Introduction
In the contemporary world, many organizations across the globe have adopted e-management strategies as a means of enhancing the effectiveness and efficiencies of their operations (Melvin, 2007). In the digital platform however, every action that an employee does in a workplace creates a transaction (Clayton, 2009). Therefore, by the end of one working day, employees normally record a series of transactions. It is thus possible to monitor and record the activities that employees of a given entity are involved. Thus, employers use this platform to monitor the activities that their employees are involved in at the workplace.
In most cases, such surveillance is conducted to determine the performance of employees (Foster, 2006). However, several arguments have been presented regarding the legality of such surveillance. In most of these arguments, it has been found that such surveillance tends to focus on the private lives of employees. However, it has been difficult to determine whether such acts by employers are authorised or whether they are legal with regards to the laws and statutes of a given nation.
In the UK for instance, the law does not define what privacy is (Moorhead, 2008). However, the law clearly stipulates the acts of surveillance that are considered to be legal hence gaining the protection of the law and the acts that infringe the private lives of employees within a workplace (Oddou, 2011). However, it is essential to state that the legality of an act does not constitute what privacy is or is not. This is due to the fact that privacy exists in the lives of individuals like facets such as secrecy, tranquillity, or security. Therefore, within the context of a workplace, privacy concerns itself with the measures that are put in place to maintain the confidentiality of the information of the employees with respect to the various monitoring techniques that an employer might have put in place to achieve various goals and objectives (Mendenhall, 2007).
Despite the presence of the law and ethical principles and guidelines, many employers in the UK and across the world tend to monitor the activities of their employees. In the process, such employers usually invade the private lives of their staff. Such acts usually infringe the private lives of employees and go against the civic and political rights of employees were enacted by the Council of Europe in 1950 (Pinder, 2012). Thus, Raab (2011) regards these acts as processes that go against the rules and regulations that were passed during the European Convection of Human Rights that was held in 1950 under article 8. To ensure that the privacy of employees is maintained in the workplace, the British government has passed several rules and legislations. Examples of these rules and regulations include:
- Data Protection Act (1998)
- Regulation of Investigatory Power Act (2000) and the Telecommunication (Legitimate Business Practices) (Interception of Communication)
- Human Rights Act of 1998
From a personal perspective, I believe that the aim of these laws and legislations is to ensure that employers take the burden of ensuring that the privacy of employees within the workplace is maintained. From a critical angle of view, it is evident that employers have been imposed with a heavy burden of maintaining the privacy of their employers. However, these rules and guidelines work to ensure that a balance is created between the goals and objectives that employers want to achieve and the protection of the private lives of employees (Work, 2004).
Workplace Privacy
Electronic monitoring is one of the most effective measures that employers have put in place to monitor the performance of their employees. However, the application of this strategy has raised many concerns with regards to the invasion of the privacy of employees within the workplace. The application of e-management strategies has enabled employers to collect a wide array of personal information of their employees. These mechanisms are very efficient such that the concerned individuals (the employees) are not aware of the fact that their employers have collected their personal information and what this information will be used for (Robertson, 1997). In the normal operations of firms, employers collect the personal information of their employees through appraisals, performance contracts, security details and so on. However, the personal information that employers collect is usually applied to purposes that are not within the current policy laws of the UK (Ryan, 2011).
Many of the organizations that are based in the UK have adopted and incorporated the concept of e-management in their normal operations. Thus, the presence of a computerised system within the workplace enables the employer to record a wide array of his/her employees’ information from the time they get to work up to the time they leave. For instance, the employees of most organizations that are based in the UK record their arrival to work on CCT (Reynolds, 1997). Consequently, they use swipe cards to get access into their offices and other areas within the workplace. In the course of their daily work, these employees log into the company’s database using login and password combinations, receiving and sending emails, making telephone calls within and outside the organization, surfing the internet, accessing to and leaving voice messages and so on. All these processes are examples of instances where an employee records data with or without his consent. Given the effective data monitoring tools and techniques that are present in most workplaces in the contemporary world, it is easy for an employer to collect this information and manipulate it to achieve specific goals and objectives (Gee, 2003).
