Category Archives: Privacy

Industrial Justice: Privacy Protection for the Employed

Source: Ariana Levinson, Cornell Journal of Law and Public Policy, Vol. 18, No. 3, 2009

From the abstract:
118 years ago Samuel Warren & Louis D. Brandeis proclaimed that technological change necessitated new protections for the right to privacy. Today, new protections for the right to privacy are called for once again because, in the American workplace, technological change continues unabated and little privacy is afforded employees from employer monitoring using the technology. Moreover, employers are disciplining and terminating employees based on information uncovered by monitoring. Recently, many employees have been terminated for off-duty blogging. Employees are often disciplined for using e-mail for personal reasons while at work. And global positioning systems (“GPS”) have been relied on to discipline drivers and other employees.

This is the first academic article to provide a detailed review of labor arbitration decisions governing the right to privacy from employer monitoring in over thirty years. The article uses the decisions, on employee privacy and technologies such as GPS, e-mail, and the Internet, as a springboard to propose privacy protections in the non-Union private sector workplace. It, thus, fills a gap in the academic literature. The framework suggested provides the greatest protection for off-duty behavior, intermediate protection for on-duty expression of thought, such as through computer usage, and baseline protection for on-duty actions. It could be implemented through legislation of minimum rights or mandates for employers to adopt safe-harbor policies.

The Social Security Number: Legal Developments Affecting Its Collection, Disclosure, and Confidentiality

Source: Congressional Research Service, RL30318, February 21, 2008

From the summary:
While the social security number (SSN) was first introduced as a device for keeping track of contributions to the Social Security system, its use has been expanded by government entities and the private sector to keep track of many other government and private sector records. Use of the social security number as a federal government identifier was based on Executive Order 9393, issued by President Franklin Roosevelt. Beginning in the 1960s, federal agencies started adopting the social security number as a governmental identifier, and its use for keeping track of government records, on both the federal and state levels, greatly increased. Section 7 of the Privacy Act of 1974 limits compulsory divulgence of the social security number by government entities. While the Privacy Act does provide some limits on the use of the social security number by state and federal entities, exceptions provided in that statute and succeeding statutes have resulted in only minimal restrictions on governmental usage of the social security number. Constitutional challenges to social security number collection and dissemination have, for the most part, been unsuccessful. Private sector use of the social security number is widespread and continues to be largely unregulated by the federal government. The chronology in this report provides a list of federal developments affecting use of the social security number, including federal regulation of the number, as well as specific authorizations, restrictions, and fraud provisions concerning its use.

Spying Employers Raise Legal Hackles

Source: Tresa Baldas, The National Law Journal, August 19, 2008

A growing number of employers are hiring private investigators to spy on employees suspected of taking leave dishonestly under the Family Medical Leave Act.

Management-side attorneys claim that FMLA abuses have gotten out of hand, and employers need a tool — in this case surveillance — to catch malingerers using FMLA improperly. And it’s been pretty successful, they said, noting that private investigators in recent years have helped catch employees bowling, doing yard work or holding second jobs when they’re supposed to be out on sick leave.

Employee-rights attorneys, meanwhile, view surveillance as harassment, intimidation and an interference with a worker’s right to take FMLA leave. It also has a chilling effect on other employees who may not take the leave for fear of being spied on.

Both sides, however, note that the courts appear to be siding with employers.

Life after Work: Privacy and Dismissal

Source: Virginia Mantouvalou, LSE Legal Studies Working Paper No. 5/2008, April 2008

From the abstract:
This article addresses the issue of termination of employment because of the conduct of the employee in her leisure time, in the light of the human right to private life. It explores the impact on the retention of employment of activities taking place outside the workplace and outside working hours, and argues that the approach of domestic courts and tribunals on the matter, which is based on a spatial conceptualisation of privacy, is flawed. Having analysed the reasons why the current interpretation of privacy is wanting, the paper suggests a fresh approach, which rests on the idea of domination that the employer can exercise on the employee. The paper’s proposition is based on an interpretation of the right to privacy as a right to control information, rather than a right to act in spatial isolation. It argues that life after work may lead to lawful dismissal only if there is a clear and present impact or a high likelihood of such impact on employment, whilst a speculative and marginal danger does not suffice.

What Your Broadband Provider Knows About Your Web Use: Deep Packet Inspection and Communications Laws and Policies

Source: Alissa Cooper, Center for Democracy and Technology, Testimony before the House Telecom Subcommittee, July 17, 2008

From the summary:
CDT Testifies Before House Telecom Subcommittee About Online Behavioral Advertising – CDT today testified before the House Telecom Subcommittee regarding the privacy implications of “deep packet inspection,” a technology underlying some online behavioral advertising models. CDT warned that consumers are increasingly concerned about the growing amount of personal data being collected by online advertising practices, but that they are ill-equipped to take steps to protect their privacy. CDT also said that the emerging advertising model partnering ISPs with ad networks brings new legal complexities and privacy risks to the e-commerce equation. CDT urged Congress to take a comprehensive look at online advertising practices and made several recommendations for designing policies and laws that insure consumer privacy and instill trust in the electronic marketplace.
See also:
CDT Senate Commerce Committee Testimony, July 09, 2008
• ISP, Ad Networking Scheme May Violate Federal and State Wiretap Laws
Press Release, July 08, 2008
CDT Legal Analysis Memo, July 08, 2008

