PRIVACY IN THE WORKPLACE - Binghamton



Privacy in the Workplace

BY BRIAN WOLF

CS495 – Senior Seminar

Privacy in the workplace is a consistently changing topic that is very important to the working community. There are legal issues as well as psychological issues at stake when dissecting what you can assume and what you can not assume. There must be an understanding as to what the role the federal and state governments play in the whole scheme of things. To prepare for the future, you must understand what has happened in the past. Then there can possibly be middle ground that the employee and employer can meet upon and finally decide together what is reasonable and what is irrational

“Privacy in the Workplace” is a topic not only of great importance, but is a consistently changing factor that needs special attention. There are two main perspectives to take into account when dealing with an issue as delicate as privacy in the workplace; the employer and the employee. This paper focuses on the legal side as well as the psychological side to privacy, and demonstrates the importance of understanding the rules that are applied to define the boundaries of privacy versus the invasion of privacy.

Historically speaking, privacy is a metamorphosed topic. Advancements in technology sprout new concerns of unwanted exposure to an individual’s personal life. To tackle new technology, and the need for regulations, the federal government passed the Electronic Communication Privacy Act (ECPA) in 1986. This was an amendment to the Omnibus Crime Control and Safe Streets Act of 1968 that regulated telephone wiretaps. The ECPA extended coverage from just telephones to electronic communications, which includes computers. The ECPA of 1986 even provided criminal and civil penalties for unauthorized interception of private, electronic communication. The ECPA also provided stricter guidelines for obtaining the authorization to use a wiretap or pen register. A pen register can obtain and record incoming and outgoing numbers that pass through a suspect’s telephone. Since 1986, life has changed dramatically. We live in a “post 9/11” world where security is stomping at the border of privacy. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism or better known as the USA Patriot Act was passed. This act withered down the stricter guidelines the ECPA provided. The question that arises out of the federal legislation just mentioned is: How does this affect privacy in the workplace?[1]

According to the U.S. government’s website , there is a section on employee privacy that states “While the Federal Electronic Communications Privacy Act provides some protection for workers, the types of monitoring that may be conducted vary widely from state to state. Check the law in your state before beginning telephone, camera, computer, or any other type of electronic monitoring”. It continues to describe that employers research state law regarding the establishment of a dress code and guidelines for personal appearance, the gathering of information of an employee’s personal off-duty behavior, the issuing of psychological and personality tests and the testing for the use of drugs or alcohol by an employee. The website also states that “The federal Polygraph Protection Act protects most American workers from taking a lie detector test as a condition of employment or continued employment”, however this might not apply in all states to those in positions of “law enforcement agencies, persons in sensitive positions relating to national security, or applicants in drug manufacturing and distributing”. To research what every state says about employee privacy would be far beyond the scope of this paper, however one can look at past actions taken by companies to acquire a feel as to the level of involvement of the government in controlling the level of privacy invasion by employers. First though, an understanding must be met about the use of electronic mail.

Electronic mail (E-mail) has become one of the main modes of communication in today’s world. Sending a message electronically is not only convenient, but lightning fast! Many businesses have converted their infrastructures to support such message sending. One can message another from anywhere, and almost instantly the message will be delivered. This technology can greatly boost efficiency in business; however, a tangled web of privacy issues put a permanent cloud over its role in company policy. Invasion of privacy in e-mail has been a dominant battle between employees and employers. Not only is it a question of whether or not messages could be viewed when they are delivered, but also when they are in the process of being delivered! With government legislation still evolving to handle this ambiguity, it is important to understand past decisions and to stay informed in order to steer clear of consequence.