However, Article 8 of the European Commission on Human Rights that was commissioned by the Human Rights Act of 1998 clearly stipulates that it is illegal for an employer to record and use the personal information of his/her employees if his/her without their consent (Grebe, 2005). In this event therefore, it is evident that many employers breach this stipulation since the main reason why they collect and utilize the personal information of their employees is to ensure that their firms operate in an effective and efficient manner hence becoming profitable in the short run and in the long run (Hodgetts, 2003). It is as a result of this fact that Prochaska (2009) stated that employers breach the privacy rights of their employees due to the fact that they can collect data regarding their personal information for a specific reason that is accepted by the law but use it for different purposes that might be against the law. He went further ahead to state that these employers might give out confidential information of their employees to third parties without their consent. This move further breaches the confidentiality agreement that exists between an employer and an employee.
Data Protection Act (1998)
At this point, it is essential to state that the processing of collecting data from employees did not commence with the invention of the computers and the incorporation of computerised systems in managing organizations. This process has been in place since the introduction of management (Prochaska, 2009). Thus, the collection, storage, and utilization of personal information are essential parts of management. Employers require to have the personal details of their employees. This includes information such as the names, age, addresses, backgrounds, medical records, experiences and so on. This information is essential as it assists the management to have a better understanding of their employees.
Given the fact that employers have all this information, it is essential for them to ensure that they protect they use it in a sensible manner in accordance to the rules and stipulations that have been set by the law. In the UK, the Data Protection Act of 1998 has been put in place to protect the private lives of employees within the workplace (Irmer, 2007). This Act however concerns itself with the protection of computerised information. Thus, according to this law, data is regarded as any information that is recorded in a computerised system or is processed into a format that corresponds to this filing system (JCHR, 2008). Personal information of employees that can be stored in a computerised system includes their personal details, education backgrounds, medical records, records from the local authorities and so on. To a narrower extent, this law classifies data into several categories. For instance, there are data that are considered as personal information of employees. This segment of data can further be classified into sensitive personal information (JCHR, 2008). Sensitive personal information comprises of data that distinguishes the personality, values, and beliefs of an employee. Examples of this information include race, ethnicity, religion, political ideology, trade union alliance, sexual orientation, and criminal record. Given their nature, these sets of information are very sensitive since their exposure can be fatal to the personal life and career of a given individual. It is thus important for an employer to protect this information at all costs and utilize it to achieve his/her goals and motives as per the stipulation of the law.
Therefore, to ensure that employers fully protect the personal data of their employees, the Data Protection Act of 1998 operates under eight principles that employers are supposed to adhere to (JCHR, 2008). These principles are:
- The personal data of an employee has to be handled in a manner that is deemed fair and lawful.
- The data of an employee should only be collected and utilized for purposes that are legitimate before the law.
- The manner in which the personal data of an employee is processed should be adequate and appropriate. However, this process should not be exorbitant at all.
- This data has to be precise and kept up to date.
- This data should only be available for the length of time that the purpose for which it was collected for is valid.
- This data should only be collected and processed with the consent of the respective employee.
- Strict measures should be taken in an event where this process is conducted in an unlawful manner.
- The collected data of employees should never be passed outside the European Economic Zone.
From a critical point of view, these principles can be interpreted as an Act in themselves. Ideally, it is essential for an employer to adhere to sections I and II of this Act. It will thus be illegal and unethical for an employer to collect personal data of his employees and use them to achieve personal gains, manipulate their performance, or to hold them accountable for various issues that might have been present in the organization (McNally, 2002). To avoid any confusion with this law, it is thus essential for employers to seek the consent of the subjects (employees) prior to collecting their personal data. In this respect, an employer should specifically explain to his/her employees the type of data that needs to be collected, the reasons for collecting the data, and the possible impacts or outcomes that might come about due to the application of this information. This Act is also against the collection of personal data of employees for reasons that might not comply with the law. There have been instances where an employer collects the data of his/her employees to determine whether such employees are affiliated to specific groups or movements. In most cases, employers have been involved in such acts to determine whether certain employees are members of a trade union so that they can take strict measures that either makes their working conditions not to be favourable due to their participation in the trade unions or political movements (Shi, 2010). These purposes are thus not legitimate reasons for employers to collect and utilize the personal data of their employees. Thus, this Act holds that in an event where the data that is to be collected or has been collected is sensitive personal information, it is the obligation of the data controller or the employer to ensure that at least one of the eleven conditions of section 3 of this Act is met.
