Big Brother in the Workplace

Sunday, July 30, 2000

The No-Privacy Zone

Perhaps you have had the famous Freudian dream in which you suddenly realize that you have gone to school or work but have forgotten to get dressed. Whatever the classic analysis might be, the dream is a stark metaphor for the modern American workplace. Many of us are naked, at least in the sense that we have few protections of our privacy. On some occasions, workers find the metaphor to be literally true: some employers have installed video cameras in locker rooms and restrooms, a practice that is legal in all but a handful of states. But the invasions of employee privacy are actually far more widespread and intrusive. No federal law makes it illegal for an employer to gather and compile highly personal information about employees, even if it is unrelated to the job they do. It is perfectly legal for your boss to monitor your family life, check up on the organizations you belong to, delve into your medical history, and even do background checks on your personality traits and education. For example, your employer can

Illustration by Taylor Jones for the Hoover Digest.  
  • Listen in to your phone calls
  • Read your e-mail—even if your message is marked "private"
  • Listen in to your voice mail
  • Monitor what is on the screen of your computer and what you have left on your hard drive
  • Install software that monitors the number of keystrokes you perform per hour and measures the time you are away from your workstation
  • Make you urinate into a cup to test for drugs
  • Read your credit reports and look at your medical records
  • Probe your innermost thoughts with psychological tests (but cannot give you a polygraph test)
  • Share information about you with creditors and government agents

The violations, however, are not all one way. Disgruntled employees have been known to wear concealed wires or hidden recorders to tape conversations and meetings with coworkers and managers. Ironically, new developments in employment law have actually helped shape the current climate of mistrust. Because of the rising tide of litigiousness, employers have a limited ability to get honest and thorough information about employees from past employers (a negative letter of recommendation is an invitation to a lawsuit). They may also be forbidden by law to ask about certain problem areas in an applicant’s past—including arrests. An unintended consequence of such protections has been that employers have become subtler, more creative, and more roundabout in their approach to learning about their employees.

Strictly speaking, the tradition of delving into the private lives of employees is not new in American business. In its early years, the Ford Motor Company pioneered corporate paternalism by scrutinizing the home life and personal finances of its employees to determine if they were worthy to receive profit-sharing bonuses. Representatives of Henry Ford’s "Sociological Department" visited homes of employees to determine whether they gambled, drank, had dirty homes or an unwholesome diet, or sent money to foreign relatives. Following in Ford’s footsteps, business continues to argue that its ability to probe into the background of employees is both a fundamental right and a business necessity.

Federal law provides little protection to employees for several reasons: First, though public employees enjoy some minimal Fourth Amendment protections against unreasonable search and seizure, those rights do not extend to the private sector. Second, Congress has been reluctant to enact privacy rules for private businesses, even going so far as to exempt employers from laws protecting the confidentiality of electronic communications. "When most Americans go to work in the morning, they might just as well be going to a foreign country," says Lewis Maltby of the ACLU Workplace Rights Project, "because they are equally beyond the reach of the Constitution in both situations. And unfortunately, federal law does very, very little to fill this void."

How widespread are such practices?

One survey found that two-thirds of the nation’s largest corporations hire private investigators to gather information about employees’ private lives. Another recent poll of 906 large and midsize employers found that more than one-third of them conduct one or more kinds of electronic surveillance on their employees. If any kind of electronic monitoring is included—including the number of keystrokes by data entry workers, phone logs, and videotaping to deter crime—the proportion rose to 63.4 percent. In 1993, MacWorld magazine estimated that 20 million workers were being monitored through computers on their desktops. A widely publicized survey of 87 Fortune 500 companies with a combined 3.2 million employees found that 75 percent said they collected information about employees beyond what workers voluntarily provide and that almost half did so without informing the employees. More than two-thirds reported hiring private investigators to do background checks of their workers; more than one-third (35 percent) said they used medical records to make decisions about employees. The vast majority acknowledged that they shared information about their employees with government agencies and creditors.

It is perfectly legal for your boss to monitor your family life, check up on the organizations you belong to, delve into your medical history, and even do background checks on your personality traits.

In the 1970s Congress created the Federal Privacy Commission, which studied the issue of employee privacy in depth. Business groups lobbied the commission against recommending federal legal protections, insisting that they should be allowed to develop their own voluntary policies to protect employees from privacy abuses. Commission chairman David Linowes, a professor at the University of Illinois, has conducted follow-up studies to determine how well business has done in protecting privacy. His conclusion is that voluntary regulation has been a dismal failure. Not only do businesses continue to collect detailed and highly personal information, but they often fail to ensure the accuracy or the confidentiality of those files.

"The amount of unsubstantiated and irrelevant information that finds its way into files is amazing," complained Linowes. "Rumors, poison-pen letters, things that appeared in newspapers. We found many errors that resulted in terrible abuse. Employees should be allowed to correct errors, but 24 percent of companies do not allow corrections."

