Assignment

OF

Organisational Behaviour

Employee’s privacy issues

By
Mohd Asif Anis
M.B.A(IB)
Section A
3rd Semester
Privacy is considered by many to be the most important legal issue of the 21st
century. With the explosion of communications technology since the late 20th
century, privacy laws regarding cell phones, text messaging, emails, and
voicemail are still very rudimentary where they exist at all. Workplace privacy
may be one of the stickiest areas regarding privacy law, as a line is yet to be
clearly drawn dividing employer rights from employee privacy.

Most often, workplace privacy issues swirl around the controversy of how
closely an employer can monitor its employees. Some companies have invested
considerable time in creating privacy guidelines meant to explain exactly what
is and is not allowed in terms of monitoring, but these guidelines are almost
never legally binding. In some cases they may even be used to create a false
sense of security among employees. Most experts suggest avoiding the whole
messy business of workplace privacy by never using company computers or cell
phones for anything other than company business, but various complications
can still ensue, resulting in legal consequences.

In most places, employers have the right to listen to phone calls, read email and
text messages, and even monitor workplace conversations. Information gathered
from this monitoring is used to measure employee efficiency and performance.
Some companies may put safeguards on company property to prevent misuse,
such as blocking certain websites or forbidding downloads of anything not
related to company issues. Yet even if a company states that employees are
allowed to use computers and other property for personal use, there is legal
precedent showing that employers can lie about policy and monitor personal
activity regardless of claims or policy to the contrary.

Company ethics policies further complicate issues of workplace privacy. Some

companies require that employees sign agreements that stipulate ethics both in
and outside of the workplace. Arrests, recreational drug use, or even legal
activity such as drinking may be used as grounds for firing or punishing an
employee, even if the activity occurred outside the workplace and had no
bearing or ill effect on job performance.

Employees constitute another group whose Internet use has come under
increasing scrutiny. Work-place surveillance pits employers' financial interests,
the protection of corporate intellectual property, workplace productivity, and
security against the privacy rights of employees.

International Data Corporation (IDC) attributes 30 to 40 percent of all lost

worker productivity to personal Web surfing on company time; this costs U.S.
companies about $54 billion annually. According to the American Management
Association, in 2000 nearly 75 percent of all major U.S. companies monitored
employee communications, including telephone calls, e-mail, and Internet
connections; this represented nearly twice the percentage that did so in 1997.

Frequently the supervision of employee behavior falls to the information

technology (IT) department, though increasingly U.S. firms also hire CPOs—
Chief Privacy Officers. Many companies use monitoring software that scans not
only Web-site URLs, but the actual content of Web pages, to determine whether
employees' online activity is linked to their workplace duties.

Employee Privacy Rights In Workplace

These employee privacy rights workplace intrusions are predicted to
increase as time goes on. settings have brought two opposing points of
view to the forefront for employers. When dealing with privacy issues in
workplace situations, employers are duty bound to maintain an
environment that is not hostile to workers. The courts have passed laws
concerning hat the employer increasingly has to observe and respect.

 race
 ethnicity
 sexual orientation
 age
 gender
 social or economic background
 and religion

Employer Responsibility
Employers are constantly challenged not to violate any of the
aforementioned areas of privacy rights in the workplace. Employers are
facing increasing legal hot water for the employee misuse of company –
owned computer systems. While protecting its customers, investors and
workers, employers have to make certain the use of its systems do not
cause damage.

Employee Responsibility
 Invasion of employee privacy complaints can result when employers seek
to enforce the appropriate use of electronic systems policies or violates its
own policies.

Generally speaking, privacy rights are granted by specific laws, rules, or

regulations. Some of those rights apply in the workplace and some don't. And
even if there is no specific law, a right to privacy can be based on the legal
common law concept of having a "reasonable expectation of privacy." For
employers and employees, privacy issues have become increasingly prevalent in
the workplace, and with the increased use of electronic resources, privacy at
work is even more complex. So it is important that managers and supervisors
have a basic understanding of a few of the more frequent privacy rights and
issues that can arise, as well as the boundaries that may apply.

There are several areas of human capital management in which privacy rights
are established. Whether federal, state, or local law creates the right, you should
be aware of the issues. Here is a general overview:

Personnel Records: Employees generally have a right to privacy in their

personnel records, except in a few specific circumstances. That means
employers are generally not permitted to disclose personnel records to third
parties without a legal obligation to do so or the employee's permission. The
right can be found in state statutes, codes, or by judicial case law. Also,
employees in most states have the right to request access to their personnel files
upon proper notice.

