Privacy Law and Policy Reporter
Workplaces tend to be inherently ‘public’ or ‘semi-public’ places. Accordingly, any right of privacy in the workplace — in the sense described by Justice Brandeis in the US Supreme Court as ‘the right to be left alone’ — will obviously need to be qualified in the employment context. A worker is employed not be left alone, but to perform designated tasks in an environment where the employer’s interests are protected and promoted. An employer is entitled to take reasonable steps to ensure that assigned work is carried out, that it is performed to the required standard, that working conditions are safe, and that the employer’s other substantial interests — particularly in the security of its property — are safeguarded.
However, Professor Alan Westin, a pioneer in privacy law, goes too far when he cautions against placing too much emphasis on the value of privacy in the workplace. He has contended that privacy based arguments against intrusive workplace monitoring pose a ‘threat to central societal interests in quality work’, and are really disguised protests against worker supervision.
Justice Brandeis’s formulation of privacy ought to apply, albeit in modified form, to the workplace, at least to the extent that workers should be entitled to be left alone in relation to matters that are irrelevant to the employment relationship. Employer action in the areas of testing and monitoring should at least be proscribed where it is illegal, where it interferes with workers’ health, and where it steps beyond the bounds of the terms of the employment contract. Ideally, the minimum standard should be one that is consistent with the ideal expressed in the Constitution of the International Labour Organisation (ILO), that workers should labour ‘in conditions of freedom and dignity’.
Concerns about privacy in the workplace proceed from a human rights perspective, and are aimed at unfair or oppressive working conditions. Intrusive information practices in the workplace, however, have been driven by both the increasing availability and versatility of new technologies, and by ever increasing demands for information. As the Roman philosopher-poet Lucretius noted over two thousand years ago, each new invention creates a new need.
Although monitoring of work must be as old as the concept of work itself, the advance of technology has brought with it a great many new and intrusive means of carrying such monitoring out. The very fact that monitoring can take place with such sophistication that a worker cannot be certain whether or not he or she is being observed or measured (and for what) at any given moment adds to the stress and indignity caused by such practices. New tests have been devised to measure matters ranging from psychological makeup to drug use and genetic status.
Also driving intrusive information practices are the increasing demands for information for a great number of diverse purposes: government requirements, benefit entitlements, insurance, workplace health and safety, detection of out of work conduct that could be prejudicial to the business, better performance measures and the enhancement of efficiency.
The demand for specialised workplace privacy regulation comes from a number of different directions. Firstly, it stems from proponents of workers’ interests, who point to the effects intrusive practices have on workers’ dignity. Moreover, studies have been made concerning the stress effects of constant monitoring on worker health, as well as the high turnover in a workforce that is subject to such practices.
Secondly, there is the weakness of existing law, including specialised privacy legislation, to deal with privacy-intrusive practices. Employers are usually required by law to obtain a worker’s consent before implementing certain measures in the workplace, and they must always obtain consent before carrying out any kind of testing on workers. Given the power imbalance between worker and employer that is normally a feature of the employment relationship, consent is not difficult to procure in such a setting. This is even more so in relation to pre-employment testing, where a job applicant can usually be expected to co-operate fully with any of the proposed employer’s wishes.
Even where there is privacy legislation in place, regulation of workplace privacy matters is weak in practice. In New Zealand, for example, where there has been a privacy law of general application for seven years now, the main difference that seems to have been introduced by the legislation is that workers now have a right of access to most information held about them by their employers. Exercise of this right is particularly useful as a means of discovery that can be used before deciding whether or not to contest a dismissal or some other disadvantageous action. Otherwise, the legislation seems to have had little noticeable impact on the workplace. Nearly any practice is permissible if it has been authorised by employees. In so far as the cases go, surreptitious video monitoring of a locker room to detect theft has been found not to be objectionable in the circumstances, as has been pre-employment psychometric testing.
Finally, where there is privacy regulation of general application, there is considerable demand from both employers and employees to know how such legislation applies to particular situations in the workplace. Where the law is not specifically tailored to deal with workplace issues, it can be somewhat difficult to figure out what precisely is and is not permitted. Employers in particular desire the reassurance of knowing that a particular practice will not leave them open to legal challenge.
Sectoral regulation in respect to workplace privacy began on the regional level in Europe in 1989 with Council of Europe Recommendation No R(89)2 on the Protection of Personal Data used for Employment Purposes. This recommendation applies only to member states of the Council of Europe that ratified the 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data.
More recently, in 1997 the ILO published a voluntary and non-binding code of practice (with commentary) on the Protection of Workers’ Personal Data. The code was intended to provide guidance in the development of legislation, regulations, collective agreements, work rules, policies and practical measures in the workplace (cl 2). The code had been prepared by the International Labour Office, the organisation’s secretariat. It was subsequently adopted by a tripartite Meeting of Experts convened by the Governing Body of the ILO. It was then submitted to the Governing Body, which in turn adopted it in November 1996. The ILO is not likely to go further than suggesting voluntary self-regulation, as it has adopted a general policy of targeting and consolidating certain existing core standards for greater impact.
