More than 21 percent of those polled said that

CPSR Workplace Privacy Testimony ===================================================== Prepared Testimony and Statement for the Record of Marc Rotenberg, Director, CPSR Washington office, Adjunct Professor, Georgetown University Law Center on H.R. 1900, The Privacy for Consumers and Workers Act Before The Subcommittee on Labor-Management Relations, Committee on Education and Labor, U.S. House of Representatives June 30, 1993 Mr. Chairman, members of the Subcommittee, thank for the opportunity to testify today on H.R. 1900, the Privacy for Consumers and Workers Act. My name is Marc Rotenberg and I am the director of the CPSR Washington office and an adjunct professor at Georgetown University Law Center where I teach a course on information privacy law. Speaking on behalf of CPSR, we strongly endorse the Privacy for Consumers and Workers Act. The measure will establish important safeguards for workers and consumers in the United States. We believe that H.R. 1900 is particularly important as our country becomes more dependent on computerized information systems and the risk of privacy abuse increases. CPSR has a special interest in workplace privacy. For almost a decade we have advocated for the design of computer systems that better serve the needs of employees in the workplace. We do not view this particular goal as a trade-off between labor and management. It is our belief that computer systems and information policies that are designed so as to value employees will lead to a more productive work environment and ultimately more successful companies and organizations. As Charles Hecksher of the Harvard Business School has said good managers have no use for secret monitoring. Equally important is the need to ensure that certain fundamental rights of employees are safeguarded. The protection of personal privacy in the information age may be as crucial for American workers as the protection of safety was in the age of machines. Organizations that fail to develop appropriate workplace privacy policies leave employees at risk of abuse, embarrassment, and harassment. The concern about workplace privacy is widely felt in the computer profession. This month MacWorld magazine, a leading publication in the computer industry, released a special report on workplace privacy. The report, based on a survey of 301 companies in the United States and authored by noted science writer Charles Piller, made clear the need for a strong federal policy. Among the key findings of the MacWorld survey: they had "engaged in searches of employee computer files, voice mail, electronic mail, or other networking communications."

"Monitoring work flow" is the most frequently cited reason for electronic searches.

In two out of three cases, employees are not warned about electronic searches.

Only one third of the companies surveyed have a written policy on privacy

What is also interesting about the MacWorld survey is the high level of concern expressed by top corporate managers about electronic monitoring. More than a half of those polled said that electronic monitoring was either "never acceptable" or "usually or always counterproductive." Less than five percent believed that electronic monitoring was a good tool to routinely verify honesty. These numbers suggest that managers would support a sensible privacy law. Indeed, they are consistent with other privacy polls conducted by Professor Alan Westin for the Lou Harris organization which show that managers are well aware of privacy concerns and may, with a little prodding, agree to sensible policies. What would such a policy look like? The MacWorld report also includes a model privacy policy that is based on several U.S. and international privacy codes. Here are the key elements:

Employees should know what electronic surveillance tools are used, and how management will use the data gathered.

Management should minimize electronic monitoring as much as possible. Continuous monitoring should not be permitted.

Data should only be used for clearly defined, work-related purposes.

Management should not engage in secret monitoring unless there is credible evidence of criminal activity or serious wrongdoing.

Data gathered through monitoring should not be the sole factor in employee evaluations.

Personal information gathered by employers should not be disclosed to any third parties, except to comply with legal requirements.

Employees or prospective employees should not be asked to waive privacy rights.

Managers who violate these privacy principles should be subject to discipline or termination.

Many of these provisions are contained in H.R. 1900, the Privacy for Consumers and Workers Act. Clearly, the policies and the bill itself are not intended to prohibit monitoring, nor to prevent employers from protecting their business interests. What the bill will do is help establish a clear framework that ensures employees are properly notified of monitoring practices, that personal information is not misused, and that monitoring capability is not abused. It is a straightforward, sensible approach that does not so much balance rights as it clarifies interests and ensures that both employers and employees will respect appropriate limitations on monitoring capability. The need to move quickly to establish a framework for workplace privacy protection is clear. Privacy problems will become more acute in the years ahead as new monitoring schemes are developed and new forms of personal data are collected. As Professor Gary Marx has made clear, there is little that can be imagined in the monitoring realm that can not be achieved. Already, some members of the computer profession are wearing "active badges" that provide full-time geographical monitoring. Properly used, these devices help employees use new tools in the hi-tech workplace. Improperly used, such devices could track the physical movements of an employee throughout the day, almost like a blip on a radar screen. Computers are certainly powerful tools. We believe that they can be used to improve productivity and increase job satisfaction. But this requires that appropriate policies be developed to address employee concerns and that laws be passed, when necessary, to ensure that computer abuse does not occur. This concludes my testimony. I would be pleased to answer your questions. =====================================================