Feedback

TechWatch: Privacy in a Technological Workplace

Technology makes it possible to monitor every website an employee visits, indeed every keystroke on his or her computer. In a survey by the Center for Business Ethics at Bentley College, 92% of the respondents said they monitored their employees’ use of the Internet, and some do this monitoring all the time. At the same time identity theft has grown significantly because of technology. Privacy is a hot issue in the workplace as well as in society.

I acknowledge I am conflicted on the privacy issues. There is no doubt there are new, tough issues to deal with because of technology. Where I part company with some of the privacy zealots, however, is in my belief that preserving privacy is not a good enough goal in itself. The issues, at least for me, are much more multi-faceted.

Is Technological Privacy Different?

Some have argued that while it would seem we have less privacy in our technological age, it is not much different than the issues people have always dealt with. Growing up in a small town 100 years ago, you would expect neighbors to know a great deal about your business. They would know who your friends were, who was coming to dinner, and what your business in town was that day. Sixty years ago, when many people had party lines on their telephone, you would not expect privacy during a phone call. How is today’s situation any different?

In the workplace, in the old days the boss could drop by the office and see an employee playing solitaire. Is this really different from monitoring the employee’s keystrokes and finding today’s worker playing a computer based game or surfing inappropriate websites?

At a privacy conference in Kingston, ON in May 2003 , Professor David Lyons (Queen’s University) argued there are substantial differences in these cases. In the older times, those who encroached on your privacy were part of your community. They knew you, even cared about you in many ways. Further, the number of people that could do this was limited in geography and had some level of accountability. The anonymity of electronic surveillance, and the unknown number of those who can engage in this surveillance, opens the door to abuses not possible before. In the workplace, electronic monitoring may be done by a person other than the boss, indeed by an independent company, where there is no relationship or context.

The new rules for privacy in the electronic age need to account for these differences. The privacy advocates would argue for stringent rules to cover these potential abuses.

Is Privacy a Fundamental Right?

Advocating more stringent rules, however, usually carries with it the assumption that individual privacy is a fundamental right. Many people in the U.S. assume privacy to be a right protected by the Constitution. Not so. Privacy is a relatively recent area of focus in the U.S., and in many other parts of the world.

The first explicit legal analysis of privacy in the U.S. was published in 1890 in the Harvard Law Review, according to Lucas Introna in his article in Cyberethics (edited by Robert Baird, Reagan Ramsower, and Stuart Rosenbaum, 2000, p. 189). The case involved a concern over intrusion by the press in the home of a prominent socialite. More significant debate only emerged in the late 1960s, according to Introna.

Perhaps the connection here is to the development of technology. In the late 1800s society was becoming more mobile through transportation technology. In the 1960s, the computing and telecommunications revolution was adding a new dimension to the issues enabling a mobility of surveillance over and above the mobility of people. Thus as technology has added new dimensions to intrusion, issues of privacy have become much more of concern.

In the workplace, courts have ruled that it is legal for companies to electronically monitor employees at work. And while the best companies notify workers that they will be monitored, even this is not required by law in the U.S.

Privacy Alone is not the Objective

As important as privacy may seem, there are other factors that need to be considered.

First, simply as an attribute, is privacy to be valued higher than transparency? Usually, transparency is considered the higher virtue. A person who is transparent is admired. A company that is transparent in its dealings is usually regarded more favorably than one that is private in its dealings. There are exceptions, of course, such as banks or the medical community with the responsibility to protect personal information. In general, we should not take privacy by itself as a virtue, but appropriately qualify it.

Privacy as a Tradeoff with the Public Good

Second, there is the tradeoff between privacy and the public good. SARS provided a real test of this tradeoff last spring. A worker walking into an office building in some places in China had to pass through a health screen. Any indications of sneezing or a fever meant the possibility of SARS and the employee was sent home. While this may have been an invasion of their personal privacy, that personal privacy stood in conflict with the public good. Others believed they had the right not to be infected with SARS.

On a smaller scale this tradeoff is considered in offices all over the world every day. It may be disease (we all know how we feel about those who would come to work when they are sick, infecting others around them) or private information about another person’s salary or other matters.

