According to Connelly, Roberts, and McGivney, LLC (1998), “in today’s workplace computers and electronic communications are the norm rather than the exception” (p. 1). With technology, rapidly advancing electronic communication is becoming essential. This creates a challenge for organizations on how and what to monitor when it comes to its employees. This paper will address the issue of privacy in the global workplace and give suggestions on what privacy rights issues should be addressed, as well as what the company’s position should be in response to its privacy rights. Lastly, it will define how organizations privacy protections may limit the company’s liability and how privacy protections enhance employee motivation and productivity.
Privacy Rights to be Addressed The majority of employees expect to have a certain amount of privacy in the workplace. Nevertheless, there are times where the employer may have a justifiable reason to monitor or investigate the employee’s within its organization. The following provides some business practices that may be imposed to assure the honesty of the organization and the employees within the organization. One privacy right that should be addressed is drug testing. Drug testing helps to ensure the safety of the workplace. According to Jankanish and Husbands (1993), “drug and alcohol testing programs should fit within existing arrangements for ensuring the quality of work life, employee rights, the safety, and security of the worksite, and employer rights and responsibilities (e.g. protection of the public interest)” (p. 105).
The testing should ensure the worker’s rights and confidentiality of the results. Another issue to be addressed is background checks on potential new hires. The Fair Credit Reporting Act (FCRA) has set guidelines and standards for organizations to follow when implementing a background check. According to Alison Doyle (nd), “the FCRA defines a background check as a consumer report. Before an employer can get a consumer report for employment purposes, they must notify you in writing and get your written authorization” (p. 1). Even if an employer is just running a basic check for inquiry purposes they must still get permission from the employee. The purpose of the background check is to ensure that information that was provided from the applicant is truthful, and some organizations require certain security clearances, or the individual may be applying for a position that works closely with children. The employer still needs to have permission from the applicant in order to run these background checks. Lastly, the employer needs to protect the privacy of employee personal information.
According to Brian Koerner (nd), “twenty five percent of all identity thieves are known by the victim – whether it be a friend, relative, or co-worker” (p. 1). Employers need to take steps to keep personal information such as social security numbers, home addresses, and phone numbers safe. This information if obtained by the wrong person could lead to identity theft. Employers need to ensure that the appropriate steps are taken to keep employee information confidential. This can be done by utilizing an employee number rather than the employee’s social security number, make sure that personal information is not posted where it is easily accessible, only allowing acceptable personnel to handle confidential information, and dispose of information and documentation appropriately (about.com). Limiting Liability It is important that companies understand the different potential corporate and personal liability when preparing, planning, implementing or maintaining an employee privacy handbook section. Companies must remain aware of potential issues that may need to be addressed in order to remain proactive and avoid liability pitfalls.
There are many areas of potential liability an organization that includes negligence, liability under the privacy act, loss, or misuse of personal records, and criminal liability. In order to provide an organization with the most liability protection, they must be aware of what these liabilities are. Negligence is the failure to provide reasonable care, which result in damages to another person or company. If a company or organization does not take reasonable care to provide adequate protection for their employees or customers’ information and the employee or customer suffers damages, the organization may be legally responsible for the amount of loss suffered. In order to avoid negligence, organizations must be proactive and provide adequate security. The Privacy Act was created to ensure that companies are obligated to provide protection in ways that they retain, collect, use, and disclose personal information (Bushkin, p. 1). Companies covered by the Privacy Act are required to protect private and personal information they hold. Companies must avoid misuse and loss as well as unauthorized access. Whether it is physical protection or electronic protection, companies must provide a reasonable level of security.
Companies who act negligent and cause excessive damages to individuals or customers may face criminal liability. Companies must act appropriately when dealing with private or personal information. Intentional misuse of personal or private information may result in criminal proceedings. Companies must take reasonable measure to ensure that the security systems in place adequately protect their employees and customer’s information. It is unlikely that an organization will be held responsible for information lost due to security attacks provided that they have acted reasonably in their attempts to protect the information (Givens, p. 1). Companies can face significant damages and a direct loss in business as well as liability to third parties if they do not proved the necessary security measures. By designing, developing and implementing a strong security policy as well as educating employees on how to handle private and personal information, companies can protect themselves and their employees from potential liabilities. It may be necessary for companies to audit their employees to ensure that information is not being misused.
Addressing the laws required in the employee handbook regarding privacy will consist of the Privacy Impact Assessment (PIA). A PIA is an analysis of how information is handled: (1) to ensure handling conforms to applicable legal, regulatory, in addition, policy requirements regarding privacy, (2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system, and (3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks (September 26, 2003). When addressing the laws regarding privacy in the employee handbook the following processes will occur.
