Ethical Issues in Workplace Privacy, Research Paper Example

Abstract

The intent of this paper is to explore and offer critical interpretation of workplace privacy as it pertains to the monitoring of technology use by employees. It briefly describes and defines privacy in a legal and philosophical standpoint, and then discusses the technology that is used to gather and monitor information. The paper also presents the laws and sources that guide employer monitoring in the context of the Electronic Communication Act of 1986, the Fourth Amendment, and the attempts of policy makers to strengthen the electronic communication privacy of employees. It will also address, within the frameworks of specific elements, cases in which employers and organizations employed ethical decision-making process to monitor and/or invade the privacy of employees and the consequences of these actions. Concluding is an assessment of the issue in its entirety, with an emphasis on addressing the ethics involved and the responsibility of the employer to shape policy.

Introduction

If it is reasonable to argue that the advent of Internet technology is reshaping human conduct in ways both exponential and omnipresent, it is then inevitable that this same technology has generated immense and ongoing issues in regard to commerce; namely, that employees are subject to personal scrutiny to an unprecedented extent, and simply by virtue of their immersion in online activities. As the computer serves the business today in a necessary capacity, so too is the employee’s Internet interaction then within the potential scope of the employer. This translates to a variety of conflicts, ranging from an employee’s usage of computers to illegally manipulate information to the employer’s less than legitimate intruding into an employee’s private online correspondence and interactions. In a very real sense, the rapid and universal usage of modern technology has created a field of complex ethical and legal issues, as law and policy struggle to ethically address the ensuing conflicts.

In the following, the principal components of the issue will be examined, with an emphasis on those underlying ethical concerns. As will be demonstrated, there are no simple solutions, as employees increasingly seek to maintain privacy and employers have motives beyond investigating personal inclinations to monitor technology use. By 2007, for example, it was determined that businesses suffer losses running to $67 billion annually due to computer crime (Kaupins et al, 2012). Ultimately, as will be revealed, the onus must be on the employer to establish and make clear specific technology policies, for only in this way can real shape be given to the variable concepts of privacy at the core of these critical concerns.

Privacy as Ethical Concept

Essentially, and the evolving impacts of the Internet notwithstanding, Western ethics view privacy as a self-managed entity, if only due to concerns that any regulatory practices evince paternalistic, if not undue and unethical, intrusion. The emphasis has historically been on allowing the individual to actually determine what is the appropriate degree of privacy they require, provided it conforms to established law and societal imperatives. This in turn reflects an ethical stance asserting the will and basic human rights of the individual; unless there is behavior transgressing norms, the personal right to privacy has typically been held as sacrosanct. Consequently, the inestimable impact of the communication revolution alters this, or places it in an interpretative context. With the technology comes, not merely incalculable access to virtual interaction, but information, and information that now encompasses personal data and which is information by virtue of being stored in digital format. As the nature of Internet technology promotes access, the stage is then set for an enormous ethical conundrum because new matters of degree come into play. In plain terms, privacy is no longer a case of closing a door or drawing a window shade; it involves shades of choices, as in how information may be ethically “pulled” from a user’s account and/or “pushed” in terms of response to perceived interest (Moore, 2013, p. 172). Gradation, and to an infinite degree, now factors into determining what is within the individual purview of the right to privacy.

Policy necessarily relies on ethics, so the difficulties are in a sense exacerbated, even as the traditional policy model remains somewhat in place. The Federal Trade Commission (FTC) and the White House, for example, dissatisfied with the current regulatory approach, issued in 2012 new frameworks for protecting privacy in general. Nonetheless, the new strategies are based on the privacy self-management model (Solove, 2013), if only because it provides a core foundation for adhering to ethics. The difficulty becomes, then, in protecting what is so universally disregarded by the individual themselves. In or away from the workplace, people surrender their privacy continually, as the Internet enables limitless interactions and promotes a further abandoning of maintaining a private persona. Ethics are then consequently and increasingly subject to interpretation, as in the case of California police officer Jeff Quon’s lawsuit against his department. It had monitored Quon’s text messages to determine whether he was using his cell phone only for professional purposes and, as he had not been informed of the investigating, the appellate court ruled that he had had an expectation of privacy. The Supreme Court, however, overturned the verdict in 2010, holding that Quon had admitted to understanding and agreeing to the department’s policy of restricted usage (Clarkson et al, 2010, p. 671). Ethics, then, become inextricably confined within, and defined by, the individual circumstances of each instance of employee privacy as both surrendered and perceived as violated.

