Privacy, Privacy Laws, and Workplace Privacy

views updated

Privacy, Privacy Laws, and Workplace Privacy

Privacy, privacy laws, and workplace privacy are issues of major concern to individuals and organizations in the modern world. Privacy violation and encroachment have become a norm as a result of the surveillance capabilities of the new and emerging electronic gadgets and information technology (IT) systems. This trend has prompted many countries to pass laws that govern the handling and collection of personal information of individuals and organizations with the use of electronic instruments.


What constitutes an encroachment to an individual's or an organization's rights to privacy? In legal terms, privacy simply refers to the accepted standards of related rights that safeguard human dignity. Definitions of privacy vary according to the environment, the participating interests, and the contextual limits. In many countries, the concept of data protection is included in the definition of privacy to achieve an interpretation that views privacy in terms of boundaries to an individual's personal information or an organization's data.

The subject area of privacy is concerned with wide-ranging issues that include rights to information privacy, bodily privacy, territorial privacy, and privacy of communications. Information privacy is defined by regulations governing the handling of the private data of individuals such as company, employees, business partners, or owners. Bodily privacy spells out the aspects of privacy that concern trespass of the physical selves of individuals through invasive procedures (such as blood tests). Territorial privacy defines the limits of intrusion across physical boundaries of physical properties belonging to private individuals or firms, whereas privacy of communications defines the limits of intrusions in other people's communication processes such as telephone conversations, e-mails, or ordinary mail.

Privacy is definitely a fundamental human right that underpins the values of human dignity curved around the principles of freedom of association, freedom of expression, and freedom of speech. These values are entrenched in international covenants and protected by specific laws and constitutional provisions in different countries. Privacy is a subject that is always characterized by many controversies that arise from varying interpretations of what constitutes privacy.


Privacy law is a concept that has experienced a long history of constitutional declarations as well as landmark court rulings and interpretations. In the book titled Essentials of Human Rights, Rhoda Smith and Christian Anker note that the concept can be traced to as far back as the fourteenth century, when the Justices of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers. The preceding years have seen the development of specific protections for privacy in many countries throughout the world.

Privacy laws form the basis of protection for privacy rights, which are seen as the boundaries that determine the allowable levels of intrusion that an individual, a society, or an organization can commit into the activities of an individual or any legally recognized entity. In the United States, the historical transformations of protection of privacy rights can be traced in numerous constitutional declarations and Supreme Court rulings. For example, the Declaration of the Rights of Man and the Citizen of 1792 recognized the sanctity of private property and outlawed violations to private property.

In their 2006 book titled Constitutional and Administrative Law, Second Edition, Joanne Coles and Jane Reynolds point out that the benchmark for modern privacy laws can be traced in the 1948 Universal Declaration of Human Rights, which particularly advocates for communications privacy and territorial privacy. Article 12 of the articles clearly states that At no one time should an individual's privacy, family, home, or correspondence be subjected to arbitrary interference, and neither should the reputation or honor of an individual be subjected to attacks as well, because everyone has the right to enjoy the protection of law against such arbitrary attacks or interference. The authors also note that the declaration is further reinforced by the International Covenant on Civil and Political Rights and the European Declaration of Human Rights which expand the boundaries of the rights to privacy.

Countries such as the United States, Sweden, Germany, and France introduced amendments in their privacy laws in the 1970s and 1980s that broadened data protection rights to include electronic data.

Sniffing. Sniffing of messages on the Internet is one of the ways through which state intelligence agencies monitor public e-mail communications. In the book titled Internet Literacy, Fred T. Hofstetter defines sniffing as the act of intercepting information by hacking into gateways that link the networks to the information superhighway. In the United States, for example, the Federal Bureau of Investigation (FBI) uses Carnivore, a customizable intelligence gadget with the capacity to break Internet security and encryption codes and to monitor multiple forms of Internet communications such as e-mails, chats, file transfers, and instant messaging. Carnivore churns through Internet communications and automatically forwards to the FBI messages that may contain clues to cases the intelligence organization is dealing with.

FBI computerized monitoring intensified in 2001 with the passing of the USA Patriot Act of 2001 which introduced amendments to the Electronic Communications Privacy Act of 2006 and Computer Matching and Privacy Protection Act of 1988 to allow the FBI to issue National Security Letters to Internet Service Providers demanding the disclosure of personal information and data about their clients. The USA Patriot Act of 2001 also introduced amendments to the Right to Financial Privacy Act of 1978 that mandated the access of intelligence agencies to private financial information. In a move geared towards protecting U.S. citizens from arbitrary monitoring by state intelligence agencies such as the FBI, the United States passed the USA Patriot Improvement and Reauthorization Act of 2005, which outlawed the provisions in the USA Patriot Act of 2001 that provided FBI with unlimited access to private information and data of US citizens.


The Council of Europe's Convention on the Protection of Individuals with Regard to the Automatic Processing of

Personal Data and the Organization for Cooperation and Development (OECD) Guidelines Governing the Protection of Privacy and Cross Border Data Flows are the main international law instruments that stipulate specific guidelines concerning the handling of electronic data across international borders. The two documents form the basis for laws that govern the protection of data in many countries, because they provide adequate description of personal information that is subject to protection at every stage of collecting, storing, and disseminating data. The underlying principle of the international privacy and data protection laws is that personal information should be obtained accurately, lawfully, and subjected only to the original purpose for which it was intended.