Whenever any agency makes a determination under this section not to amend an individual’s record in accordance with his or her request, or fails to make such review in conformity; or fails to maintain any record concerning any individual with such accuracy, relevance, timeliness, and completeness as is necessary to assure fairness in any determination relating to the qualifications, character, rights, or opportunities of or benefits to the individual that may be made on the basis of such record, and consequently a determination is made which is adverse to the individual; or fails to comply with any other provision of this section, or any rule promulgated there under, in such a way as to have an adverse effect on an individual, the individual may bring a civil action against the agency, and the district courts of the United States shall have jurisdiction in the matters under the provisions of this section (September 26, 2003).
The court may order the agency to amend the individual’s record in accordance with his request or in such other way as the court may direct. In such a case the court shall determine the matter de novo. The court may assess against the United States reasonable attorney fees and other litigation costs reasonably incurred in any case under this paragraph in which the complainant has substantially prevailed (September 26, 2003). The court may enjoin the agency from withholding the records and order the production to the complainant of any agency records improperly withheld from him (September 26, 2003.) In such a case the court shall determine the matter de novo, and may examine the contents of any agency records in camera to determine whether the records or any portion thereof may be withheld under any of the exemptions set forth in this section and the burden are on the agency to sustain its action (September 26, 2003). The court may assess against the United States reasonable attorney fees and other litigation costs reasonably incurred in any case under this paragraph in which the complainant has substantially prevailed (September 26, 2003).
In any suit brought under the provisions of this section in which the court determines that the agency acted in a manner, which was intentional or willful, the United States shall be liable to the individual in an amount equal to the sum of actual damages sustained by the individual as a result of the refusal or failure, but in no case shall a person entitled to recovery receive less than the sum of $1,000; and the costs of the action together with reasonable attorney fees as determined by the court (September 26, 2003). An individual’s name and address may not be sold or rented by an agency unless such action is specifically authorized by law (September 26, 203). This provision shall not be construed to require the withholding of names and addresses otherwise permitted to be made public.
Matching agreements, no record, which is contained in a system of records, may be disclosed to a recipient agency or non-Federal agency for use in a computer-matching program except pursuant to a written agreement between the sources agency and the recipient agency or non-Federal agency specifying (September 26, 2003). Having this section in the privacy handbook takes some ethical considerations because providing key rules and regulations in protecting someone’s personal information is extremely important. Due to the amount of technology in this day of age moreover, the amount of identity theft it is crucial to protect personal information. Having trust and security is an ethical consideration for the fact that someone will feel protected by the laws and the company.
Corporations are faced with challenges everyday on how to protect their employees. By implementing and using the employee handbook privacy, section this will help to keep these companies records safe and secure for the employees. Technology has made it too easy for hackers to access information so by regulating how the information is kept will help to ensure the safety of the employee’s information. What this paper covered is the issue of privacy in the global workplace and gave suggestions on what privacy rights issues should be addressed, as well as what the company’s position should be in response to its privacy rights. Lastly, it defined how organizations privacy protections may limit the company’s liability and how privacy protections enhance employee motivation and productivity. With all of these guidelines in place the employees will have a better sense of security in the workplace.
Bushkin, Aruthur A. The Privacy Act of 1974 A Reference Manual for Compliance. Retrieved October 30, 2006 from http://www.cavebear.com/nsf-dns/pa_history.htm Connelly, Roberts, and McGivney, LLC. (1998). Privacy Issues in a High-Tech Workplace. Retrieved October 29, 2006 from http://library.findlaw.com/1998/Mar/1/130358.html Doyle, A. (nd). Background Check: Employment. Retrieved October 29, 2006 from http://jobsearch.about.com/cs/backgroundcheck/a/background.htm Givens, Beth. Legislative Hearing, Privacy Rights. Retrieved October 30, 2006 from http://www.privacyrights.org/ar/outsourcing-privacy.htm Jankanish, M. & Husbands, R. (1993). Worker’s Privacy. Retrieved October 29, 2006 from http://books.google.com/books?vid=ISBN9221087468&id=eisbpZMK4qkC &pg=PA105&lpg=PA105&dq=what+privacy+rights+issues+should+be+addressed&sig=zL07cCOHNB7lOgu2Z9RwX8sBASg Koerner, B. (nd). Is Your Employer Protecting Your Personally Identifiable Information? Retrieved October 29, 2006 from http://idtheft.about.com/od/workplaceidentitytheft/p/workplacePII.htm The Privacy Act of 1974. 5 U.S.C. § 552a § 552a. Records maintained on individuals as Amended, Updated page September 26, 2003. Retrieved on October 30, 2006 from http://www.usdoj.gov/oip/privstat.htm