This Act also puts into consideration two essential substantive aspects of the employees. These substantive considerations have been put in place to ensure that employees are aware of their privacy rights within the workplace. Therefore, under this Act, an employee has the right to be informed by his/her employer whether the data controller is processing any form of his/her personal data (Klein, 2011). This request can be put in place either in writing or verbally. Consequently, the employee has the right to be informed about the type personal data that is being processed by the data controller, its description, and the parties to which this data will be presented to. An employee also has the right to be presented with the data that has been processed and be explained the logic behind any decision that might have been made by his/her employers or the third parties to which the data might have been presented to. This Act is thus designed to protect those employees who might have made decisions that go against the practices or beliefs of their employers. This might arise in an event where an employee declined to present segments of his personal information such as his physical address or such an employee refused to accept a promotion offer from his employer.
Despite the effectiveness of this Act, there are several exceptions where the right of access to personal data is declined. These mainly apply in an event where the data that is to be accessed is confidential (Keenan, 2005). Examples of such data include the disclosure of data of another individual or a third party organization. In such an event, there are provisions that determine the manner in which such information is to be disclosed. In such an event, therefore, an employee is expected to instruct the data controller in writing to stop processing his/her personal data or any other information since it can lead to deformation, an occurrence that the employee might sue his/her employer under the law of tort. Consequently, an employee can seek for a court order that instructs the employer and/or the data controller to modify any data that might be incorrect or to destroy such data to protect his/her personality, reputation, and privacy (Snook, 2007).
The second substantive aspect of the Data Protection Act of 1998 concerns itself with the duties and responsibilities of the employer. According to this act, it is the duty of the employer to ensure that the process of collecting and processing personal data of an employee is consistent with the rules and regulations of the law. According to section six of the Data Protection Act of 1998, an employer is restricted from collecting and processing personal data of an employee and he/she is registered with the Information Commissioner (Snook, 2007). In the case of Durant v Financial Service Authority, the appellant (Durant) asked the data controller of his employer (the defendant) to provide him with all the personal data that they collected about him. Despite the fact that the defendant provided all the personal data of the appellant that was contained in the computerised system, they refused to provide him with the data that was contained in the manual files on the grounds that this form of data was not considered as personal data as per the Data Protection Act of 1998. The courts held that any form of data that was personal in nature is to be considered as personal data hence the data controller was obliged to provide the plaintiff with all the data that he required. Their refusal to comply with this directive thus amounted to breach of the Data Protection Act (5RB, 2013).
Consequently, an employer must present the measures that he/she will put in place to ensure his compliance with the seventh principle of the Act. In an event where the employer changes any personal data of his/her employee, it is his/her duty to notify the Information Commissioner in due time. In rare cases, the Secretary of the State appoints data supervisors whose main role is to monitor the actions of data controllers to ensure that they comply with the stipulated rules and regulations. In an event where an employer has breached these regulations, an employee can claim damages (Thompson, 2008).
Regulation of Investigatory Power Act (2000) and the Telecommunication (Legitimate Business Practices) (Interception of Communication)
The Regulation of Investigatory Powers Act of 2000 was enacted in the United Kingdom to control the powers that public agencies had with regards to surveillance and investigations of individuals (Snook, 2007). Just like the Data Protection Act of 1998, the aim of this Act is to protect the privacy rights of individuals. Through surveillance, it is possible for an employer to gather private information of an employee in a workplace. This can be achieved through intercepting any form of communication of an employee by tapping or listening to the phone calls of an employee, hacking into their social media accounts, emails, and any other form of encryption (Tookey, 2004).
According to this Act, it is an offence for an employer to intercept the communications of his/her employees by using the public postal or telecommunication service. Consequently, it is a criminal offence for an employer to utilize private communication systems to intercept private information of his/her employees. In an event where an employer uses this avenue to gather personal information of his/her employees, the sender and the recipient of the information have the right to sue both the operator of the private telecommunication service and the employer (Zhou, 2006). For instance, George Liddell and Clifford Stanford were found guilty for intercepting the emails of one of their employees, John Porter. After investigations were conducted, it was found that they defendants had set up a hotmail account that intercepted all the emails that Mr. Porter received. The court viewed this act as a breach of the RIP Act of 2000 and sentenced the defendants to six months in jail and a fine of £20,000 each (Prochaska, 2009).