Employees under review or who are being considered for promotions might come under special scrutiny, which might include attempts to learn more about their character, past behavior, spending habits, friends, and associates. In one case found by Linowes, a man had been denied promotion because his file described him as "known to have used drugs." It later turned out that one of the employee’s neighbors had told company investigators that he had "heard" that the employee had once tried marijuana. Another woman’s personnel file included grade school report cards and evaluations from her third-grade teacher, including a note describing the woman’s mother as "crazy." That note reportedly led her employer to question her mental soundness.

The same actions that would be deemed unconstitutional violations of your rights when done by the government are perfectly permissible if done by your boss—including wiretapping, reading your private e-mails, and drug testing.

New technologies promise even more sophisticated workplace monitoring. A Virginia company is now marketing artificial intelligence software that automatically scans employees’ e-mail for "offensive language." A New Jersey company has developed a system to monitor whether employees at its restaurant wash their hands after going to the bathroom. Given trends in litigation employment law—which hold employers liable for everything from employee honesty to sexual harassment—the level of intrusiveness is likely to keep rising.

You’ve Got Mail . . .

One of the cases that underlined the vulnerability of employees and their lack of legal protections was Shoars v. Epson America, Inc. Like many American companies, Epson had an extensive e-mail system, which was administered by a woman named Alana Shoars. Feeling that confidentiality was essential to the new network, Shoars assured her colleagues at Epson that the company’s e-mail system was private and their passwords and communications secure.

They were not.

When Shoars discovered that one of the company’s executives was eavesdropping on electronic messages, she confronted him—and was promptly fired. Because the incident occurred in California, Shoars had high hopes that California’s constitutional protections of privacy would give her an advantage when she sued Epson for wrongful discharge, slander, and invasion of privacy. But Epson, like other employers, insisted that, since the company owned the e-mail system, it had the right to control it and to monitor how it was used. Since the company provided the equipment, the software, and the network, it reserved the right to ensure that its employees used electronic mail strictly for business purposes.

As it turned out, there was no California law protecting the privacy of e-mail. Shoars tried to argue that the violation of e-mail privacy was covered under the state’s older laws dealing with wiretapping, but the trial court rejected her argument. The court also rejected her argument that Epson’s snooping violated California’s broader constitutional right of privacy. In a setback for the privacy rights of the state’s employees, the court ruled that the constitutional right of privacy protected only personal information. The court saw no reason to extend privacy protections to "business-oriented communications." Nor did federal law provide any help. When Congress passed the Electronic and Communications Privacy Act to cover e-mail communication in 1986, it explicitly exempted employers. Thus, even though Shoars felt she had a sound commonsense basis for her case—Epson’s promises of confidentiality, the use of passwords that seemed to promise privacy—Epson’s snooping was protected by law.

When most Americans go to work in the morning, they might just as well be going to a foreign country, because they are equally beyond the reach of the Constitution in both situations.

Indeed, the U.S. Supreme Court has granted employers a good deal of leeway in their prying into employee activities. In 1987, the Court ruled in favor of a supervisor in a public sector workplace who searched one of his employee’s files, office, and desk, ruling that the worker had no reasonable expectation of privacy at his workplace. Since public employees have greater constitutional protections against unreasonable searches and seizures than workers in the private sector, the clear implication of the ruling was that private companies had been granted even broader license to search employees’ work areas and communications.

A study by the Society for Human Resource Management found that 80 percent of the organizations surveyed used e-mail but that only 36 percent had policies for its use and only 32 percent had written privacy rules. That may be changing, as more companies begin to protect themselves by explicitly informing employees that their e-mail may be subject to surveillance. Such surveillance is also likely to become even more aggressive, especially given the aggressiveness of litigators who not only subpoena every document and piece of paper but have also learned that deleted e-mails can be accessed and used against companies at trial.

First, You Have to Pee into This Cup

In the area of workplace law, the privacy protection equation is turned on its head. In most contexts, private employers have far more power than the government to violate the privacy of their workers. Put another way, an individual is protected more effectively from the government than from his employer because the protection against warrantless searches does not extend to the private sector. The result is that the same action that would be deemed an unconstitutional violation of your rights when done by the government is perfectly permissible if done by your boss—including wiretapping, reading your private e-mails, and drug testing.

The courts have repeatedly found that drug tests are a significant invasion of privacy, violating not only the Fourth Amendment’s protection against unreasonable search and seizure but also the Fifth Amendment’s protection against self-incrimination and the Fourteenth Amendment’s protection of due process and privacy. Because those protections are not absolute, some forms of testing have been upheld, including those in which there is a "reasonable suspicion" that someone has been under the influence of drugs. Another exception is for random testing of government employees in jobs involving public safety and of some student athletes.

