You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Workplace Privacy

Top News

  • Microsoft Developing Workplace Surveillance System to 'Score’ Meeting Productivity:

    A recent patent application reveals Microsoft is developing a “meeting insight computing system” that would monitor body language, facial expressions, and other features of participants in order to assign a “quality score” to workplace meetings. According to the filing, the system could be applied both to in-person and remote meetings. Microsoft also introduced a "Productivity Score" last month which would have allowed organizations to monitor employees' use of Microsoft products. The company quickly backtracked in response to public outcry and eliminated the individualized tracking feature. Worker surveillance has rapidly increased with the transition to remote work due to COVID-19, and many organizations with on-site workers are instituting surveillance systems with the stated goal of protecting public health. EPIC advocates against social scoring and has filed a complaint with the FTC about HireVue, which similarly evaluates facial expressions and vocal patterns in the context of hiring.

    (Dec. 1, 2020)
  • EPIC Defends Commercial Driver Privacy: EPIC has submitted comments on a proposed Commercial Driver's License Drug and Alcohol Clearinghouse. Under a new law, employers of commercial drivers will be required to report drug and alcohol test results to the Clearinghouse. Employers will also be required to check the database for test results on drivers. EPIC's comments urged the Transportation Department to: (1) require anyone reporting test results to immediately correct errors and notify employers and potential employers of the inaccurate data; (2) revoke Clearinghouse registration and access for those who fail to comply with Clearinghouse rules; (3) clarify that in addition to the administration petition process, individuals may still amend their records pursuant to the Privacy Act; and (4) implement privacy enhancing techniques like data deletion and anonymization. For more information, see EPIC: Workplace Privacy. (May. 27, 2014)
  • Federal Appeals Court Addresses Email Privacy, Notes EPIC's Amicus Brief: The Court of Appeals for the Fourth Circuit has affirmed the lower court judgement in United States v. Hamilton. At issue in the case was the privacy of workplace e-mails exchanged between a husband and wife. The government argued that Hamilton waived his right to email privacy because he failed to safeguard his email after a change in the computer use workplace policy. EPIC argued as amicus curiae brief, that it would be extremely difficult for employees to securely delete all confidential saved e-mails whenever a use policy changed, an issue the court explored during oral argument. The court wrote that "In an era in which email plays a ubiquitous role in daily communications, these arguments caution against lightly finding waiver of marital privilege by email usage," but determined that Hamilton did not take any steps to protect the email and therefore had waived the spousal privilege. For more information, see EPIC: United States v. Hamilton and EPIC: Workplace Privacy. (Dec. 13, 2012)
  • Appeals Court Hears Arguments in E-mail Privacy Case: The Fourth Circuit heard oral arguments this week in United States v. Hamilton, a criminal case involving personal e-mails to a spouse sent from a workplace computer. The court focused on the scope of the marital privilege, the privacy of workplace e-mail, and whether failing to delete e-mail after a change in an email "use policy" can constitute a waiver of privilege. EPIC argued in an amicus brief that the retroactive application of a use policy as well as "a duty to delete" would be unfair to users. For more information, see EPIC: United States v. Hamilton and EPIC: Workplace Privacy. (Oct. 30, 2012)
  • Illinois Becomes Third State to Prohibit Employers from Demanding Facebook Information: Illinois Governor Pat Quinn has signed a bill that will prohibit employers from seeking the social network usernames and passwords of others. The Right to Privacy in the Workplace Act takes effect on January 1, 2013, and will result in Illinois joining Maryland and Delaware as the third state that protects the social network privacy of employees and job applicants. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (Aug. 2, 2012)
  • Following Maryland, Congress and California Consider Bills Banning Employers From Asking for Facebook Passwords: Reps. Eliot Engel (D-NY) and Jan Schakowsky (D-IL) introduced the Social Networking Online Protection Act, a bill that would prohibit employers, colleges, universities, and K-12 schools from seeking usernames or passwords for the social media accounts of employees or students. Similar legislation was introduced in California. Maryland became the first state to ban employers from asking employees or applicants for social networking passwords. Senators Blumenthal and Schumer have asked the Equal Employment Opportunity Commission and the U.S. Department of Justice to investigate the practice. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (May. 1, 2012)