The exception to this Act arises when the employer has the consent of the sender or the recipient of the information to intercept such data. However, it is difficult to determine whether consent was sought since it will be difficult for an employer to seek for the consent of an employee who is to be investigated as this action might affect the outcome of the investigative process. Consequently, there are instances where an employer has set up policies that give him/her the right to investigate any data that might be present in the computer of an employee. It is thus difficult to determine whether the interception of such information is lawful or not.
Human Rights Act of 1998
In the United Kingdom, the private lives of individuals is protected under Article 8 of the ECHR that was enacted into law under the Human Rights Act of 1998 (Prochaska, 2009). Article 8 protects the rights of individuals from public and private authorities on four distinctive grounds:
- Private life
- Family life
- Home
- Correspondence
It is thus the duty of an employer to ensure that he/she adheres to Article 8 while handling the personal information of an employee in a workplace. However, it should be noted that Article 8 is a qualified right. Therefore, there are instances where an employer is permitted by the law to invade the private and family life of an individual. However, section 2 of this Article states that this exception is only permitted in an event where interference is in accordance to the law and aims at enhancing the security, public safety, and/or the overall wellness of the nation (Prochaska, 2009).
In practice, Article 8 imposes has two obligations; a positive obligation that aims at protecting the private life of an individual, family life, home, and correspondence and a negative obligation that ensures respect is given to the above constructs. In a workplace, the private life of an employee constitutes the following:
- The physical and psychological integrity of an employee
- Personal space
- Personal information
- Personal identity
- Autonomy
- Sexuality
- Self development
The court ruling of the case of Kara v UK Appl is a prime example of the application of the human rights act of 1998 in the UK. In this case, the plaintif, Kara, claimed that the accused had deprived him his human rights by denying him the right to dress in women clothes due to his bisexual nature. According to the plaintiff, his employer had interfered with his personal space, culture, and sexuality. The court held that the employer had violated Article 8 and Article 14 of the Human Rights Act on the grounds that the rules they had developed affected the dressing code of the plaintiff who was affected while he was within and outside the work environment (Prochaska, 2009).
Due to the sensitive nature of the private life of an individual, Article 8 has put in place regulations that an employer should adhere to in the event of collecting and storing the personal information of an employee. An employer is thus prohibited from disclosing such information to third parties. From a critical point of view, it is evident that most aspects of surveillance and monitoring that employers put in place breach the stipulations that have been put in place by this legislation. The use of CCTV cameras, phone taping, and GPS surveillance are prime examples (Prochaska, 2009).
Article 8 also offers protection to employees in the United Kingdom. The article this goes beyond the traditional family ties to protect the right of employees to include couples, same sex relationships, cohabitation, foster parents and so on. According to section 2 of this article, an individual may cease to enjoy these rights if he/she is considered to be an immigrant or an asylum seeker. Thus, case law states that interference might take place in an event where one spouse in an immigrant or when a child/parent is not a citizen of Britain (Prochaska, 2009). However, deportation and extradition processes must be conducted in accordance to the law.
Article 8 has defined a home as a physical residence where an individual develops and enjoys his private and family life (Prochaska, 2009). Thus, it is the obligation of an employer to ensure that his/her employees are enjoying the rights to their homes (Prochaska, 2009). Similarly, an employer is expected to take necessary measures to ensure that his/her employees are aware of any risks in an event where they reside within the work premise. Consequently, an employer is forbidden by the law to enter and/or search the home of his employee without formal permission.
Correspondence relates to the postal address, emails, or any other form of communication that an individual might be involved in (Michaels, 2006). An employer is thus prohibited under Article 8 to discriminatively use this information to achieve specific goals. For instance, the ECHR held that it was unlawful for prison officials in the UK to use racial profiling as a basis of routine correspondence checks (Michaels, 2006). Consequently, courts in the UK have concluded that telephone hacking is unlawful since it violates the human rights to privacy under Article 8. These rulings led to the development of legislations such as the Regulation of Investigatory Powers Act of 2000 which all employers in the UK are expected to abide to.
