 |
|
   
 
|
||||
 |
Copyright © 1998 by the University of St. Thomas, Minneapolis-St. Paul, Minnesota.
Should Monitoring Occur? | The Risk of Knowledge | Note on Privacy in the Workplace
Introduction
Over the past five years, increased use of computers, more specifically electronic mail and the Internet, has vastly changed how many organization' s function and communicate. E-mail and the Internet have emerged as efficient tools of both formal and informal communication and research. New technologies provide new ways to monitor productivity, how employees use their time, and everything from keystrokes-per-minute to Internet sites visited to e-mail conversations. However, monitoring employees is not a new concept. Privacy issues have existed in the workplace before computers made monitoring convenient. Practices such as telephone wiretaps, checking an employee' s voice messaging system, and video surveillance existed long before the computer age.
The purpose of this note is to explore the ethical issue of employee privacy in the workplace. More specifically, the focus will be on an employee' s use of e-mail and Internet facilities provided by the employer. Managers, who consider the need for balance between privacy of the employee, security for the organization, and the management of company resources may be in the strongest position to shape effective and efficient policies. Five examples of electronic communication policies are offered in (see Exhibit 1).
The Technology
"The Internet is a worldwide system of interconnected computers. One component of the Internet is effectively a worldwide electronic mail system. In addition, the Internet is a vast compository of information that generally can be accessed easily by an Internet user." It is important to note that there is no central super-computer and nobody controls the Internet.
Since the Internet is a free and uncontrolled entity, neither electronic mail nor use of the Internet is secure. E-mail, when sent, travels through many linked servers to reach its destination. Any one server can intercept, copy, or simply read the contents of any message. However, most messages get split up and sent in pieces taking different paths to the destination. Typically, only two servers handle a message in its entirety: the sender and the receiver. Even "surfing the Internet" is not entirely private . Any individual surfing the Internet can be tracked by the search engine that they use and by their Internet provider.
"New software will make automated monitoring of e-mail cost-effective for corporations, raising management and privacy issues. Intergralis' MIMEsweeper, a program originally used as an e-mail virus checker, disassembles all messages and attachments. In its monitoring mode, MIMEsweeper can archive or redirect messages that contain encryption, viruses, or even keywords or phrases."
Tracking what Internet sites are hit by an employee is an even easier task. Most browsers (including Internet Explorer and Netscape Navigator, the two largest) keep a log of Internet sites visited and the time spent at each site.
Thus the technology is available for employers to read their employee e-mail and to track their use of the Internet. The question is, should they use it?
Why is Privacy an Issue?
As a society, we consider many values to be of importance to us. Moral common sense would dictate that respecting the privacy of others, for the sake of their individual dignity, is one of those values. However, this duty does not come without conflict, since there are many situations in which the act of protecting a person' s privacy may contradict other values that we share.
Managers, as officers of the corporation, have a duty to be concerned with how protecting an employee' s privacy will impact the firm. This concern covers three general areas: (1) the security of the company' s information; (2) the use of company resources; and (3) the company' s liability based on its employees' use of electronic mail and the Internet.
In many instances, one of these responsibilities will be compromised.
Legal Responsibilities of the Corporation
It is wise to consider the legal implications of any management action being considered. In the realm of employee privacy, as it relates to electronic mail and the Internet, no specific document directly outlines what is allowed and what is not.
In the absence of a direct mandate and specific rules, the legal system defines what is right and wrong on the basis of existing laws that relate indirectly to the situation. There are several documents on several levels that may relate:
THE CONSTITUTION OF THE UNITED STATES
The Fourth Amendment to the U.S. Constitution protects an individual' s right to privacy from government intrusion. However, the courts have ruled that this protection does not apply to employees of private firms.
THE ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA)
The Electronic Communications Privacy Act (ECPA) was passed in 1986 to amend the Federal Wiretap Act to include electronic communications, such as e-mail. Under the ECPA "it is unlawful to intercept telephone communications or electronic mail while in transmission and to divulge the contents of messages taken from electronic storage." However, exceptions exist that give employers the right to monitor employees' e-mail:
- A provider exception allows the corporation (or an agent of the corporation) to intercept and disclose electronic communication, provided that it is done in the ordinary course of business.
- A business extension or ordinary course of business exception allows the corporation to monitor electronic communication if (1) the monitoring is necessary to provide the service, or (2) the monitoring is necessary to protect the corporation' s rights and property.
- A consent exception allows the corporation to monitor electronic communication provided that consent from one of the parties has been given.
Ethical Responsibilities of the Corporation
Managers of a corporation have responsibilities that go beyond legal obligations. They have ethical responsibilities to their stakeholders. Balancing these responsibilities with the manager' s fiduciary responsibility to the stockholders can be challenging. In this case, management of a corporation is balancing two competing responsibilities; the responsibility to respect an employee' s privacy and the responsibility to protect an investor' s interests. Which responsibility must prevail?
The ethical analysis of this dilemma, to protect or compromise an employee' s privacy, can be performed using "a case analysis template for ethics-related cases" (see Exhibit 2). There are four basic avenues for ethical analysis: interest-based, rights-based, duty-based, and virtue-based.
From an interest-based perspective, management acts to maximize net expectable utility. On one hand, there may be several benefits derived and costs avoided through monitoring employee electronic mail. These include the protection of corporate information, the savings of corporate resources and, potentially, the avoidance of legal liabilities. On the other hand, there are several benefits that may be lost and costs incurred through the compromising of an employee' s privacy. These include the loss of labor-management goodwill and trust, and potentially even legal costs.
From a rights-based perspective, management acts in order to balance stakeholder and stockholder rights. On one hand, as a society we believe that we have a right to privacy. On the other hand, management, as an agent of the corporation, has the legal right to monitor any communication that uses equipment that it pays for.
