Purchase Article Back | Chicago-Kent Home | Journal Home

Employee Rights and Employment Policy Journal


Volume 1 1997 Number 1

HOW EMPLOYERS HANDLE EMPLOYEES' PERSONAL INFORMATION
Report of a Recent Survey

BY
DAVID F. LINOWES*
AND
RAY C. SPENCER**

INTRODUCTION

[P.153]When the Watergate episode occurred, few realized it would be the trigger to spawn extensive probes of personal privacy abuses on the part of both government and business. And yet it generated a concern that caused Congress to respond with the Privacy Act of 1974. 1 President Ford signed the legislation into law on New Year's Day, 1975, making it the first legislative action of the new administra-tion. Public Law 93-579 was to "provide certain safeguards for an in-dividual against an invasion of personal privacy" by the federal government and mandated the establishment of the Privacy Protec-tion Commission. That commission was chartered to examine all ac-tual and potential invasions of privacy in the private and public sectors and recommend legislation to the President and Congress. The commission's final report, Personal Privacy in an Information Society, was published in July, 1977. 2 This 654-page volume contained 162 specific recommendations. These recommendations included changes in the records maintained in consumer credit, the depository relationship, mailing lists, insurance, employment, medical files, inves-tigative reports, government data systems, and education. In addition, the commission studied the use of the Social Security number and uni-versal identifiers, Internal Revenue Service data, and the adequacy of the Privacy Act itself. The panel was authorized to hold hearings, conduct inspections, and issue subpoenas to carry out its work. The [P.154] report and proposals of the commission were well-received in the U. S. and abroad. Several nations used the findings to help draft their own privacy protection legislation.

The Privacy Commission focused on the specific ways personal-data record keeping systems were shaping the lives of individuals in society. These included the observation that organizations were mak-ing and keeping records about individuals for reasons other than just to facilitate business relationships. 3 Organizations were making it possible for other entities, including the government, to monitor the actions of individuals. There was also a trend toward the accumula-tion of records that included more personal details. This was espe-cially true in the credit and financial services areas where a great deal of information sharing was taking place. In banking, electronic funds transfer systems were having a profound impact on personal privacy. Financial institutions were verifying the data individuals provided by comparing their records with those collected by others. 4 Often, this was done without the subject's knowledge. The law failed to protect the citizen in this area and records were increasingly being used by institutions with which the individual had no direct contact. 5

Some records carried with them a social stigma. For instance, taking a minor or temporary problem to a psychiatrist could result in negative consequences on the job. Similarly, arrest records, military discharge codes, and insurance claims influenced credit worthiness de-cisions. Individuals who were the subject of such adverse decisions were helpless to stop the damage once it had started. 6 Existing law simply ignored the interest people had in records about themselves. The consequences were evident to applicants for graduate and profes-sional schools, people being considered for jobs or promotions, pa-tients whose records were disclosed to their employer, the subjects of credit investigations, and anyone seeking assistance from a federal agency.

The prescreening of mailing lists was a specific record keeping technique that was particularly troublesome. 7 The broad availability and low cost of computer and telecommunications technologies pro-vided both the impetus and the means to perform new, sophisticated record keeping functions. Along with this came disadvantages for the [P.155] individual. Errors in records could be propagated all over the country at the speed of light. Yet most organizations made no effort to for-ward corrections to subsequent users of data, because existing laws did not require them to do so. 8 There was a general lack of incentives for record keeping organizations to act in ways which protected the individual's interests.

It was especially difficult for individuals to find out how records about them were being used. What limited rights people had concern-ing their files required them to take the initiative and exercise those rights. Few people did. Meanwhile, the list of records kept about an individual of which he or she was not aware was endless. In most cases, the individual could only guess at the types of information being maintained and by whom. The situation made it all but impossible to identify errors and trace them to their source.

Records continued to supplant face-to-face contact in society. Never before had organizations dealt with individuals in such an ex-acting fashion and on such a large scale. In no time in our history had so many organizations had the facilities for keeping the relevant facts detailing the lives of such a multitude of people. Automated record keeping had changed the way people interacted with societal institu-tions. Once an individual had established a relationship with a record keeping organization, he or she lost all practical control over what actually got in the record and how it was subsequently used.

