An Employee Bill of Rights


The significance of the laws discussed in the first part of this chapter cannot be underestimated. They amply demonstrate that when sufficiently motivated, Congress can have the willpower to step in and protect the rights of employees. The chief problem is that most of the laws on the books regulate what employers can do with information once they have it, but make no effort to regulate how the employer obtains the information. It seems increasingly evident that the methods used to collect information about employees are as damaging and destructive as the discrimination that often follows.

One can analogize employee privacy in the workplace to the ozone layer. Total employee privacy would be no more workable than an entirely opaque ozone layer; employers are entitled to a certain transparency, for all of the reasons discussed in Chapter 1 and elsewhere in this book. (It's worth noting that most employees are also against workplace violence, theft, sexual harassment, etc.) But employers have been steadily stripping away employee privacy with the same thoughtless avidity that we pumped chlorofluoro-carbons (CFCs) into the atmosphere in the 1970s and 1980s. A complete absence of employee privacy is no more tenable and should be no more acceptable than a complete absence of ozone.

Despite the size of the privacy hole that is opening up over employees, it's not too late for Congress to act. We've seen what can happen in the physical world: Thanks to the banning of CFCs, the size of the hole in the ozone layer over the Antarctic has been steadily shrinking. With the adoption of a few well-considered statutory provisions, Congress could begin to restore a healthier balance in the workplace.

The following is a number of general areas in which Congress should take action to better protect employee privacy rights.

Opt-In Requirements for Collection of Information

At the outset, it is worth restating that employers are entitled to and should collect certain types of information about their employees. It would be wholly impractical and downright silly to argue that employers should be barred, for instance, from verifying the information that prospective employees offer on resumes and job applications.

Nonetheless, the first and most fundamental requirement for improving workplace privacy is that employers be required to obtain specific, informed consent from employees and prospective employees before they acquire personal information about them. There is no incompatibility between informing applicants of the specifics of a background check and protecting the integrity of the workplace.

To a limited degree, the requirement of disclosure already exists: Under the terms of the Fair Credit Reporting Act, an employer (or prospective employer) must obtain your written permission before it can legally obtain a copy of your credit report (apart from the header information, which is essentially available to anyone).

The chief difference between this proposal and current practice is that employers would no longer be able to rely on a broad, generally worded grant of permission by applicants and employees to an essentially unfettered examination of their private life. Instead, an employer would be required to provide all applicants and current employees with the following specific information:

  • The nature and scope of the information being sought

  • The sources from which the information would be obtained

  • The methods by which the information would be obtained

  • The specific, work-related purposes for which the information was being sought

Such disclosure would enable employees to make an informed decision about whether or not to apply for a job with a particular employer. In addition, it would bring some much-needed sunlight to the amount of private information that is being routinely obtained by businesses during the job application process.

Disclosure of Surveillance

The same approach should be taken when it comes to surveillance of employees. The tools and technologies available for conducting surveillance are only going to become smaller, less obtrusive, and hard to detect. Senator Paul Simon had the right approach—an outright ban on hidden surveillance is an appropriate step if we are serious as a society about protecting workplace privacy and the basic dignity of employees.

When Vincent Ruffolo, the head of Security Companies Organized for Legislative Action, testified against Senator Simon's Privacy for Consumers and Workers Act in 1991, he argued that "An employer would be put in the absurd position of having to advise suspected thieves when they are being monitored." [17] However, if informing suspected thieves that they are being monitored brings an end to the unwanted behavior, it would seem that the surveillance has accomplished its ultimate purpose. If the notice of the surveillance does not stop the behavior, presumably the employer would then have the evidence it needed to fire the employee.

The problem with hidden surveillance (and particularly hidden video surveillance) is three-fold: First, it is fundamentally incompatible with the basic values of this country. Secrecy has its place—in national security or trade secrets, for instance—but in general, our society is premised on the free flow of information. We've even gone so far as to pass a Freedom of Information Act at the federal level and in most states to help us learn what information the government might have about us.

Second, the use of hidden surveillance encourages the companies that use it to invade the zone of privacy that each of us is entitled to enjoy, even in the workplace. Admittedly, that zone shrinks when we are on someone else's property and diminishes further when we are supposed to be working for someone else, but even so, it should not vanish altogether. Hidden surveillance is simply not proportional to its objective—in the name of protecting company property or economic interests, it completely obliterates employee privacy.