In general, though, the courts have ruled out blanket or random drug tests without any reasonable justification. But since the constitutional protections against unreasonable searches do not extend to private businesses, employers are able to search the urine and blood of their employees on the chance they may be using drugs.

For many workers the requirement that they submit to drug tests is the most obvious and direct challenge to their privacy. One study found that 80 percent of the companies in the survey tested their employees for drugs, and millions of Americans are required to urinate into cups, jars, and bottles every year as a condition of their employment. Although Supreme Court justice Antonin Scalia has called drug testing a "needless indignity," it has widespread support and illustrates the problems of balancing privacy concerns with other priorities. Supporters of drug testing point to the overwhelming evidence that drug use not only exacts a societal cost but also hurts the productivity of American business. Many of the nation’s largest and most prestigious corporations require preemployment tests: the list includes more than one-quarter of the Fortune 500 corporations and such trendsetters as the New York Times, IBM, Exxon, Federal Express, AT&T, and Lockheed. Obviously, the most compelling justifications of drug testing involve jobs that affect safety, such as railway workers and airline pilots. But the vast majority of people tested are not in the classic "safety-sensitive" jobs.

Can we pretend that we can still have privacy if we have no right to protect ourselves against violations by people who have economic power over us? For most American workers a choice of their privacy or their livelihood is no choice at all.

What no one seriously questions, though, is the fact that drug tests involve a considerable loss of privacy, ranging from puncturing the skin to obtain blood to actually watching a person give a urine sample (in order to ensure that nothing is substituted). Beyond the physical intrusion, drug tests may reveal a good deal more medical information about the person subjected to such tests. In addition, it is not always clear who has access to the results of such tests. Nor is it obvious that the tests—on which so much rides for an individual in terms of employment, insurance, and reputation—are all that accurate. Critics claim that many of the drug tests have error rates as high as 60 percent.

Clearly, there is a necessary trade-off between privacy rights and public safety when it comes to the issue of drug testing involving jobs whose performance puts the public at risk. Testing blood donors or air traffic controllers or railway workers seems to pass any reasonable balancing test. But, at a minimum, employers should inform applicants and employees in advance and in writing if submitting to a drug test is a condition of employment. Moreover, they have an absolute moral obligation to maintain strict confidentiality and to ensure the accuracy of the initial tests and to run confirmatory tests if a positive result is obtained. Employers who have specific reasons to suspect that an individual might be or have been impaired while on the job should similarly be able to require a test, but there seems little justification for blanket or preemptive drug tests.

Working for Privacy

The transparent workplace raises several nagging issues for privacy rights: If society respects and values privacy, can it tolerate a situation that denies any privacy protections for the place where we spend one-third of our lives? Can we pretend that we can still have privacy if we have no right to protect ourselves against violations by people who have economic power over us? For most American workers a choice of their privacy or their livelihood is no choice at all.

Employers are not bound by the same constitutional limits as government; the Bill of Rights was created to restrict the powers of government, not the powers of private citizens. But even so, constitutional protections of privacy/information rights are not irrelevant. Infringements of privacy by an employer necessarily affect those rights vis-à-vis the rest of society. When it comes to information, the walls between private and public are increasingly porous. Given the fluid nature of information, what good are our protections against government intrusion if employers are given carte blanche to probe our lives and share that information with those same governmental agencies?

It is also important to remember that employers have not resorted to draconian surveillance techniques out of sheer ill will. Rather, businesses can make a compelling case that the current legal climate gives them little choice except to monitor their employees. Society’s penchant for litigiousness has forced companies to assume a defensive posture. Over the last several decades, the trend has been toward creating new classes of legal actions that customers, partners, and workers can bring against companies. Not only do they face a raft of potential lawsuits and complaints from employees—for discrimination, for sexual harassment, for unfairness of every sort—but they also find themselves held liable for their employees’ conduct and action. Such laws make it difficult to dismiss problem employees and give businesses powerful incentives for ever-increasing levels of surveillance, if only for self-preservation. From a practical point of view, any protections of employee privacy may have to be counterbalanced by shifting more responsibility from companies to individual employees.

Legislation should probably begin with the most egregious violations, including electronic monitoring, video surveillance, and medical information. At a minimum, companies should be encouraged to adopt the so-called fair information practices. This would mean that personal information be used only for the specific purpose for which it was gathered, that employees be able to see information about themselves, and that they be given a chance to correct any incorrect information that might be in their files.

But there are definite limits to the power of legislation. More hopeful, however, might be changes in the marketplace itself, as companies begin to use privacy policies to compete for customers and employees. Increasingly, businesses will find that protecting employee privacy can actually give those employers with the strongest assurances a competitive advantage. Just as customers will gravitate toward merchants who prove reliable and trustworthy in handling their data, so valued employees will be attracted to environments that promise to treat them with respect and reticence.