Chapter 3
Employee Privacy Rights
An individual’s privacy in the workplace is a balance between the employer’s need to collect, use, and — in rare circumstances — disclose personal information and the employee’s right to ensure the information is accurate and used correctly.
As is the case with access to information, spelled out in Your Right to Know: How to Use the Law to Get Government Secrets (published by Self-Counsel Press), Canadians have a quasi-constitutional guarantee of privacy. Their rights are protected under sections seven and eight of the Canadian Charter of Rights and Freedoms. The sections articulate the “right to life, liberty, and security of the person,” and the right to be secure against unreasonable search and seizure, respectively.[1]
No such guarantee exists in the United States where the US Constitution excludes “privacy as a fundamental right or even an important concept.” That being said, Americans do enjoy some protections, especially in areas that lawmakers have decided are important to protect such as “financial-account information, health-care-provider data, and any information intentionally taken from children.”[2]
When it comes to personal information the US government collects, citizens have rights in broad categories under the Privacy Act. Enacted in 1974, the Act guarantees three primary rights: The right to see personal records, subject to the law’s exemptions; the right to request that the records be updated for accuracy; and the right against unwarranted invasion of privacy resulting from the “collection, maintenance, use, and disclosure of personal information.”[3]
When it comes to the workplace, protection in both countries is limited to the employer’s use of the information for purposes that were never intended, such as sharing with a third party. The US Electronic Privacy Information Center puts it this way: “There are no general protections of workplace privacy except where an employer acts tortiously — where the employer violates the employee’s reasonable expectation of privacy.”[4]
So when it comes to monitoring your activity in the workplace, the employer has the upper hand. That being said, it’s important to know the ground rules.
1. What Information Can Your Employer Collect?
Networked computers and other forms of advanced technology allow institutions to collect information in many different ways. Some examples include:
• Background, credit and criminal record checks.
• Résumés, cover letters, and job applications.
• Video surveillance of work premises and off-duty conduct.
• Global positioning systems for couriers, delivery, and transport workers.
• Telephone monitoring.
• Keystroke logging.
• Monitoring of Internet activities.
• “Smart” ID cards that track work attendance, access to the workplace, resources, and drug and dental plans.
• Biometrics (i.e., fingerprint, handprint, voice, and eye scanning to verify employee identity for security purposes).
• Drug and alcohol tests.
• Workplace investigations.[5]
Whether any particular method of collection is permissible depends on the following:
• Employee was aware of the monitoring.
• Consent was obtained.
• Intrusiveness of the collection.
• Appropriate balance between employer and employee interests.
• Facts of the situation.
2. Why Do Employers Need This Information?
Employers are motivated to monitor employees in the workplace due to increased attacks, violence, safety concerns, mishaps, robberies, and associated liabilities and damages. There are also concerns about potential liability resulting from employee computer misuse or misconduct.
“Racial and sexual harassment claims arising from racist or pornographic Web browsing or emails is not an uncommon occurrence,” notes a legal paper about US companies battling liability suits. “Morgan Stanley, the Wall Street brokerage, was sued for (US)$70 million by employees because of racist jokes that were being distributed on its email system and allegedly created a hostile work environment.”[6]
A growing number of people are also working from home. Companies use and need systems to monitor employees to identify emergencies, assess productivity, and guard against security breaches, given that there is ample evidence to suggest that most information-technology breaches and crimes are inside jobs.
So companies have legitimate reasons for collecting information, as long as that crucial balance is being maintained.
3. What Steps Can You Take?
If you are on company time, or working in a satellite office or from your home, begin by using common sense. Typically, this means being aware of the company’s policies, and making sure that you abide by them. Educate yourself. When it comes to your rights in the workplace, ask questions. For instance:
• Ask to see what information is collected about you, even if the company is not legally required to agree.
• Ask to see the policies for collecting, safeguarding, and eventually destroying the information.
• Ask if this information is shared, and if so why, and under what circumstances.
• Ask about the company’s surveillance methods.
• Ask for the policies on web, email, and telephone use. If employees are subject to random or continuous surveillance, they need to be told.
• If your workplace is unionized, ask to see the parts of the collective agreement that govern the terms and conditions of employment. As the Canadian Internet Policy and Public Interest Clinic points out, “Some unions have been successful in advancing their members’ privacy interests even where such interests are not explicitly protected in legislation or collective agreements.”[7]
If there are circumstances in which private information is improperly disclosed within the workplace, or inappropriately shared with a third party, employee privacy interests remain paramount.