Privacy in the workplace in perspective

PRIVACY IN THE WORKPLACE IN PERSPECTIVE

David F. Linowes Ray C. Spencer

University of Illinois

This analysis examines the current state of privacy in the workplace as well as how the issue has developed over the last century. Of special interest is the seminal work of the U.S. Privacy Protection Commission which studied the subject extensively in the late 1970s. Nearly twenty years after the Commission submitted its report and recommendations urging business to voluntarily adopt privacy safeguards for its employment-related records, a new study shows that too many of the nation’s largest industrial corporations still do not have adequate policies to protect sensitive confidential employee data from possible abuse. A set of fair information practices is presented for voluntary corporate adoption. The practices could also serve as the basis for future legislation mandating private sector action.

EVOLUTION OF WORKPLACE PRIVACY

One need only glance at the dramatic changes in our country during the last hundred years to understand why the relationship between organizational record keeping and personal privacy became an issue worthy of examination at the highest levels of government. Today, life in America is much different from the simpler society our forefathers knew. The records of a hundred years ago tell little about the average American, except when he died, perhaps when and where he was born, and if he owned land, how he got his title to it. Employment records were virtually nonexistent. Three quarters of the adult population worked for themselves on farms or in small towns. The only information an employer found necessary to keep on his workers was the number of hours worked on paydays.

Beyond the workplace record keeping was minimal. Attendance at the vil- lage schoolhouse was not compulsory and only a tiny fraction pursued formal

Direct all correspondence to: David F. Linowes, College of Liberal Arts and Sciences, University of Illinois, 308 Lincoln Hall, 702 S. Wright Street, Urbana, IL 61801.

Human Resource Management Review, Copyright t:, 1996 Volume 6, Number 3, 1996, pages 165-181 by JAI Press Inc. All rights of reproduction in any form reserved. ISSN:1053-4822

166 HUMAN RESOURCE MANAGEMENT REVIEW VOLUME 6, NUMBER 3, 1996

education beyond it. No national military service was required, and few programs brought individuals into contact with the federal government. Local governments to be sure made decisions about individuals, but these mainly had to do with taxation, business promotion and regulation, prevention and prosecution of crime, and in some instances, public relief for the poor or the insane.

Record keeping about individuals was correspondingly limited and local in nature. The most complete record was probably kept by churches, who recorded births, baptisms, marriages, and deaths. Town officials and county courts kept records of similar activities. Merchants and bankers maintained financial accounts for their customers, and when they extended credit, it was on the basis of personal knowledge of the borrower’s circumstances. Few individuals had insurance of any kind, and a patient’s medical record very likely existed only in the doctor’s memory. Records about individuals rarely circu- lated beyond the place they were made.

Employers have always had an interest in the personal lives of their workers, but it was never an organized endeavor until the late 1800s. An early 1870s newspaper advertisement for Pinkerton’s detective services offered to help corporations determine whether employees were likely to engage in strikes or join any secret organizations. The ad suggested that a Pinkerton detective would obtain this information from associating with the employees in question (Engberg 1967).

Many nineteenth-century employers made sure their workers went to church. In the late lBOOs, company towns enabled the boss to monitor virtually every aspect of an employee’s life, including their sexual orientation, political and religious affiliations, and after-hours activities. It was during this period that Carson, Pirie, Scott & Company, the large Chicago department store, had regulations requiring all male employees to attend Sunday School regularly and to contribute to the church. The company also advised managers to be wary of employees who smoked Spanish cigars, got shaved at the barber’s, and went to dances or other places of amusement. These activities were viewed as reasons to question a man’s integrity (Eilbirt 1957).

Around the turn of the century, many companies, such as International Harvester and the Colorado Fuel and Iron Company, began utilizing social secretaries to act as a point of contact between the firm and its employees. Their chief duty was to study the welfare of workers and suggest ways to improve workers’ general life conditions. Interest in the employee’s private life often became an integral part of the work. Secretaries were compelled to know enough about the personal lives of the workers to be of assistance in times of trouble.

Company-administered physical examinations first took place in the early 1900s when doctors examined employees in an effort to eliminate tuberculosis from manufacturing plants. Soon the routine physical became a mandatory condition of employment. This was especially true of firms where workers were exposed to potentially toxic substances such as lead, paint, and varnish (Ling 1965).

PRIVACY IN THE WORKPLACE IN PERSPECTIVE 167

The Ford Motor Company took a great deal of interest in the personal well- being of its employees. In 1914, Henry Ford established a Sociological Depart- ment to help employees improve their home, personal life, and environment. The implementation of the sociological department coincided with Fords five- dollar workday salary. A team of investigators headed by John R. Lee coun- seled and offered practical instruction to the workers at Fords Highland Park, Michigan assembly plant. An initial staff of 30 investigators quickly grew to 150. Each investigator was given a car, driver, and interpreter and assigned to a particular area of Detroit.

