Focusing public attention on emerging privacy and civil liberties issues

Workplace Privacy

Top News

  • Supreme Court to Hear Workplace Privacy Case, Rule on Safeguards for Text Messages: The Supreme Court agreed to hear a case that will determine what privacy safeguards apply to text messages transmitted through government employees' pagers. In City of Ontario v. Quon, a federal appeals courts held that California police officers "have a reasonable expectation of privacy" in some personal text messages sent while at work. The Supreme Court will review the ruling. For more, see EPIC Workplace Privacy. (Dec. 14, 2009)
  • Former Employer Caught Snooping on Employee's Private Email. A former employee of Structured Settlement Investments filed a lawsuit against the company claiming that the company had been reading his personal yahoo e-mail messages. The company prohibited the former employee from engaging in a similar line of work for 3 years post employment. The case, filed in a Connecticut federal court, alleges that the company gained access to the personal e-mail on a private account, while the company claims to have knowledge about the employee because it was on his computer screen where others could see. (June 27, 2008)
  • Court Rules in Favor of Employee Privacy. The 9th Circuit Court upheld the workplace privacy rights of employees in its decision in Quon v. Arch Wireless. Sgt. Jeff Quon and 3 other officers sued Arch Wireless for sharing wireless communication records with their employer, the Ontario Police Department. The City contracted for text messaging service for employees, and later obtained records to investigate whether all communications were work related. The court's decision reversed a lower court ruling, and found that the carrier was in violation of the 4th Amendment and California constitutional guarantees. (June 19, 2008)

Introduction

Workers of the world are exposed to many types of privacy-invasive monitoring while earning a living. These include drug testing, closed-circuit video monitoring, Internet monitoring and filtering, E-mail monitoring, instant message monitoring, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging. Employers do have an interest in monitoring in order to address security risks, sexual harassment, and to ensure the acceptable performance of employees. However, these activities may diminish employee morale and dignity, and increase worker stress.

The Modern Challenge of Workplace Privacy

While gone are the days where Henry Ford would inspect the homes of workers, employers have new means to acquire information about employees, and these new means require a reevaluation of basic fairness in the employee-employer relationship.

Many workers are not protected with due process guarantees against arbitrary discharge. Absent state law or contract, employers can often dismiss an employee for any reason, or no reason, even if the decision to terminate is based on false information.

At the same time, increased employee monitoring powers raise the risk that false inferences can be drawn about employee contact. An employee network monitoring appliance can detect access to the inappropriate site, but not the intent of the employee. With these new monitoring tools and potential to draw false inferences, it is important now more than ever for employees to have basic due process protections--the right of notice of the violation and some "opportunity to be heard."

This field is also nuanced. Employees may desire medical screening, including genetic screening, prior to employment. For instance, in certain workplaces, it is possible to screen an employee for predispositions to disease that may be exacerbated by the presence of chemicals essential to the business. Similarly, background checks are often appropriate for positions of trust, such as a police officer, but not appropriate for jobs unrelated to public safety or the handling of very large sums of money.

In the United States and many third-world countries, workers have very few privacy protections in law. There are few situations where an employee has a due process right to access, inspect, or challenge information collected or held by the employer. There are a patchwork of state and federal laws that grant employees limited rights. For instance, under federal law, private-sector employees cannot be required to submit to a polygraph examination. However, there are no general protections of workplace privacy except where an employer acts tortiously--where the employer violates the employee's reasonable expectation of privacy.

European employers are bound by comprehensive data protection acts that limit and regulate the collection of personal information on workers. These laws specifically call for purpose and collection limitations, accuracy of data, limits on retention of data, security, and protections against the transfer of data to countries with weaker protections. These protections place employees on a more equal footing while allowing employers to monitor for legitimate reasons.

The ILO Code: The Standard for Workers' Rights

In 1996, the International Labour Organization (ILO) adopted a code of practice on the protection of workers' personal data. The ILO code is regarded as the standard among privacy advocates for protection of workers' privacy rights. The code specifies that workers' data should be collected and used consistently with Fair Information Practices (FIPs). The protections include:

  • Coverage for both public and private sector employees.
  • That employees should have notice of data collection processes.
  • That data should be collected and used lawfully and fairly.
  • That employers should collect the minimum necessary data required for employment.
  • That data should only be collected from the employee, absent consent.
  • That data should only be used for reasons directly relevant to employment, and only for the purposes for which the data were originally collected.
  • That data should be held securely.
  • That workers should have access to data.
  • That data should not be transferred to third parties absent consent or to comply with a legal requirement.
  • That workers cannot waive their privacy rights.
  • That medical data is confidential.
  • That certain data, such as sex life and political and religious beliefs, should not be collected.
  • That certain collection techniques, such as polygraph testing, should be prohibited.