On the national level, two common law jurisdictions, Hong Kong and the United Kingdom, have recently seen fit to introduce codes of practice dealing with workplace privacy issues. These codes of practice reflect the level of demand there is for specialised guidance in this area, as well as the weakness of the protection conferred by privacy legislation of general application in this context. Although both codes cover a wide variety of workplace matters, the survey below will focus on the treatment by each code of two common areas of concern: employee testing and monitoring.
The Hong Kong privacy legislation is the Personal Data (Privacy) Ordinance 1995 (Cap 486). It already contained a few provisions that were specifically aimed at workplace matters. A unique feature of this legislation is that individuals have a right of access to personal references unless the person providing the reference had no obligation in the course of his occupation to do so and the reference concerns the other person’s suitability to fill a position. However, once the applicant for a position has been informed of the employment decision, there is then right of access to the reference (s 56).
The Code of Practice on Human Resource Management, issued under s 12 of the Ordinance, was notified by the Privacy Commissioner for Personal Data on 22 September 2000, and will come into effect on 1 April 2001. The Code contains both mandatory provisions and explanatory notes. The purpose of the Code is to provide guidance to data users who handle personal data in the human resource area, and it focuses on issues concerning collection, holding, accuracy, use, security and data subject access to personal data of prospective, current and former employees. The Code, which is 43 pages long, deals with the following matters:
Notification requirements on collection of personal data; Accuracy and retention of employment-related data; Security measures to protect employment-related data; Complying with data access and correction requests; Employer’s liability for wrongful acts or practices by employees or agents; Collection of personal data from job applicants; Advertising of job vacancies; Employment agencies/executive search company; Internal records about job applicants; Receiving and processing applications for employment; Seeking information for selection assessment; Seeking personal references of job applicants; Acceptance by candidates; Unsuccessful candidates; Data access and correction requests by job applicants; Personal data in relation to terms and conditions of employment; Disciplinary proceedings; Performance appraisal; Staff planning; Promotion planning; Providing job references for employees; Data access and correction requests by employees; Accuracy and retention of employment-related data; Use of employment-related data of existing employees; Disclosure or transfer of employment-related data; Matters concerning the engagement of subcontract staff; Continued retention of personal data of former employees; Accuracy of former employees’ personal data; Security of former employees’ personal data; Providing job references for former employees; Public announcements about former employees; Erasure of former employees’ personal data; Retirement; Death of an employee.
The Hong Kong Code does not contain anything specific on drug or alcohol testing. There are, however, a number of requirements that apply generally to the collection of information from employees, and specifically to the collection of health data. The collection of data generally must be necessary for or directly related to a human resource function of the employer or be carried out pursuant to a lawful requirement that regulates the affairs of the employer, and it must be undertaken by means that are fair in the circumstances. The data collection must not be excessive in relation to the purpose. The collection of data relating to an employee’s health condition may be made so long as it is for a purpose that is directly related to an assessment of the suitability of the employee’s continuance in employment or directly related to the employer’s administration of medical or other benefits or compensation provided to the employee (para 3.2.4).
In relation to job applicants, para 2.9.1 of the Code provides as follows:
An employer may, no earlier than at the time of making a conditional offer of employment to a selected candidate, collect personal data concerning the health condition of the candidate by means of a pre-employment medical examination, provided that:
188.8.131.52 the personal data directly relate to the inherent requirements of the job;
184.108.40.206 the employment is conditional upon the fulfilment of the medical examination; and
220.127.116.11 the personal data are collected by means that are fair in the circumstances and are not excessive in relation to this purpose.
There is specific reference to psychological testing in the context of selection for employment and promotion (paras 2.7.1 and 3.6.1). In each case, such testing is acceptable so long as the purpose is to assess suitability for the job, and provided that the collection of personal information is undertaken fairly and is not excessive in relation to the purpose for the collection of information.
The Hong Kong Code provides that where internet access (including email) is made available to employees, the employer should have a written policy on its use and inform employees of that policy (para 1.4.6).
The Code goes on to provide non-binding advice on good practice in relation to what such a policy ought to include. It states that an employer’s email policy should include coverage of the following matters:
Monitoring is covered in the Code only in the context of performance appraisals. This indicates that if monitoring is to be undertaken, it must be carried out with a view towards a specific purpose rather than on an ongoing basis without any kind of limitation. The operative principle here is that the collection of information should not be excessive in relation to the purpose for its collection, and that it is carried out by means that are fair in the circumstances (para 3.4.2). The Code then goes on to provide the following non-binding advice on good practice:
For example, it would not be fair to record an employee’s work-related telephone conversations as part of a performance appraisal process unless there is no other reasonably practicable way of monitoring the employee’s performance, and prior notification is given of such a practice. It would also not be fair to use electronic surveillance of employees at work, such as the use of a finger-scan system, to monitor staff attendance at work unless there is no other less privacy-intrusive means of doing so. As a matter of good practice, employees should be served notice in writing if specific techniques are to be deployed to monitor their performance.