The Privacy Commission concluded that an effective privacy pro-tection policy must be adopted to create a proper balance between what an individual is expected to divulge to a record keeping organi-zation and what he seeks in return. 9 This would minimize intrusive-ness. It is important to open up record keeping operations in ways that will minimize the extent to which recorded information about an individual is a source of unfairness in any decision made about the individual on the basis of such information. This more open system of data gathering would maximize fairness. The commission felt it was necessary to create legitimate and enforceable expectations of confi-dentiality, by defining obligations with respect to the uses and disclo-sures that will be made of recorded information about an individual. 10

The Privacy Commission recommended that responsible policies governing employee files be adopted promptly. The need for change [P.156] was deemed acute enough to justify mandatory legislation, but forced change could result in hardships. Organizations in many industries were willing to cooperate voluntarily. In the mailing list industry, cus-tomers were given the option of vetoing any exchange of names with other list holders.

In other areas, however, mandatory measures were specified. Legal remedies had to protect the privacy of individual bank records. As a result, the Right to Financial Privacy Act of 1978 was enacted to set limits on federal government access to individual information held by banks and credit card issuers. 11

In the area of employment and personnel files, the complexity of the relationship between employer and employee and the difficulty in classifying the various records employers maintained made changes in record keeping practices necessary and prudent. Governmental mechanisms were needed to allow citizens to question the propriety of information collected and used by various employers.

PRIVACY IN THE WORKPLACE SURVEY

Abuse of personnel files remains a serious problem today, twenty years after the Privacy Commission presented its findings to the Presi-dent and Congress. To determine the extent to which corporate America is voluntarily adopting the recommendations of the Privacy Commission and protecting employee privacy, a survey was conducted in 1996 by Professor David F. Linowes, former Chairman of the U. S. Privacy Protection Commission and one of the authors of this work. The study revealed that although several leading companies have re-sponded, too many companies have not yet adopted the kind of pri-vacy safeguards needed for employee records.

The comprehensive survey was conducted, in conjunction with the Survey Research Laboratory at the University of Illinois, to deter-mine the extent to which the largest industrial corporations of America have policies safeguarding the personal information they col-lect and maintain about their employees, former employees, and ap-plicants for employment.

A sample of 300 companies was selected from among the Fortune 500 corporations. Eighty-four companies, or 28 percent representing over 3.2 million employees, responded. Because major corporations [P.157] are standard setters of business practices, the impact of the policies described goes well beyond the Fortune 500 corporations.

A. Disclosures of Personal Employment Data

Highlights

Seventy percent of the corporations have a policy concerning which records are routinely disclosed to inquiries from government agencies. As a result, the employees of 3 out of 10 corporations are left without such guidance.

Also, 7 out of 10 disclose personal information to credit grantors; almost one-half (47%) disclose it to landlords; and aproximately one out of 5 (19%) give the data to charitable organizations.

Survey

Note: Numbers in parentheses following the percentages are the numbers of corporations answering this specific question.

1a. Does your organization have a policy concerning which records will be routinely disclosed to inquiries from government agencies?

    No 30% (24)

b. If so, does this policy include the requirement of a subpoena for disclo-sure of personnel records to government agencies?

  • Yes 63% (36)
  • No 37% (21)

c. If you require a subpoena, which of the following kinds of subpoenas are recognized for release of such information?

  • (1) Grand Jury 94% (32)
  • (2) Administrative 93% (29)
  • (3) Legislative 88% (29)
  • (4) Other 71% (15)

2a. Does your organization always require a subpoena before releasing information to any nongovernment inquirer?

  • Yes 38% (31)
  • No 62% (51)
[P.158]

b. Does your organization disclose information to any of the following nongovernment inquirers without a subpoena?

  • (1) Landlords 47% (21)
  • (2) Credit grantors 70% (32)
  • (3) Charitable organizations 19% ( 8)

Recommended Fair Information Practices

An employer should limit external disclosures of information in records kept on individual employees, former employees, and appli-cants; it should also limit the internal use of such records.