Privacy Journal's Principles for Restricting Surveillance in the Workplace

Robert Ellis Smith, editor of the Privacy Journal, has created a model for US employers that offers strong protections for workers' privacy. Smith's model, which was presented to the Service Employees Union on October, 27, 2000. It calls for annual notice to employees of the monitoring type, purpose, and location, provisions for data destruction, audit trails, and a right of action against an employer for invasion of privacy for violations of the principles.

US Approaches, Legislation, and Protections

In 1977, the Privacy Protection Study Commission (PPSC), which was convened pursuant to the Privacy Act of 1974, issued a report covering workplace privacy. The report recognized that employers collect a broad range of information on workers, and focused on delineating lines of fairness on the collection and use of employee information. It also recognized that much had changed since the development of common law employment norms. America is now longer a country of the self-employed, but rather of employees who do not always have the power to bargain the terms of employment. Quoting the Equitable Life Assurance Society of the U.S., the PPSC's approach recognized that "people with a given employment statusÖmust adhere to many terms of employment set by the organization they work in if they are to work at all."

The PPSC pursued three public policy objectives, and 34 recommendations to meet the objectives. The objections were first, to minimize intrusiveness in hiring, and specifically to reduce the practice of obtaining information about an employee from a third party, such as a credit reporting agency. Second, to maximize fairness, by reducing use of arrest information and ensuring that information collected is accurate, complete, and timely. Third, the PPSC pursued the goal of creating a legitimate and enforceable expectation of confidentiality in employment records.

The Electronic Communications Privacy Act of 1986 (ECPA) is the only federal statute that offers workers protections in communications privacy. ECPA prohibits the intentional interception of electronic communications. However, the ECPA contains loopholes that facilitate employee monitoring. First, employers are permitted to monitor networks for business purposes. This enables employers to listen in on employee phone calls or to view employees' e-mail. Employers may not monitor purely personal calls, however, in order to determine that a call is personal, employers usually have to listen to portions of the employee's conversation. Second, an employer may intercept communications where there is actual or implied employee consent. Consent has been found where there employer merely gives notice of the monitoring.

There have been attempts to increase workers' privacy through new legislation. In 1993, Senator Paul Simon (D-IL) introduced the Privacy for Consumers and Workers Act. The measure would have established a standard for notice, access to information, and use limitations. However, the bill did not leave the committee to which it was assigned. The Notice of Electronic Monitoring Act (NEMA) was introduced by Representative Charles Canady (R-FL) and Senator Charles Schumer (D-NY) in 2000. NEMA would have established a private right of action against employers who failed to give notice of wire or network monitoring. The measure did not leave committee.

Privacy Guidelines for the Workplace - International

EUROPEAN UNION:

AUSTRALIA:

Specific Methods of Worker Surveillance

Remarkably invasive tools exist to monitor employees at the workplace. These include:

  • Packet-sniffing software can intercept, analyze, and archive all communications on a network, including employee e-mail, chat sessions, file sharing, and Internet browsing. Employees who use the workplace network to access personal e-mail accounts not provided by the company are not protected. Their private accounts, as long as they are accessed on workplace network or phone lines, can be monitored.
  • Keystroke loggers can be employed to capture every key pressed on a computer keyboard. These systems will even record information that is typed and then deleted.
  • Phone monitoring is pervasive in the American workplace as well. Some companies employ systems that automatically monitor call content and breaks between receiving calls.
  • Video surveillance is also widely deployed in the American workplace. In a number of cases, video surveillance has been used in employee bathrooms, rest areas, and changing areas. Video surveillance, under federal law, is acceptable where the camera focuses on publicly-accessible areas. However, installment in areas where employees or customers have a legitimate expectation of privacy, such as inside bathroom stalls, can give the employee a cause of action under tort law.
  • "Smart" ID cards can track an employee's location while she moves through the workplace. By using location tracking, an employer can even monitor whether employees spend enough time in front of the bathroom sink to wash their hands. New employee ID cards can even determine the direction the worker is facing at any given time.
  • Increasingly, employers are using psychometric or aptitude testing to evaluate potential employees. Such tests purport to assess intelligence, personality traits, religious belief, character, and skills.
  • Satellite or Global Positioning System (GPS) Surveillance Technology is now incorporated into cell phones, and vehicle tracking technology. GPS is a global navigation tracking system deployed by the Department of Defense, later used extensively for air travel, and has now become available for personal communication devices and service features for personal ground transportation. Now the technology is being used by employers to keep track of employees who are in distributed work environments (construction, delivery, service providers, etc).
  • Employee Background Checks are increasingly used to screen perspective employees and current employees for criminal and credit histories. Adverse employment decisions based on the results of a criminal background check are not federally regulated, so employers in states without laws governing notice are not required to tell applicants about the negative reports.

