As various information technologies are penetrating everyday life, private and business matters inevitably mingle. Separating private and business past records, public information, actions or identities may, however, be crucial for an employee in certain situations. In this chapter we review the interrelated areas of employee privacy, and analyze in detail two areas of special importance from the viewpoint of the separation: web and social network privacy. In relation to these areas we discuss threats and solutions in parallel, and besides surveying the relevant literature, we also present current Privacy Enhancing Technologies applicable in each area. Additionally, we briefly review other means of workplace surveillance, providing some insight into the world of smartphones, where we expect the rise of new privacy-protecting technologies as these devices are getting capable of taking over the functions of personal computers.
TopBackground: Analysis Of Scenarios In Hungary
Szabó & Székely (2005) analyzed numerous complaints that were filed to the Hungarian Data Protection Commissioner from a non-technical, legal point of view in the context of Hungarian law. Their work includes a classification of the cases based on the purpose of the employer and determines four categories such as labor recruitment, work control and supervision, personality tests and other cases of unreasonable privacy violation.
During labor recruitment, the employer’s goal is to learn about the applicants’ personality, medical status and past records in order to choose the most adequate candidate for the job. This inevitably includes privacy-related issues, such as various kinds of (unnecessary) medical examinations, personality tests, using of lie detectors or exaggerated data inquiry. However, the internet can be also used as a data source for such investigations, since the purpose of many web services (e.g., social networks) is to gather and provide information on individuals.
Personality tests are usually conducted offline, and should be avoided by legal means if possible. Some of the issues reported in the work of Szabó & Székely, under the category of other cases of unreasonable privacy violation can be avoided by using PETs, but some do not even need them. For instance, the authors mentioned employers who were investigating the political background or the religious beliefs of applicants. These issues should be hindered by using PETs related to the first two categories, and if this is not possible, these issues need to be solved by other means, e.g. through legal redress or involving commissioners.
In case of successful recruitment, it is important for the employer to ensure that the employee devotes his time and expertise to the designated tasks. This can lead to work control and supervision over the concerned services, software or hardware provided by the employer, which does not necessarily imply the violation of the employee’s privacy; however, some actions in the employee’s personal life will inevitably take place during the working hours. This is even more likely to happen if corporate access is provided to public services like phone networks or the internet. Therefore, it is important to separate private and business actions in these cases as well.