Caslon Analytics elephant logo title for Privacy guide
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa

overview

issues

principles

Aust law

EU law

New Zealand

Asia law

N America

agencies

advocacy

reports

primers

other writing

technologies

harbours

statements

media

business

costs

spatial

cctv

bodies

workplace

prisons

politics

telecoms

search

attitudes

harvests

landmarks









section heading icon     in the workplace

This page considers privacy in the workplace.

It covers -

subsection heading icon     introduction

Surveillance by public and private sector employers of the activities of their workforce is both traditional and increasingly contentious, as employees question surveillance that may be systematic, invisible and often non-consensual.

Managerial supervision of people in the workplace - an organisation's staff and contractors - is central to the operation of all organisations, particularly those that have a geographical spread and employ large numbers of people. Oversight is a tool for quality control, identification of training needs, recruitment/promotion and action to address workplace abuses (eg harassment of an employee's pers/subordinates or defalcation).

That surveillance may, however, extend into what employees consider to be private space (eg from the place of employment into their homes or into locations such as changerooms where observation by the employer is inappropriate), used to defeat legitimate industrial relations activity or merely to reinforce power relationships in a way that degrades and disempowers individuals or classes of people.

Fordist notions of management have for example resulted in employer monitoring of employee homes and families or the employee's political and religious affiliations. They have also resulted in employee scrutiny of quasi-private spaces (such as bags and lockers) and monitoring of communications. In Australia some of the most egregious abuses have involved covert video surveillance of change rooms, whether to reduce pilferage or merely to gratify the voyeuristic tastes of those conducting the surveillance.

In the digital environment - particularly where the work is founded on use of technologies such as phones and networked computers - workplace surveillance has increasingly shifted from physical to electronic observation, including automated large-scale observation of employees.

Such surveillance encompasses mechanisms such as

  • monitoring of postal mail, email and instant messaging
  • phone monitoring
  • location monitoring (including monitoring outside the employer's premises via GPS or other technologies, with or without the employee's awareness/consent)
  • monitoring of web surfing, including examination of time spent outside an intranet and visits to particular sites (eg chat rooms, auction sites, sports sites, adult content and music/video sites)
  • closed-circuit video monitoring
  • keystroke logging

Advocates have also notes concerns regarding drug testing (including blood, hair and urine samples), genetic screening and psychological testing.

Organisations have typically justified that surveillance as

  • a productivity tool
  • benign because machine- rather than human-based
  • essential to address concerns about legal liability (eg misuse of corporate networks)
  • a key aid in the war on terror and cyber-crime
  • a response to supposed 'epidemics' of cyber-addiction ("25 to 50 percent of cyber-addiction is occurring at the workplace ... That means employees are getting paid to participate in activities that are not work-related")
  • appropriate given employee use of corporate resources (eg networks) rather than private resources

or simply not a privacy issue.

Critics have responded that electronic surveillance is not necessarily more benign (and indeed may be more threatening because more insidious or because data is misused), denies the integrity and autonomy of individuals, and - as in the past - is implicitly coercive because surveillance is a condition of employment.

Activists have contrasted current conditions with those of the past, arguing that a de-unionised 'binary proletariat' (or one whose production facility can be transferred to a more submissive offshore workforce) is not in a position to constrain employers through concerted industrial action and cooption of government regulators.

subsection heading icon     issues

That debate embodies broader disagreements about the rights and responsibilities of individuals, organisations and the state. It also reflects disagreement about risk and management style. Some industry figures for example criticise abuses by their peers, arguing that particular objectives can be better achieved without privacy invasions or simply have an unacceptable cost in terms of resentment by employees and distrust by customers.

A 1996 report by the International Labor Organisation (ILO), one of the UN organisations that are largely ignored by most governments, sought to identify key concerns regarding to new workplace surveillance technologies. It argued that -

  • use is a violation of basic human rights and dignity
  • use is often carried out without adequate consideration for such interests and through gaps in national/provincial privacy law
  • electronic workplace monitoring facilitates extension into monitoring of the private lives of workers
  • surveillance fosters "a divisive mentality which is destructive to both workers and employers" because employees consider that they are controlled and not trusted
  • surveillance practices can be used to discriminate or retaliate against workers, including action that may be difficult for workers to discover
  • monitoring involves issues of exercising control over workers and control over the data relating to specific workers.

The report noted that employers typically claim that the privacy rights of individual workers are balanced by the employer's duty to other workers, to customers and to other parties (eg corporate shareholders). Employers similarly claim to have no interest in the personal habits of employees and argue that abuses can be most effectively addressed through existing legislation (eg anti-discrimination law) rather than tighter government regulation of private sector surveillance.