In July of 1993, the court case Bourke vs. Nissan occurred[2] in California. The complaint consisted of an invasion of privacy by Nissan into e-mail messages made by the plaintiffs. This conflict occurred in 1990 during a training session about e-mail. A co-worker was demonstrating how to use e-mail with the plaintiff’s e-mail account and accidentally opened a message that was of a “personal, sexual, nature and not business-related”2. Upon this accident, the co-worker of the Bourke decided to tell a supervisor about the message. What transpired was monitoring of the plaintiffs’ messages by Nissan, who decided to issue a warning on Bourke that she was to abide by the warning’s outline, and she would be openly monitored for the next 3 months. Failure to comply with the warning’s outline would result in termination. The court ruled in favor of Nissan, one reason being that “Based on the undisputed facts, plaintiffs had no reasonable expectation of privacy in their E-mail messages”2. Here is another example of a court case that happened.

In Pennsylvania, Smyth vs. The Pillsbury Company[3] occurred in January of 1996. The plaintiff Smyth, according to the complaint, was told by the defendant (Pillsbury Company) that all e-mails were confidential and “could not be intercepted and used by defendant against its employees as grounds for termination or reprimand”. After communicating to a supervisor through e-mail, Smyth was notified by the Pillsbury Company that he was being fired for “transmitting what it deemed to be inappropriate and unprofessional comments over defendant's e-mail system in October, 1994”. The court ruled against Smyth citing that there “a reasonable expectation of privacy in e-mail communications” and “even if we found that an employee had a reasonable expectation of privacy in the contents of his e-mail communications over the company e-mail system, we do not find that a reasonable person would consider the defendant's interception of these communications to be a substantial and highly offensive invasion of his privacy”. () Before citing another court case, it is interesting to note an article that was found on the American Civil Liberties Union (ACLU) website ()

The title of this article is “Gotcha! Snoopware on the Job”[4] and was posted on August 2, 1999. The article discusses an increase in businesses turning to “snoop software” because “as computers and the Internet penetrate more workplaces, some managers are finding older technology inadequate”. The article also states that there was a 10% increase in businesses that electronically monitor its employees from 1997 (35%) to 1999 (45%). Attorney Jeremy Gruber of ACLU’s Workplace Rights Project was quoted as saying "Under current law, if I were an employee I would be extremely hesitant to do any kind of personal business at work". This article leads into the next example of court cases that took place in Dallas, Texas.

McLaren vs. Microsoft Corporation [5] involved yet another e-mail related conflict. Bill McLaren was suspended by Microsoft pending further investigation of a sexual harassment complaint against him and “inventory questions”. McLaren was fired soon after, and decided to initiate a lawsuit against Microsoft for invasion of privacy. McLaren claimed that Microsoft viewed private messages of McLaren that would normally take two passwords to view. His claim was that the second password was for “personal storage”. Microsoft’s response to the lawsuit was “[t]he common law of Texas does not recognize any right of privacy in the contents of electronic mail systems and storage that are provided to employees by the employer as part of the employment relationship”. Once again, the issue of lacking legislation that provides privacy rights to electronic mail is a reason that a lawsuit was thrown out. This example however was less weakened by the fact McLaren was already under investigation for sexual harassment and “inventory questions”.

Up to this point there is that glaring question of who really has control over the privacy in the workplace? Three examples have been given where there was no legislation to support specifically the protection of privacy in e-mails from the company of which provides the e-mailing capability. From the employer point of view, they provide the service, and that service is to be used for work purposes. From the employee point of view, it’s a messaging system that should remain private. Throughout the allegations, it is interesting to note that some of the companies provided designated “private” storage areas, yet still would waive the right to view whatever messages they would want to whenever they wanted to. For the purposes of this paper, one more court case example will be shown.

In December of 2003, Carlus Haynes v. Office of the Attorney General Phill Kline [6] developed in Kansas. Haynes filed complaints on two accounts: (1) That he be allowed to copy files that were left in his private file storage on the computer system, and (2) Invasion of privacy. After Haynes was fired from his position, the office of the Attorney General refused to give Haynes access to his private files, and even reviewed his personal messages. The Offices alleged that their privacy policy (that pops up every time someone logs into the system) states that privacy is not ensured. This time however, the judges ruled in favor of Haynes on the basis that the privacy policy states “employees are advised that "intentional access to another user's e-mail without permission" is prohibited” and it even references that employees are shown how to have private and public files. As mentioned in the previous paragraph, it was interesting to note that some of the aforementioned examples even provided “private” designated areas for storage, but had no effect on the outcome of the court case.