B. Individual Access

Highlights

While most corporations (92%) give employees access to person-nel records, only about one in four (28%) allows access to supervisors' records. Three-fourths (76%) allow employees to place corrections in their personnel records. Of those that do, three out of four (77%) forward these corrections to anyone who received the incorrect information.

Survey

3a. Does your organization have a policy giving your personnel access to their:

  • (1) Supervisors' records 28% (23)
  • (2) Personnel office records 92% (77)
  • (3) Accounting office records 29% (21)
  • (4) Insurance records 63% (49)
  • (5) Security records 19% (14)
  • (6) Medical records 76% (59)

b. If so, can they copy these records?

  • (1) Supervisors' records 42% ( 8)
  • (2) Personnel office records 72% (48)
  • (3) Accounting office records 63% (10)
  • (4) Insurance records 75% (30)
  • (5) Security records 45% ( 5)
  • (6) Medical records 66% (29)
[P.159]

4a. Does your organization allow personnel to correct or amend any of their:

  • (1) Supervisors' records 29% (22)
  • (2) Personnel office records 76% (63)
  • (3) Accounting office records 25% (17)
  • (4) Insurance records 52% (39)
  • (5) Security records 16% (11)
  • (6) Medical records 48% (37)

b. If so, are these corrections or amendments forwarded to anyone who received incorrect information?

  • (1) Supervisors' records 95% (19)
  • (2) Personnel office records 77% (41)
  • (3) Accounting office records 87% (13)
  • (4) Insurance records 88% (29)
  • (5) Security records 100% (10)
  • (6) Medical records 84% (26)

5. Does your organization have a policy stating who is authorized, within the organization, to have access to personnel records?

Yes - 87% - (73)

Recommended Fair Information Practices

A. An employer should permit individual employees, former employees, and applicants to see, copy, correct, or amend the records maintained about them; except where necessary to protect highly restricted security records.

B. An employer should assure that the personnel and payroll records it maintains are available internally only to authorized users and on a need-to-know basis.

C. Informing the Individual

Highlights

Over half of the corporations inform personnel of the types of records maintained (62%), and how they are used (56%).

Nearly half (49%) of the corporations responding find it neces-sary to collect information without informing the individual.

Three out of four (75%) organizations check, verify, or supple-ment background information collected directly from personnel.

Survey

6. Does your organization have a policy to inform personnel of: [P.160]

a. The types of records maintained on each individual?
Yes 62% (51)

b. The use of these records within the organization?
Yes 56% (45)

c. Which records the individual has access to?
Yes 82% (67)

d. Which records the individual does not have access to?
Yes 52% (40)

e. The organization's routine practices of disclosure to governmental inquirers?
Yes 42% (32)

f. The organization's routine practices of disclosure to nongovernmen-tal inquirers?
Yes 49% (38)

g. Any special, non-routine disclosure to governmental inquirers?
Yes 18% (12)

h. Any special, non-routine disclosure to nongovernmental inquirers?
Yes 21% (14)

7. Does your organization ever find it necessary to collect information without informing the individual?
Yes 49% (37)
No 51% (39)

8a. Does your organization ever check, verify, or supplement background information collected directly from personnel?
Yes 75% (60)
No 25% (20)

b. Is the individual who is the subject of a background check always noti-fied before such information is collected?
Yes 74% (42)
No 26% (15)

c. Is the individual who is the subject of a background check always noti-fied after such information is collected?
Yes 37% (15)
No 63% (25)

d. Does your organization have a policy allowing the individual to have access to the information collected during a background check?
Yes 42% (24)
No 58% (33) [P.161]

e. Is there a policy which allows the individual to correct or amend this information?
Yes 75% (18)
No 25% ( 6)

Recommended Fair Information Practices

A. An employer, prior to collecting the type of information generally col-lected about an applicant, employee, or other individual in connection with an employment decision, should notify him/ her as to:

    (1) the types of information expected to be collected;
    (2) the techniques that may be used to collect such information;
    (3) the types of sources that are expected to be asked;
    (4) the types of parties to whom and circumstances under which infor-mation about the individual may be disclosed without his authoriza-tion, and the types of information that may be disclosed;
    (5) the procedures established by statute by which the individual may gain access to any resulting record about himself; and
    (6) the procedures whereby the individual may correct, amend, or dis-pute any resulting records about himself.