Workers were asked to furnish information on marital status, number and ages of dependents, nationality, religion, and citizenship. In addition, the employee was asked if he owned his own home, and the amount of the mortgage or rent. Debts were detailed as well as how much money was kept in savings and where. Details about life insurance and the amount of the premiums were disclosed along with the person’s health, doctor, recreational activities, habits, home conditions, and neighborhood surroundings. The family diet was scruti- nized and all members of the household listed. Homes were to be kept clean and tidy. The taking in of boarders was considered an evil practice and discour- aged. Investigators probed excessive use of alcohol and gambling. All this information was listed on blue and white forms and kept in the Ford personnel folders. Such efforts to control every aspect of the production line, including the workers themselves, were where workplace privacy issues first appeared (Nev- ins 1954).

In the 1920s there was an increase in the number of medical records being collected by business. Employers began utilizing corporate nurses and the field of industrial medicine gained in popularity. It became accepted to keep on file information regarding employee health. Professional organizations, such as the American College of Surgeons, advocated maintaining a set of medical records in the personnel department to provide information in case of illness or injury. The data also proved useful for dealing with compensation claims.

Also about that time, many employers applied selection procedures that had been developed by the army in World War I. The tests were used to classify individuals according to intelligence, temperament, education, and occupa- tional preference in what was called job analysis (Ling 1965). The trend continued after the second world war. World War II showed U.S. industry how psychiatry could be applied to employee selection and retention. During the war, psychological testing was used to screen and eliminate emotionally unstable men from military service. In war zones counseling was used to head off seri- ous emotional problems and keep men at their stations or help those who broke down under the stress. In the private sector, companies such as General Mo- tors, Sperry Gyroscope, and the Picatinny Arsenal utilized the services of psychiatrists to keep the plants producing at peak levels (Menninger & Levin- son 1955).

The success of psychological testing in the military increased the popularity of the tests in the private sector after the war. In 1946 one survey found that about 17 percent of the firms surveyed utilized psychological tests. In the late


1940s Eastman Kodak Company, American Cyanamid Company, Metro- politan Life Insurance Company, and DuPont Corporation established psychi- atric departments which became models for their industries (Ling 1965).

By the 1950s personality tests were routinely used to screen job applicants in the nation’s largest companies. According to the Bureau of National Affairs, in the early 1950s three-quarters of larger firms and over half of smaller ones used personality tests in employee selection. Fortune magazine reported in September 1954, that 25 percent of the country’s corporations used personality tests for managers and executives not only in pre-employment screening, but also to evaluate those already on the job. Many companies hired psychologists full time. Their role included the implementation of a variety of selection instruments, including measures of aptitude, abilities, personality, and interests, to improve selection and placement decisions (Spriegel & Dale 1953). One test, the Minnesota Multiphasic Personality Inventory, contained 566 questions, including such inquiries as, “I deserve severe punishment for my sins,” to which the individual was to answer yes or no.

Corporate interest in employees’ lives during the post-war years was not limited to the work environment. In his 1952 book, Is Anybody Listening?, author William H. Whyte, Jr., described how American business took an active interest in the personal lives of executives. This extended to the wives of managers. Roughly 20 percent of otherwise acceptable trainee applicants, Whyte estimated, were turned down because of their wives. Wives were screened in informal social situations for the most part, but one insurance company routinely investigated the wife’s credit rating and checked around to find out whether or not the wife was independently wealthy.

Family surveillance was often deliberately planned. At the Container Corpo- ration of America, for example, it was the duty of all vice presidents to get acquainted with their subordinates’ wives. Important questions included the health of the family, her attitude toward parenthood, how she ran the home, and if she dressed in good taste. Personnel records of executives covered data on the wife, including a personality appraisal. This data would question whether she complemented her husband, was a helpmate or a millstone, a nagger, or resented her husband’s travel, or criticized him publicly. Of particular interest was a spouse’s social mannerisms, drinking habits, education, club or religious afhliations, and ability to adjust to new social environments (Whyte, Jr. 1952).