Relevant Technology

It is interesting that technology has reached a stage wherein there is no absolute need for specific programs for employers seeking to monitor employee activity, simply because people present so “much of themselves” as information available to any peruser of the Internet. Business has in fact not been slow to take advantage of this informational mine, particularly in regard to hiring. A survey from 2010, based on input from approximately 600 Human Resource and recruitment agencies, reveals that over 80 percent access social media profiles to gain information regarding candidates(Lazar, Schwartzreich, 2012). Not unexpectedly, this same resource is used by employers to monitor potentially inappropriate behavior from employees. The number of companies regularly monitoring their employees’ social media activity is rising, just as more businesses are terminating or disciplining employees for non-work related material deemed offensive or perceived as denigrating the business. Then, simple software enables access to email, and over 25 percent of U.S. companies routinely fire employees found to be sending emails seen as inappropriate (Fuchs et al, 2013, p. 137). Global Positioning Systems enter into the scenario, in that, as federal law mandates all cell phones as being equipped with GPS for safety concerns, employers are in effect enabled to similarly identify employee locations at at time (Canoni, 2004).

The inescapable reality is that employers today have a vast array of technologies with which to monitor employee behavior, activity, and presence. Some types of software record and report employee speed and accuracy in computer tasks, and offer detailed reports regarding performance rates. Other software documents how long an employee is absent from the computer or uninvolved with actual work activity. These same softwares also typically allow employers to “read” hard drives and access virtually every site the employee enters, as well as read emails and messages within social networks (Crampton, Mishra, 1998). Essentially, Internet activity invariably leaves “footprints,” and the technology required to track and monitor where employees are going online, and what they are doing there, is as available as the Internet itself.

Laws and Policies

Given how recently the emergence of the Internet has become an omnipresent entity, there can be no longstanding law in place encompassing the multiple issues it presents in terms of privacy. The 1986 U.S. Electronic Communications Privacy Act is notorious today for being inevitably antiquated. The more pertinent reality, however, is that its essential provisions, created in an era when business communication was largely restricted to the telephone and written materials, protect the employer’s right to control all such information. Under the Act, the employee who communicates using any technology provided by the employer waives privacy because the assumption is that the technology is understood to be used only for business purposes, and belongs wholly to the employer (Bennett, Townsend, 2003). At the time, this was a reasonable means of addressing eventualities in so limited a sphere, and the only likely violations of the existing standards was the employee making a personal call without permission. Similarly, the Act was designed to protect an organization’s private information, and thus relied on the parameters in place clearly differentiating between the professional and the personal.

Translating this form of address to the modern era, however, fails because the lines between professional and personal behaviors blur in the vast expanse of Internet communication. Consequently, the law favoring the employer’s right to investigate employee activity confronts today’s reality of employees conducting some measure of personal interaction while in the workplace. This, in fact, is perhaps the most significant and daunting issue facing privacy legislation; in plain terms, technology enables employees to briefly conduct personal affairs at any time and in any locale, and there is no business code sufficient to address the ensuing shift in workplace behavior. In a sense, the personal has become a component within the professional, and this is the reality to be addressed by law. To that end, Senators Mike Lee and Tom Leahy have proposed modifications to the 1986 Act specifying and supporting individual privacy rights in cases of employer monitoring. Primarily, the changes would require that employees be notified immediately when law enforcement accesses email and files, and search warrants based on probable cause would need to be first assured (Information Management Journal, 2013). These measures, it must be noted, apply only in extreme cases of suspected criminality, rather than go to the fundamental matter of employer intrusion.

The 1986 Act’s protection of employers notwithstanding, the majority of state laws hold to standards long in place before the Internet, in that the employer’s accessing of email is viewed as illegal (Zall, 2001). Then, clearly impacting in any development of statute or policy is a component of the Fourth Amendment, which is typically interpreted as pertinent to employee/employer scenarios; namely, that of implied or tacit consent with regard to surrender of privacy. Just how subject to interpretation the Amendment is may be seen in the 2000 case of U.S. v. Simons, in which the Fourth Circuit court ruled that, as the employee had not objected to, or indicated an unawareness of, the company’s Internet policy, he had essentially waived Fourth Amendment protections in regard to the the employer searching his hard drive for evidence of child pornography material (Jolls, 2013). This is not as specious a stance as it may initially appear, simply because hundreds of millions of American waive privacy rights routinely. Tacit acceptance may indeed by interpreted as fully voluntary, as the immense popularity of Google’s Gmail service demonstrates. Privacy advocates opposed the algorithmic system by which Gmail presents advertisements to subscribers based on keywords identified in their private mail exchanges; the public, however, did not, and by 2012 Gmail had 425 million users (Thierer, 2013). The courts are then to some degree validated in relying upon an inescapable component of modern life, in that it is ordinary for people to set aside their own privacy concerns as they increasingly make use of the Internet.