Third, hidden surveillance panders to a voyeuristic streak that is not our most admirable trait. Even if a company's management or security personnel is not secretly marketing hidden surveillance tapes to sleazy late-night advertisers, there's still a disturbing temptation for camera operators to spend time looking for embarrassing activity. This is hardly an argument to eliminate surveillance cameras so that coworkers can make out in the stairwell, but it is an argument that employees should not have people peering or leering at their unguarded moments.

From the employer's perspective, there is not much practical difference between hidden and obvious surveillance. If anything, a video camera mounted on the wall is capable of watching a wider area than a video camera hidden in an exit sign or desk lamp. The fundamental difference is the level of dignity and choice that each reflects. When surveillance is disclosed and obvious, employees can make an informed decision about whether to work for a particular company, and if so, how to behave in light of the surveillance that is in place.

Limiting the Casual and Unauthorized Spread of Employee Information

As a practical matter, it is inevitable that an employer will come into possession of private information about its employees. With limited exceptions, there are no legal constraints on what employers can do with the information they collect; employer misuse of employee information has been a problem for decades. Following the passage of the Privacy Act in 1974, which restrained government collection of personal information, Congress established a Privacy Protection Study Commission to evaluate the use of personal information by private industry, appointing University of Illinois professor David Linowes to chair the investigation.

In 1977, the Commission recommended that private employers self-regulate by adopting privacy safeguards for employee information. The Commission's recommendations, however, fell on deaf ears. In a 1979 follow-up study, Professor Linowes found that 85 percent of employers provided information from employee personnel files to creditors. In 1997, Dana Hawkins, a reporter for U.S. News & World Report, cited a survey of Fortune 500 companies that found that a majority still routinely shared employee information with creditors, landlords, and even charities. [18]

Just as the collection of employee information should be limited to what is necessary for effective job performance, so too should the distribution of employee information be limited. There is seldom any need for an employer to release employee information to any outside entity in order for an employee to effectively perform his or her job. Establishing clear limits on the redistribution of employee information will go a long way toward buttressing the concept of employee privacy and, at the same time, may make employees and prospective employees far more comfortable with the idea of disclosing personal information that is relevant to their job.

Restrict the Misuse of Employee Medical Information

From a privacy perspective, employee medical information poses the greatest problem. It is typically the information that you most want to be kept private, yet you are typically forced to reveal extensive amounts of medical information in order to receive adequate care and to have that care covered by your health insurance plan. At the same time, employee medical information is especially valuable to your employer, insofar as knowledge of a potentially expensive medical condition can be an important factor in cutting down on health care costs.

In the 1970s and 1980s, employer misuse of medical records was rampant. In his 1979 study, Professor Linowes found that three out of four employers used employee medical information when making employment decisions. When he conducted a similar investigation in 1989, he found that the percentage of employers misusing medical information was roughly the same. [19]

The level of protection for employee medical records improved slightly in the early 1990s, when Congress passed the Americans with Disabilities Act and the Family and Medical Leave Act (FMLA). Both laws contain provisions that establish confidentiality standards for employee medical records; under the ADA, for instance, employers are required to keep employee medical records in confidential files stored separately from general personnel files.

Largely as a result of those laws, Professor Linowes found in 1996 that the percentage of companies that use medical information in making employment decisions had dropped to about 35 percent. [20] That's certainly an improvement, but it still represents a significant number of employees around the country whose jobs are dependent not so much on how well they work but instead on how expensive their medical care is or is likely to be.

Closely tied to the misuse of medical record information is the collection and misuse of information about how employees spend their personal time, either in their recreational activities or their lifestyle choices. The acquisition of such information should be subject to the same test governing the acquisition of other employee information: Is it reasonably related to your ability to perform your job? If not, then your employer should not be permitted to actively seek that information, and if does acquire it nonetheless, should not be allowed to use it for employment purposes such as hiring or termination.

The problem is that employers have been able to argue that an incredibly wide range of personal information is "relevant" to employment, largely because virtually any human activity can, to one degree or another, have an effect on health insurance costs. But this is simply not an acceptable situation in a nation that prides itself on personal freedom and individual choice.