B. An employer should clearly inform all its applicants upon request, and all employees automatically, of the types of disclosures it may make of information in the records it maintains on them, including disclosures of directory information, and of its procedures for involving the individual in particular disclosures.

D. Authorizing Personal Data Collection

Highlights

Nine out of ten (93%) companies obtain written permission from the individual when seeking information about him/ her from a third party.

When written permission is not obtained, only 3 out of 10 (32%) corporations have a policy of informing an individual of the types of information sought; one of 4 (25%) tell them the techniques used to collect it; and 3 out of 10 (29%) disclose the sources.

Survey

9a. Does your organization obtain written permission from an employee or applicant when you seek information about him or her from a third party?
Yes 93% (74)
No 7% ( 6) [P.162]

10. If so, does this permission indicate:

    (1) The specific third party? 67% (47)
    (2) The nature of the information 93% (65) being sought?
    (3) The specific individuals in your 58% (40) organization who may receive this information?
    (4) The specific purpose for which 91% (63) the information will be used?

11. In those instances when written permission is not obtained, does your organization have a policy of informing the individual of:

  • a. The types of information expected to be collected about him or her from third parties?
    Yes 32% ( 9)
  • b. The techniques used to collect the information?
    Yes 25% ( 7)
  • c. The sources, such as employers, credit bureaus, or independent check guarantee services, asked to supply the information?
    Yes 29% ( 8)

Recommended Fair Information Practices

No employer should ask, require, or otherwise induce an applicant or employee to sign any statement authorizing any individual or institu-tion to disclose information about him, or about any other individual, unless the statement is:


(1) in plain language;
(2) dated;
(3) specific as to the individuals and institutions he is authorizing to disclose information about him;
(4) specific as to the nature of the information he is authorizing to be dis-closed;
(5) specific as to the individuals or institutions to whom he is authorizing information to be disclosed;
(6) specific as to the purpose( s) for which the information may be used; and
(7) specific as to its expiration date, which should be for a reasonable period of time not to exceed one year.

E. Medical Records

Highlights

One-third (35%) of the companies use medical records of person-nel in making employment-related decisions. Nine out of ten (90%) inform the employee of such use. [P.163]

Nearly all (99%) of the companies responding have restrictions in regard to smoking, but in all cases (100%) such restrictions apply to places where smoking is allowed.

One of twenty (5%) companies shows in its personnel records whether an employee is a smoker or non-smoker.

Survey

12a. Does your organization provide any of the following health-related programs for employees that are at least partially funded by the organ-ization?

    (1) Health insurance 100% (81)
    (2) Life insurance 99% (80)
    (3) Employee assistance program 96% (77) (EAP), including counseling
    (4) EAP, including services for 96% (73) dependents

b. Are employee medical records kept together with other personnel records?
Yes 0% ( 0)
No 100% (47)

c. Are medical records ever used in making employment-related deci-sions?
Yes 35% (29)
No 65% (53)

d. Is the employee always informed of such use?
Yes 90% (26)
No 10% ( 3)

13. Does your organization have any restrictions in regard to smoking?
Yes 99% (82)
No 1% ( 1)

14. Does the restriction apply to:

    a. Places where smoking is 100% (82) allowed?
    b. Time of day when smoking is 11% ( 8) permitted?

15. Does your employment application inquire whether the applicant smokes?
Yes 2% ( 2)
No 98% (81) [P.164]

16. Do your personnel records contain information on whether the employee is a smoker or non-smoker?
Yes 5% ( 4)
No 95% (78)

Recommended Fair Information Practices

A. An employer that maintains an employment-related medical record about an individual should assure that no diagnostic or treatment infor-mation in any such record is made available for use in any employment decision. However, in certain limited circumstances, special medical information might be so used after informing the employee.

B. Upon request, an individual who is the subject of a medical record maintained by an employer, or another responsible person designated by the individual, should be allowed to have access to that medical rec-ord, including an opportunity to see and copy it. The employer may charge a reasonable fee for preparing and copying the record.

