in the workplace
This page considers privacy in the workplace.
It covers -
Surveillance by public and private sector employers of
the activities of their workforce is both traditional
and increasingly contentious, as employees question surveillance
that may be systematic, invisible and often non-consensual.
Managerial supervision of people in the workplace - an
organisation's staff and contractors - is central to the
operation of all organisations, particularly those that
have a geographical spread and employ large numbers of
people. Oversight is a tool for quality control, identification
of training needs, recruitment/promotion and action to
address workplace abuses (eg harassment of an employee's
pers/subordinates or defalcation).
That surveillance may, however, extend into what employees
consider to be private space (eg from the place of employment
into their homes or into locations such as changerooms
where observation by the employer is inappropriate), used
to defeat legitimate industrial relations activity or
merely to reinforce power relationships in a way that
degrades and disempowers individuals or classes of people.
Fordist notions of management have for example resulted
in employer monitoring of employee homes and families
or the employee's political and religious affiliations.
They have also resulted in employee scrutiny of quasi-private
spaces (such as bags and lockers) and monitoring of communications.
In Australia some of the most egregious abuses have involved
covert video surveillance of change rooms, whether to
reduce pilferage or merely to gratify the voyeuristic
tastes of those conducting the surveillance.
In the digital environment - particularly where the work
is founded on use of technologies such as phones and networked
computers - workplace surveillance has increasingly shifted
from physical to electronic observation, including automated
large-scale observation of employees.
Such surveillance encompasses mechanisms such as
of postal mail, email
and instant messaging
location monitoring (including monitoring outside the
employer's premises via GPS or other technologies, with
or without the employee's awareness/consent)
of web surfing, including examination of time spent
outside an intranet and visits to particular sites (eg
chat rooms, auction sites, sports sites, adult
content and music/video sites)
have also notes concerns regarding drug testing (including
blood, hair and urine samples), genetic screening and
Organisations have typically justified that surveillance
benign because machine- rather than human-based
to address concerns about legal liability (eg misuse
of corporate networks)
key aid in the war on terror and cyber-crime
response to supposed 'epidemics' of cyber-addiction
("25 to 50 percent of cyber-addiction is occurring
at the workplace ... That means employees are getting
paid to participate in activities that are not work-related")
given employee use of corporate resources (eg networks)
rather than private resources
simply not a privacy issue.
have responded that electronic surveillance is not necessarily
more benign (and indeed may be more threatening because
more insidious or because data is misused), denies the
integrity and autonomy of individuals, and - as in the
past - is implicitly coercive because surveillance is
a condition of employment.
Activists have contrasted current conditions with those
of the past, arguing that a de-unionised 'binary proletariat'
(or one whose production facility can be transferred to
a more submissive offshore workforce) is not in a position
to constrain employers through concerted industrial action
and cooption of government regulators.
That debate embodies broader disagreements about the rights
and responsibilities of individuals, organisations and
the state. It also reflects disagreement about risk and
management style. Some industry figures for example criticise
abuses by their peers, arguing that particular objectives
can be better achieved without privacy invasions or simply
have an unacceptable cost in terms of resentment by employees
and distrust by customers.
A 1996 report by the International Labor Organisation
(ILO), one of the UN organisations that are largely ignored
by most governments, sought to identify key concerns regarding
to new workplace surveillance technologies. It argued
use is a violation of basic human
rights and dignity
is often carried out without adequate consideration
for such interests and through gaps in national/provincial
workplace monitoring facilitates extension into monitoring
of the private lives of workers
surveillance fosters "a divisive mentality which
is destructive to both workers and employers" because
employees consider that they are controlled and not
practices can be used to discriminate or retaliate against
workers, including action that may be difficult for
workers to discover
involves issues of exercising control over workers and
control over the data relating to specific workers.
The report noted that employers typically claim that the
privacy rights of individual workers are balanced by the
employer's duty to other workers, to customers and to
other parties (eg corporate shareholders). Employers similarly
claim to have no interest in the personal habits of employees
and argue that abuses can be most effectively addressed
through existing legislation (eg anti-discrimination law)
rather than tighter government regulation of private sector
The ILO commented that employers do have an interest in
monitoring in order to address security risks, sexual
harassment, and to ensure the acceptable performance of
employees. However, these activities may diminish employee
morale and dignity, and increase worker stress.