Obviously, it's a tricky business to eliminate discrimination in a society. We've made some good efforts recently, but thirty-eight years after the passage of the Civil Rights Act, few would argue that we've totally eliminated racism and sexism in this country. And, it is fair to say, we are as a society intrinsically more comfortable trying to eliminate discrimination based on who we are as individuals than the lifestyle choices we make. Hence the passage of the ADA, which attempts to ban discrimination based on personal characteristics we didn't choose, but not the passage of the Employee Nondiscrimination Act, which attempts to ban discrimination against individuals who, rightly or wrongly, are perceived by a significant portion of the population as having made a lifestyle choice.

Businesses will continue to argue that their health insurance premiums should not be subject to the whims of employees who engage in risky behavior, from jet skiing to smoking to gorging on Big Macs. However, it's important to remember that the offering of health insurance is a competitive decision by a business, designed to make its workplace more attractive. Making that offering is itself a risk, which in some cases will simply go bad: An employee might develop a lingering cancer, a child might be born premature and ill, a bad accident may require years of physical therapy.

There is no disagreement that businesses have every right to try and reduce their costs; that is, after all, one of the fundamental principles of a capitalist economy. But if we allow businesses to discriminate against individuals who are capable of performing a particular job but happen to have (or may develop) an expensive medical condition, then we are potentially consigning a large portion of our population to low-paying, non-benefit jobs. An employer should have the burden of showing that the information it seeks about recreational and lifestyle choices is directly related to the work an employee is hired to do, and not to his real or imagined impact on health insurance premiums.

In theory, the ADA was supposed to minimize these types of concerns by limiting the results of a preemployment medical exam to whether a prospective employee is capable of doing the work required, incapable, or capable with reasonable accommodations. No additional information is supposed to be provided to the employer. Yet as we've seen, it's relatively rare that the information provided to an employer is that limited.

The ADA does provide for the filing of a discrimination complaint with the Equal Employment Opportunity Commission and, if necessary, the filing of a lawsuit alleging discrimination. While there is no underestimating the value of private litigation in reining in the worst excesses of corporate behavior, it's at best a scattershot enforcement mechanism. A more comprehensive approach is necessary, consisting of a combination of criminal penalties for the unauthorized disclosure and misuse of employee medical information and statutory penalties to help compensate individuals whose actual damages are limited.

The Requirement of Reasonable Suspicion for Drug Testing

The most common "lifestyle choice" that employers try to identify is whether its employees are using or have used drugs. With nearly every major U.S. corporation and significant numbers of smaller businesses conducting preemployment tests for drugs, it's not surprising that the detection/antidetection forces are locked in a bit of a contest.

On the surface, it's tempting to applaud businesses for their willingness to bear the expense of random drug testing. The use of most drugs, after all, is against the law, and arguably the prospect of being tested serves as a deterrent to some potential users.

However, there's no statistical evidence to suggest that company drug tests have had any impact at all on drug use in the United States. Moreover, it is legitimate to ask whether a private organization should be attempting to enforce state or federal criminal laws.

Businesses would reply, in part, that they're not actually attempting to enforce criminal laws; they're simply evaluating people's fitness for employment, and if they fail the test, the only consequence is that they don't get the job. No business of which I'm aware refers failed drug test takers to state or federal law enforcement. Moreover, businesses point assiduously to statistics that suggest that drug users are more accident-prone, miss more days of work, and have higher health care costs than nondrug-using employees. Not surprisingly, studies with opposite conclusions exist: in 2001, for instance, the Robert Wood Johnson Foundation concluded that there "was [a] lack of any significant relationships between nonchronic drug use, employment, and labor force participation." [21]

Accurate or not, the statistics regarding drug users and their impact on the workplace give businesses an arguably credible basis for seeking out and acquiring personal information about specific employees for the purposes of extrapolating what is a general outcome. That's an enormously common practice, of course, but we can and should make a decision that in the context of workplace privacy, it is a practice that carries an unnecessarily high social cost.

No one can reasonably disagree that an employer has both the right and—where public safety is concerned—the obligation to make sure that its employees are not actually working under the influence of drugs or alcohol. However, before an employer should be able to require that an employee take a drug test, the employer should be able to state the ways in which the employee's ability to perform is impaired. It is also worth noting that there are a variety of testing methods—those based on coordination, for instance—that can help an employer assess whether an employee's performance capabilities are impaired without acquiring unnecessary information about his medical condition or his personal activities at home.