Besides the legality of privacy in the workplace, there is also a psychological factor that can affect the employee greatly. People in general have certain personal space that is not easily penetrable, and they value their privacy. One can’t help but wonder that if a person is subjected to an infringement of privacy, how is that person going to behave? A small article published in “Psychology Today” by Dan Shulman gives one theory on the subject.

Titled “Why Monitoring Employees Backfires” [7] , noteworthy points are mentioned. “Workplace surveillance appears to fail when employees suspect their output is being gauged”. In research, 134 subjects were given a task to do and were notified that they were being “monitored for quality, quantity, both, or neither”. The results showed that output “diminished when people believed they were being monitored for quality and vice versa”. Results were published in a study by co-authors Jeffery Stanton, Ph.D, and Amanda Julian in the journal “Computers in Human Behavior”. Stanton believes that resorting to electronic surveillance is not efficient. He states “You shouldn't let people guess what you expect from them… Get your employees aligned in their own minds with the goals of the organization”. At this point in time, how bad is the surveillance problem getting? This next article mentioned gives a chilling description of what is happening in the present.

Found on the ACLU website, this article that was posted on October 22, 2003 titled “Privacy in America: Electronic Monitoring” [8] mentions some alarming things. They warn employers “can film you with hidden video cameras not only in public areas, but in locker rooms and even restrooms,” and how employees can not “control which third parties are given access, be they creditors, insurance agents or landlords”. Even more disturbing facts were presented. “A few years ago, postal workers in New York City were horrified to discover that management had installed video cameras in the restroom stalls. Female workers at a large Northeastern department store discovered a hidden video camera installed in an empty office space that was commonly used as a changing room. Waiters in a large Boston hotel were secretly videotaped dressing and undressing in their locker room”. No illegal activity was uncovered by these announcements. The article states “Computer data banks” are being used by employers now to view historical information to an employee’s previous employment, financial status, and medical history. According to the article in the area of telephone monitoring, it is estimated that employers monitor 400 million calls a year!

Thinking hypothetically, if this trend continues, how do employers expect to maintain a workforce of trusting individuals that will not be burdened by just the mere thought that an eye could be watching them? A study done in August 2001 by Bradley J. Alge suggests a certain model in dealing with privacy policies as shown in Figure 1 below:

[pic]

Figure 1 - From Alge, Journal of Applied Psychology, 86(4), 797-804, August 2001 -

|A privacy–justice framework for examining the effects of electronic performance monitoring and control |

|systems (EPMCSs). Outcomes of invasion of privacy and procedural justice were not explicitly examined in the|

|present investigation, as depicted by the dashed portion of the framework. This is not to suggest, however, |

|that such outcomes are less important but rather that they were outside the scope of this empirical |

|investigation. |

The article, titled “Effects of Computer Surveillance on Perceptions of Privacy and Procedural Justice” (Alge 2001), explores the idea of looking at the development and the implementation of a privacy policy, and how it affects a person. One of the main ideas of this study was that the less control a person has over what is happening, the more their procedural justice suffers. The term procedural justice refers to “people's perceptions of the fairness of the policies and procedures used in making decisions” (Greenberg, 1990). The study consisted of 206 students who were led to believe that they were going to participate in a study for a false company “Center of Excellence Organizations” (CEO). A task was given to them to take a list of websites, and to verify that the sites just exist. Each student was placed in a small office, with just a chair, desk, and computer. Five minutes was given to complete the task, followed by five minutes of break, and then followed by five minutes of the same task. Alge states that he kept the students inside the office during the break as to promote personal usage of the internet. There were three types of groups in the study. Alge divided the groups into “Participation”, “Relevance”, and “Consistency”. The breakdown is as follows:

