Monash Business Review
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Monash Business Review |
|
The events in New York in September 2001 (and London in July of this year) have smoothed the progress of state-sanctioned invasions of privacy, making possible incursions in the workplace that would have been unacceptable only months before. The trick for legislators and business is to balance the interests of all concerned. Attempts to address anxieties about intrusions into privacy have been largely ad hoc or implemented as a result of external pressure on the Government by Australia’s trading partners.
With the explosive growth of information and surveillance technologies, privacy has become an important, contentious issue for business and workers. Rapid technological advances have seen the heady nexus of maintaining workers’ rights to privacy while ensuring profitability become a tricky front. This was dramatically reinforced in the light of recent allegations Qantas baggage handlers at Sydney airport were involved in illicit drug trade which moved the New South Wales Government to promise legislative action to allow airlines extra powers of surveillances of workers.
Despite the post September 11 paradox that people want tighter security, privacy is a vexed issue for legislators as public concern over the intrusiveness of modern technology increases. On one side you have employers maintaining that workplace monitoring improves productivity; ensures compliance for health and safety measures and prevents wrongdoing. On the other side you have the workers’ rights to privacy.
Also interestingly, according to the NSW Deputy Privacy Commissioner, Anna Johnston (2002), studies prove increased monitoring decreases trust among the workforce which is actually counter productive.
The metaphor of Bentham’s Panopticon is a good tool for understanding the changing employer–employee relationships, particularly employees’ privacy. Panopticon scholars are seeking to convey the notion that, despite appearances, the modern workplace is repressive and controlling where invisible observers track digital footprints and where “public and private life dissolve as both government and corporation ignore old thresholds and garner personal data of the most mundane and intimate kinds” (Lyons 1994, 7).
The issue of privacy protection rose to national prominence in 1985 with the proposal of the Australia Card. Prompting widespread public concern and invoking comparisons to George Orwell’s novel 1984, it inspired the creation of the Australian Privacy Foundation. Because of intense public opposition, the Bill failed to pass the Senate and was replaced by a more modest proposal – the single purpose tax file number.
Since then, the issue of privacy continues to gain prominence with the raft of new technologies fuelling new demands for greater individual protection. Concern has also been generated by media reports of email monitoring and subsequent dismissal of employees. In one case, a union representative was dismissed for using company email facilities to inform fellow workers of wage negotiations. The Federal Court of Australia found the delegate should not have been dismissed as the email didn’t breach Ansett’s email or IT policy. However, the decision didn’t establish general authorisation for distribution of union material via email. Instead, it established that a union communication may be regarded as authorised, if it relates to a process established by the employer as an integral part of negotiating and implementing workplace change.
A second case that raised concerns about employee privacy rights in the workplace involved the suspension of more than 24 people at Telstra for downloading “inappropriate” material via the internet and a third case concerned two workers from a rural local government authority who were dismissed for referring to their superiors as Huey, Dewey and Louie in office emails. Indeed, the incidence of email monitoring by employers is increasing with a 1998 survey undertaken by PricewaterhouseCoopers finding that half Australia’s leading companies use video surveillance to monitor their workers and that scrutiny of employees’ usage of email, internet and phones was also widespread.
While results from the survey undertaken by the Office of the Federal Privacy Commissioner in 2004 demonstrated that Australians were polarised on the issue of privacy in the workplace, in every category two-thirds of Australians were either opposed to employers breaching employee privacy or believed it should only occur in limited circumstances such as suspected wrongdoing (see charts in Figure 1).
Australian governments have been relatively slow to respond to demands for greater privacy protection with legal regulation a patchwork of specific regulations that are complex, contradictory and uneven.
The absence of comprehensive privacy regulation in Australia raises serious questions about individual rights. This is particularly so within the workplace context, leaving workers unprotected and giving rise to complex compliance challenges for employers. Indeed, the Privacy Amendment (Private Sector) Act 2000 included an exemption for employee records leaving information about an employee’s health, trade union membership, salary and wages unprotected.
Rising concerns have also prompted the Victorian State Government to direct the Victorian Law Reform Commission (VLRC) to report on whether legislative or other reforms should be made to ensure workers’ privacy. Activities to be considered included the surveillance by current and emerging technologies, physical and psychological testing, searching of workers and their possessions and the collecting, use and disclosure of personal information.
The first legislative attempts to regulate breaches of privacy were initiated with the Queensland Government’s Invasion of Privacy Act 1971. Four years later, the NSW Government established a privacy committee pursuant to the Privacy Committee Act 1975 (NSW), to conduct research, collect and collate information on matters relating to privacy, and also conduct inquiries and investigations into alleged violations of privacy. The Committee operated for 23 years and was succeeded by the NSW Privacy Commissioner established under the Privacy and Personal Information Protection Act 1998.