C. An employer should establish a procedure whereby an individual who is the subject of a medical record maintained by the employer can request correction or amendment of the record.

F. Drug Testing

Highlights

Most (86%) of the corporations have a drug-testing program in operation. Nearly all (97%) use the program for pre-employment screening.

Almost all (96%) had a drug-testing program for over two years. Most (81%) began the program because of general concern for the safety of employees. Three of five (64%) used random employee drug tests.

Survey

17a. Would you describe your organization as having:

    (1) A drug-testing program in oper-ation? 86% (72)
    (2) A drug policy, but no testing 13% (11) program?
    (3) Neither a policy nor a testing 1% ( 1) program?

b. If you have a drug-testing program, does your organization conduct drug tests for:

    (1) Pre-employment screening of 97% (70) applicants? [P.165]
    (2) Probable cause following 89% (62) employee accidents?
    (3) Employee tests at annual physi-23% (16) cal?
    (4) Random employee tests? 64% (44)
    (5) Tests of known past users? 39% (26)

18. How many times during the past year was drug testing used at your organization?
Range - from 5 to 15,000
Mean (Average) - 2,662
Median (Middle Number) - 999

19. For which of the following reasons did your organization begin a drug-testing program?

    a. Because of incidents and/ or drug use on the job 34% (22)
    b. Because of general concern for safety of employees81% (54)
    c. In response to government regula-tions 75% (50)
    d. To follow the lead of other organi-zations 39% (25)
    e. To try to keep health care costs down 45% (30)
    f. To allow enforcement of company drug policies 66% (44)
    g. To improve your company's public image 35% (23)

20. How long has your organization had a drug-testing program? Would you say:

    a. Less than 1 year 1% ( 1)
    b. One to two years 3% ( 2)
    c. Over two years 96% (65)

21. Would you say the overall reaction of employee unions to your drug-testing program is:

    a. Very positive 9% ( 6)
    b. Positive 35% (22)
    c. Mixed 14% ( 9)
    d. Negative 2% ( 1)
    e. Very negative 2% ( 1)
    f. Not applicable 38% (24) [P.166]

22. If you do not have a drug-testing program, on a scale of 1 to 10, with 1 being very likely and 10 being not very likely, what is the likelihood that your organization will institute such a program in the next 2 years?
Range - from 1 to 10
Mean - 9
Median - 10

Recommended Fair Information Practices

See Section E, Medical Records.

G. AIDS Testing

Highlights

No surveyed company has an AIDS-testing program in operation. Ten percent have an AIDS-testing policy, but no testing program.

Ninety percent have neither a policy nor a testing program. Four-teen percent believe that government, as opposed to business, should have more stringent AIDS-testing personnel-screening practices.

Survey

23. Would you describe your organization as having:

    (1) An AIDS-testing program in operation? 0% ( 0)
    (2) An AIDS-testing policy, but no testing program? 10% ( 8)
    (3) Neither a policy nor a testing program? 90% (74)

Recommended Fair Information Practices

See Section E, Medical Records.

H. Polygraph Use

Highlights

Nine out of ten companies surveyed (89%) do not use the poly-graph or other truth-verification equipment. Almost one in five (19%) of the companies responding believes more stringent polygraph testing policies should be used by the government as opposed to business. [P.167]

Survey

24. Even though the use of polygraphs is prohibited in employment screen-ing and/ or in random testing, the devices can be used in instances of theft or shortage. Does your organization employ non-prohibited uses of polygraph or other truth-verification equipment to verify informa-tion about personnel?
Yes 11% ( 9)
No 89% (73)

25. In view of the fact that polygraphs cannot be used for personnel selec-tion, which of the following procedures do you use for such selection?

    a. Personal interview 100% (83)
    b. Former employer check 98% (80)
    c. Traditional reference check 98% (81)
    d. Psychological testing 28% (21)
    e. Credit check 38% (29)
    f. Police record check 63% (50)

Recommended Fair Information Practices

An employer should not use a polygraph or other truth-verification equipment to gather information from an applicant or employee.