By the mid-1960s nearly all business firms were collecting an inordinate amount of personal data on employees and prospective employees. Job applicants were typically asked about their educational background, past employment, past residences, creditors, associations with organizations, and when possible religious affiliations. Extensive dossiers were being compiled on employees in every line of business, such data collection becoming an integral part of the hiring and promotion process. Private detective agencies examined aca- demic records, court records, personal credit and litigation files, marital status, police reports, political affiliation, neighborhood background, newspaper files, past earning capacity, employment records, personal sexual and drinking


habits, conduct, and moral character. Often much of this extended to the subject’s wife and family. Polygraph tests often supplemented the data (Long 1967).

In the mid- to late-1950s nearly all American corporations utilized deep- probing interviews, psychological testing, investigative reporting, or lie detec- tors in their employee selection process (The Electronic Supervisor, Office of Technology Assessment 1987; Westin 1980). New hires were routinely asked to take loyalty oaths and conform to prescribed standards of dress and lifestyle. Few companies allowed employees to examine their personnel files, but made the information readily available to law-enforcement agencies and credit bureaus. Many employees were required to sign pledges consenting to submit to a lie detector test at any time upon company request (Business Week, March 13, 1965; Wheeler 1976).

HISTORICAL RELATIONSHIP BETWEEN EMPLOYER AND EMPLOYEE

Prior to the economic and social changes that have been broadly labelled the industrial revolution, work and employment were carried out within a well- defined and clearly understood framework of law and custom. The authority and responsibility of the employer and the cooperation and obligation of the worker were based on traditional relationships between social classes and reflected in laws that specified the conditions of apprenticeship, fixed wages, and prohibited the use of certain equipment (Hammond 1926).

The early nineteenth century saw a major change both in the role that social class played in the employee-employer relationship and in the legal framework that hitherto had governed the relationship. The emphasis shifted from obligation to freedom of choice (Selznick 1969). While the law no longer reflected the traditional relationship between employer and employee, actual practice was slow to change. In part this was due to the continued presence of middlemen, such as subcontractors and foremen who operated in the context of the traditional relationship. Under the padrone system, for example, the “padrone” or leader of groups of immigrant laborers hired out the men, rented them living accommodations, paid for necessary transportation, and sold them supplies of food. This system flourished in the 1890’s, but lasted well into this century (Commons & Andrews 1920). Hiring by the foreman at the plant gate also remained accepted practice. This was usually based upon personal acquaintance or intercession, although occasionally letters of reference or of introduc- tion might be offered (Bendix 1956).

Growth in the size and complexity of work organizations has been a major force for change in the employee-employer relationship, and in the record- keeping practices that facilitate it. The characteristic organizations of our century are massive private corporations and large government agencies. Large-scale organizations stress rational decision making in an objective, im- personal setting. In the employment context, this usually involves the following:

170 HUMAN RESOURCE MANAGEMENT REVIEW VOLUME 6, NUMBER 3. 1996

1. Equal treatment of all employees. 2. Relying on expertise, skills, and experience relevant to the position. 3. No extraorganizational prerogatives of the position, that is, the position

belongs to the organization, not to the person. 4. Introducing specific standards of work and output. 5. Keeping complete records and files. 6. Setting up and enforcing rules and regulations that serve the interests of

the organization. 7. Recognizing that the rules and regulations are binding upon managers

as well as employees (Perrow 1972).

The personnel management specialty developed as part of the general process of bureaucratization. Its development was shaped by two trends, both of which remain important today. The first, welfarism, was the modern form of paternalism. It reflected the interest of employers in taking positive steps to reduce their costs, while complying with newly passed workmen’s compensation laws. The passage of such laws was a prime force in the creation of such positions as safety engineer, safety director, company physician, industrial nurse, and medical director (Ritzer & Trite 1969).

The second, and perhaps dominant, influence was scientific management. This method of rationalizing the employment, development, and utilization of workers rendered the traditional image of the worker and employer obsolete. Scientific management spelled the end to personal contact as the foundation of the employment relationship. The worth of the workingman was now deter- mined by tests which ascertained his present and potential abilities, in order to place him where he would do the highest class of work of which he was capable (Bendix 1956).

Historians of personnel management see welfarism and scientific management as the principal factors in the establishment of the employment ofice- the forerunner of the modern personnel office (Ritzer & Trite 1969). The core functions of these new offices were recruitment, selection, job placement, and record keeping. In some cases, welfare, training, and complaints and grievance program administration were included. This was true of the Social Depart- ment established by Henry Ford. Although the intent of the Ford Social De- partment was to help workers with personal problems, the effect was to provide the employer with a great deal of information about workers (Nevins 1954).

Employers increasingly saw the benefits of keeping labor turnover to a minimum through careful employee selection. As personnel departments increased in size and importance, their record-keeping activities expanded. References, records of past employment, test scores, and credentials gradually replaced personal acquaintance in judging the suitability of applicants. Personnel office operations brought about a uniformity in the application of hiring procedures, however consistent interpretation and application of personnel rules was not guaranteed. Whenever decisions are not based entirely on subjective informa-


tion, the personal privacy of the individual applying for work remains vulner- able.

