Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Workplace Privacy Resources'

Resources: Workplace Privacy

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 20 September 1999 (plus revisions to 26 Sep 2004)

© Xamax Consultancy Pty Ltd, 1999-2004

This document is at http://www.rogerclarke.com/DV/Workplace.html


Introduction

There is a limited amount of information available on the web that consolidates sources on the privacy issues affecting employees. This page sets out to address that shortfall. It needs to be improved. Please notify me of your links and snippets!


Contents


Issues

There are many concerns about invasions of employees' privacy, including:


Sources - The I.L.O.

A sensible place to start would seem to be the International Labour Organisation (ILO), a UN-affiliated organisation based in Geneva. Charles Raab told me that there's an ILO document that provides guidelines relating to workplace privacy. But a scan of its web-site in September 1999 turned nothing up.

I was advised in September 2000 by Jean Ffrench, Director of the International (ILO) Section of DEWRSB, of a (somewhat unmaintained) ILO site on workers' privacy.

This identifies one potentially valuable document that addresses the limited area of employee data privacy: 'Protection of Workers' Personal Data: An ILO code of practice', 1997, ix+47 pp., ISBN 92-2-110329-3, 15 Sw.frs.; US$13.50; [[sterling]]8.10, also available in French and Spanish. It seems to be only available in hard copy, and can be ordered from the above URL. The blurb says:

Employers collect personal data on job applicants and workers for a number of purposes, and new ways of collecting and processing such data entail some new risks for workers. While various national laws and international standards have established binding procedures for processing personal data, there is a need to develop data protection provisions which specifically address workers' personal data in order to safeguard the dignity of workers, protect their privacy and guarantee their fundamental right to determine who may use which data for what purposes and under what conditions. This book provides guidance on the protection of such data, covering general principles and specific provisions regarding data collection, security, storage, use and communication. This code will be invaluable for the development of legislation, regulations, collective agreements, work rules, policies and practical measures at the enterprise level.

The ILO page on Workers' Privacy also refers to a 3-volume 'Conditions of Work Digest', which really does look like what's needed!

Unfortunately ILO's publications index doesn't mention that document anywhere. Some of these organisations' web-sites really are a mess ... Perhaps an email enquiry to the relevant part of ILO would yield results. Jean advises that the 3 volumes are in the DEWRSB Library in Canberra, at catalogue reference 331.1 ILO. They should be available, at least through university libraries, on Inter-Library Loan.

Jean also drew attention to an ILO Report of a Meeting of Experts on Workers' Privacy' in October 1996. This was chaired by the Attorney-General's Department's Kathy Leigh. At that stage, the expectation was that the then-new Coalition Government was going to do something positive about privacy (the renege came in March 1997, and resulted in the current privacy-invasive practices legitimisation Bill, and the exclusion of employment matters from the regime). So it's just possible that Kathy's role in this meeting wasn't completely inimical to privacy in the Australian workplaces.


Sources - Other International

The Hong Kong Privacy Commissioner published a 'Draft Code of Practice on Monitoring and Personal Data Privacy at Work', in March 2002, with comments requested by 7 June 2002. It's available in PDF and Word formats.

The NZ Privacy Commissioner has done a few things. See http://www.knowledge-basket.co.nz/privacy/semployf.html.

An EPIC/Privacy International publication in 1999 contains a section on the matter.

The Guardian published an article on 'Can surfing get you the sack?' on Thursday December 16, 1999.

The New York Times carried a story on 8 August 2001 Rebels in Black Robes Recoil at Surveillance of Computers: "A group of federal employees who believed that the monitoring of their office computers was a major violation of their privacy recently staged an insurrection, disabling the software used to check on them and suggesting that the monitoring was illegal and unethical. This was not just a random bunch of bureaucrats but a group of federal judges ...".

David Linowes at the Uni. of Illinois at Urbana-Champaign has published several studies.

In a U.S. case reported in The Sydney Morning Herald on 20 April 2001, a company agreed to stop conducting genetic tests on employees. The employer, in the hope of avoiding its employees' RSI claims, was seeking evidence that the employees had a genetic 'marker' that allegedly predisposes a person to carpal tunnel syndrome. The 20 staff concerned were disabled, and the successful challenge was under the Americans with Disabilities Act. It's unclear whether an employer acquiring blood-samples of staff who are not disabled, and subjecting them to genetic testing, would be in breach of any statutory provision or common law right ...

The EU published a report called Opinion 4/2004 on the Processing of Personal Data by means of Video Surveillance (February 2004).