At the national level, despite various law reform investigations into privacy and the establishment of the Australian Privacy Foundation in 1987, legislation regulating privacy was not introduced until 1988, with the passing of the Privacy Act 1988. Applying only to the public sector and essentially designed to regulate government agencies, it was precipitated by overseas developments, specifically the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Information, adopted 23 September 1980. According to Michael Kirby (2000), the “concern which propelled the OECD into the issues of privacy was the fear that its member states would introduce incompatible and conflicting laws for the defence of privacy in the newly established databases of the interlinked information technologies”. The OECD was also concerned about the potential damage that inconsistent legislation could have on international trade flows.
As a result, it established a committee which articulated guidelines or information privacy principles that became highly influential throughout the member states of the OECD. Since 1980, the OECD has adopted further guidelines on privacy (the 1997 OECD Guidelines for Cryptography Policy and the 2002 OECD Guidelines for the Security of Information Systems and Networks) and two declarations (the 1995 Declaration on Transborder Data Flows and the 1998 Ministerial Declaration on the Protection of Privacy on Global Networks).
Until recently, the OECD Guidelines were the only form of external privacy restriction placed on Australia, however this altered with the adoption of the Economic Union (EU) Data Protection Directive (95/46/EC) advising all member countries to amend their privacy legislation to prohibit the transfer of personal information to countries which lack an adequate level of privacy protection. Although Australia is not a member of the EU, this development threatened the capacity of Australian corporations to operate globally because inadequate privacy measures raised concerns about the trade of information, and the protection of that information, between Australian and foreign companies. As a result, the national Government enacted the Privacy Amendment (Private Sector) Act 2000 which regulates the handling of personal information by all Australian businesses with an annual turnover of more than three million dollars. Organisations that specifically deal with personal information must comply with the legislation irrespective of their annual turnover. The legislation also regulates all health providers and health records in their possession, prohibiting the provision of personal information to any person or organisation without the express patient consent.
Various states and territories have also enacted privacy legislation to regulate State Government authorities. Thus, the majority of organisations throughout Australia have some form of privacy regulation governing their behaviour in respect of personal information.
NSW workers are protected under the Workplace Video Surveillance Act 1999, and the Lie Detectors Act 1983 which contain provisions relating to terms of employment, honesty, promotion, increments and other employment related-benefits. Furthermore, and in contrast to the national sphere, the NSW industrial relations commission, along with those in Queensland and Western Australia, is also able to make awards dealing with matters such as privacy. Other States have also enacted legislation that covers use of personal information, for example, the Victorian Health Records Act 2002, the Information Privacy Act (Vic) 2001 andthe Surveillance Devices Act 1999, in South Australiathe Listening Devices (Miscellaneous) Act 2001 and similarly, the Surveillance Devices Act 1998 in Western Australia. While these enactments impact on the workplace, they are more broadly directed at the use of information across a range of areas, particularly the criminal law jurisdiction.
The other significant legislation covering private sector privacy is the Privacy Amendment (Private Sector) Act 2000, in effect an extension of the Privacy Act 1988 which only covered the public sector. It regulates the activities of organisations including body corporates, unincorporated associations, partnerships, trust and individuals, but does not cover State and Territory public sector bodies, registered political parties or small businesses. The legislation establishes National Privacy Principles covering collection, use and disclosure, and overseas transfer of personal information. It requires organisations to ensure that personal information is accurate, up-to-date, complete and secure; and that processes are transparent concerning management of personal information and provide access and correction rights to individuals. The Act establishes a co-regulatory scheme. It provides a legislative framework but also allows for the establishment of industry privacy codes that can operate in place of the legislative framework. The Act provides that the Commissioner may approve an industry privacy code provided the Commissioner is satisfied that certain specifications are met, for example, that the code incorporates all the National Privacy Principles or sets out equivalent obligations.
As stated above, the amendments to the Privacy Act 1988 have proved highly contentious due to the exemption of employee records. Section 7B of the Act exempts employee records from privacy protection “if an act done, or practice engaged in, by an organisation” is directly related to an “employee record” and a “current or former employment relationship”. The Government held the view that regulation in respect of employee records was better handled under the workplace relations legislation than under a privacy regime. The Government’s assertion that employees’ records are better managed under workplace relations legislation is problematic as privacy protection is not an “allowable matter” for the purposes of S 89A (2) of the Workplace Relations Act 1996 and therefore privacy is not a matter about which the [AIRC] has jurisdiction to make an award.
