Employee privacy at risk, research warns

Researchers at a symposium hosted by Canada’s privacy commissioner today called on legislators and employers to strengthen employee privacy guarantees and to anticipate the implications of emerging technologies that threaten privacy rights.

Employers already have access to technologies that range from key-stroke monitoring to closed-circuit television systems, access control systems (magnetic key cards), global position systems, radio frequency identifiers, telephone and e-mail monitoring and drug and genetic testing, conference speakers pointed out. Even if employers initially install the technologies for different purposes, they have surveillance capabilities that can be detrimental to employee privacy, said Avner Levin, coordinator of the law area at Ryerson University‘s business faculty.

In a recent case in Highlands East, Ont., hidden video cameras installed for security surveillance caught volunteer firefighters drinking beer. The fire station’s commander was fired.

“The issue here is the function creep of these technologies as they are introduced for one purpose and used for another,” said Levin.

Levin and three other colleagues at Ryerson surveyed companies representing three per cent of the Canadian workforce, asking employers about their workplace privacy policies.

Fully two-thirds of the representatives at companies the Ryerson researchers contacted would not co-operate with their survey, including CIBC and Wal-Mart, Levin said. Managers responsible for privacy at the 15 firms that did co-operate were often unaware of legislation that governed employee privacy, he said.

In Quebec, privacy legislation requires employers to protect the dignity of their employees. Privacy legislation in Alberta and B.C. stipulates that employers must be governed by a “reasonable” standard of conduct in collecting information about their employees.

In the companies that the Ryerson researchers spoke to, “there was absolutely no awareness that this was the state of affairs,” Levin said. Most thought they had no restrictions on the information they could gather, and none of those surveyed provided privacy policies for their employees.

In all other provinces, including Ontario, there is no legislation specifically governing employee privacy in the workplace, Levin said. He called on the province to amend its Employee Standards Act to put in place at least “minimal” guarantees, as West Virginia has done, that there will be no surveillance in place in restrooms, shower stalls or other personal space.

Employers should also consider the reasons they are collecting employee information, Levin said.

“It means thinking very seriously about what your role is as a corporate citizen in this post-911 world. You know if you create databases governments may want to have access to them,” he said.

In a democracy, said Levin, “It’s not always a good thing to create a database simply because you have some new technology that can create a database about your employees.”

Richard Rosenberg, president of the BC Freedom of Information and Privacy Association, also cited the potential for genetic testing to violate employee privacy and, potentially, cost jobs.

“That’s of great concern,” Rosenberg said, citing a lack of legislation or public policy debate about the impact of that kind of employer surveillance.

Individuals have the right to seek genetic testing for health reasons, but “that doesn’t automatically mean that information should become available for management to make decisions on,” said Rosenberg, also a professor emeritus in computer science at the University of British Columbia.

Currently, most companies don’t have policies governing genetic testing, he said, and nor are employees or their union representatives requesting it.

Rosenberg is also worried about the increasing use of RFID technology to track people, not just animals. As of 2004, 40 million Americans were already carrying an RFID tag, or implantable computer chip, Rosenberg said.

One Cincinnati corporation called CityWatch.com, a surveillance company, has already implanted VeriChip tags in some of its employees. The chips permit the employees to access secure data centres.

Both Levin and Rosenberg urged employees to ask their employers for their policies concerning collection of employee information, and where one doesn’t exist, to draft one.

Such a request would encourage employers to think through th process and ensuing policies could “leave the employees in a better state,” said Levin.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+