CURRENT WORKPLACE PRIVACY POLICY

The substitution of records for face-to-face contact in the employment relationship is what makes the situation today dramatically different from the way it was even as recently as 30 years ago. It is now commonplace for an individual to be asked to divulge information about himself for use by unseen strangers who make decisions about him that directly affect his everyday life. Further- more, because so many of the services offered by organizations are, or have come to be considered, necessities an individual has little choice but to submit to whatever demands for information about him an organization may make.

In her book, Mind Your Own Business, Gini Graham Scott describes privacy as a key component of how we establish the boundaries between the individual and society. The workplace is a central component of the dialectic between our public and private lives. Organizations must have some substitute for personal evaluation in order to distinguish between one individual and the next in the endless stream of otherwise anonymous individuals they deal with, and most organizations have come to rely on records as that substitute. Steven L. Neck, professor of sociology at the University of Virginia, suggests that some degree of privacy invasion is needed in an anonymous society of strangers to enable trusting relationships to develop between various societal actors, including employees and employers. A society of strangers, he says, is one of immense personal privacy. A certain amount of personal autonomy must be lost to ensure that employees are trustworthy and a good fit within the organization. Peter Huber, a senior fellow of the Manhattan Institute, adds that today’s complex society demands that we extend knowledge of others beyond the traditional family unit or small community. The building of microchips, sky- scrapers, and jet planes requires large-scale cooperation and trust.

Increased information sharing is a mixed blessing for workers as broadened access to sensitive data carries with it demands to use the information for constructive purposes. The company that employs the average American in the future will be flatter, leaner, and more aggressive than the companies of today. Information, including data on employees, is of vital importance to the management of these new organizations. It is important to note that organizations desire information that will facilitate fine-grained decisions about individuals. Employers look for job applicants who give promise of being healthy, productive members of a work force. Each individual plays a dual role in this connec- tion-as an object of information gathering and as a consumer of the benefits and services that depend on it.

There is a clear need for the personnel file, whether it is kept in a metal cabinet or on a computer hard drive. America’s corporate leaders are yearning for information on how to be fair to individuals while maintaining the competi-


tive edge in today’s global marketplace. Most firms attempt to do what is right, yet policy gaps in even a single area leave far too many employees exposed to abuse. Even while the current study on privacy in the workplace was being conducted, many calls were received from human resource managers who not only were eager to participate, but were anxious for the results. They were looking for guidance on how to develop a set of fair information practices tailored to their company’s needs. This was further evidence that much remains to be done to achieve fair information practices by employers in their employment relationships.

Currently, the United States does not have a coherent set of guidelines or governing principles concerning employment law. Privacy may be based in social reality, but legally it remains a concept that is ambiguous at best. As legal scholar Matthew Finkin has pointed out, we need legislation. Current statutes consist of bits and pieces of legislation which are often inconsistent and misapplied. Writing in the American Business Law Journal, Laura B. Pincus and Clayton Trotter agree, and suggest that there is a need for new federal legislation that strikes a balance between the employer’s need for information and the employee’s privacy rights. A uniform privacy act, they say, would respond to the patchwork quilt status of America’s privacy protections.

In American society today the individual who takes a job must often surren- der a great deal of personal autonomy. If employed by a large, private-sector employer, he enters into a relationship where the employer’s expectations, rules, and enforcement procedures define his specific rights and respon- sibilities. This is a market relationship, legally regulated only at certain points in the interest of public safety.

Professor Alan Westin argues that American law should balance employee privacy rights against competing employer and societal interests. He says a certain amount of privacy can be legitimately lost in the pursuit of quality goods and services. This view ignores the fact that individuals have a propri- etary interest in the information detailing their daily lives.

The seemingly simple question of who owns information is quite complex. Anne Wells Branscomb, a communications and computer lawyer at Harvard University, has written that the fast-paced communications revolution along with the building of a giant information superhighway has greatly increased the risk of personal privacy invasion for individuals as they go through their daily lives. Existing laws are light years behind new technologies, and some observers believe technology is moving so fast and is so globally integrated that any potential privacy legislation would be antiquated before it could be implemented-circumvented by the ever-expanding technology of the post-Internet world.