  • Maryland Passes Bill Banning Employers from Demanding Facebook Information: The Maryland legislature passed the first bill banning employers from asking employees or applicants for social networking passwords. The bill was introduced after Robert Collins, an employee at the Department of Public Safety and Correctional Services, was asked to turn over his Facebook password as part the process of being reinstated as a corrections officer. Recently, Senators Blumenthal and Schumer asked the Equal Employment Opportunity Commission and the U.S. Department of Justice to investigate the practice of employers asking job applicants to surrender user names and passwords for social networking sites like Facebook. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (Apr. 11, 2012)
  • EPIC Urges Federal Appeals Court Court to Uphold Workplace Privacy: EPIC has filed an amicus brief in United States v. Hamilton, urging the Fourth Circuit Court of Appeals to uphold employee privacy interests in personal e-mails. The Government contends that it may obtain private emails from an employer even when they are privileged communications between spouses and there is no use policy in place, explaining that communications are subject to disclosure. The district court agreed. EPIC argued that employees in the modern workplace routinely communicate about private matters with spouses and that an employee's privacy interest cannot be retroactively waived by a use policy implemented a year later, as the lower court suggested. For more information, see EPIC: Workplace Privacy and EPIC: United States v. Hamilton. (Apr. 9, 2012)
  • Senators Call for Investigation into Employer Demands for Facebook Passwords: Senators Blumenthal and Schumer asked the Equal Employment Opportunity Commission and the Department of Justice to investigate the practice of employers asking job applicants to surrender Facebook user names and passwords. The Senators pointed out that accessing an applicant's profile could reveal sensitive information that employers are not permitted to ask about or base hiring decisions on. Thus, employers could be violating the Civil Rights Act and other federal laws, including the Stored Communication Act and the Computer Fraud and Abuse Act, which prohibit "unauthorized access" to electronic information. “Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both [Acts]," the letter states. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (Mar. 26, 2012)
  • Supreme Court Affirms Right to Informational Privacy, But Says Privacy Act Safeguards Sufficient for NASA Records: The Supreme Court has issued a decision in NASA v. Nelson, a case brought by NASA scientists who argued that the government's invasive background checks violated the Constitution. The Supreme Court found that the inquiries implicate "a privacy interest of Constitutional significance" but that the requests were reasonable and that the information would be protected under the Privacy Act. Writing in concurrence, Justice Scalia said the Court's opinion "will dramatically increase the number of lawsuits claiming violations of the right to informational privacy." EPIC authored a amicus brief, cosigned by 27 technical experts and legal scholars, which highlighted problems with the Privacy Act, including the "routine use" exception, security breaches, and the agency's authority to carve out its own exceptions. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy.   (Jan. 19, 2011)
  • Labor Relations Board Files Complaint against Company over Facebook Post: The National Labor Relations Board has issued a complaint against American Medical Response of Connecticut for firing an employee who complained about her supervisor on Facebook. The company claimed that it fired the employee for violating its policy against depicting the company on a social media site. The NLRB's complaint states that the company's blogging and internet posting policy is overly broad; the company illegally denied union representation during the investigation; and that the firing violated an employee's right to engage in concerted activities. The National Labor Relations Act protects an employee's right to engage in group activities, such as discussing work-related issues, to improve workplace conditions. A hearing is scheduled for January 25, 2011. For related information, see EPIC: Workplace Privacy and EPIC: Social Networking Privacy. (Nov. 9, 2010)
  • Supreme Court to Hear Arguments in NASA Privacy Case: On October 5, 2010 the Supreme Court will hear arguments in a case that will determine whether public contract employees have a right to limit the government's collection of their personal information. The case, NASA v. Nelson, was brought by a NASA scientist who argued that the Constitution grants a right to privacy from invasive government background checks. NASA claims that the Privacy Act provides sufficient legal protections. EPIC authored a "friend of the court" brief in the case, cosigned by 27 technical experts and legal scholars. EPIC's brief highlights exceptions in the Privacy Act, claimed by the federal agency, that place the scientists' personal information at risk. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy. (Oct. 4, 2010)
  • New Jersey Supreme Court Rules in Favor of Employee Privacy: The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief." For more information see EPIC: Workplace Privacy. (Mar. 30, 2010)
  • Supreme Court to Hear Workplace Privacy Case, Rule on Safeguards for Text Messages: The Supreme Court agreed to hear a case that will determine what privacy safeguards apply to text messages transmitted through government employees' pagers. In City of Ontario v. Quon, a federal appeals courts held that California police officers "have a reasonable expectation of privacy" in some personal text messages sent while at work. The Supreme Court will review the ruling. For more, see EPIC Workplace Privacy. (Dec. 14, 2009)
