementation of a good monitoring program and privacy policy to prevent claims of invasion of privacy (Shumaker, 2003). The most important part of a privacy policy is finding the balance between the privacy of the employees and the rights of the employer. There are great benefits to a clear and expressed privacy policy. Employees are more willing to give up some privacy if they are aware that monitoring and surveillance are occurring and what their purposes are. Employers are then protected from legal action and can be more productive and profitable. Each company has to find the policy that works best for them and their employees, keeping in mind the balance of employee privacy and the needs of the company. The key is finding that fine line—the balance—and making sure that everyone knows where it is.

References
(2007). Are Surveillance Activities Violating Employee Privacy?. HR Focus, 84(8), 9. Retrieved from Business Source Premier database. (25830532)

Cardon, P. (2009). Online Social Networks. Business Communication Quarterly, 72(1), 96-97. Retrieved from Business Source Premier database. (36366004)

Davies, J. (2003). Human Rights and the Workplace. Credit Management, 41-42. Retrieved from ABI/INFORM Global. (465786161)

(2002). Employee Privacy: Computer-Use Monitoring Practices and Policies of Selected Companies: GAO-02-717. GAO Reports, 1. Retrieved from Military & Government Collection database. (18198280)

Everett, A., Wong, Y., & Paynter, J. (2004). Balancing Employee and Employer Rights: An International Comparison of E-Mail Privacy In The Workplace. Journal of Individual Employment Rights, 11(4), 291-311. Retrieved from Business Source Premier database. (21782457)

Genova, G. (2009). No Place To Play: Current Employee Privacy Rights In Social Networking Sites. Business Communication Quarterly, 72(1), 97-101. Retrieved from Business Source Premier database. (36366007)

Krell, E. (2010). Privacy Matters. HRMagazine, 55(2), 42-46. Retrieved from Business Source Premier database. (48155398)

Lenckus, D. (2007). Be Clear and Document Employee Privacy Restrictions. Business
Insurance, 41(20), 29. Retrieved from ABI/INFORM Global. (1277386531)

Miller, C., & Wells, F. (2007). Balancing Security and Privacy in the Digital Workplace. Journal of Change Management, 7(3/4), 315-328. Retrieved from Business Source Premier database. (28698642)

(2005). Privacy Issues Surface About the Use of RFIDs on the Job. HR Focus, 82(6), 9. Retrieved from Business Source Premier database. (17077034)

Schramm, J. (2005). Privacy at Work. HRMagazine, 50(4), 176. Retrieved from ABI/INFORM Global. (819064851)

Shumaker, T. (2003). Employee Privacy Versus Employer Rights. Nursing Homes: Long Term Care Management, 52(11), 60-63. Retrieved from Vocational and Career Collection
database. (11422523)

Sotto, L., & McCarthy, E. (2007). An Employer's Guide to US Workplace Privacy Issues. Computer & Internet Lawyer, 24(1), 1-13. Retrieved from Business Source Premier database. (23502454)