Homeland Security Expands Requirements Over Workers, Travelers

Source: Electronic Privacy Information Center, June 2008

President Bush has signed Executive Order 12989 which gives the Department of Homeland Security authority to review employment eligibility for all federal employees and federal contractors. The decision to expand E-Verify comes after Congress rejected the President’s verification proposal and a federal court struck down the agency’s attempt to establish similar authority by regulation. EPIC testified in Congress in 2007 against the “Employment Eligibility Verification System.” Meanwhile, the Transportation Security Administration, a division of Homeland Security, will now require travelers to present identity documents or to be “cooperative.”
See also:
EPIC Spotlight on Surveillance: “National Employment Database Could Prevent Millions of Citizens From Obtaining Jobs” and EPIC Amicus in Gilmore v. Ashcroft.

Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information

Source: Government Accountability Office, GAO-08-536, May 2008

The centerpiece of the federal government’s legal framework for privacy protection, the Privacy Act of 1974, provides safeguards for information maintained by federal agencies. In addition, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for systems or collections containing personal information.

Increasingly sophisticated ways of obtaining and using personally identifiable information have raised concerns about the adequacy of the legal framework for privacy protection. Although the Privacy Act, the E-Government Act, and related guidance from the Office of Management and Budget set minimum privacy requirements for agencies, they may not consistently protect personally identifiable information in all circumstances of its collection and use throughout the federal government and may not fully adhere to key privacy principles. Based on discussions with privacy experts, agency officials, and analysis of laws and related guidance, GAO identified issues in three major areas:

Applying privacy protections consistently to all federal collection and use of personal information.
Ensuring that collection and use of personally identifiable information is limited to a stated purpose.
Establishing effective mechanisms for informing the public about privacy protections.

Related:
Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Indentifiable Information, GAO-08-795, June 18, 2008

Privacy: Agencies Should Ensure That Designated Senior Officials Have Oversight of Key Functions, GAO-08-603, May 30, 2008

Center for Democracy and Technology (CDT) Urges Congress to Move This Year to Update Federal Privacy Legislation
Testimony before Senate Government Affairs Committee

REAL ID: Final Regulations

Source: Jeremy Meadows, Molly Ramsdell and Matt Sundeen, National Conference of State Legislatures, LegisBrief, Vol. 16, no. 25, June/July 2008
(subscription required)

In January, the Department of Homeland Security (DHS) issued the long-awaited final regulations on implementation of the REAL ID Act of 2005, a mere four months before the May 11, 2008, statutory implementation date. Under the act, states are required to adopt federal standards for driver’s licenses and identification cards or the federal government will not accept the licenses or identification cards for federal purposes such as boarding commercial aircraft, entering a federal building or nuclear power plant, or other purposes as determined by the secretary of Homeland Security. DHS re-estimated the cost to states of implementation at just under $4 billion over 10 years.

High-Tech Medical Records: Can electronic records transform health care?

Source: Kory Mertz and Donna Folkemer, State Legislatures, June 2008

In the middle of a legislative session, a veteran legislator from an out-county district walks into the ER near the Capitol complaining of a headache and nausea. He is handed a stack of forms to fill out. Unable to recall most of this information, he is forced to leave many fields blank, including the names of his many prescriptions. To fill in all the missing information the doctor has to run a host of tests, some very expensive. The legislator is sent home to await the test results feeling no better than when he arrived. The state foots the bill.

This is the current state of affairs in health care. Now envision this situation transformed by information technology.

The legislator enters the ER and a nurse pulls up his complete electronic health record within seconds. No forms to fill out, no prescriptions to remember. The doctor reviews the lawmaker’s record and notices that his five medications were prescribed by four different specialists. After speaking with the patient, the doctor deduces the symptoms are likely the result of a bad prescription interaction. Checking her findings with a computer system that helps make clinical decisions, the doctor prescribes an alternative medication and updates the patient’s record. The prescription is electronically sent to a pharmacy of the legislator’s choosing. No paper, no agonizing wait for the legislator and no redundant–and expensive–testing.

Former Speaker of the U.S. House of Representatives Newt Gingrich and others see health information technology (IT) as key to fixing a dysfunctional health-care system. “Health information technology is essential if we are to make any meaningful change, from reining in costs to improving the delivery of care to expanding insurance coverage. We simply cannot continue to prop up a 1950s paper-based system and expect anything to change,” says Gingrich, founder of the Center for Health Transformation.

Instant access to vital health information can save time, money and, ultimately, lives. When doctors see a patient’s complete medical history, they can make better decisions by preventing harmful drug interactions and eliminating duplicate tests or procedures. The Center for Information Technology Leadership estimates that this kind of technology would save $77.8 billion a year–or about 4 percent in a $2 trillion health system.

But moving health care into the digital age will be far from easy.