Telecommuting

Telecommuters, or employees who labor remotely from the workplace encounter different privacy challenges. For instance, how can the employer monitor the employee's home without impinging upon non-work-related activities? What limits are there to prevent surveillance of the employee during off-hours? What about information collected about non-employee family members who may use work equipment? What about non-work related information on company based home offices? What about tax obligations for home offices that home owners might face? Where is the line between work and personal time? These questions remain unresolved.

Labor Issues - Computer Surveillance

In the United States, restricting employee communications may run afoul of fair labor laws where there is interference with union activities. In Pratt & Whitney, 26 AMR 36322, 12-CA-18446 (Feb. 23, 1998), the National Labor Relations Board (NLRB) reported in an advice memorandum that a company's computer network was a "work area." Accordingly, rules prohibiting all nonbusiness use of e-mail on a company's network could be unlawful. The NLRB has found that policies discriminating against union activity on computer networks run afoul of the National Labor Relations Act (NLRA). Employee monitoring that has the effect of selectively punishing labor organizing activities could violate the NLRA.

Labor Issues - Video Surveillance

Employers increasingly attempt to install hidden surveillance cameras. Recent cases have established a precedent that employers must provide notice to labor unions before installing surveillance cameras in the workplace and employers must provide the opportunity to negotiate and bargain over this action. In the most recent decision, however, the NLRB would not rescind the discipline of employees even if the employers illegally and secretly installed hidden cameras.

  • Anheuser-Busch, Inc. (14-CA-25299; 342 NLRB No. 49) St. Louis, MO July 22, 2004. In 1999, the Administrative Law Judge (ALJ) found that the installation of hidden cameras monitoring work areas requires notice and opportunity for bargaining. The ALJ found that the area in dispute could indeed be called a work area, thus broadening the definition of "work area." However, they did not revoke the discipline of the employees even though it was based on evidence obtained by the hidden cameras. In 2004, the NLRB upheld both decisions. The NLRB ruled that the employers were still justified in the disciplinary action taken against employees due to the evidence obtained by the hidden cameras. The board found that rescinding the discipline would violate the specific remedial restriction contained in Section 10(c) of the Act, which provides that "[n]o order of the Board shall require the reinstatement of any individual as an employee who has been suspended or discharged, or the payment to him of any backpay, if such individual was suspended or discharged for cause."
  • National Steel Corporation, 335 NLRB No. 60 (2001). The union requested information about cameras and bargaining as a result of the Colgate-Palmolive decision, but the employer disputed their right to such actions since surveillance was a pre-existing practice. The NLRB found that the union's failure to request bargaining on prior occasions did not constitute a waiver of the union's right to bargain over future installation of surveillance cameras. U.S. Court of Appeals for the Seventh Circuit agreed with the decision in National Steel Corp. v. NLRB, 324 F.3d 928 (2 PVLR 385, 4/14/03).
  • Colgate-Palmolive, 323 NLRB No. 515 (1997) (pdf). The NLRB found that the employer had violated section 8(a)(5) of the NLRA in refusing to respond to the union's request to bargain on the issue. They found it to be a mandatory subject of bargaining saying the installation of surveillance cameras is "outside of the scope of managerial decisions lying at the core of entrepreneurial control." 323 NLRB at 515.