The ILO commented that employers do have an interest in monitoring in order to address security risks, sexual harassment, and to ensure the acceptable performance of employees. However, these activities may diminish employee morale and dignity, and increase worker stress.

Other organisations have noted concerns such as -

  • current privacy and workplace/industrial relations legislation "may not cover all forms of surveillance or emerging technologies such as biometrics"
  • that legislation often does not apply to surveillance in the workplace because of restricted definitions of "private", "private activities" and "private conversations"
  • "it offers no protection to workers who agree to employer use of surveillance devices in circumstances where they may not feel they are free to withhold their consent"

subsection heading icon     prevalence

There are comprehensive statistics on the prevalence of workplace surveillance and the incidence of privacy breaches.

A 2006 survey by Forrester of 294 US companies resulted in the claim that "more than a third of American companies with 1,000 or more workers say they employ people to read through other employees' outbound e-mail", with around half of those organisations "regularly" going through outbound email "in search of rule-breaking" (including leaked trade secrets, improperly disclosed financial information or illegally released health records).

The figure is consistent with past academic research, although there are questions about the intensiveness and effectiveness of the corporate surveillance.

32.1% of the surveyed businesses reported firing an employee within the preceding year for breaking email rules. Around 45% of the companies said they used software to search through their employees' messages for offensive words, supposedly in response to the preceived threat of litigation (with 21% of those surveyed reporting their employees' email had been subpoenaed over the preceding year, a rate that doubled since 2004.

The much-cited (but apparently little-understood) 2001 American Management Association (AMA) Workplace Monitoring & Surveillance survey claimed that around 75% of major US businesses "record and review employee communications and activities", with

  • monitoring of telephone use (43% of respondent enterprises)
  • monitoring of voice mail messages (7%)
  • video surveillance for security purposes (37%)
  • storage & review of computer files (36%)1
  • storage & review of email messages (47%)
  • monitoring internet connections (63%) and blocking access to sites (40%)

As noted above, "most respondent firms carry on surveillance practices on an occasional basis in the manner of spot checks rather than constantly or on a regular routine".

In 2008 a follow-up report by the American Management Association and the ePolicy Institute claimed that over half of the surveyed companies had fired workers for inappropriate use of email or the net, with 43% monitoring email and 45% "tracking other Web activities". That monitoring reflected judgements such as Alana Shears v Epson America (1994) in which a court held that it was permissible for a business to access email to/from a corporate machine even if the organisation had a written policy to the contrary.

It is thus common to see advice to US nongovernment employees along the lines that -

  • employees using company-owned email systems should assume their email and instant messaging at work (and outside work if access is via a corporate network) is being monitored, including for purposes such as maintenance of confidentiality and minimisation of sexual harassment
  • employers can legally monitor employee access to personal email, blogs, social software network services (eg Facebook) on a company-owned device
  • employers may be under an unwaivable obligation to monitor and retain records of communications (eg in relation to securities regulation). Some state and federal law allows organisations to waive a right to monitor online content on their network if they do do not monitor it regularly, with employers accordingly articulating monitoring policies that indicate a decision to overtly monitor does not constitute a waiver.
  • even where personal surfing and email use in the workplace is permitted by the employer, inappropriate personal communications (eg providing confidential information to a future employer) via a corporate network may wind up as evidence, with some lawyers quipping that employees should not send anything that they wouldn't mind appearing on a giant screen in Times Square or a courtroom.
  • employers also have the right to look at which sites have been visited by employees via company-owned equipment.

Surveillance is not merely online and on occasion takes forms that might be considered to be quite bizarre.

In 2007 for example it was revealed that private investigators for Wal-Mart have trailed managers of that organisation to determine whether they are sleeping with lower-level employees in violation of company policy. In one instance, discovered as part of legal documents after a manager was fired for "improper fraternization" with a subordinate, the investigator pressed his ear against a hotel room door and heard "moans and sighs".

subsection heading icon     the ILO Code

A potential global framework for workplace privacy is provided by the 1996 International Labour Organization code of practice on the protection of employee personal data (PDF).

The code centres on a requirement that collection and use of employee data should be and consistent with Fair Information Practices (FIPs), comparable with information privacy principles highlighted in preceding pages of this guide.