Other organisations have noted concerns such as -
privacy and workplace/industrial relations legislation
"may not cover all forms of surveillance or emerging
technologies such as biometrics"
legislation often does not apply to surveillance in
the workplace because of restricted definitions of "private",
"private activities" and "private conversations"
offers no protection to workers who agree to employer
use of surveillance devices in circumstances where they
may not feel they are free to withhold their consent"
There are comprehensive statistics on the prevalence of
workplace surveillance and the incidence of privacy breaches.
A 2006 survey by Forrester of 294 US companies resulted
in the claim that "more than a third of American companies
with 1,000 or more workers say they employ people to read
through other employees' outbound e-mail", with around
half of those organisations "regularly" going through
outbound email "in search of rule-breaking" (including
leaked trade secrets, improperly disclosed financial information
or illegally released health records).
The figure is consistent with past academic research,
although there are questions about the intensiveness and
effectiveness of the corporate surveillance.
32.1% of the surveyed businesses reported firing an employee
within the preceding year for breaking email rules. Around
45% of the companies said they used software to search
through their employees' messages for offensive words,
supposedly in response to the preceived threat of litigation
(with 21% of those surveyed reporting their employees'
email had been subpoenaed over the preceding year, a rate
that doubled since 2004.
The much-cited (but apparently little-understood) 2001
American Management Association (AMA) Workplace Monitoring
& Surveillance survey claimed that around 75%
of major US businesses "record and review employee
communications and activities", with
of telephone use (43% of respondent enterprises)
of voice mail messages (7%)
video surveillance for security purposes (37%)
& review of computer files (36%)1
& review of email messages (47%)
internet connections (63%) and blocking access to sites
As noted above, "most respondent firms carry on surveillance
practices on an occasional basis in the manner of spot
checks rather than constantly or on a regular routine".
In 2008 a follow-up report by the American Management
Association and the ePolicy Institute claimed that over
half of the surveyed companies had fired workers for inappropriate
use of email or the net, with 43% monitoring email and
45% "tracking other Web activities". That monitoring
reflected judgements such as Alana Shears v Epson
America (1994) in which a court held that it was
permissible for a business to access email to/from a corporate
machine even if the organisation had a written policy
to the contrary.
It is thus common to see advice to US nongovernment employees
along the lines that -
using company-owned email systems should assume their
email and instant messaging at work (and outside work
if access is via a corporate network) is being monitored,
including for purposes such as maintenance of confidentiality
and minimisation of sexual harassment
can legally monitor employee access to personal email,
blogs, social software
network services (eg Facebook) on a company-owned device
may be under an unwaivable obligation to monitor and
retain records of communications (eg in relation to
securities regulation). Some state and federal law allows
organisations to waive a right to monitor online content
on their network if they do do not monitor it regularly,
with employers accordingly articulating monitoring policies
that indicate a decision to overtly monitor does not
constitute a waiver.
where personal surfing and email use in the workplace
is permitted by the employer, inappropriate personal
communications (eg providing confidential information
to a future employer) via a corporate network may wind
up as evidence, with some lawyers quipping that employees
should not send anything that they wouldn't mind appearing
on a giant screen in Times Square or a courtroom.
also have the right to look at which sites have been
visited by employees via company-owned equipment.
Surveillance is not merely online and on occasion takes
forms that might be considered to be quite bizarre.
In 2007 for example it was revealed that private investigators
for Wal-Mart have trailed managers of that organisation
to determine whether they are sleeping with lower-level
employees in violation of company policy. In one instance,
discovered as part of legal documents after a manager
was fired for "improper fraternization" with
a subordinate, the investigator pressed his ear against
a hotel room door and heard "moans and sighs".
the ILO Code
A potential global framework for workplace privacy is
provided by the 1996 International Labour Organization
code of practice on the protection of employee personal
The code centres on a requirement that collection and
use of employee data should be and consistent with Fair
Information Practices (FIPs), comparable with information
privacy principles highlighted in preceding pages of this
The code covers private and public sector employees. It
provides that -
should have notice of data collection processes
cannot waive privacy rights
data should be collected and used lawfully and fairly
should not be transferred to third parties without the
employee's consent or to comply with a legal requirement
employers should collect the minimum necessary data
required for employment
employee should have access to his/her data
data should be collected only from the employee, except
with that person's consent
data should only be used for reasons directly relevant
to employment and only for the purposes for which the
data was originally collected
data should be held securely
data is confidential
certain data, such as sexual preference/activityand
political and religious beliefs, should not be collected
particular collection techniques such as polygraph testing
should be prohibited.
