From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 2 Jul 93 14:33:14 PDT
To: CYPHERPUNKS <CYPHERPUNKS@toad.com>
Subject: CPSR Workplace Privacy Test
Message-ID: <00541.2824473766.4122@washofc.cpsr.org>
MIME-Version: 1.0
Content-Type: text/plain


  CPSR Workplace Privacy Testimony
  =====================================================

                 Prepared Testimony
                           and
                Statement for the Record
                            of
                     Marc Rotenberg, 
           Director, CPSR Washington office,
  Adjunct Professor, Georgetown University Law Center
                            on
                        H.R. 1900, 
       The Privacy for Consumers and Workers Act

                          Before
    The Subcommittee on Labor-Management Relations,
           Committee on Education and Labor,
             U.S. House of Representatives
                      June 30, 1993

	Mr. Chairman, members of the Subcommittee, thank 
for the opportunity to testify today on H.R. 1900, the 
Privacy for Consumers and Workers Act.  My name is Marc 
Rotenberg and I am the director of the CPSR Washington 
office and an adjunct professor at Georgetown University 
Law Center where I teach a course on information privacy 
law.
	Speaking on behalf of CPSR, we strongly endorse the 
Privacy for Consumers and Workers Act.  The measure will 
establish important safeguards for workers and consumers 
in the United States.  We believe that H.R. 1900 is 
particularly important as our country becomes more 
dependent on computerized information systems and the 
risk of privacy abuse increases.
	CPSR has a special interest in workplace privacy.  
For almost a decade we have advocated for the design of 
computer systems that better serve the needs of 
employees in the workplace.  We do not view this 
particular goal as a trade-off between labor and 
management.  It is our belief that computer systems and 
information policies that are designed so as to value 
employees will lead to a more productive work 
environment and ultimately more successful companies and 
organizations.  As Charles Hecksher of the Harvard 
Business School has said good managers have no use for 
secret monitoring.
	Equally important is the need to ensure that 
certain fundamental rights of employees are safeguarded.  
The protection of personal privacy in the information 
age may be as crucial for American workers as the 
protection of safety was in the age of machines.  
Organizations that fail to develop appropriate workplace 
privacy policies leave employees at risk of abuse, 
embarrassment, and harassment.
	The concern about workplace privacy is widely felt 
in the computer profession.  This month MacWorld 
magazine, a leading publication in the computer 
industry, released a special report on workplace 
privacy.  The report, based on a survey of 301 companies 
in the United States and authored by noted science 
writer Charles Piller, made clear the need for a strong 
federal policy.

	Among the key findings of the MacWorld survey:

>  More than 21 percent of those polled said that 
they had "engaged in searches of employee 
computer files, voice mail, electronic mail, or 
other networking communications."

>  "Monitoring work flow" is the most frequently 
cited reason for electronic searches.

>  In two out of three cases, employees are not 
warned about electronic searches.

>  Only one third of the companies surveyed have a 
written policy on privacy

	What is also interesting about the MacWorld survey 
is the high level of concern expressed by top corporate 
managers about electronic monitoring.  More than a half 
of those polled said that electronic monitoring was 
either "never acceptable" or "usually or always 
counterproductive."  Less than five percent believed 
that electronic monitoring was a good tool to routinely 
verify honesty.
	These numbers suggest that managers would support a 
sensible privacy law.  Indeed, they are consistent with 
other privacy polls conducted by Professor Alan Westin 
for the Lou Harris organization which show that managers 
are well aware of privacy concerns and may, with a 
little prodding, agree to sensible policies.
	What would such a policy look like?  The MacWorld 
report also includes a model privacy policy that is 
based on several U.S. and international privacy codes.  
Here are the key elements:

>  Employees should know what electronic 
surveillance tools are used, and how management 
will use the data gathered.

>  Management should minimize electronic monitoring 
as much as possible.  Continuous monitoring 
should not be permitted.

>  Data should only be used for clearly defined, 
work-related purposes.

>  Management should not engage in secret 
monitoring unless there is credible evidence of 
criminal activity or serious wrongdoing.

>  Data gathered through monitoring should not be 
the sole factor in employee evaluations.

>  Personal information gathered by employers 
should not be disclosed to any third parties, 
except to comply with legal requirements.

>  Employees or prospective employees should not be 
asked to waive privacy rights.

>  Managers who violate these privacy principles 
should be subject to discipline or termination.

	Many of these provisions are contained in H.R. 
1900, the Privacy for Consumers and Workers Act.  
Clearly, the policies and the bill itself are not 
intended to prohibit monitoring, nor to prevent 
employers from protecting their business interests.  
What the bill will do is help establish a clear 
framework that ensures employees are properly notified 
of monitoring practices, that personal information is 
not misused, and that monitoring capability is not 
abused.  It is a straightforward, sensible approach that 
does not so much balance rights as it clarifies 
interests and ensures that both employers and employees 
will respect appropriate limitations on monitoring 
capability. 
	The need to move quickly to establish a framework 
for workplace privacy protection is clear.  Privacy 
problems will become more acute in the years ahead as 
new monitoring schemes are developed and new forms of 
personal data are collected.  As Professor Gary Marx has 
made clear, there is little that can be imagined in the 
monitoring realm that can not be achieved.  Already, 
some members of the computer profession are wearing 
"active badges" that provide full-time geographical 
monitoring.  Properly used, these devices help employees 
use new tools in the hi-tech workplace.  Improperly 
used, such devices could track the physical movements of 
an employee throughout the day, almost like a blip on a 
radar screen.
	Computers are certainly powerful tools.  We believe 
that they can be used to improve productivity and 
increase job satisfaction.  But this requires that 
appropriate policies be developed to address employee 
concerns and that laws be passed, when necessary, to 
ensure that computer abuse does not occur.
	This concludes my testimony.  I would be pleased to 
answer your questions.

 =====================================================