Then there is the case of privacy and criminal behavior. Should the criminal be allowed to perform private transactions including money laundering to protect identity? Most laws have concluded no. More discussion of the tradeoff between privacy and the public good can be found in the book by Amitai Etzioni, The Limits of Privacy.

But where is the end to this tradeoff? Can DNA be used to deny employment to an individual because the likelihood of a future disease would raise the insurance rates of a company? Or as in the science fiction case from Minority Report, can a person be arrested for a crime they are “about to commit?”

Qualifying and understanding the tradeoff between privacy and the public good is not a simple process. The right solution may not always favor privacy, and it may not always favor the “best interests” of the company.

A good example of companies trying to work this out can be found in the Wolfsberg Principles (www.wolfberg-principles.com). In October 2000, some of the largest banks in the world agreed to govern themselves by a set of principles around privacy, money laundering and potential terrorist activities (note that this was well before the terrorist attacks on 9/11/2001). They came together at the initiative of UBS in anticipation of a problem, but without the prodding of governments. This cross-company, international effort to balance privacy and the public good should act as a model for other companies facing challenging privacy issues.

Privacy as a Tradeoff with Convenience

Privacy also represents a tradeoff with convenience. Many people are willing to give up their address and phone number in exchange for the convenience of allowing others to contact them. Or they may give up the information about their buying patterns in exchange for discounts at a particular supermarket.

A company may open its network to enable e-business, knowing that there is potential loss of privacy of its data to hackers.

In this particular area, the challenge is to be creative in reducing the price of convenience. Better security systems can reduce the “price” of e-business by lowering the risk of attack while maintaining the ability to be connected to the outside. In spite of the opportunity to lower risk, there remains a risk/reward tradeoff that will be resolved differently by different individuals, companies, or cultures. There is not a single right answer here, but there is no question that technology has amplified the risk/reward tradeoff.

What about Employee Privacy?

We have already suggested the law is on the side of the employer when it comes to workplace monitoring. But just because it can be done, does this mean it should be done?

There are two questions here: a moral one and a pragmatic one. The moral one asks the question of whether this is the right thing to do—is this the proper way to treat an employee? Perhaps the question the boss should ask is whether he or she would also like to be monitored.

The pragmatic question is different. Unlike the days when Henry Ford complained about having heads come with the pairs of hands he was hiring, most work today very much depends on the heads of those doing the work. The pragmatic question to ask is this: will the person doing the work be more productive with or without monitoring? While there is no universal answer, monitoring conveys a lack of trust, much like having the boss spending all day looking over the shoulder of the person doing the work. But monitoring is worse than this—as an anonymous, large-scale capability, it doesn’t necessarily capture context or meaning of the data. Might this play a role in stifling productivity, creativity and innovation? Or, in holding the employees “feet to the fire” will it in fact keep employees engaged on task and improve their performance? My belief is that this monitoring will stifle performance for most employees, though I am unaware of any studies to validate this perception.

The bottom line in monitoring is that it can be done technically, it can be done legally, but is it really the best thing to do in the end?

Conclusion

There is little question that technology is changing the privacy issues and questions. There are privacy zealots who argue that privacy is a right and must be preserved at almost any cost. There are pragmatists who argue that privacy will be invaded anyway, so why worry about it. Scott McNealy, CEO of Sun Microsystems, has become legendary for his comment, “You have zero privacy anyway. Get over it.”

Dealing with privacy in a technological age is much tougher than either of these extremes. It is essential that company leaders, together with their employees, think very broadly about what can be done and what should be done in establishing policies for their own work environments. It may be that such policies will look different in different cultures, an issue that multi-national companies will have to look at carefully.

erisman-thumb

Al Erisman is executive editor of Ethix, which he co-founded in 1998.
He spent 32 years at The Boeing Company, the last 11 as director of technology.
He was selected as a senior technical fellow of The Boeing Company in 1990,
and received his Ph.D. in applied mathematics from Iowa State University.

Share Your Thoughts