With various stakeholders in the communications revolution vying for control over information ownership, there is an urgent need for action at the federal level. Laws to protect the confidentiality of personal information maintained by employee assistance and employer-operated insurance programs, for instance, vary from state to state. In other areas, such as the handling of employee medical information, guidelines are virtually nonexistent. George


Orwell’s 1984 warned that as a society we may not be wise enough to cope with the power amassed by the communications revolution. Today it may not be so much due to a lack of wisdom. but a lack of desire.

PRIVACY COMMISSION REVISITED

Over twenty years ago the Privacy Act of 1974 called for an investigation of personal information held in the public sector and the private sector, including credit bureaus, insurance companies, mail order merchandisers, and business in general. The Privacy Act established a seven-person commission to study privacy over a two-year period and prepare a report on its recommendations for legislation. David F. Linowes, one of the authors of this article, was chairman of the commission. In July 1977, the commission delivered its report to the president and Congress. In an extensive series of hearings, the commission received testimony from senior executives of some of the nation’s largest employers.

Companies represented at the hearings included IBM, General Electric, Equitable Life Assurance, Cummins Engine, Inland Steel, J.C. Penney, Ford Motor, E.I. DuPont de Nemours, Exxon, Rockwell International, and Chase National Bank. These hearings generated a great deal of media coverage and among the areas covered were workplace privacy issues.

The Privacy Commission recommended privacy legislation for private-sector employment practices if voluntary policies were not adopted on a widespread basis. As a follow-up to the commission’s work, the chair of the commission arranged for the Survey Research Laboratory at the University of Illinois to conduct surveys in 1979, 1989, and 1996 to assess the extent to which the nation’s largest employers were voluntarily acting to protect the privacy rights of their employees and job applicants. Some companies did adopt privacy codes voluntarily. Overall, however, the workplace privacy situation remained static and was actually being worsened by new communications advances which allowed data to be shared more extensively among users.

The investigation of the Privacy Commission was a reaction to the abuses revealed in the post-Watergate era. Dramatic changes had taken place in American society which were a direct result of emerging computer and communications technologies. Supreme Court Justice William Douglas said that the impact of these new technologies was second only to the atomic bomb as the most phenomenal revolution of the generation. The nation faced new dangers from technological devices that could break in on a person’s private activities and thoughts without his knowledge or consent.

SURVEY OF WORKPLACE PRIVACY

To determine the extent to which America’s largest companies were voluntarily adopting safeguards for their employees’ records as suggested by the Privacy

174 HUMAN RESOURCE MANAGEMENT REVIEW VOLUME 6. NUMBER 3. 1996

Commission, the comprehensive survey we recently conducted examined such policies. A sample of 300 companies was selected from among the Fortune 500 corporations. Eighty-four companies, or 28 percent representing over 3.2 mil- lion employees, responded. Because major corporations are standard setters of business practices, the impact of the policies described in the survey goes well beyond the Fortune 500 corporations.

The employment relationship affects most people over the greater part of their adult lives, and is basic to the economic and social well-being of our society. When an individual applies for work, he is required to supply information about himself as an aid to the employer in making the hiring decision. This information may be supplemented and verified by psychological tests, interviews, a medical examination, references, and a background investigation. Many employers regularly request urine samples to test for drug use. Credit checks and health records may also be obtained. Some firms also investigate whether applicants have previously collected worker’s compensation or filed a suit for sexual harassment. The use of psychological tests is an ambiguous area of the law, but the results of testing are routinely included in employees’ personnel files.

After hiring, the records kept about the individual expand to accommodate applications for benefits, performance evaluations, attendance and payroll data, and much other information. All of this creates a broad base of recorded information about the employee. Because so much information about employees is available in one place, various entities unrelated to the employee-employer relationship view it as a valuable resource.

To attempt to place some control over the easy access of employment records by over-zealous administrators in both the public and private sectors, it is necessary for employers to have a policy concerning which records will be routinely disclosed to inquirers. Yet, in response to the query whether corporations had such a policy for inquiries from government agencies, 30 percent said they do not. When no such policy exists, the person in charge decides what and when sensitive personal information is routinely released to any government agency representative, whether that person is entitled to have it or not. Seven- ty percent of the companies disclose employee information to credit grantors. Forty-seven percent give information to landlords, and 19 percent to charitable organizations.

Despite the extent to which information is routinely handed over to third parties, the employee is rarely told of the practice. In response to the question, “Does your organization have a policy to inform personnel of the organization’s routine disclosure practices to nongovernmental inquirers?” only 49 percent indicated that they had such a policy.

Growth in the size and complexity of work organizations has been a major force for change in the employee-employer relationship, and in the record- keeping practices that facilitate it. Today’s employer keeps many records on his employees. Some are directly related to the employment relationship, such as performance evaluations, promotion tables, payroll records, grade and skill classifications, and leave records. Others are only tangentially related. These


include health benefit and claim records, medical records, pension records, employee assistance or counseling program records, and educational, life insurance, and home-loan records.