The code covers private and public sector employees. It provides that -

  • employees should have notice of data collection processes
  • employees cannot waive privacy rights
  • data should be collected and used lawfully and fairly
  • data should not be transferred to third parties without the employee's consent or to comply with a legal requirement
  • employers should collect the minimum necessary data required for employment
  • each employee should have access to his/her data
  • data should be collected only from the employee, except with that person's consent
  • data should only be used for reasons directly relevant to employment and only for the purposes for which the data was originally collected
  • data should be held securely
  • medical data is confidential
  • certain data, such as sexual preference/activityand political and religious beliefs, should not be collected
  • particular collection techniques such as polygraph testing should be prohibited.

The ILO code has been influential in much of Europe but has had little impact in the rest of the world.

subsection heading icon     Australian and overseas law

The Australian workplace privacy regime - discussed in more detail elsewhere on this site - occupies a middle ground between the European and US regimes.

It features a complex of federal and state/territory legislation (eg the federal Privacy Act and the NSW Workplace Surveillance Act 2005) and codes of practice. Much of that legislation centres on covert surveillance.

In 2005 the federal and state/territory Standing Committee of Attorneys-General agreed to work towards a national approach to workplace privacy reform across Australia, acknowledging that no legislative framework currently dealt with all aspects of privacy in the workplace.

The Victorian Law Reform Commission's 2005 report commented that the "modern workplace does not stop at state boundaries and a national approach to this issue is required", with a a balance between worker expectations of privacy and the legitimate needs of employers (including an outright prohibition on surveillance in 'private areas' of the workplace - such as toilets and change rooms - where all members of the community have a higher expectation of privacy).

Workplace privacy regimes in Europe reflect differing community expectations (partly attributable to traditions of employee activism), national legal codes and the broader framework provided by various EU data protection, security and industrial relations directives.

Overall, EU employers are ostensibly bound by comprehensive data protection rules that regulate employer collection of personal information employees. Those rules emphasise appropriateness (eg for purpose and collection limitations, accuracy of data, limits on retention of data, security, and protections against the transfer of data to countries with weaker protections. The expectation is that the regime will enable legitimate monitoring by employers while ensuring protection for employees, in essence placing both on an "equal footing".

In the UK for example employees can monitor email and web use in the workplace, subject to carrying out "an impact assessment" to decide if surveillance is justified and "does not overly infringe privacy rights". Under the Information Commissioner's guidelines, as long as employers have met the criteria of that impact assessment they are not obliged to gain staff consent regarding that surveillance, although most employers publish guidelines on acceptable use or corporate networks and equipment such as laptops.

The EU regime has been reflected in Canada and New Zealand. In contrast, there is substantially lower protection in the US, where at the federal level there is no general protection of workplace privacy except where an employer violates the employee's reasonable expectation of privacy and thus acts tortiously. As with Australia, the US regime features a patchwork of federal and state legislation and industry codes.

Those rules provide employees with limited rights and are strongly biased towards waivability, ie assume employes will surrender rights in return for employment. Employees typically do not have a comprehensive right to access, inspect, or challenge information collected or held by the employer. Some protections are technology-specific, with for example federal law providing that private sector employees cannot be required to submit to a polygraph examination by employers.

subsection heading icon     studies

H Jeff Smith's Managing Privacy: Information Technology & Corporate America (Chapel Hill: Uni of North Carolina Press 1995) predates the Web but remains of value as an examination of how many US businesses develop privacy policies and the extent to which those policies are implemented.

It is complemented by works such as Robert Smith's From Blackjacks to Briefcases: A History of Commercialized Strikebreaking and Unionbusting in the United States (Athens: Ohio Uni Press 2003) on covert surveillance and Andrew Schulman's 2001 The Extent of Systematic Monitoring of Employee E-mail and Internet Use report.

Australian federal and state/territory law reform commissions have published a succession of studies on workplace privacy. They include the 2005 Victorian Law Reform Commission report (PDF).

Resources on the shape of work and command of the 'binary proletariat' feature elsewhere on this site. They include pointers to texts such as On the Front Line: Organization of Work in the Information Economy (Ithaca: Cornell Uni Press 1999) by Stephen Frenkel, Marek Korczynski & May Tam, The Making of a Cybertariat: Virtual Work in a Real World (London: Merlin Press 2003) by Ursula Huws, White-Collar Sweatshop (New York: Norton 2001) by Jill Fraser, The Electronic Sweatshop (New York: Simon & Schuster 1988) by Barbara Garson and Real Love: In Pursuit of Cultural Justice (New York: NY Uni Press 1998) by Andrew Ross.

Works on blog-related and social network-related dismissals of employees are featured elsewhere, along with a discussion of workplace censorship.






icon for link to next page     next page (prisons and other institutions)



this site
the web

 

version of March 2007
© Bruce Arnold
caslon.com.au | caslon analytics