  • Company Settles Case in Firing Tied to Facebook: An ambulance company that fired an employee after she criticized her supervisor on Facebook agreed on Monday to settle a case brought by the National Labor Relations Board. Under the settlement, American Medical will revise its “overly broad rules” to ensure that they do not improperly restrict employees from discussing wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions, the labor board said in a statement. Bloomberg News, Company Settles Case in Firing Tied to Facebook, The New York Times, Feb. 7, 2011.
  • Supreme Court Affirms Right to Informational Privacy, But Says Privacy Act Safeguards Sufficient for NASA Records: The Supreme Court has issued a decision in NASA v. Nelson, a case brought by NASA scientists who argued that the government's invasive background checks violated the Constitution. The Supreme Court found that the inquiries implicate "a privacy interest of Constitutional significance" but that the requests were reasonable and that the information would be protected under the Privacy Act. Writing in concurrence, Justice Scalia said the Court's opinion "will dramatically increase the number of lawsuits claiming violations of the right to informational privacy." EPIC authored a amicus brief, cosigned by 27 technical experts and legal scholars, which highlighted problems with the Privacy Act, including the "routine use" exception, security breaches, and the agency's authority to carve out its own exceptions. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy.   (Jan. 19, 2011)
  • Labor Relations Board Files Complaint against Company over Facebook Post: The National Labor Relations Board has issued a complaint against American Medical Response of Connecticut for firing an employee who complained about her supervisor on Facebook. The company claimed that it fired the employee for violating its policy against depicting the company on a social media site. The NLRB's complaint states that the company's blogging and internet posting policy is overly broad; the company illegally denied union representation during the investigation; and that the firing violated an employee's right to engage in concerted activities. The National Labor Relations Act protects an employee's right to engage in group activities, such as discussing work-related issues, to improve workplace conditions. A hearing is scheduled for January 25, 2011. For related information, see EPIC: Workplace Privacy and EPIC: Social Networking Privacy. (Nov. 9, 2010)
  • Supreme Court to Hear Arguments in NASA Privacy Case: On October 5, 2010 the Supreme Court will hear arguments in a case that will determine whether public contract employees have a right to limit the government's collection of their personal information. The case, NASA v. Nelson, was brought by a NASA scientist who argued that the Constitution grants a right to privacy from invasive government background checks. NASA claims that the Privacy Act provides sufficient legal protections. EPIC authored a "friend of the court" brief in the case, cosigned by 27 technical experts and legal scholars. EPIC's brief highlights exceptions in the Privacy Act, claimed by the federal agency, that place the scientists' personal information at risk. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy. (Oct. 4, 2010)
  • New Jersey Supreme Court Rules in Favor of Employee Privacy: The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief." For more information see EPIC: Workplace Privacy. (Mar. 30, 2010)
  • Supreme Court to Hear Workplace Privacy Case, Rule on Safeguards for Text Messages: The Supreme Court agreed to hear a case that will determine what privacy safeguards apply to text messages transmitted through government employees' pagers. In City of Ontario v. Quon, a federal appeals courts held that California police officers "have a reasonable expectation of privacy" in some personal text messages sent while at work. The Supreme Court will review the ruling. For more, see EPIC Workplace Privacy. (Dec. 14, 2009)
  • Former Employer Caught Snooping on Employee's Private Email. A former employee of Structured Settlement Investments filed a lawsuit against the company claiming that the company had been reading his personal yahoo e-mail messages. The company prohibited the former employee from engaging in a similar line of work for 3 years post employment. The case, filed in a Connecticut federal court, alleges that the company gained access to the personal e-mail on a private account, while the company claims to have knowledge about the employee because it was on his computer screen where others could see. (June 27, 2008)
  • Court Rules in Favor of Employee Privacy. The 9th Circuit Court upheld the workplace privacy rights of employees in its decision in Quon v. Arch Wireless. Sgt. Jeff Quon and 3 other officers sued Arch Wireless for sharing wireless communication records with their employer, the Ontario Police Department. The City contracted for text messaging service for employees, and later obtained records to investigate whether all communications were work related. The court's decision reversed a lower court ruling, and found that the carrier was in violation of the 4th Amendment and California constitutional guarantees. (June 19, 2008)