Often, employees are being asked to complete health profile forms. These questionnaires cover such topics as cholesterol levels, blood pressure, cancer risk, exercise and fitness, nutrition, and safety. Assessment firms which offer the profile service give the employer a report on each individual’s risk factors, along with suggestions for action.

Employers use health data about their workers to reduce medical care costs and improve health care benefits. They have an obligation to provide a safe working environment, and often medical information helps them do this. The use of such confidential information, however, may jeopardize personal lives or careers. Sensitive medical information can become public if a court issues a subpoena to view an employee’s records and medical information is not kept in a separate file. Clearly, having too much information about an employee’s health can be detrimental to effective management. If there is no need to know, the firm can be held liable for just collecting the information if the employee is later terminated. Also, largely because medical information can be misun- derstood by an uninformed layman, medical records should not be used for an employment decision. Nevertheless, 35 percent of the companies do use medical records in making employment-related decisions. One in ten (10%) does not inform the employee of such use.

Most (86%) of the corporations have a drug-testing program in operation. Nearly all (97%) use the program for pre-employment screening and most (81%) began the program because of general concern for the safety of employees. Three of five (64%) use random employee drug tests. No surveyed company had an AIDS-testing program in operation. Ten percent had an AIDS-testing policy, but no testing program. Fourteen percent believe that government, as opposed to business, should have more stringent AIDS-testing personnel- screening practices.

Thirty-eight percent do not inform their personnel of the types of records maintained on them and 44 percent do not inform their workers about how records are used.

Over half (54%) require information on prior convictions. Fifteen percent require the collection of arrest records of personnel.

The size and structure of a company influences management’s control over how records about applicants and employees are maintained and used. In small organizations, such records may be kept informally. The various data items about an individual may be mingled in one file, and the custodian of the file may perform a number of loosely related record-keeping functions. When a business is large, records generally are held in separate record-keeping systems.

Two-thirds (67%) of the companies use private investigative firms to verify or supplement information collected directly from personnel. A fourth of these companies have not reviewed the operating procedures of these investigative agencies. This often leads to rumor and innuendo becoming part of an employ-


ee record. Nearly half (49%) of the corporations find it necessary to collect information without informing the individual. Nine out of ten (93%) obtain written permission from the individual when seeking information from a third party. When written permission is not obtained, only 3 out of 10 (32%) have a policy of informing the individual of the types of information sought. One of 4 (25%) tell the techniques used to collect this data, and 3 of 10 (29%) disclose the sources.

Technology increases the capability of organizations to respond to external requests for information for purposes other than those for which the information was originally collected. The rapid growth of the Internet is bringing with it a new set of privacy and security problems associated with e-mail and the transfer of information through cyberspace. Many companies have instituted policies governing the use of electronic communications systems, stating that they may only be used for authorized purposes. Employers have also begun monitoring various forms of employee communications to ensure that improper usage does not occur.

Often, computerized systems make it nearly impossible to correct errors, since mistakes are multiplied a hundredfold with a single keystroke. Files may contain information that needs to be discarded. The current survey examined these problems. In response to the question, “Does your organization have a policy for conducting periodic evaluations of its personnel record-keeping system?” 42 percent responded that they do not have such a policy, nor have they designated an executive-level person to be responsible for maintaining privacy safeguards in employment record-keeping practices. Forty-nine percent of the respondents had not conducted a systematic evaluation of their existing personnel record-keeping practices with particular attention to confidentiality safeguards within the past two years.

Seventy-two percent of the companies do not give personnel access to their supervisors’ records, even though giving individuals access to their own records is becoming a widely adopted practice. The state of California, for instance, gives employees the right to inspect their files once a year.

Record keeping about individuals now covers almost everyone and influences everyone’s life, from the business executive applying for a promotion to the riveter seeking employer-provided health benefits to the young college graduate seeking her first job. All will have their worthiness as workers evalu- ated on the basis of recorded information in the files of one or more organizations. Most employment relationships require the individual to divulge information about himself, and usually involve an evaluation of him based on information that some other record keeper has compiled.

With information being transmitted across the country and abroad at the speed of light, an error in one record can be propagated instantaneously. If no effort is made to forward a correction, decisions are made based on incorrect information, to the detriment of both the recipient organization and the individual. Yet, 23 percent of the firms said they had no policy to forward correc- tions to anyone who received incorrect information. Twenty-four percent did not allow an individual to correct information.