The European parliament further enhanced the levels of protection for each of its states in the 1990s by passing the Europe-Wide Directive on the Protection of Individuals with regard to the processing of personal data, which provides citizens of member countries with protection against a wider range of privacy and data abuse. Each of the European Union (EU) member countries has passed legislations that compliment the directive to ensure harmonious application of privacy protection laws concerning the flow of data throughout the EU.


Workplace privacy is a very important yet controversial issue that dogs the modern workplace environment. Computer-based technologies are increasingly providing government agencies and organizations in the private sector with technologically advanced channels for conducting mass surveillance on people both at the workplace and on the streets, developments that have led to the transformation of privacy into a crucial concern for individual rights.

Employee monitoring in organizations has become a prominent practice with many organizations crafting policies that regulate employee behaviors and use of equipment and facilities. E-mail communications and use of the system's computers, Internet, and telephones are usually the most monitored employee activities in organizations. For example, Continental Airlines IT policies clearly stipulate that all e-mail and other Internet-based communications of employees are subject to monitoring with the objective of ensuring that they meet the requirements of the company.

The modern work environment is always characterized by ever-evolving information technology systems and equipment that employers keep on acquiring with the objective of facilitating speed, convenience, and productivity in organizational work processes. Employers are reaping enhanced benefits from these systems as they can comfortably utilize the multimedia capacities of these technological systems to track and monitor the activities of employees in the systems. As much as organizations cite workplace security as the main reason behind the practice of monitoring employees through technological devices, there is much concern that the organizations are openly breaching the privacy rights of the employees.

Workplace security is a critical issue in organizations that subject the properties and business interests of employers to extreme protection from misuse and unauthorized exposure to competitors. Moreover, employee productivity may be hampered if employees use the IT systems of the organization to gamble, run private businesses, play computer games, or log on to sites with adult content. Therefore, workplace policing often focuses on protecting the organization from employee actions that may result in the misuse of the company's physical and intellectual properties, use of company database for personal purposes, revelation of trade secrets to competitors, or the transmssion of malicious and damaging information through the organization's IT systems.

But the big question is; how far should organizations extend their protection? There is genuine need for organizations to draw a balance between security of information policies and the privacy of employees. Managers take advantage of company policies to intercept employee communications at will without regard to the privacy rights of the employees. In fact, employers have the leeway to even incorporate the rights for filming employees at their work stations. Nonetheless, whatever employers deem fit and good for the organization, managers should always provide clear company policy guidelines concerning extents and limits of employee monitoring, taking into account that privacy is a fundamental component of human rights.

There is prevailing urgency for increased privacy protection legislation as a result of the increased sophistication of information technology which enhances the capacity for state authorities and organizations to collect, analyze, and share information on individuals without infrastructural constraints. Emerging information technologies link chains of computers through high-speed networks equipped with high-speed processors capable of creating comprehensive dossiers on any individual without the need for particular central computer control systems.


Protection of workforce data can be observed through enforcement of codes of practice within both private and public organizations. Organizational managers can choose to observe either the rights-view approach or the utilitarian approach when dealing with issues that concern workplace privacy. Respect and recognition of individual privileges and liberties, with due regard to the rights of employees to privacy and due process, form the cornerstone principles

for managers who observe the rights-viewpoint of workplace privacy ethics. However, this approach is not favored by many managers because it creates a burdensome legalistic work environment that can encourage inefficiency and unproductive practices among employees.

A utilitarian approach to ethical issues concerning workplace privacy requires managers to base their decisions on the consequences that employee actions portend to the organization. Managers seek to achieve the most favorable results for their organizations by implementing policies that portend greater good in terms of productivity and efficiency in the organizations, with little regard to the punitive measures such policies may bear upon employees. The utilitarian approach toward workplace ethics is favored by many organizations because it mainly focuses on maximum utility of resources and maximization of profits.

Managers should pursue policies that achieve a balance between organizational policies and employee privacy rights. Appropriate IT systems technologiessuch as encryption and firewall protectionshould be employed to protect employees' use of Internet-based communications from unauthorized access by individuals both within and outside the organization.


Coles, Joanne and Jane Reynolds, eds. Constitutional and Administration Law, 2nd ed. Hodder Arnold, 2006.

Griffin, S. Company Law: The Fundamental Principles, 4th ed. Pearson Education Limited, 2006.

Hofstetter, Fred, T. Internet Literacy, 4th ed. McGraw-HillCompanies Inc., 2006.

Liptak, Adam. Judge Voids FBI Tool Granted by Patriot Act. New York Times, 7 September 2007). Available from:

Smith, Rhona K. M., and Christien van den Anker. The Essentials of Human Rights. Hodder Arnold, 2006.

USA Patriot Improvement and Reauthorization Act of 2005. US Public Law 120 STAT. 193 (March 9, 2006): 109177.

About this article

Privacy, Privacy Laws, and Workplace Privacy

Updated About content Print Article