Social Security Numbers: With the increase in identity theft, various statutory
laws have been enacted to protect the privacy of social security numbers. For
example, many states expressly limit and/or prohibit the use of all or part of
social security numbers as computer passwords or employee ID numbers. Some
states also limit whether and to what extent social security numbers can be used
on itemized wage statements. There also are many state laws that require
extensive disclosures by employers in the event a company suspects that certain
kinds of personal information about employees or belonging to them may have
been compromised.

Monitoring and Eavesdropping: There are extensive anti-eavesdropping laws

that prohibit tapping into or listening to telephone conversations, voicemail
systems, and electronic communications systems. For example, some states
have civil and criminal statutes that require both parties to a telephone
conversation to consent to being recorded or listened to, while other states
require that only one party consent. Surveillance by camera is also subject to
various legal requirements regarding notice and disclosure to employees.
  There are several other federal and state laws that permit employers, in
some circumstances, to monitor, save, record, access, or otherwise
conduct surveillance of employees' use of company electronic
communication resources and systems. Usually, these laws require clear,
unequivocal notice by the employer or owner of the electronic
communication system that such monitoring and/or access may occur,
and advance notice of the lack of privacy in the use of the systems. In
many cases, advance consent by the users is also required by law.
Consistent with these laws, most employers have policies regarding
electronic resources that inform employees that access to and use of any
data contained in any company-owned or -provided electronic resource
system or tool, including but not limited to e-mail, use of the Internet, and
voicemail, is not private to the employees, belongs to the company, and is
subject to various types of monitoring, access, and disclosure by the
company.
 Most employers also have Information Security Policies with detailed
information that every manager, supervisor, and employee must comply
with at all times. Usually, employees are required to sign an
acknowledgement that they have read and understood the policy and will
comply with it.

What are employee privacy rights?

Employees have privacy rights in the workplace in most states. These privacy
issues in the workplace pertain to the employee’s…

personal belongings, including briefcases or handbags.

 telephone conversations and voice mail.

 personally addressed e-mail.
 personal storage lockers.
 personally addressed mail.

Nevertheless, the employee right to privacy is extremely restricted regarding

computer, internet, and e-mail use of employer owned systems. Telephone and
voice mail are also subject to monitoring restrictions by employers. Employees
should always be treated with respect, dignity, appreciation and not
exploitation. Federally protected rights that employers should honor are…
  not to misuse employee health or medical information for insurance
purposes.
 no privacy invasion because the employee works at home.
 always inform workers about surveillance.
 appropriate drug testing that does states legitimate reason related to
performance without prying into the employee’s medical history or
personal life.
 to keep the employee’s information confidential.
 to get clearly informed consent from employees before gathering
information.

Speaking notes for

Malcolm Crompton, Federal Privacy Commissioner

Current Workplace Privacy Issues

Deacons Speech 23/10/03

1. “Many organizations have failed to recognize [a] major privacy risk within
their organization - the data they collect about their own employees…”
[Developments in both the domestic and international arenas are now
pushing employee privacy issues to the forefront. The evolving legislative
and judicial privacy landscape around the world is making successful
management of global workforce data increasingly difficult. An
inadequate employee privacy program that fails to consider these new
rules and regulations can not only expose a company to potential privacy
breaches, but can also affect the deployment of new systems designed to
bring new efficiencies to human resources ("HR") functions. Without a
diligent review of employee privacy regulations, companies could
experience financial loss on investments made on global HR systems and
HR technology solutions. While substantial challenges are involved,
employee privacy can be managed effectively and actually help to bring
efficiencies to corporate HR initiatives. Moreover, effective privacy
policies can also be used to improve the employer/employee relationship
 and combat perceived "secrecy" surrounding a company's HR practices
and the information maintained about employees.

Employee rights to privacy in the workplace continue to feature regularly

in the media, covering topics such as:
• Email usage;

• Web surfing;

• Video surveillance;

• Drug testing;

• RFID;

• Psychological testing;

• Use of biometrics (to monitor attendance and give access/ security

level);

• Future use of genetic testing.

Appropriate mix of trust and accountability

 Striking a balanced mix of mutual trust and accountability is what is
important when it comes to workplace privacy. There are three distinct
types of interaction within organisations that influence this mix
including:
• Staff to organisation

• Organisation to staff

• Organisation + staff to customers

 Employers have legal responsibilities to staff and shareholders. In

undertaking a privacy risk management approach, employers need to
ensure that resources are being used properly by staff and that staff are
not being harassed or abused through the improper use of IT systems.
 Privacy invasive monitoring reflects an employer–employee relationship
which is not based on mutual trust. Invasive monitoring may contribute
to low employee moral and work satisfaction – potentially a major
contributor to low productivity.
  Organisations need to advise employees about their policies – outlining
what is and is not acceptable behaviour; what the organisational values
are; what the organisation’s rules or code of conduct are.
 Employee attitudes to workplace monitoring are closely intertwined with
our strong sense of Right to a Fair Go (absence of discrimination/ chance
to right a wrong) and the rights of the Aussie Battler (first recorded in
1896 in a Henry Lawson story). Organisation’s would be wise to
consider the impact cultural attitudes to employee loyalty.
Yes, the technology has changed the face of the workplace – the issues remain
the same…Cast your mind back to the initial response to photocopiers (in
particular colour photocopiers), faxes or the desk telephone. New
technology has caused a lot of interest in this area but the issues have been
around for a long time. For example, employee productivity levels, efficient
use of equipment and resources, and, risk management of intellectual
property.