RECOMMENDATIONS FOR ACTION

A set of fair information policies needs to be adopted in the handling of employee information by the nation’s businesses. Such measures would require that in dealings between an organization and an individual:

l there should be minimum intrusiveness into the personal affairs of a person, thereby eliminating the collection of data that is irrelevant to the decision at hand;

l fairness should be emphasized, thereby permitting the individual to see the data about himself or herself upon which a decision is based; and

l there should be a means for enforcing confidentiality when information privacy is expected, by allowing for punitive damages (capped at $10,000) for violation.

These information policies would help bring our nation up to the standards already adopted by most of the other industrialized nations. In recent years legislation has been introduced in Congress to deal with these kinds of privacy issues, but they have fallen by the wayside. Adding thrust to this development is that the European Community has adopted a comprehensive set of uniform policies on data protection. The EC privacy directive, which requires compli- ance by 1998, places restrictions on transfer of information to third parties, requires consent to collect the personal data, and gives subjects access to the information.

The EC regulations will have a direct affect on business transactions with the United States. Excluding the United States, most of the democracies in the world have such a policy to establish relationships between individuals and organizations that are essentially fair information practices.

In essence, these policies provide for minimizing intrusiveness, maximizing fairness, and providing for enforceable expectations of confidentiality. They also ensure that the privacy rights of individuals are protected against over- zealous bureaucrats and government agencies. Mahatma Gandhi warned that no society can possibly be built on a denial of the individual when he observed, “If the individual ceases to count, what is left of society?”

The following specific fair information practices were recommended by the U.S. Privacy Protection Commission:

1. Acquire only relevant information. Doing so reduces the amount of personal information in circulation, thereby reducing the potential for abuse, and assures that decisions will bc based solely on pertinent data. Appropriate steps must be taken to ensure the accuracy of acquired information.

2. Consider pretext interviews unacceptable methods of gathering information. The use of pretext interviews is illegal conduct in some jurisdictions and unethical behavior in all. Furthermore, such practices invite inaccu- rate and misleading information when the informant believes that he is


providing information within a context which is quite different from that in which it will be used.

3. Use no polygraph or other lie detector tests in employment. Dishonesty and employee theft can be reduced through careful screening and inter- viewing of applicants, improving employer-employee relations, and personal observation and investigation. Such efforts may be rewarded with a happier, more productive work force. Courts almost uniformly refuse to admit test results as evidence of guilt or innocence.

4. Allow and encourage employees to see and copy records pertaining to them. Certain information, such as employee evaluations and investiga- tory proceedings, may be excepted from this requirement, but such ex- ception should be as narrowly tailored as possible.

5. Keep no secret records. The nature of all information systems should be disclosed. If it is imperative that particular data be classified or access be otherwise restricted, under no circumstances should the existence of records be hidden.

6. Establish a procedure for challenging and correcting erroneous reports. Be reluctant to substitute records for face-to-face contact. First-hand information provided by the subject of a report should be given full con- sideration, unless discredited by significant legitimate evidence. In this manner, not only will the privacy rights of the individual be respected, but the organization can be sure that it is acting upon accurate information.

7. Use information only for the purpose for which it was originally acquired. Information can assume unexpected and at times damaging aspects when viewed in contexts other than that in which it was originally solic- ited. Allow limited access to data by staff members. Maintain only information necessary for day-to-day transactions in current files.

8. Transfer no information without the subjects’authorization or knowledge. Much information is provided freely because of an implicit expectation of confidentiality. Information should not be disclosed to anyone except to the extent that the subject of the file agrees or the law requires. Requests for information about an individual should not be honored merely because the person asking for it may ultimately be able to obtain a subpoena or because there is a desire to be cooperative. When the legal process requires that information be given out, the subject should be notified of the disclosure.

9. Destroy data after its purpose has been served. There are built-in financial incentives to clean and provide accurate data. Regularly purge records and destroy those that are of no further use and that are no longer required by law. Program computers to destroy outdated records. This will ensure that data will not be used without authorization, or for purposes other than for the purpose collected.


One company that has implemented many privacy practices for its human resources department is Atmel Corporation, a fast-growing memory-chip maker based in California’s Silicon Valley. At Atmel, employee files are kept in paper-based folders which are locked in file cabinets. Access is limited to an approved clerk. Files are not allowed outside the human resources department. Medical records are kept in a separate location that is off-limits to anyone not working in the medical records section. Atmel uses employee Social Security numbers only for a means of identification. Unique employee numbers are used for all other purposes. Telephones, e-mail, and voice mail are not monitored unless there is evidence of theft or other abuse of the system.