Fourth Amendment arguments aside, some employees have resorted to the National Labor Relations Act of 1935 (NLRA) in reinforcing rights to privacy. In addition to protecting workers’ rights to organize into unions, the NLRA protects the right of workers to communicate freely with one another about such terms and conditions of employment as compensation, vacations, and job security (McEvoy, 2002). Here, then, may be seen a few of the many concerns motivating employers to monitor employee activity, just as these same elements reflect, at least to an extent, employee behavior in place long before Internet technology. Content, intent, motive, and degree all combine to present a limitless number of scenarios in which privacy is debatable. A broad view, in fact, indicates that organizational policy, rather than statute, is more appropriate for addressing these challenges. As a recent study of the Society of Human Resource Management in Texas determined, HR professionals uniformly support the presence of specific policy within a company regarding computer and Internet usage by the employees (Kaupins et al, 2012). This may seem a relatively obvious course of action for employers to take, but it must be remembered that there are complex layers even within stated policies. For example, in Brown-Criscuolo v. Wolfe, a school principal’s emails were accessed by the superintendent while the principle was away on medical leave. The superintendent claimed that the access was done to learn of the individual’s condition, and that the actions fell under the school’s stated policy of the “routine monitoring” of its computer systems. The court, however, ruled that accessing emails could not be reasonably expected by the person consenting to the “routine” policy (Lazar, Schwartzreich, 2012). As this reveals, the lack of established agreement or consent actually generates the privacy conflict, and a fully comprehended policy would greatly lessen such eventualities.

The responsibility of the individual organization to dictate a specific Internet policy is, in fact, the only rational means of dealing with so innately variable an issue, if only because the standards of appropriate behavior of one business may greatly differ from another. This being the case, law is impeded because no law may successfully comprehend so wide a range of interpretation and practice. Companies themselves face issues even when the policies are firmly in place, likely due to the novelty of the arrangements themselves as necessitated, as well as by employee viewpoints not in accord with management. In the well-known 1999 case of The New York Times firing or disciplining over 20 employees for what it considered grossly inappropriate email exchanges, the employees in question maintained that the obscene or pornographic nature of the emails as perceived by the company were, in fact, intended only as humor. The newspaper held to its position that the emails not only presented harassment potentials, but were clearly in violation of agreed-upon company policy, and policy that had been reiterated to all employees (McEvoy, 2002). What this illustrates is that, at a certain point, organizations must create their own “laws,” and present them so blatantly that the employees are then enabled to knowingly consent, dispute, or go elsewhere. More to the point, the correctness of either party’s viewpoint in this case is irrelevant; what matters is that an established policy was in place and the employees, no matter the “harmlessness” of their intentions, violated it. This mode of policy sets needed parameters around the shifting elements of employee privacy, waiving of privacy, and general conduct with technology at the workplace.

Modern Concerns and Further Ethical Components

Privacy, as noted, is today a highly mutable commodity, and one deeply entrenched in dominant ideologies based on traditional models. These models, in fact, predate modern law; throughout the history of common law cases, actions that “unreasonably intrude” on the “seclusion” of another person are tortious, or litigious, even if the person has agreed in advance to the actions, and only agreement given at the specific time of the intrusion obviates this (Jolls, 2013). In more simple terms, the emphasis has been so weighted on the side of individual privacy as to obstruct the impact of the widespread “surrender” of privacy generated by technology. The question then raised by policy-makers, legislators, and employers may well be: to what extent can privacy be protected, or seen as deserving of protection, in a world in which the traditional definition and value of the concept is immeasurably altered, and because of a general disregard of it by the population insisting upon it? There is as well the critical issue of culture as determining the ethics so fundamental to the issue, and consequently the policies, in regard to virtually all matters of privacy intrusion. In plain terms, a society’s ethics are rooted in its cultural ideologies, and it has been extensively noted that European statute far more favors individual protection than does the the American. In case after case, celebrity reports in the media of a derogatory or embarrassing nature are ruled as unlawful (Strahilevitz, 2013). Meanwhile, the U.S. reflects a more striking dichotomy, in that business is increasingly at war with employee privacy concerns.