Introduction

Workers of the world are exposed to many types of privacy-invasive monitoring while earning a living. These include drug testing, closed-circuit video monitoring, Internet monitoring and filtering, E-mail monitoring, instant message monitoring, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging. Employers do have an interest in monitoring in order to address security risks, sexual harassment, and to ensure the acceptable performance of employees. However, these activities may diminish employee morale and dignity, and increase worker stress.

Technology has greatly increased employers’ ability to monitor employees both at work and outside of work.  At the same time, technologies like smart phones and social networking sites have blurred the lines between business and personal, public and private.

The Modern Challenge of Workplace Privacy

While gone are the days where Henry Ford would inspect the homes of workers, employers have new means to acquire information about employees, and these new means require a reevaluation of basic fairness in the employee-employer relationship.

Many workers are not protected with due process guarantees against arbitrary discharge. Absent state law or contract, employers can often dismiss an employee for any reason, or no reason, even if the decision to terminate is based on false information.

At the same time, increased employee monitoring powers raise the risk that false inferences can be drawn about employee contact. An employee network-monitoring appliance can detect access to the inappropriate site, but not the intent of the employee. With these new monitoring tools and potential to draw false inferences, it is important now more than ever for employees to have basic due process protections--the right of notice of the violation and some "opportunity to be heard."

This field is also nuanced. Employees may desire medical screening, including genetic screening, prior to employment. For instance, in certain workplaces, it is possible to screen an employee for predispositions to disease that may be exacerbated by the presence of chemicals essential to the business. Similarly, background checks are often appropriate for positions of trust, such as a police officer, but not appropriate for jobs unrelated to public safety or the handling of very large sums of money.

In the United States and many third-world countries, workers have very few privacy protections in law. There are few situations where an employee has a due process right to access, inspect, or challenge information collected or held by the employer. There is a patchwork of state and federal laws that grant employees limited rights. For instance, under federal law, private-sector employees cannot be required to submit to a polygraph examination. However, there are no general protections of workplace privacy except where an employer acts tortiously--where the employer violates the employee's reasonable expectation of privacy.

European employers are bound by comprehensive data protection acts that limit and regulate the collection of personal information on workers. These laws specifically call for purpose and collection limitations, accuracy of data, limits on retention of data, security, and protections against the transfer of data to countries with weaker protections. These protections place employees on a more equal footing while allowing employers to monitor for legitimate reasons.

The International Labour Organization Code: The Standard for Workers' Rights

In 1996, the International Labour Organization (ILO) adopted a code of practice on the protection of workers' personal data. The ILO code is regarded as the standard among privacy advocates for protection of workers' privacy rights. The code specifies that workers' data should be collected and used consistently with Fair Information Practices (FIPs). The protections include:

  • Coverage for both public and private sector employees.
  • That employees should have notice of data collection processes.
  • That data should be collected and used lawfully and fairly.
  • That employers should collect the minimum necessary data required for employment.
  • That data should only be collected from the employee, absent consent.
  • That data should only be used for reasons directly relevant to employment, and only for the purposes for which the data were originally collected.
  • That data should be held securely.
  • That workers should have access to data.
  • That data should not be transferred to third parties absent consent or to comply with a legal requirement.
  • That workers cannot waive their privacy rights.
  • That medical data is confidential.
  • That certain data, such as sex life and political and religious beliefs, should not be collected.
  • That certain collection techniques, such as polygraph testing, should be prohibited.

Privacy Journal's Principles for Restricting Surveillance in the Workplace

Robert Ellis Smith, editor of the Privacy Journal, has created a model for US employers that offers strong protections for workers' privacy. Smith's model was presented to the Service Employees Union on October, 27, 2000. It calls for annual notice to employees of the monitoring type, purpose, and location, provisions for data destruction, audit trails, and a right of action against an employer for invasion of privacy for violations of the principles.

US Approaches, Legislation, and Protections

The Privacy Protection Study Commission

In 1977, the Privacy Protection Study Commission (PPSC) which was convened pursuant to the Privacy Act of 1974 (ADD LINK: http://www.justice.gov/opcl/privstat.htm), issued a report covering workplace privacy. The report recognized that employers collect a broad range of information on workers, and focused on delineating lines of fairness on the collection and use of employee information. It also recognized that much had changed since the development of common law employment norms. America is no longer a country of the self-employed, but rather of employees who do not always have the power to bargain the terms of employment. Quoting the Equitable Life Assurance Society of the U.S., the PPSC's approach recognized that "people with a given employment status must adhere to many terms of employment set by the organization they work in if they are to work at all."

The PPSC pursued three public policy objectives, and 34 recommendations to meet the objectives. The objections were first, to minimize intrusiveness in hiring, and specifically to reduce the practice of obtaining information about an employee from a third party, such as a credit reporting agency. Second, to maximize fairness, by reducing the use of arrest information and ensuring that information collected is accurate, complete, and timely. Third, the PPSC pursued the goal of creating a legitimate and enforceable expectation of confidentiality in employment records.