I. Use of Investigative Firms

Highlights

Two-thirds (67%) of the organizations responding retain the serv-ices of an investigative firm to collect or verify information concerning personnel. A quarter (25%) of these corporations do not review the operating policies and practices of the investigative firm.

Survey

26a. Does your organization ever retain the services of an investigative firm to collect or verify information concerning personnel?
Yes 67% (38)
No 33% (19)

b. Does your organization review the operating policies and practices of the investigative firm?
Yes 75% (27)
No 25% ( 9) [P.168]

c. How often:

    Monthly 0%
    Semi-annually 4%
    Yearly 52%
    Other 44%

Recommended Fair Information Practices

Each employer and agent of an employer should exercise reasonable care in the selection and use of investigative organizations, so as to assure that the collection, maintenance, use, and disclosure practices of such organizations fully protect the rights of the subject being investigated.

J. Arrest, Conviction, and Security Records

Highlights

Eighty-five percent of the companies do not require the collec-tion of arrest records of personnel. Over half (54%) require informa-tion on convictions.

Survey

27a. Does your organization have a policy requiring that information con-cerning arrest records of personnel be collected?
Yes 15% (12)
No 85% (68)

b. If so, is the collection of this information required by federal, state, or local law?
Yes 42% ( 5)
No 58% ( 7)

c. Is this information ever removed from individual personnel records?
Yes 17% ( 2)
No 83% (10)

28a. Does your organization have a policy requiring that information per-taining to a conviction of any employee be collected?
Yes 54% (43)

b. If so, is this information collected from all personnel?
Yes 79% (33)

c. Is information concerning all types of convictions collected?
Yes 69% (27)

d. Is this information updated at set intervals?
Yes 14% ( 5) [P.169]

e. Is the collection of this information required by federal, state, or local law?
Yes 49% (18)

29. Are security records, that is, records compiled during a security investi-gation of personnel, kept together with other personnel records?
Yes 6% ( 4)
No 94% (60)

Recommended Fair Information Practices

A. When an arrest record is lawfully sought or used by an employer to make a specific decision about an applicant or employee, the employer should not maintain the record for a period longer than specifically required by law, if any, or unless there is an outstanding indictment.

B. Unless otherwise required by law, an employer should seek or use a conviction record pertaining to an individual applicant or employee only when the record is directly relevant to a specific employment decision affecting the individual.

C. Except as specifically required by federal or state statute or regulation, or by municipal ordinance or regulation, an employer should not seek or use a record of arrest pertaining to an individual applicant or employee.

D. Where conviction information is collected, it should be maintained separately from other individually identifiable employment records so that it will not be available to persons who have no need of it.

E. An employer should maintain security records apart from other records.

K. General Practices

Highlights

Over half the companies (58%) have a policy for conducting peri-odic evaluations of their personnel record-keeping systems, and within the past two years half (51%) of the respondents conducted a system-atic evaluation of their existing personnel record-keeping practices with particular attention to confidentiality safeguards.

Almost three out of five (58%) companies have designated an executive-level person to be responsible for maintaining privacy safe-guards in employment record-keeping practices.

No employment applications inquire about an applicant's sexual preference. [P.170]

Survey

30a. Does your organization have a policy for conducting evaluations of its personnel record-keeping system?
Yes 58% (48)
No 42% (35)

b. Does your organization designate an executive-level person to be responsible for maintaining privacy safeguards in employment record-keeping practices?
Yes 58% (48)
No 42% (35)

31. Within the past two years, has your organization conducted an evalua-tion of its existing personnel record-keeping practices with particular attention to confidentiality safeguards?
Yes 51% (42)
No 49% (40)

32. If yes, were any of the following items or procedures reviewed during this examination?

    a. The types of records kept 98% (40)
    b. Importance of the information 93% (37)
    c. Use of records by different departments 85% (34)
    d. Disclosure of information to 77% (30) outside sources
    e. Informing employees on disclo-68% (25) sures of this information

33a. Does your organization utilize computer facilities for record keeping?
Yes 94% (77)
No 6% ( 5)

b. If so, which of the following records are computerized?