From a duty-based perspective, management must act in accordance with its fiduciary responsibilities without compromising its public trust and corporate community involvement. Management has a fiduciary duty to protect the stockholder interests and maximize their long-term profitability. On the other hand, management has a duty not to compromise its public trust by violating any individual' s privacy without justification.
From a virtue-based perspective, management must act in order to reinforce a virtue or positive trait of character. A manager must trust the employees in the corporation; on the other hand, the manager has accepted the responsibility to protect the interests of the stockholders and not monitoring the employee' s use of electronic mail and the Internet might be "breaking a promise."
Conclusion
This is by no means a complete analysis of the issue that faces most managers regarding their employee privacy and the problems associated with their responsibility to the corporation. It is important for the management student to recognize that there may be no single correct solution to the discord caused by conflicting responsibilities. Different managers will face a variety of nuances within the overall conflict that uniquely relates to their own organization.
Bibliography
ARTICLES
"Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age," by Mark S. Dichter and Michael S. Burkhardt, The American Employment Law Council, 1996
BOOKS
"Policies and Persons: A Casebook in Business Ethics, Third Edition," by Kenneth E. Goodpaster, and Laura L. Nash, McGraw-Hill, 1998
WEBSITES
The Privacy Pages http://www.2020tech.com/maildrop/privacy.html
A center of linked web pages. All the links have an abstract so that you can consider the content before you enter the site.
Electronic Privacy Information Center
http://www.epic.org/
Electronic Communications Privacy Act of 1986
http://cpsr.org/cpsr/privacy/communications/wiretap/electronic_commun_privacy_act.txt
The text of the Electronic Communications Privacy Act.
Exhibit 1: Excerpts from Company Policies
From Ceridian' s "Internet and Email Use Policies":
Any use of the Internet or email to post, store, transmit, download or distribute any threatening, abusive, libelous, defamatory, obscene or otherwise objectionable materials of any kind including anything constituting or encouraging a criminal offense, giving rise to civil liability or otherwise violating any laws or that intentionally interfere with the mission or activities of Ceridian will result in disciplinary action and/or legal action against the employee to recover damages.
Access to the Internet and email service is not guaranteed for all employees. An employee' s manager may decide restrictions are necessary. Be aware that the company may review all messages and reserves the right to monitor all email messages and use of the Internet by its employees, consultants of the company or others that are using a Ceridian network for access or transmission of data.
From General Mills' policy regarding "Electronic and Voice Communication":
General Mills does not intend to monitor utilization of voice and electronic communication. However, General Mills reserves the right to access the contents of voice and electronic communications in situations of suspected misuse of a communications system, internal compliance audits, or whenever advance notice has been provided.
From Minnegasco's "E-Mail Policy":
The e-mail system, messages and data are the exclusive property of the company and are to be used for company purposes.
As property of the company, all e-mail messages and data are subject to review, disclosure and deletion as deemed necessary by the company. Sending or receiving information of a personal nature and information that may be offensive to others is strictly prohibited on the company' s e-mail system.
From National City Bank's "Electronic Communication Guidelines":
The e-mail, voice mail, telephone systems, computer systems, security systems, and all digital network communications are to be used for business purposes.
Use for incidental personal purposes is permissible only within reasonable limits. This does not include uses requiring substantial expenditures of time, uses for profit, or uses that would otherwise violate Bank guidelines with regard to employee time commitments or Bank equipment.
Employees do NOT have any privacy right in any e-mail, voice mail, or telephone systems or computer generated communication or digital network communications, however created, sent, received, accessed, or stored.
(emphasis in original)
From United Healthcare's "Information Security," section of the employee handbook:
These communication systems are to be used for company business and other company-sanctioned purposes.
UHC reserves the right to inspect or review all uses of these systems.
Case Analysis Template for Ethics-Related Cases
| Aspects of the Moral Point of View | DEONTIC (Action as Effective) | ARETAIC (Action as Expressive) | ||
| Case Analysis Steps (5 D's) | Interest-Based Outlook | Rights-Based Outlook | Duty-Based Outlook | Virtue-Based Outlook |
| Describe | How did the situation come about? What are the key presenting issues? Who are the key individuals and groups affected by the situation? | |||
| Discern | What are the most significant of the "presenting issues" - the one that might lie underneath it all? | |||
| Are there conflicting interests with respect to this issue, and how basic are they? | Are there rights in conflict with interests or with other rights? Are some weightier than others? | Does duty come into the picture - and are there tensions with rights or interests? Can I prioritize these claims? | Is character an issue in this case - are there habits that bring us to this point or that will be reinforced later? | |
| Display | What are the principal realistic options available to the decision maker(s) in this case, including possible branching among suboptions - leading to an array of action sequences or plans? | |||
| Decide | What, finally, is my considered judgment on the best option to take from those listed above? The Moral Point of View is here joined to the Administrative or Managerial Point of View. | |||
| Defend | Which of the avenues predominates in my choice of options above, and can I give good reasons for preferring the ethical priorities I have adopted in this case that are consistent with other such cases? | |||
Source: "Policies and Persons: A Casebook in Business Ethics, Third Edition" by Kenneth E. Goodpaster and Laura L. Nash, McGraw-Hill, 1998.
This note was prepared by Research Assistant Hassan Valji under the supervision of Kenneth E. Goodpaster, Koch Professor of Business Ethics, University of St. Thomas, to accompany the Waterbee Toy Company case series. Copyright © 1998 by the University of St. Thomas, Minneapolis-St. Paul, Minnesota.
© 2026 | Home : Terms of Use : Your Privacy RightsRadio Listening : News & Features : Events Calendar : Your Voice : About Us