The Electronic Communications Privacy Act of 1986

The Electronic Communications Privacy Act of 1986 (ECPA) is the only federal statute that offers workers protections in communications privacy. ECPA prohibits the intentional interception of electronic communications. However, the ECPA contains loopholes that facilitate employee monitoring. First, employers are permitted to monitor networks for business purposes. This enables employers to listen in on employee phone calls or to view employees' e-mail. Employers may not monitor purely personal calls, however, in order to determine that a call is personal, employers usually have to listen to portions of the employee's conversation. Second, an employer may intercept communications where there is actual or implied employee consent. Consent has been found where the employer merely gives notice of the monitoring.

The Stored Communication Act

The Stored Communication Act is a subsection of the Electronic Communications Privacy Act of 1986.  The Stored Communications Act protects “electronic data while it is in electronic storage” and makes unauthorized access to the electronic data illegal.  This subsection has been used to protect employee social networking activity.

The National Labor Relations Act and the Railway Labor Act

The National Labor Relations Act protects certain employee expression in real world and Internet contexts.  Under this Act, workers have a right to form unions, to discuss working conditions, and to discuss unionization.  Employers cannot punish employees for this conduct.  Online work-related criticism of an employer is, therefore, protected under the National Labor Relations Act.

The Railway Labor Act covers employees of railway companies and airline companies.  The Railway Labor Act prohibits employer interference with the organizational efforts of employees, including online efforts.

There have been attempts to increase workers' privacy through new legislation. In 1993, Senator Paul Simon (D-IL) introduced the Privacy for Consumers and Workers Act. The measure would have established a standard for notice, access to information, and use limitations. However, the bill did not leave the committee to which it was assigned. The Notice of Electronic Monitoring Act (NEMA) was introduced by Representative Charles Canady (R-FL) and Senator Charles Schumer (D-NY) in 2000. NEMA would have established a private right of action against employers who failed to give notice of wire or network monitoring. The measure did not leave committee.

Privacy Guidelines for the Workplace - International

EUROPEAN UNION: AUSTRALIA:

The Expansion of Social Media, Cloud Computing and Smartphone Use Among American Employees

With the help of smart phones, laptops, cell phones, and other technologies, the line between work and personal activities has blurred.  It is common for employers to provide employees with cell phones, smart phones, and laptops.  In a 2008 USA Today poll of professionals found that 59% of the time, the employer paid for the laptop, and in 56% of the time, the employer paid for the smartphone.

Mobile devices like smart phones are an increasingly popular way to access the Internet.  A 2009 Pew Reasearch study reports that 55% of American adults connect to the Internet wirelessly, through devices like laptops and smartphones.

Social networking is also increasingly popular.  A 2010 Pew Research Center study reports that 72% of online teens and 73% of online young adults use social network sites.  Older adults are beginning to use social networking more too.  Another 2010 Pew Research Center study reports that between April 2009 and May 2010, social networking use among people aged 50 and up who are online nearly doubled, going from 22% to 42%.

Employee Surveillance:  Statistics

At the same time that employers are issuing devices that enable popular Internet access and social networking, employers are monitoring these devices.  A 2007 Electronic Monitoring Surveillance Survey done by the American Management Association reveals that more than 50% of employers who were polled monitor all employees’ Internet usage.  25% of employers reported that they store and review all employees’ computer files.  This survey includes both private and public sector employees.

A 2008 American Management Association and ePolicy Institute survey reveals:

66% of employers monitor Internet connections 45% of employers track content, keystrokes, and time spent at the keyboard 43% store and review computer files 43% monitor email 45% monitor time spent on the phone and numbers called 16% record phone conversations

For the Executive Summary of this survey, click here.

Employers also informally monitor social networking sites.  A 2009 Deloitte LLP Ethics and Workplace Survey reveals that 30% of business executives admit to informally monitoring social networking sites, and 40% of business executives think that the social networking pages of their employees are their business. 53% of employees say that their social networking pages are not the business of their employers.  A 2010 Deloitte LLP Ethics and Workplace Study reveals that 32% of employees do not use social networking sites because they are afraid that doing so would negatively impact their careers.  The survey also reveals that 62% of employers prefer not to be “friends” with their managers on social networking sites.