ILO code has been influential in much of Europe but has
had little impact in the rest of the world.
Australian and overseas law
The Australian workplace privacy regime - discussed in
more detail elsewhere
on this site - occupies a middle ground between the European
and US regimes.
It features a complex of federal and state/territory legislation
(eg the federal Privacy Act and the NSW Workplace
Surveillance Act 2005) and codes of practice. Much
of that legislation centres on covert surveillance.
In 2005 the federal and state/territory Standing Committee
of Attorneys-General agreed to work towards a national
approach to workplace privacy reform across Australia,
acknowledging that no legislative framework currently
dealt with all aspects of privacy in the workplace.
The Victorian Law Reform Commission's 2005 report commented
that the "modern workplace does not stop at state
boundaries and a national approach to this issue is required",
with a a balance between worker expectations of privacy
and the legitimate needs of employers (including an outright
prohibition on surveillance in 'private areas' of the
workplace - such as toilets and change rooms - where all
members of the community have a higher expectation of
Workplace privacy regimes in Europe reflect differing
community expectations (partly attributable to traditions
of employee activism), national legal codes and the broader
framework provided by various EU data protection, security
and industrial relations directives.
Overall, EU employers are ostensibly bound by comprehensive
data protection rules that regulate employer collection
of personal information employees. Those rules emphasise
appropriateness (eg for purpose and collection limitations,
accuracy of data, limits on retention of data, security,
and protections against the transfer of data to countries
with weaker protections. The expectation is that the regime
will enable legitimate monitoring by employers while ensuring
protection for employees, in essence placing both on an
In the UK for example employees can monitor email and
web use in the workplace, subject to carrying out "an
impact assessment" to decide if surveillance is justified
and "does not overly infringe privacy rights".
Under the Information Commissioner's guidelines, as long
as employers have met the criteria of that impact assessment
they are not obliged to gain staff consent regarding that
surveillance, although most employers publish guidelines
on acceptable use or corporate networks and equipment
such as laptops.
The EU regime has been reflected in Canada and New Zealand.
In contrast, there is substantially lower protection in
the US, where at the federal level there is no general
protection of workplace privacy except where an employer
violates the employee's reasonable expectation of privacy
and thus acts tortiously. As with Australia, the US regime
features a patchwork of federal and state legislation
and industry codes.
Those rules provide employees with limited rights and
are strongly biased towards waivability, ie assume employes
will surrender rights in return for employment. Employees
typically do not have a comprehensive right to access,
inspect, or challenge information collected or held by
the employer. Some protections are technology-specific,
with for example federal law providing that private sector
employees cannot be required to submit to a polygraph
examination by employers.
H Jeff Smith's Managing Privacy: Information Technology
& Corporate America (Chapel Hill: Uni of North
Carolina Press 1995) predates the Web but remains of value
as an examination of how many US businesses develop privacy
policies and the extent to which those policies are implemented.
It is complemented by works such as Robert Smith's From
Blackjacks to Briefcases: A History of Commercialized
Strikebreaking and Unionbusting in the United States
(Athens: Ohio Uni Press 2003) on covert surveillance and
Andrew Schulman's 2001 The Extent of Systematic Monitoring
of Employee E-mail and Internet Use report.
Australian federal and state/territory law reform commissions
have published a succession of studies on workplace privacy.
They include the 2005 Victorian Law Reform Commission
Resources on the shape of work and command of the 'binary
proletariat' feature elsewhere on this site. They include
pointers to texts such as On the Front Line: Organization
of Work in the Information Economy (Ithaca: Cornell
Uni Press 1999) by Stephen Frenkel, Marek Korczynski &
May Tam, The Making of a Cybertariat: Virtual Work
in a Real World (London: Merlin Press 2003) by Ursula
Huws, White-Collar Sweatshop (New York: Norton
2001) by Jill Fraser, The Electronic Sweatshop
(New York: Simon & Schuster 1988) by Barbara Garson
and Real Love: In Pursuit of Cultural Justice
(New York: NY Uni Press 1998) by Andrew Ross.
Works on blog-related
and social network-related
dismissals of employees are featured elsewhere, along
with a discussion
of workplace censorship.
next page (prisons
and other institutions)