The United Kingdom Data Protection Commissioner has issued a draft Code of Practice on the Use of Personal Data in Employer/Employee Relationships. This forms the basis for a public consultation exercise that is taking place between 6 October 2000 and 5 January 2001. Section 51(3) of the Data Protection Act 1998 (UK) gives the Data Protection Commissioner the power to issue such codes. Given that the matter is only at the consultation stage at this point, the final version of the Code (expected in the first half of 2001) may turn out to be somewhat different from this draft. This draft Code is somewhat more robust and prescriptive than the Hong Kong Code.
Two factors in particular led to the development of this draft Code. Firstly, developments in technology and practice, such as automated decision-making and electronic and video monitoring, have had a significant impact on employees. Secondly, there were significant new developments in the law, namely the enactment of the Data Protection Act 1998 (based on the European Union Data Directive, and significantly wider than the previous legislation in the area) and the Human Rights Act 1998 (which came into force on 2 October 2000).
The Code (with commentary), which is 63 pages long, deals with the following matters:
Any form of testing must be lawful and fair to the job applicant or employee. Fairness in this context means, among other things, that testing and the interpretation of test results should only be carried out by persons who are qualified to do so (para 2.5).
In relation to medical testing, the draft Code notes that ‘consent will not be freely given if the penalty for not consenting is dismissal’. In such cases, the consent will be invalid (para 7). The Code goes on to note that even where consent is valid, the processing of the personal data may be unfair ‘if, taking into account the circumstances in which consent is obtained, the employer uses its dominant position to carry out testing even though the benefits do not outweigh the inevitable intrusion into privacy’.
In relation to drug and alcohol testing in particular, the Code sets out the following standards (para 7.1):
- — the employer’s interest is in detecting drug use that puts at risk the safety of others. This can arise from drugs that are legal as well as illegal. Employers should not test merely to find evidence of the use of illegal drugs;
- — the drug testing used must address the risk. It must be capable of providing real evidence of impairment at work that is sufficient to put at risk the safety of others;
- — other than in the most safety critical areas, drug testing is unlikely to be justified unless there is a reasonable suspicion of drug use that has an impact on safety;
- — information that is obtained in the course of a drugs test that does not have a significant bearing on the employee’s ability to work safely should be discarded. For example, information that shows an employee to be pregnant or to have been in contact with cannabis in the past should be neither recorded nor used;
- — drugs testing must provide significantly better evidence of impairment that puts safety at risk than less intrusive alternatives such as a test of speed of reaction (Principles 1 and 3).
In relation to genetic testing, the Code sets out the following standards (para 7.2):
The draft Code requires that any monitoring or surveillance be lawful and fair to employees. It emphasises openness and proportionality in relation to such practices. The Code sets out the following standards for all monitoring (para 6.1):
- — the monitoring is behavioural; and
- — it is carried out for the purpose of preventing or detecting crime or the apprehension or prosecution of offenders; and
- — informing staff would be likely to prejudice this purpose; and
- — the standards in s 6.2 are complied with (Principle 1/s 29).
The Code disapproves of covert employee performance monitoring, and views the justifiability of covert employee behavioural monitoring as limited to those circumstances where openness would prejudice the prevention or detection of crime or the apprehension or prosecution of offenders. The Code’s standards for covert monitoring are as follows (para 6.2):
- — specific criminal activity has been identified; and
- — the need to use covert monitoring to obtain evidence of that criminal activity has been established; and
- — an assessment has concluded that explaining the monitoring to employees would prejudice success in obtaining such evidence; and
- — an assessment has been made of how long the monitoring should continue for; and
- — in the case of a public authority the monitoring is carried out in accordance with an authorisation granted under the provisions of Part II of the Regulation of Investigatory Powers Act 2000 (Principle 1/s 29).
The Code sets out the following standards for video and audio monitoring (para 6.4):
In relation to vehicle monitoring through tachograph or tracking devices, the Code sets out the following standards (para 6.5):
The draft Code sets out the following standards for telephone monitoring (para 6.3.1):
The draft Code sets out the following standards for email monitoring (para 6.3.2):
Finally, the draft Code sets out the following standards for internet access monitoring (para 6.3.3):
Dr Paul Roth of the University of Otago, Dunedin, New Zealand is author of the Privacy Law and Practice looseleaf service (Butterworths NZ). A longer version of this article was presented at the Australian Business Limited ‘Workplace Privacy Issues’ Conference, Sydney, November 2000.