Specific Methods of Worker Surveillance

Remarkably invasive tools exist to monitor employees at the workplace. These include:

  • Packet-sniffing software can intercept, analyze, and archive all communications on a network, including employee e-mail, chat sessions, file sharing, and Internet browsing. Employees who use the workplace network to access personal e-mail accounts not provided by the company are not protected. Their private accounts, as long as they are accessed on workplace network or phone lines, can be monitored.
  • Keystroke loggers can be employed to capture every key pressed on a computer keyboard. These systems will even record information that is typed and then deleted.
  • Phone monitoring is pervasive in the American workplace as well. Some companies employ systems that automatically monitor call content and breaks between receiving calls.
  • Video surveillance is also widely deployed in the American workplace. In a number of cases, video surveillance has been used in employee bathrooms, rest areas, and changing areas. Video surveillance, under federal law, is acceptable where the camera focuses on publicly-accessible areas. However, installment in areas where employees or customers have a legitimate expectation of privacy, such as inside bathroom stalls, can give the employee a cause of action under tort law.
  • "Smart" ID cards can track an employee's location while she moves through the workplace. By using location tracking, an employer can even monitor whether employees spend enough time in front of the bathroom sink to wash their hands. New employee ID cards can even determine the direction the worker is facing at any given time.
  • Increasingly, employers are using psychometric or aptitude testing to evaluate potential employees. Such tests purport to assess intelligence, personality traits, religious belief, character, and skills.
  • Satellite or Global Positioning System (GPS) Surveillance Technology is now incorporated into cell phones, and vehicle tracking technology. GPS is a global navigation tracking system deployed by the Department of Defense, later used extensively for air travel, and has now become available for personal communication devices and service features for personal ground transportation. Now, the technology is being used by employers to keep track of employees who are in distributed work environments (construction, delivery, service providers, etc).
  • Employee Background Checks are increasingly used to screen prospective employees and current employees for criminal and credit histories. Adverse employment decisions based on the results of a criminal background check are not federally regulated, so employers in states without laws governing notice are not required to tell applicants about the negative reports.

Telecommuting

Telecommuters, or employees who labor remotely from the workplace, encounter different privacy challenges. For instance, how can the employer monitor the employee's home without impinging upon non-work-related activities? What limits are there to prevent surveillance of the employee during off-hours? What about information collected about non-employee family members who may use work equipment? What about non-work related information on company-based home offices? What about tax obligations for home offices that home owners might face? Where is the line between work and personal time? These questions remain unresolved.

Labor Issues - Computer Surveillance

Computer Surveillance and the Stored Communications Act

In a 2008 New Jersey case, Pietrylo v. Hillstone Restaurant Group, Docket No. 2:06-cv-05754 (D.N.J. 2008), an employer was found to be in violation of the Stored Communications Act.  Two employees, Doreen Marino and Brian Pietrylo, were using a members-only MySpace group to complain about work.  When one of their supervisors found out about this group, he demanded that another employee give him her username and password so that he could access the discussions.  Shortly after that employee complied with her supervisor’s request, Marino and Pietrylo were fired.  The company cited a policy regarding “professionalism and a positive attitude” as the reason for termination.   Marino and Pietrylo sued in federal court, claiming that the company had violated the Stored Communications Act.  The jury agreed with the employees and found that because the supervisor was not properly authorized to access the MySpace group, the company had violated the Stored Communications Act.

Computer Surveillance and the National Labor Relations Act

Employee monitoring that has the effect of selectively punishing organizing activities could violate the National Labor Relations Act (NLRA).  In Pratt & Whitney, 26 AMR 36322, 12-CA-18446 (Feb. 23, 1998), the National Labor Relations Board (NLRB) reported in an advice memorandum that a company's computer network was a "work area." Accordingly, rules prohibiting all nonbusiness use of e-mail on a company's network could be unlawful. The NLRB has found that policies discriminating against union activity on computer networks run afoul of the NLRA.

In American Medical Response of Connecticut, Inc., (NLRB, Nov. 2010), the NLRB issued a complaint against American Medical Response of Connecticut, Inc. for firing an employee who had posted negative comments about her supervisor on Facebook.  The complaint alleged that the employee’s Facebook posts were protected under the NLRA, just as the employee’s discussion at the water cooler would be.   This case was settled in February 2011.  The company agreed to revise its overly broad policies and rules regarding blogging, Internet posting, and communications between employees.  The company also agreed to not discipline or discharge employees for engaging in such discussions.