The more complex the conflicts, however, the more it may be seen that there can be no reliance on traditional concepts. Even that of consent as waiving rights, traditionally problematic in itself, is virtually wholly inapplicable in the arenas of today’s technology. It has little meaning in the context of privacy (Solove, 2013), and this is due to that noted element of the private so giving way to the public. What must be accepted in this perpetually shifting landscape is that boundaries once held to no longer pertain, and there is no irrefutable right or wrong in regard to the employer monitoring the employee’s usage of technology. It is, in plain terms, a completely gray arena when viewed expansively. Consequently, the only recourse that protects both the employer’s rights and the employee’s privacy is the establishing of specific policy, and not federal law. When the crucial elements are so volatile and evolving, only such individual response may ethically address the issue.

Conclusion

Technology has and is reshaping the world, and by means of enabling communication at unprecedented, if not previously unimaginable, levels. This in turn alters human behavior to the extent that access to it becomes routine, and thus conducted, however, inappropriately, within the workplace. This in turn generates immense issues of employers perceiving themselves as entitled to regulate such behavior, and the result is a blurring of rights and expectations as expansive as the Internet itself. So vast is this shift that there can no reliance on traditional ethics to guide the course, for such ethics do not pertain to the new environments and behaviors. So too is legislature inadequate to determine in an acceptably general way when employer monitoring is valid. Only the organization and its people may resolve this point, in that the guidelines dictated by the business then offer the employee the choice to abide by them or seek employment elsewhere. In today’s world, the onus must be on the employer to define and make clear specific technology policies, for only in this way can real shape be given to the variable concepts of privacy at the core of these concerns

References

Bennett, J. T., & Townsend, A. M. (2003). Privacy, Technology, and Conflict: Emerging Issues and Action in Workplace Privacy. Journal of Labor Research, 24 (2), 195+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA98470245&v=2.1&u=oran95108&it=r&p=AONE&sw=w

Canoni, J. D. (2004). Location Awareness Technology and Employee Privacy Rights. Employee Relations Law Journal, 30 (1), 26+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA118376859&v=2.1&u=oran95108&it=r&p=AONE&sw=w

Clarkson, K. W., Jentz, G. A., Miller, R. L., & Cross, F. B. (2010). Business Law: Text and Cases. Belmont: Cengage Learning.

Crampton, S. M., & Mishra, J. M. (1998). Employee Monitoring: Privacy in the Workplace? SAM Advanced Management Journal, 63 (3), 4+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA21160636&v=2.1&u=oran95108&it=r&p=AONE&sw=w

Fuchs, C., Boersma, K., Albrechtslund, A., & Sandoval, M. (2013). Internet and Surveillance: The Challenges of Web 2.0 and Social Media. New York: Routledge.

Jolls, C. (2013). Privacy and Consent over Time: The Role of Agreement in Fourth Amendment Analysis. William and Mary Law Review, 54 (5), 1693+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA333064291&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

Kaupins, G., Reed, D., Coco, M., & Little, A. (2012). Human Resource Professional Ethical Perceptions of Organizational Online Monitoring. International Journal of Business and Public Administration [IJBPA], 9 (3), 1+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA335070886&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

Lazar, W. S., & Schwartzreich, L. E. (2012, January). Limitations to Workplace Privacy: Electronic Investigations and Monitoring. The Computer & Internet Lawyer, 29 (1), 1+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA275234184&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

McEvoy, S. A. (2002). E-mail and Internet Monitoring and the Workplace: Do Employees Have a Right to Privacy? Communications and the Law, 24 (2), 69+. Retrieved from http://go.galegroup.com/ps/i.do? id=GALE%7CA90119546&v=2.1&u=oran95108&it=r&p=AONE&sw=w

Moore, A. D. (2013). Information Ethics: Privacy, Property, and Power. Seattle: University of Washington Press.

Strahilevitz, L. J. (2013). Toward a Positive Theory of Privacy Law. Harvard Law Review, 126 (7), 2010+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA333333598&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

Solove, D. J. (2013). Introduction. Harvard Law Review, 126 (7), 1880+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA333333594&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

Thierer, A. (2013). The Pursuit of Privacy in a World Where Information Control Is Failing. Harvard Journal of Law & Public Policy, 36 (2), 409+. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA330143487&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

U.S. Electronic Communications Privacy Act Amendments Proposed. (2013). Information Management Journal, 47 (3), 10. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA338217402&v=2.1&u=oran95108&it=r&p=ITOF&sw=w

Zall, M. (2001). Employee Privacy. Journal of Property Management, 66( 3), 16. Retrieved from http://go.galegroup.com/ps/i.do?id=GALE%7CA75216444&v=2.1&u=oran95108&it=r&p=AONE&sw=w