The approach adopted by the Australian government in respect of employee records offers little protection; it follows closely the US workplace approach, where management rights or interests overrule the protection of employees’ privacy. However, in the absence of a national approach, some states have enacted their own legislation and/or initiated law reform inquiries with a view to establishing a legislative framework.
As we have explained previously, over the past two decades various sections of the Australian public have exhibited increasing sensitivity to privacy issues, and this has produced legislative responses, parliamentary inquiries and law reform investigations. However, countervailing developments, particularly the terrorist attacks on New York in 2001, threaten to have significant impacts on the evolving regime of privacy protection both in society at large and in the workplace. Since the attack, many countries have put in place anti-terror laws with considerable implications for privacy.
Since the events of September 11, many countries have implemented anti-terrorist laws that provide police and secret service agencies with expansive powers to engage in monitoring and surveillance of citizens, most of which can be undertaken without any judicial oversight. The most extreme example is the US legislation, Provide Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, (the PATRIOT Act). This enables law enforcement agencies to use an array of methods to gather information on individuals within the US through enhanced intelligence surveillance procedures, and expands “the ability of the Justice Department to place wiretaps on telephones and computer terminals of anyone suspected of terrorism or of having connections to suspected terrorist organisations.” Such laws have enormous potential to undermine the development of more comprehensive privacy protections, and indeed, erode existing protections.
There are three provisions of the PATRIOT Act that have significant implications for privacy in the workplace. Section 209 provides that “employers may be required to comply with search warrants, including search warrants for email messages of employees.” Secondly, S 213 allows “searches and seizures by the government without prompt notice to the subject of the search and seizure when the government is seeking evidence of a criminal offence”. Essentially, this means that employers are required to allow the government to conduct surreptitious monitoring and searches of employees. It implicitly co-opts the employer into the law enforcement mechanism of the government.
Anti-terror laws in Australia may also have similar implications for the workplace. Of particular concern was the initial Telecommunications Interception Legislation Amendment Bill 2002. Had this Bill passed in its original form, it would have allowed Government agencies to access the content of communications temporarily stored on a service provider’s equipment during transit, enabling access to emails, SMS and voice mail messages without an interception warrant posing significant implications for workplace privacy. However, the contentious provisions were removed from the Bill in order to secure its passage through the Senate and in its revised form was passed in July 2002.
Since September 11 sales of Internet and email monitoring software have risen dramatically. Many employers in the US now require employees to carry identification cards, and many employees are increasingly willing to sacrifice their rights for enhanced protection in this “national security” environment. The full implications of anti-terror laws have not yet been analysed, as such legislation is still being drafted and debated in various parliaments around the globe and may yet pose further problems for workplace privacy.
Over the past 20 years, privacy concerns have increased substantially throughout the Australian community. This concern has a range of sources including emerging privacy protection regimes overseas and technological developments, which have facilitated monitoring and surveillance. Significantly, these concerns have not been confined to the societal level and there have been increasing concerns for improved privacy protection at the workplace level. Even in principle, this issue is not uncomplicated; governance at the workplace level is a regulatory maze with a range of potentially conflicting sources of regulation that emanate from corporations law, industrial relations, occupational health and safety and equal opportunity.
Attempts to address anxieties about intrusions into privacy have been largely ad hoc or implemented as a result of external pressure by trading partners on the Australian Government. Alongside the new technological workplace changes, the events in New York in September 2001 have smoothed the progress of state-sanctioned invasions of privacy, making possible incursions into privacy rights that would have been unacceptable only months before. Privacy legislation, codes of conduct and voluntary guidelines have largely been implemented on a reactive basis, and legislation follows the development of new technologies generally after displays of public disquiet. This paper has highlighted some of the contentious issues underlying the debate about privacy protection and the consequent difficulties reaching consensus on appropriate measures of regulation. This situation is likely to intensify in the future as technology – particularly within the context of the dominance of neo-liberal economics and the rise of the national-security state – is becoming more pervasive and intrusive, and for some citizens, justifiable, under the rubric of national security.
* For a full list of references, please contact the authors.
Dr Julian Teicher (PhD, LLB) is Head of the Department of Management at Monash University. His current research includes industrial relations law and policy, public sector reforms, workplace privacy, and unions and alternative forms of representation.
Anne O’Rourke BA (Hons) (University of Melbourne), LLB (La Trobe University) is a research fellow in the Department of Management. Her current research interests are privacy and surveillance in the workplace and international trade and labour rights.
Dr Amanda Pyman (PhD, BCom (Hons) Monash University) is a research fellow in the Department of Management. Her current research interests are union effectiveness, privacy, monitoring and workplace surveillance, and union strategies in Greenfield sites.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/MonashBusRw/2005/3.html