Some further resources:


Sources - Australian

In general, there appears to be little or no basis for privacy in the workplace, including communications in the workplace.

The primary sources of law are the Commonwealth, and now the NSW, privacy statutes. They relate to personal data only, and to [some] public sector employers only. Telecommunications generally is subject to as-yet-unwritten pseudo-rules under the ACIF scheme.

The 1999 government initiative in relation to regulation of the private sector, culminating in the exclusion of employment matters from the appalling Privacy Amendment (Private Sector) Bill 2000, has expressly excluded employee records. The reason for this appears to be the apparent inconsistency between the government's support for SMEs, and concern about employee privacy protections imposing work and cost on small business. The justification used is that employee privacy is, and should be, addressed within the context of industrial relations law in general, and enterprise bargaining in particular.

It appears that workplace / industrial relations law and even awards / workplace agreements are generally silent on the matter. (Unions are traditionally concerned with fighting employers about workers' economic interests, rather than mere social ones, and either haven't heard about Maslow's hierarchy or don't believe that workers' interests have got very far up the scale yet).

There have been regreattably few instances in which labour representatives have been involved in privacy protection forums. Some unions have begun to focus on privacy aspects of workers' rights, especially the Australian Services Union in relation to the pressure brought to bear on employees in call centres. And here's an article relating to the NSW Labour Council: Unions urge regulation of e-mail taps (Fri, 9 Oct 1998).

A couple of relevant statutes include:

Here a report on attempts by one employer to impose drug-testing on its employees:

QANTAS is a serial abuser of employees' privacy. During early 2003 they tried to impose fingerprinting on baggage-handlers, and fell into line with Customs and effectively forced (nominally invited) 3,000 aircrew to participate in the ridiculous trial of facial recognition at Sydney Airport.

The Sydney Morning Herald's Radar liftout of 17 March 2004 carried an excellent article by Jackie Woods on 'How bosses spy on workers'.


Employee Use of the Internet

The Australian Privacy Commissioner has issued an appallingly weak-kneed set of Guidelines on Workplace E-mail, Web Browsing and Privacy (30 March 2000). It basically says that employers have carte blanche, and doesn't even bother to be perturbed about it, let alone to argue for balance between employee and employer interests.

Electronic Frontiers Australia offers a much more balanced and reasonable Model Acceptable Use Policy For Employee Use Of The Internet (c. August 2000).

For more on Australian workplace Net privacy woes, see Sue Lowe, "Emails at work a grey area under extended Privacy Act," Sydney Morning Herald, June 26, 2001

On 30 March 2004, the NSW Attorney-General announced that "employers in NSW will be banned from spying on employees' private emails under new laws that will place strict limits on electronic surveillance in the workplace". There appears to have been no press release. Reports appeared on the ABC web-site, and in The Sydney Morning Herald.

Another valuable source of information is the Victorian Law Reform Commission's reference on workplace privacy and surveillance (2003-2005).


References

Anandarajan M. (ed.) (2002) 'Internet Abuse in the Workplace' Special Section, Commun, ACM 45, 1 (January 2002)

Benner J. (2001) 'Privacy at Work? Be Serious', Wired News, Mar. 1, 2001, at http://www.wired.com/news/print/0,1294,42029,00.html

Nolan J. (1995) 'Privacy in the workplace', 2, 1 (1995) 1, 2, 2 (1995) 27, and 2, 3 (1995) 48, Privacy Law & Policy Reporter, at http://www.austlii.edu.au/au/journals/PLPR/1995/1.html and http://www.austlii.edu.au/au/journals/PLPR/1995/17.html and http://www.austlii.edu.au/au/journals/PLPR/1995/33.html

Dixon T. (1995) 'E-mail Privacy: Information and Privacy Commissioner, Ontario (Canada) Privacy Protection Principles for Electronic Mail Systems 1994', Privacy Law & Policy Reporter 2, 3 (1995) 54, at http://www.austlii.edu.au/au/journals/PLPR/1995/38.html

IPC (1994) 'Privacy Protection Principles for Electronic Mail', Information and Privacy Commissioner of Ontario, February 1994, 20 pp., at http://www.ipc.on.ca/web_site.eng/matters/hilights/email.htm



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 20 September 1999 - Last Amended: 20 September 1999 (small revs. 17 Dec 1999, 1 Jan 2000, 9 Oct, 19 Nov, 8 Mar 2001, 20 Apr, 27 Jul, 9 Aug 2001, 3 Feb, 21 Apr 2002, 15 Mar 2003, 17 Mar, 3 Apr, 26 Sep 2004) by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/Workplace.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy