This essay will consider and evaluate the proposition “privacy is dead- get over it” by looking at organizational communication theory and practice. The essay will look at the role of the employee in the modern corporate environment, and compare and contrast this with the role and status enjoyed by the employee in more historical settings. The essay will look at the statutory framework for Data Protection in the UK, and privacy and will examine how this applies to the workplace, both in theory and in practice. The role of legislation designed to protect the interests of employees will be considered and the writer will comment on the efficacy of the legislation as well as considering the specific rights that it creates for employees and the specific responsibilities that it creates for employers. The wider sociological context for issues connected to surveillance in the workplace and employment rights will be examined also, and the writer will consider how technological advancement and the Information Age has affected the status of the modern employee in terms of their privacy. The ultimate aim of creating this context will be to inform a holistic evaluation of the proposition “privacy is dead- get over it”.
Privacy and surveillance in the workplace
In the modern workplace there are various tensions that exist between the privacy of employees and the level of surveillance that employers may employ in order to ensure that the organization functions optimally (Sprenger, P. (1999); Treacy, B. (2009); Wilkes, A. (2011)). Social networking sites are becoming more and more popular, and the internet is being used more and more to facilitate communication within organizations: “According to the Office for National Statistics’ 2010 data, 30.1 million adults in the UK (60% of the population) access the internet every day or almost everyday. This is nearly double the 2006 estimate of 16.5 million. Social networking was a popular internet activity in 2010, with 43% of internet users posting messages to social networking sites or chat sites, blogs etc. While social networking activities prove to be most popular amongst 16–24 year olds, 31% of internet users aged 45–54 have used the internet to post messages on social network sites, while 28% uploaded content. Many of the adults that use social networks do so not only for social networking purposes but also for business networking purposes. Of the individuals listed in LinkedIn this year, there are over 52,000 people, predominantly in the US, Canada, India, Italy, UK and the Netherlands (in that order) with ‘privacy’ mentioned in their profile. Within LinkedIn there are also a considerable number of privacy related LinkedIn groups which have substantial memberships. Many of the readers of this article will no doubt be in those groups for social as well as business purposes…(Bond, R. (2010) pp. 1)”, and this intensifies the debate as to how far employees’ privacy can be lawfully infringed by employers.
As organizational communication takes place more and more via email and other forms of electronic communication the problem of privacy is further heightened as more extensive records of personal communication are created and retained (Johnson, D. and Turner, C. (2003) p. 43-47; Jordan, T. (1999) p. 17-19; Kitt, G. (1996) p. 14-18). What to do with data like this poses a complex problem relating to the privacy of the employee and the right of the employer to infringe privacy in order to ensure the integrity of their organization.
The statutory framework
In the UK the privacy of an employee’s data, and an employer’s lawful access to such information is defined through a number of routes (Lunney, M. and Oliphant, K. (2003); Mc Kendrick, E. (2003)). Firstly, there is an important statutory framework that employers must respect. This is created by the Data Protection Act 1998, and also by the ECHR which requires that an individual’s private and family life be respected (Article 8 of the ECHR). These rights are enforceable by an individual in a civil court in the UK, but also by public agencies in the UK like the Office of the Information Commissioner (Sprenger, P. (1999); Treacy, B. (2009); Wilkes, A. (2011)).
The Data Protection Act 1998 has created a number of principles of data protection, which must be respected. These are that information (i) must be fairly and lawfully processed; (ii) information may only be obtained for specified lawful purposes, (ii) may not be processed in any manner incompatible with such purposes; (iii) data must be adequate, relevant and not excessive for the purposes for which it is collected; (iv) information must be accurate and where necessary kept up to date, (v) information must not be kept longer than necessary, (vi) information must be processed in accordance with the rights of data subjects, (vii) security measures must be taken against unauthorized and unlawful processing of information against accidental destruction, or unauthorized or unlawful destruction, and (viii) information must not be transferred outside the European Economic Area within the consent of the data subject. In cases where these principles are not adhered to by employers, an employee may institute civil actions for breach of privacy, and or complaints to the ICO who may pursue criminal prosecutions against any party who has breached the Data Protection Principles (Kuschewsky, M. (2009); Hansson, S. and Palm, E. (2005) p. 57). As such the Data Protection Act 1998 creates a range of rights in terms of privacy and security of personal information and these may be enforced directly by an individual or by a public body such as The Information Commissioner on behalf of an individual. Breach of the Data Protection Act 1998 is a criminal offence which is punishable with fines and or up to six months imprisonment. Recent changes to the powers of the Information Commissioner gives them powers to issue fines of up to £500,000 for cases of serious breaches of the Data Protection Act 1998 (Kuschewsky, M. (2009); Hansson, S. and Palm, E. (2005) p. 57).
On the other hand there is also a statutory framework that addresses how far an employer may go in terms of monitoring their employees in the course of employment. The Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice) (Interception of Communication) Regulations 2000. These provide that monitoring of employee data can only be authorized for specific, defined purposes such as where the employer has a legitimate overriding interest in the pursuit of monitoring activities (Schirato, T. and Yell, S. (2000) p. 42-45; Sime, S. (2007) p. 12; Smith, M. and Kollock, P. (1998) p. 32-35). Thus it may be argued that there is a balance to be struck between the information that employee’s disclose which may be lawfully evaluated by the employer (deemed for example in communication privacy management theory as “self-disclosed” information (see: Petronio, S. (2002) p. 3)) and information that is subject to inappropriate uses.
Clauses in the employment contract may also define the rights and responsibilities of the employer and the employee in terms of privacy, but it is important to note that employers may not, through the operation of a private contract exclude any of the rights and or responsibilities that are defined in The Data Protection Act 1998, or the ECHR (Blanpain, R. (2007); Elliott, C. and Quinn, F. (1999)). The wider legislative framework may be further defined according to the theory of privacy rule development. Privacy rule development theory argues that cultural, and sociological factors impact the boundaries of privacy rights (Petronio, S. (2002) p. 40) and it is clear that there is a balanced approach to the rights of the employee and the responsibilities of the employer under this framework and this reflects wider liberal sociological and cultural values prevalent in the UK.