Monitoring Public Employees

Government employees do enjoy some protection from searches under the Fourth Amendment. In O'Connor v. Ortega, the Supreme Court extended Fourth Amendment privacy protection to public workplace. In that case, the Supreme Court recognized a reasonable expectation of privacy in the governmental workplace. However, that expectation of privacy can be affected by office policies and practices. The plaintiff employee in O'Connor was found to have had a legitimate expectation of privacy in his desk and file cabinets. But, the rights conferred under O'Connor are narrow. The government still has the right to perform searches that serve interests in promoting efficient operation of the workplace. Government employers can also weaken expectations of privacy by informing employees that they do not have an expectation of privacy, or that their desks, computers, and lockers may be searched.

New Scanners For Tracking City Workers, New York Times,Section B January 23, 2007- In August 2006 the city began using palm scans to monitor Department of Design and Construction employees' entries and exits from work.
Fired Worker Claims Wal-Mart Spying, The Commercial Appeal, Pg. C5, April 5, 2007 - Wal-Mart according to a dismissed employee engaged in a large surveillance operation that spied on company workers, critics, vendors and consultants.

Monitoring of the US Judiciary

One related area of public employment that has been exposed to workplace monitoring is the federal judiciary. In May 2001, a group of US federal court judges learned that their Internet communication was being monitored by court administrators. The judges were troubled by the privacy and confidentiality issues raised by the monitoring. Some judges argued that the monitoring violated the Electronic Communications Privacy Act (ECPA). As a result, the judges disabled the Internet monitoring systems on their networks. A public conflict ensued between judges and the administrators who maintain judicial computers. The administrators wished to reinstate monitoring and adopt a policy giving federal judges and their staff no expectation of privacy in the workplace.

In September 2001, the Judicial Conference, the policy-making body of the federal judiciary, met to resolve the conflict. In anticipation of the meeting, EPIC sent a letter to the Judicial Conference urging the body to end monitoring of judges. The Judicial Conference rejected the administration policy that would have eliminated all expectation of privacy in the workplace. The Conference also voted to end e-mail monitoring of the judiciary. However, the Conference did approve limited monitoring of Internet use and prohibited the use of certain file sharing programs.

News

Surveys and Reports

The American Management Association (AMA) surveys major employers annually to determine the extent of workplace surveillance in the United States. Since AMA started conducting the survey in 1997, prevalence of workplace monitoring has increased every year.

Resources

Resources-International

AUSTRALIA:

  • Surveillance: Interim Report, Australia Law Reform Commission, Report 98 (2001). Chapter 7 of this report has a comprehensive listing of surveillance methods.

BELGIUM/FRANCE:

NETHERLANDS:

CANADA:

SWITZERLAND

Legislation

Selected Cases

  • Cramer v. Consolidated Freightways (PDF), No. 98-55657, (9 Cir. 2001). In Cramer, the court held that a per se violation of California privacy laws occurred where the defendant trucking company employed surreptitious audio and video surveillance in an employee bathroom.
  • Halford v. The United Kingdom, 73/1996/692/884. In Halford, the European Court for Human Rights found that a public employee's calls from a work telephone were protected by international law.
  • Deal v. Spears, 980 F.2d 1153 (8th Cir. 1992): Court held that employee did not give consent to telephone monitoring where employer informed employees that calls might be monitored to cut down on personal calls.
  • O'Connor v. Ortega, 480 US 709 (1987). In O'Connor, the Supreme Court recognized a reasonable expectation of privacy in the governmental workplace. This expectation of privacy can be affected by office policies and practices. The plaintiff employee in that case was found to have had a legitimate expectation of privacy in his desk and file cabinets.
  • K-Mart Corp. Store No. 7441 v. Trotti, 677 SW2d 632 (Tx Ct App 1984). In K-Mart, a search of an employer-provided locker violated the employee's reasonable expectation of privacy.

Selected Cases-International

EUROPEAN COURT OF HUMAN RIGHTS:

FRANCE:

OTHER CASES:

Workplace Monitoring Technologies

  • ChoicePoint Employee Background Check Service
  • netOctupus is a comprehensive monitoring tool that can detect whether employees install "unauthorized" programs.
  • Raytheon's SilentRunner software monitors networks passively. It is capable of realtime analysis and archiving of network communication. SilentRunner can be employed with a standard laptop computer. SilentRunner is undetectable on a network, therefore, it could be used by a employer to spy on employees or by an employee who wishes to conduct corporate espionage.
  • Pearl Software's Pearl Echo can be used to monitor both traditional and telecommuting employees.