Computer Surveillance and the Railway Labor Act

In a 2002 case, Konop v. Hawaiian Airlines, Inc.,  302 F.3d 872 (9th Cir. 2002), an airline company was accused of interfering with a pilot’s online organizing activity in violation of the Railway Labor Act.  A pilot operated a website that included bulletins that were critical of the airline and the incumbent union.  The pilot restricted access to this website, requiring visitors to login with a password, to ensure that the content of the website was available only to his co-workers.  However, a vice president of the airline was able to access the website by using the password of another pilot.  After viewing the website without authorization, the company communicated the contents of the website to the incumbent union and threatened to file a defamation suit against the pilot.  The 9th Circuit reversed the lower court’s finding of summary judgment that had dismissed the pilot’s Railway Labor Act claims against the airline.

Labor Issues - Video Surveillance

Employers increasingly attempt to install hidden surveillance cameras. Recent cases have established a precedent that employers must provide notice to labor unions before installing surveillance cameras in the workplace, and employers must provide the opportunity to negotiate and bargain over this action. In the most recent decision, however, the NLRB would not rescind the discipline of employees even if the employers illegally and secretly installed hidden cameras.

  • Anheuser-Busch, Inc. (14-CA-25299; 342 NLRB No. 49) St. Louis, MO July 22, 2004. In 1999, the Administrative Law Judge (ALJ) found that the installation of hidden cameras monitoring work areas requires notice and opportunity for bargaining. The ALJ found that the area in dispute could indeed be called a work area, thus broadening the definition of "work area." However, they did not revoke the discipline of the employees even though it was based on evidence obtained by the hidden cameras. In 2004, the NLRB upheld both decisions. The NLRB ruled that the employers were still justified in the disciplinary action taken against employees due to the evidence obtained by the hidden cameras. The board found that rescinding the discipline would violate the specific remedial restriction contained in Section 10(c) of the Act, which provides that "[n]o order of the Board shall require the reinstatement of any individual as an employee who has been suspended or discharged, or the payment to him of any backpay, if such individual was suspended or discharged for cause."
  • National Steel Corporation, 335 NLRB No. 60 (2001). The union requested information about cameras and bargaining as a result of the Colgate-Palmolive decision, but the employer disputed their right to such actions since surveillance was a pre-existing practice. The NLRB found that the union's failure to request bargaining on prior occasions did not constitute a waiver of the union's right to bargain over future installation of surveillance cameras. U.S. Court of Appeals for the Seventh Circuit agreed with the decision in National Steel Corp. v. NLRB, 324 F.3d 928 (2 PVLR 385, 4/14/03).
  • Colgate-Palmolive, 323 NLRB No. 515 (1997) (pdf). The NLRB found that the employer had violated section 8(a)(5) of the NLRA in refusing to respond to the union's request to bargain on the issue. They found it to be a mandatory subject of bargaining saying the installation of surveillance cameras is "outside of the scope of managerial decisions lying at the core of entrepreneurial control." 323 NLRB at 515.

Monitoring Public Employees

Government employees are granted additional protections under the Fourth Amendment.  The Fourth Amendment guarantees the “right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.”  In O'Connor v. Ortega, the Supreme Court extended Fourth Amendment privacy protection to public workplace. In that case, the Supreme Court recognized a reasonable expectation of privacy in the governmental workplace. However, that expectation of privacy can be affected by office policies and practices. The plaintiff employee in O'Connor was found to have had a legitimate expectation of privacy in his desk and file cabinets. But, the rights conferred under O'Connor are narrow. The government still has the right to perform searches that serve interests in promoting efficient operation of the workplace. Government employers can also weaken expectations of privacy by informing employees that they do not have an expectation of privacy, or that their desks, computers, and lockers may be searched.

In City of Ontario v. Quon, 130 S. Ct. 2619 (2010), the Supreme Court considered government employees’ Fourth Amendment protections.  At issue in this case was whether government employees have a constitutional right to keep text messages private.  Sergeant Jeff Quon, a member of the Ontario Police Department SWAT team, used a pager issued to him by the police department.  The police department, upon issuing the pager, warned that team members would be responsible for any charges incurred for excessive use.  While official department policy stated that the department had the right to monitor network activity and that the team members should not have an expectation of privacy, the Lieutenant who administered the pagers had an informal policy of not examining the team members’ messages so long as each team member paid the charges for excessive use.  Quon exceeded the permitted use several times and he voluntarily paid for the excess charges each time.  The Department still obtained and reviewed transcripts of pager use for Quon and other officers who had repeatedly exceeded the permitted use.  The transcripts were to determine if the messages were work-related or personal.  These transcripts revealed hundreds of Quon’s personal messages, many of which were sexually explicit.  Quon sued the city, alleging a violation of privacy rights under the Fourth Amendment.