    (1) Personnel records 78% (50)
    (2) Payroll records 96% (73)
    (3) Security records 31% (22)
    (4) Employee medical records 32% (22)
    (5) Group insurance records 86% (63)

c. Are any of these records kept together in one common data bank?
Yes 47% (34)
No 53% (39)

d. Which records are kept together?

    (1) Personnel Records 88% (30)
    (2) Payroll records 82% (28) [P.171]
    (3) Security records 3% ( 1)
    (4) Employee medical records 15% ( 5)
    (5) Group insurance records 59% (20)

34. Do your applications inquire about an applicant's sexual preference (i. e., homosexuality or heterosexuality)?
Yes 0% ( 0)
No 100% (82)

35. Should more stringent personnel-screening practices be used by the government as opposed to business in adopting programs?

    a. For polygraph testing? 19% ( 9)
    b. For drug testing? 29% (15)
    c. For AIDS testing? 14% ( 7)

Recommended Fair Information Practices

An employer should periodically and systematically examine its em-ployment and personnel record-keeping practices, including a review of:

    (1) the number and types of records it maintains on individual employees, former employees, and applicants;
    (2) the items of information contained in each type of employment record it maintains;
    (3) the uses made of the items of information in each type of record;
    (4) the uses made of such records within the employing organization;
    (5) the disclosures made of such records to parties outside the employ-ing organization; and
    (6) the extent to which individual employees, former employees, and applicants are both aware and systematically informed of the uses and disclosures that are made of information in the records kept about them.

CONCLUSION

Analysis of the survey findings indicates much remains to be done to achieve fair information practices by employers, in spite of the fact that some progress has been made by a few companies. New steps for action should now be considered by this President and Congress.

Employers maintain many different kinds of information about their employees in individually identifiable form. The scope of that information and its use in decision making about employees is cause for concern. There is no general framework of rights and obligations that can accommodate disputes about recorded information in em-ployee [P.172] files. Some companies have taken a leadership role and have already adopted proactive privacy guidelines. Many others have not. With respect to existing record keeping practices, the rights of employees are limited. In most cases, the individual can only guess about what types of information or records will be used in any deci-sion- making process. There is no recourse for the employee who wants to identify the sources used to gather data or identify errors and trace them to their source. What few rights employees do have de-pend on individuals taking the initiative. Protections are by no means guaranteed.

Adequate universal information privacy safeguards can be achieved by the enactment of public policy legislation that would provide:

    (A) Minimum intrusiveness into the personal affairs of a person, thereby eliminating the collection of data that is irrelevant to the decision at hand;
    (B) That fairness be emphasized, thereby permitting the individ-ual to see the data about himself or herself upon which a decision is based;
    (C) There be a means for enforcing confidentiality when infor-mation privacy is expected, by allowing for punitive damages (capped at $10,000) for violation.

Whereas, most democracies in the world have such a formal policy, the United States does not.

In recent years legislation has been introduced in Congress to deal with these privacy issues, but it has fallen by the wayside. Much of an individual's life is now shaped by his or her relationships with employers. While an employer makes and keeps records about indi-viduals to facilitate relationships with them, there is an obvious trend to accumulate more personal data details than necessary. Neither law nor technology gives the individual the tools needed for protection. More positive action is needed to fully protect employees' privacy rights.


FOOTNOTES

* Professor of Political Economy and Public Policy; Boeschenstein Professor Emeritus; Senior Advisor, Institute of Government and Public Affairs, University of Illinois; former Chairman of the U. S. Privacy Protection Commission.

** Coordinator of Research Programs, Ph. D., University of Illinois College of Liberal Arts and Sciences.

1. Privacy Act of 1974, Pub. L. No. 93-579, 88 Stat. 1897 (1975).

2. U. S. Privacy Protection Study Commission, Personal Privacy in an Information Society (U. S. Government Printing Office 1977).

3. Id. at 5.

4. Id. at 50-51.

5. Id. at 71; see Id. at 139-40.

6. Id. at 10.

7. Id. at 141.

8. Id. at 18.

9. Id. at 14.

10. Id. at 15.

11. Right to Financial Privacy Act of 1978, Pub. L. No. 95-630, 92 Stat. 3697 (1978).

Purchase Article Back | Chicago-Kent Home | Journal Home