Legislation Overview
Privacy Act 1988 – Employee Exemptions
• Guidelines on Workplace E-mail, Web Browsing and Privacy (30/3/2000)
OFPC Statistics NPP Exemption - employee records

Total calls by
financial year 2001/2002 2002/2003

618 903

Total enquiries
by financial year 2001/2002 2002/2003

13 99

Global attention to workplace monitoring is increasing

UK Information Commissioner, Employment Practices Data Protection
Code: Part 3 Monitoring at Work.(11/06/2003)
(http://www.dataprotection)

Benefits of the Employment Practices Code:

• increase trust in the workplace - there will be transparency about information
held on individuals, thus helping to create an open atmosphere where
workers have trust and confidence in employment practices.
• encourage good housekeeping - following the Code encourages
organisations to dispose of out-of-date information, freeing up both physical
and computerised filing systems and making valuable information easier to
find.
• protect organisations from legal action – adhering to the Code will help
employers to protect themselves from challenges against their data
protection practices.
• encourage workers to treat customers’ personal data with respect - following
the Code will create a general level of awareness of personal data issues,
helping to ensure that information about customers is treated properly.
• help organisations to meet other legal requirements - the Code is intended to
be consistent with other legislation such as the Human Rights Act 1998 and
the Regulation of Investigatory Powers Act 2000 (RIPA).
• assist global businesses to adopt policies and practices which are consistent
with similar legislation in other countries - the Code is produced in the light
of EC Directive 95/46/EC and ought to be in line with data Code of Practice
– monitoring at work About the Code protection law in other European
Union member states.
• help to prevent the illicit use of information by workers - informing them of
the principles of data protection, and the consequences of not complying
with the Act, should discourage them from misusing information held by the
organisation.
13. Hong Kong, Office of the Privacy Commissioner for Personal Data, A Draft
Code of Practice on Monitoring and Personal Data, Privacy at Work,
Consultation Document (Release 8/3/2002)
• Principle of Proportionality
• Principle of Transparency
• Scope
• Monitoring of Telephone Calls
• Monitoring of E-mail
• Monitoring of Computer Usage e.g. Internet access
• Video Monitoring.
• Issues
• Blurring of home/work boundary’s (…as working from home
becomes more common, and as employees may be expected to take
calls and attend to E-Mail outside formal hours of work s 4.3)
• Domestic helpers or guest workers.
Balanced Risk Assessment
A balanced risk assessment needs to address the changes in technology and
workplace context. For example, there are four key areas employers need
to consider:
BALANCE:

• The employer has a right to know what staff are doing during work hours;
they also have a responsibility to ensure the workplace is free from
harassment and hostility.

• Staff should be able to organise some of their personal lives free from the
surveillance of their employer.

PROPORTIONALITY:

• Data Collection limitations principles applies (1.1) Surveillance and

testing must be in proportion to the risks.

• Drug testing operators of heavy machinery / would seem appropriate;

Drug testing everyone in a company would not.

TRANSPARENCY/OPENNESS:

• Be open and transparent about what the company is doing; tell employees
what monitoring is taking place and why.

• Be open about the process; have a policy, negotiate it with staff and
circulate it.

PREVENTION:

• Prevent problems before they occur – implement in software that

automatically blocks access to unauthorised sites.

• Educate and train staff in organisational policies – ensure the do and don’ts
are clear.
 Background

1. A recurring theme is that organisations are not being open and honest with
their employees, engaging in covert surveillance of employees.
2. The key concerns include cost of non-productive use of resources or cost of
lost productivity.

Cultural and Technical Issues

increased employee monitoring powers raise the risk that false inferences can be
drawn about employee contact. For instance, an employee might accidentally
visit whitehouse.com, a pornographic web site, while attempting to access
whitehouse.gov. An employee network monitoring appliance can detect access
to the inappropriate site, but not the intent of the employee. With these new
monitoring tools and potential to draw false inferences, it is important now
more than ever for employees to have basic due process protections--the right of
notice of the violation and some "opportunity to be heard."