Today, the modern Ford Motor Company is in the forefront of practicing exemplary employee privacy protection policies. The policies, all contained in company manuals, include five basic guidelines:

1. There shall be no personal data record-keeping system whose existence is secret.

2. There must be a way for an individual to find out what information about him is in a record and how it is used. With a few exceptions-such as security clearance data, and certain testing and evaluation material to determine qualifications for appointment or promotion-employees are permitted access to their records.

3. There must be a way to prevent information obtained for one purpose from being used for another purpose without employee consent. The only information given to a prospective employer on a former employee is his dates of employment, last position held, final base pay, and whether or not he is eligible for re-employment.

4. An employee must be permitted to correct or amend records about him. Ford Company personnel are urged to keep all personal data current, and are encouraged to advise the company of educational progress and the like which could affect their potential for future promotions. In addition, the program permits salaried employees to enter into their personnel files statements of their interest in specific positions and/or developmen- tal opportunities, looking toward fuller utilization of their capabilities.

5. Any organization maintaining, using, or disseminating personal data must assure the reliability of the data and take precautions to prevent its misuse.

The number of companies with such wholesome guidelines represent a limited number of the total work force in America. Several firms, including IBM, the Equitable Life Assurance Society, Bank of America, American Express, and Citibank, have taken steps to protect workers’ privacy rights. Many others, however, employing millions of Americans, have not yet responded.


CONCLUSION

Employers have regular access to more information about employees than do credit, depository, or insurance institutions, yet there are no legal controls on the disclosure of employment information. The confidentiality of these records is maintained today solely at the discretion of the employer and can be trans- gressed at any time with no obligation to the individual record subject.

The question of how much con~dentia~ity can be expected of employers for information in their employment records is significant. Because of the amount and nature of the information held, the pressures under which it is usually collected, and the diverse circumstances in which it could be used, the creation of an expectation of con~dentiality is vitally important in the employee-employer relationship. Although employees, as a rule, recognize that employment information will be used within the employing organization for a variety of purposes, and that they cannot be notified of and asked to approve each use, they should be able to assume that this rather free flow will be contained within the boundaries of the employing organization.

Although some progress has been made toward establishing voluntary privacy protection in the workplace, the survey findings indicate that new steps for action should now be considered by the President and Congress. Most of the nation’s largest industrial corporations still fail to adequately protect sensitive confidential employee data from possible abuse. In view of the slow progress by these companies during the past two decades, it is apparent that adequate universal information privacy safeguards can only be achieved by the enact- ment of public policy legislation by the federal government. Such legislation would serve to help bring our nation up to the standards already adopted by practically all other industrialized nations.

REFERENCES

Bendix, R. 1956. Wrh and Authorit~y in Industry. New York: Wiley. Commons, J. R. and J. B. Andrews. 1920. Principles of Labor Legislation. New York:

Harper and &others. Eilbert, H. 1957. “Twentieth Century Beginnings in Employee Counseling.” Business

History Rer~ieu~ 31:310-322. Engberg, E. 1967. The Sp_y in the Corpoarate Structure. Cleveland: World Publishing

Company. Hammond. J. L. and B. Hammond. 1926. The Rise ofModern Industry. London: Methuen. Ling, C. C. 1965. Th,e l~~~~~g~~lent of Personnel Relations. Homewood, IL: R. D, Irwin. Long, E. V. 1967. The Int.ruders: Th.e ~~Lla~s~o~l of Prizxxy by Govern~nent and Ind~st~.

New York: Praeger. Menninger, W. C. and H. Levinson. 1955. “Psychiatry in Industry: Some Trends and

Perspectives.” Personnel 32:90-99. Nevins, A. 1954. Ford: The Times, the Man, the Company. New York: Charles Scribner’s

Sons. Perrow, C. 1972. Cotq&~x Organizations. Glenview, IL: Scott., Foresman. Ritzer, G. and H. M. Trite. 1969. An Occupation in Conflict: A Stud?/ of the Personnel


Manager. Ithaca, NY: New York State School of Industrial and Labor Relations, Cornell University.

Selznick, P. 1969. Law,Society and Industrial Justice. New York: Russel Sage Founda- tion.

Spriegel, W. R. and A. G. Dale 1953. ‘Trends in Personnel Selection and Induction.” Personnel 30:169-175.

Wheeler, S. 1976. On Record: Files and Dossiers in American Life. New Brunswick, NJ: Transaction Books.

Whyte, Jr., W. H. 1952. Is Anybody Listening? How and Wh.y U.S. Business Fumbles when it Talks with Human Beings. New York: Simon and Schuster.

Documents

Privacy in the workplace in perspective