The Supreme Court declined to rule on whether Quon had a reasonable expectation of privacy in his text messages.  The Court deliberately avoided answering this question because of the rapidly changing nature of technology.  In regards to changing technology, the Court said that “it is uncertain how workplace norms, and the law’s treatment of them, will evolve.”  The Court then found that the search was reasonable.

Monitoring of the US Judiciary

One related area of public employment that has been exposed to workplace monitoring is the federal judiciary. In May 2001, a group of US federal court judges learned that court administrators were monitoring their Internet communication. The privacy and confidentiality issues raised by the monitoring troubled the judges. Some judges argued that the monitoring violated the Electronic Communications Privacy Act (ECPA). As a result, the judges disabled the Internet monitoring systems on their networks. A public conflict ensued between judges and the administrators who maintain judicial computers. The administrators wished to reinstate monitoring and adopt a policy giving federal judges and their staff no expectation of privacy in the workplace.

In September 2001, the Judicial Conference, the policy-making body of the federal judiciary, met to resolve the conflict. In anticipation of the meeting, EPIC sent a letter to the Judicial Conference urging the body to end monitoring of judges. The Judicial Conference rejected the administration policy that would have eliminated all expectation of privacy in the workplace. The Conference also voted to end e-mail monitoring of the judiciary. However, the Conference did approve limited monitoring of Internet use and prohibited the use of certain file sharing programs.

News

Surveys and Reports

The American Management Association (AMA) surveys major employers annually to determine the extent of workplace surveillance in the United States. Since AMA started conducting the survey in 1997, prevalence of workplace monitoring has increased every year.

Resources

Resources-International

AUSTRALIA:
  • Surveillance: Interim Report, Australia Law Reform Commission, Report 98 (2001). Chapter 7 of this report has a comprehensive listing of surveillance methods.
BELGIUM/FRANCE: NETHERLANDS:
  • J.H.J. Terstegge, Personeelsinformatiesystemen en de Wet bescherming persoonsgegevens, METHODEN, TECHNIEKEN EN ANALYSES VOOR PERSONEELSMANAGEMENT, Suppl. 55, I.6.2.2., 701-724, Kluwer Bedrijfswetenschappen, 1999.
CANADA:
  • S.M. Entwisle, E-Mail and Privacy in the Workplace.
SWITZERLAND

Legislation

Selected Cases

  • Cramer v. Consolidated Freightways (PDF), No. 98-55657, (9 Cir. 2001). In Cramer, the court held that a per se violation of California privacy laws occurred where the defendant trucking company employed surreptitious audio and video surveillance in an employee bathroom.
  • Halford v. The United Kingdom, 73/1996/692/884. In Halford, the European Court for Human Rights found that a public employee's calls from a work telephone were protected by international law.
  • Deal v. Spears, 980 F.2d 1153 (8th Cir. 1992): Court held that employee did not give consent to telephone monitoring where employer informed employees that calls might be monitored to cut down on personal calls.
  • O'Connor v. Ortega, 480 US 709 (1987). In O'Connor, the Supreme Court recognized a reasonable expectation of privacy in the governmental workplace. This expectation of privacy can be affected by office policies and practices. The plaintiff employee in that case was found to have had a legitimate expectation of privacy in his desk and file cabinets.
  • K-Mart Corp. Store No. 7441 v. Trotti, 677 SW2d 632 (Tx Ct App 1984). In K-Mart, a search of an employer-provided locker violated the employee's reasonable expectation of privacy.

Selected Cases-International

EUROPEAN COURT OF HUMAN RIGHTS: FRANCE:

OTHER CASES:

 
  • A. v. V. et autres, Trib. Corr. Paris, November 2, 2000.
  Workplace Monitoring Technologies  
  • ChoicePoint Employee Background Check Service
  • netOctopus is a comprehensive monitoring tool that can detect whether employees install "unauthorized" programs.
  • Raytheon's SilentRunner software monitors networks passively. It is capable of realtime analysis and archiving of network communication. SilentRunner can be employed with a standard laptop computer. SilentRunner is undetectable on a network, therefore, it could be used by a employer to spy on employees or by an employee who wishes to conduct corporate espionage.
  • Pearl Software's Pearl Echo can be used to monitor both traditional and telecommuting employees.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security