|Group |Description |

|Participation |High participation could provide input to the monitoring and |

| |evaluation process |

| |No participation was given no opportunity for input |

|Relevance |High relevance received only feedback form by supervisor on how well |

| |they did the task. They were notified that monitoring did not occur |

| |during the break |

| |Mixed relevance received feedback on personal websites they visited as|

| |well as how they did their task |

|Consistency |High consistency were told that their evaluation and monitoring was |

| |the same as every other student |

| |Low consistency were told that their activities were being monitored |

| |differently |

Evidence that both “relevance and participation reduced invasion of privacy and enhanced procedural justice” were found. (Alge 2001) The study goes on to conclude that “the results of this study provide causal evidence that procedural variation in the design and implementation of [electronic monitoring] affects privacy and procedural justice perceptions”.

What lies in the future for the subject of privacy in the workplace? The article mentioned on the previous page () from the ACLU website states that microchips that can monitor employee movement are upon the horizon. It is estimated that[9]:

- 78% of companies in the United States monitor their employees

- 63% monitor internet use, 47% store and review employee e-mails

- 15% view employees through video

- 12% review and record phone messages

- 8% review voice mail messages

Change can almost certainly be upon the horizon as this concern becomes more and more of an issue.

In conclusion, it seems quite evident that there is a need for more legislation to be passed to help define more clearly what employers can and can not do, so that employee privacy can be understood and maintained. ACM Code Of Ethics () provides section 1.7 “Respect the privacy of others”. According to this section “It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Furthermore, procedures must be established to allow individuals to review their records and correct inaccuracies.” Keeping to this code, developing new ideas, and defining more of what makes privacy in the workplace work will bring us closer to an understanding and efficient status.

Bibliography

Alge, Bradley. “Effects of Computer Surveillance on Perceptions of Privacy and Procedural Justice”. Journal of

Applied Psychology 86.4 (2001): 797-804

Rosen, Jeffrey Professor. “McLaren vs. Microsoft Corporation”. Berkman Center for Internet & Society – Harvard

Law School. 2002 < >

Rosen, Jeffrey Professor. “Statutory Protections”. Berkman Center for Internet & Society – Harvard Law School.

2002 < >

Samson, Martin. “Carlus Haynes v. Office of the Attorney General Phill Kline, et al.” Phillips Nizer LLP. December

2004 < >

Schulman, Dan. “Why monitoring employees backfires - Supervision - Brief Article”. Psychology Today. March-

April, 2002 < >

Sinrod, Eric. “Electronic surveillance in the workplace”. USA Today. September 18, 2001

Unreferenced Articles found on American Civil Liberties Union website –

“Gotcha! Snoopware on the Job”. American Civil Liberties Union. August 2, 1999

“Privacy in America: Electronic Monitoring”. American Civil Liberties Union. October 22, 2003

ACM Code Of Ethics:

Biography

[pic]

|Being the youngest in a family of five, Brian Wolf was born and raised in Long Island, NY. After |

|graduating from High School with high honors, Brian continued his education at Binghamton University|

|to achieve a B.S. in Computer Science and will graduate in December ’04. Besides learning the arts |

|of Computer Science and programming languages – with knowledge in JAVA, C++, Prolog, Haskell, HTML, |

|and XML – and being fluent in web authoring tools such as Macromedia Flash, he is an enthused hockey|

|fan, and has a passion for playing the drums. |

-----------------------

[1] Help with summaries of statutes obtained at

[2] All quotes and information referring to Bourke vs. Nissan -

[3] All quotes and information referring to Smyth vs. The Pillsbury Company -

[4]

[5] All quotes and information referring to McLaren vs. Microsoft Corporation -

[6] All quotes and information referring to Carlus Haynes vs. Office of the Attorney General Phill Kline -



[7]

[8]

[9] USA Times Article – referring to estimates -

-----------------------

.

.

.

.

.

.

.

.

.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download