.COMmentary: Employee Privacy
By Mike Lotz
By Mike Lotz
A newly-released study by the non-profit Privacy Foundation shows that 27 percent of workers worldwide are having their e-mail monitored. At first, that may seem alarming, but the statistics show only one side of a tricky question.
Its tricky because companies are increasingly faced with balancing the privacy rights or works, consumers, patients, etc.the list goes onagainst the possible liabilities the company might incur if it takes insufficient precautions against preventing its workers from doing anything illegal or immoral.
On the one hand, theres a trend toward increased privacy legislation, the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley, to state a few, all of which specify serious penalties for infringing on consumer and patient privacy.
On the other hand, theres also a new wave of legislation concerning corporate responsibility. In Japan, for example, a company can be held liable for the actions of its employees, whether or not they were aware of the employees actions.
Its no surprise that companies find themselves between a rock and a hard place on this issue. If a company is liable for the actions of its employees, and if one of its employees accidentally or deliberately oversteps the privacy of a customer or patient, then that company is liable for serious civil penalties, or in the case of HIPAA, criminal penalties (in other words, jail).
Whats an employer to do? Monitor transmissions, of course, including e-mail, http (the web), FTP and, potentially, instant messaging, to check for adherence to policy. How all these different forms of information are collected, stored and handled are the most important questions for employee privacy.
Privacy laws in many European countries now require that before a worker can be monitored, it must be documented what information is to be collected, what they are looking for and how long the surveillance is to go on.
The bottom line is that while monitoring is important to limit corporate liability, companies must take care to first enroll workers in the best practices for using technologies such as e-mail and the Internet and to prevent misuse of surveillance tools by managers.
Its a delicate balance, and each company must ensure that it is in compliance with all the relevant laws governing privacy and responsibility in all the nations where it does business.
If you have any questions or comments, please contact me at firstname.lastname@example.org.