Privacy computing has changed for employees and job applicants, especially with the rise of internet and social media usage. “Employee privacy rights are rules that limit employers from searching the property or sphere of employees; monitoring their behaviour, speech or communications; and gaining insight into their personal lives, especially but not limited to the workplace,” says online legal platform UpCouncil
As part of the hiring process, HR departments often scour social media for information about job candidates. In the process, many seemingly non-work-related personal details may be leaked, although the objection is that if you care deeply about your privacy, you should not post these details to social media.
Then there’s the woes of the federal government’s new driving regulations for the transportation industry introduced in 2015. Before these rules, drivers could decide for themselves how much time they drove on a given day. They can control where they stop. Truck monitoring technology now records driving time so drivers can comply with new safety standards that say they can drive up to 11 hours a day without a break. Sensors are installed on the engine and brakes, which are monitored by an enterprise analytics system. The system rates each driver based on their driving habits.
Collectively, these technologies increase driver safety and efficiency, but drivers also lose privacy. No one knows if this will lead to a shortfall of 80,000 drivers in the US, which is expected to grow to 160,000 by 2030 — but it could.
How far can companies go in monitoring their employees, and how can technology help them do so?
Employee Privacy at Work
First, employers can monitor and/or restrict any employee activity that employees do while on the job. This includes phone calls, e-mail, computer use, internet and website access, system access, use of cameras to observe the entire facility and grounds, etc. Employers may block access to certain websites and may monitor and/or block access to specific company work areas through the use of card keys, biometrics, user ID/passwords and cameras. A plethora of security and surveillance software, along with IoT sensors, cameras, and more, make this data collection possible.
Given the widespread deployment of these security technologies, employees have a reason to expect that they don’t have much personal privacy while they’re at work.
However, that doesn’t mean companies don’t have responsibilities when it comes to employee privacy.
Company Responsibilities in the Area of Privacy
Nationally and internationally, privacy is viewed as a fundamental human right. Article 8 of the U.S. Human Rights Act states, “Personal information about you (including official records, photographs, letters, diaries, and medical records) should be kept secure and not shared without your permission, except in certain circumstances.”
Led by Europe’s General Data Protection Requirements (GDPR), US states are enacting data protection legislation for their citizens that will help protect privacy. The effort is led by California, which implemented the California Consumer Privacy Act (CCPA) in 2018 and the California Privacy Rights Act (CPRA) in 2020. Other states have since followed the California model and are developing their own privacy regulations for citizens.
These efforts are laudable, but they don’t give employers or their IT departments much guidance when it comes to how far security and monitoring technology can go. Instead, it’s up to companies and their IT departments to decide how best to implement the security technologies they need while respecting employees’ right to privacy.
Striking this balance is not easy.
Two employees of a residential children’s facility have been charged with invasion of privacy after surveillance cameras were placed in their offices without their knowledge. The court ruled on their behalf, saying “harm occurs when privacy is violated in an offensive manner without consent.”
This was in 2006. Because law always lags technology, there are still too few legal precedents to follow, so challenges remain as new security technologies are deployed.
With privacy regulations now set by the states, and with no common privacy standards in the country, businesses and their IT departments can take lessons from the 2006 case.
One of the main problems here is that employees are not informed that security technology will be placed in the offices they occupy. They also don’t know that the installation of monitoring equipment has nothing to do with them. Instead, it has been deployed to detect other illegal activities that are under investigation.
In this case, if the IT and HR departments have collaborated to write a formal policy on the company’s security practices and employees’ privacy expectations at work, and both employees have read and (if required) agreed to and signed, the implementation of monitoring It has likely been a contentious issue. Policy development is something companies and their IT departments should be doing today to reduce the risk of misunderstanding and litigation. It is also important that communications with employees regarding privacy issues be open and transparent.
What to read next:
Special Report: Privacy in the Data-Driven Enterprise
Businesses grapple with post-Roe data privacy concerns
What a federal privacy policy could look like if passed