Preserving the Boundary Between Work and Home

It would be unreasonable to expect employers to completely ignore the potential problems posed by telecommuting. An employee who works at home with a networked computer is just as capable of causing harm to a business through inappropriate e-mail or stolen trade secrets as someone in the office. Telecommuters also present the potential for greater productivity concerns than employees who can be observed during the course of the day. There is no reasonable basis, then, for arguing that just because you are working at home, you should be free from surveillance software.

That being said, the mere fact that you work at home should not subject you to greater scrutiny or invasion of privacy than is faced by your coworkers in the office.

Of all the potential conflicts between employer and employee, this is the one most easily remedied by employee self-help. If your employer provides you with a computer, for instance, it would be prudent to not use the computer for personal matters unless such use is explicitly authorized. Even then, it is important to keep in mind that the ownership of the computer by your employer could easily expose your private information to unwelcome eyes.

Enforcement

In order for these protections of employee privacy to be effective, it will be necessary for Congress to create some enforcement provisions. Ideally, these would consist of both civil and criminal remedies. Two pieces of legislation discussed in this chapter, the Electronic Communications Privacy Act and the Health Insurance Portability and Accountability Act, offer compelling models for how such provisions might be structured.

Although the Electronic Communications Privacy Act has not proven so far to be a particularly powerful tool for employees, the basic structure of its enforcement provisions is sound. For instance, the ECPA is primarily a criminal statute: If a person "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication," and is convicted of doing so, he can be punished by a fine or up to five years in prison. [22]

However, the ECPA takes a dual approach to enforcement by providing civil remedies as well. A person whose communication was "intercepted, disclosed, or intentionally used in violation" of the ECPA may bring a civil action against the violator and request a variety of remedies. Specifically, the ECPA authorizes the awarding of:

  • Preliminary and other equitable or declaratory relief

  • Damages as set out in the statute and punitive damages where appropriate

  • A reasonable attorney's fee and other litigation costs reasonably incurred

The ECPA specifies a certain minimum amount of damages of $100 for each day of violation, up to a maximum of $10,000. However, if a plaintiff's actual damages plus any profits earned by the violator as a result of the interception are greater than the statutory damages, then the plaintiff can try to recover the actual damages instead. [23]

Although it is too early yet to determine just how effective they'll be, particularly given some of the loopholes in the enabling regulations, HIPAA contains some fairly powerful enforcement provisions. For instance, health care plans, providers, and clearinghouses that violate HIPAA's confidentiality provisions are subject to the same type of civil liability as provided for in ECPA, although the upper limit is $25,000 instead of $10,000. In addition, HIPAA makes it a crime to knowingly obtain protected health information:

  • Up to one year in prison and $50,000 in fines for certain violations of HIPAA

  • Up to five years in prison and $100,000 in fines if the crime is committed under "false pretenses" (i.e., pretexting)

  • Up to ten years in prison and $250,000 in fines if the information was obtained "with the intent to sell, transfer or use protected health information for commercial advantage, personal gain or malicious harm"

The remedies laid out in HIPAA and the ECPA offer a useful framework for helping to protect not just communication privacy but workplace privacy in general. By providing for both statutory damages and criminal penalties for unauthorized invasions of privacy, an "employee bill of rights" would effectively place some limits on the hunt for and misuse of private employee information.

[17]Charles Lewis, "American Workers Beware: Big Brother Is Watching," USA Today (May 1999).

[18]Dana Hawkins, "Who's Watching Now?" U.S. News & World Report (September 15, 1997).

[19]"Employee Monitoring, Investigations, and Privacy Rights," JacksonLewis.com (September 23, 2001).

[20]"Employee Monitoring, Investigations, and Privacy Rights," JacksonLewis.com (September 23, 2001).

[21]"Drug Testing & Employment," DrugWarFacts.com (February 1, 2002). Available online at www.drugwarfacts.org/drugtest.htm.

[22]18 U.S.C. 2511(1), (4).

[23]18 U.S.C. 2520(a–c).




The Naked Employee. How Technology Is Compromising Workplace Privacy
Naked Employee, The: How Technology Is Compromising Workplace Privacy
ISBN: 0814471498
EAN: 2147483647
Year: 2003
Pages: 93

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net