Conclusion
From the arguments that have been presented in this paper, it is evident that the law imposes a heavy burden on employers in the process respecting and maintaining the privacy of an employee within a workplace. Thus, employers are obliged by the law to act in accordance with the rules and regulations that have been set to ensure that the privacy of an employee is maintained and his/her personal information is protected. This will ensure that employees enjoy a conducive working environment given the fact that their employers respect their rights to privacy.
References
5RB 2013, Durant v Financial Services Authority, Web.
Boblitz, M 2006, ‘Looking out the window: Market intelligence for a view of the real world’, Healthcare Financial Management, vol. 1 no. 2, pp. 47-53.
Clayton, R 2009, The Law of Human Rights, Oxford University Press, Oxford
Foster, S 2006, Human Rights and Civil Liberties, Oxford University Press, Oxford
Gee, P 2003, ‘The compelling case for perpetual strategic planning’, Service Line: Eight Essential Rules, vol. 2 no. 3, pp. 62-64.
Grebe, M 2005, ‘Strategic financial planning: What every trustee needs to know about facility replacement’,Trustee, vol. 12 no. 4, 24-28.
Hodgetts, S 2003, ‘U. S. Multinationals’ expatriate compensation strategies’, Compensation and Benefits Review, vol. 2 no. 1, pp. 57-62.
Irmer, B 2007, Human resource capital, Sage, New York.
JCHR 2008, Data Protection and Human Rights, The Stationery Office, London
Keenan, T 2005, ‘Genetic data collection next great frontier’, Business Edge, vol. 3 no. 1, pp 14-22
Klein, R 2011, ‘Compensating your overseas executives: Part three. Exporting U.S. stock option plans to expatriates’, Compensation and benefits review, vol. 6 no. 1, pp. 27-38.
McNally, K 2002, ‘Compensation as a strategic tool’, Human Resource Magazine, vol 12 no. 1, pp. 59-66.
Melvin, S 2007, ‘Shipping out’, The China Business Review, vol. 2 no. 1, pp. 30-34.
Mendenhall, M 2007, Human Resource Management, Sage, Chicago
Michaels, A 2006, Human Rights Law. Hart Publishing, Oxford
Moorhead, G 2008, Organizational behavior: managing people and organization, Houghton Mifflin Company, London.
Nussbaum, K 1992, ‘Workers under surveillance’, Computerworld, vol. 13 no. 2, pp. 41-50
Oddou, G 2011, ‘Succession planning for the 21st century: How well are we grooming our future business leaders?’, Business Horizons, vol. 2 no. 1, pp. 26-34.
Pinder, C 2012, Making organizations humane and productive, Wiley, New York.
Prochaska, A 2009, Blackstone’s Guide to the Human Rights Act 1998, Oxford University press, Oxford
Pucik, V 2007, ‘Human resources in the future: An obstacle or a champion of
Globalization?’, Human Resource Management, vol. 36, pp. 163-167.
Raab, G 2011, Protecting information privacy. Oxford University Press, Oxford
Reynolds, C 1997, ‘Compensation in historical perspective’, Journal of World Business, vol. 32 no. 4, pp. 118-132.
Robertson, D 1997, A dictionary of human rights, Europa, London
Ryan, D 2011, Surveillance reform for a digital age. Justice, London
Shi, W 2010, ‘HRM practices and challenges in UK: Comparison with Western firms’, Journal of World Business, vol. 44 no. 3, pp. 69-110
Snook, H 2007, Crossing the threshold: 266 ways the state can enter your home, Centre for Policy Studies, London
Thompson, A 2008, Crafting and executing strategy, McGraw Hill, New York.
Tookey, D 2004, ‘Factors Associated with Success in a Workplace’, Journal of Management Studies, vol. 1 no. 1, pp. 48-64.
Work, F 2004, ‘Letter to the Editor’, The Edmonton Journal, vol. 4 no. 1, pp. 51-77.
Zhou, G 2006, ‘An Examination of HR Strategic Recruitment and Selection Approaches in China’, Journal of Management Studies, vol. 6 no. 1, pp. 44-60