Interference protection, much like intrusion protection, started with the non-interference view of privacy. This view of privacy originated from the 1965 case of Griswold v. Connecticut and focused on an individual’s ability to make choices or decisions without external influence (Tavani, 2007, p. 5). One example frequented in the workplace is forcing or enforcing policy on your employees without their participation in the development process. So how do we decrease the feeling of being interfered with when it comes to digital privacy?
One of the first things you might have heard about when watching Law and Order, Live PD, or Cops is the term consent. There are several components or portions of informed consent, including:
- The competence to understand and decide
- Freedom of decision
- Disclosure of material information
- The recommendation of a plan
- Understanding the disclosure and recommendations
- Deciding in favor of a plan
- Finally, authorization of the plan (Pascalev, 2017, p. 41)
The process of gaining consent also requires individuals who are competent to consent, have consented voluntarily, a fully informed about what they are consenting too, and comprehend what they have been told (Pascalev, 2017, p. 5). Sound familiar? Doesn’t this feel like consent is a critical component of privacy?
The General Data Privacy Regulation (GDPR), a regulation which many organizations are struggling to deal with, provides a unique view of consent and its role in the processing of data by employers. The GDPR says that employee consent provides the grounds to an employer for collecting, processing, or disseminating personal data for secondary use (Politou et al., 2018, p. 5). Much like the European standard, US organizations should require organizations to provide consent from employees and allow that consent to be revoked or modified. So beyond gaining sign-off on policies, how does can an organization gain consent or further decrease an employee’s sense of interference by their employer?
Employers should allow employees to participate in decisions about and exercise control of their private information! Support exists from several contemporary researchers for allowing employees to self-control information to extend the sense of privacy (Drake, 2016, p. 439; Chory, Vela, & Avtgis, 2016, p. 38). One study found that allowing your employees to participate in just one aspect of how and when monitoring of employees takes place enhances perceived autonomy and provides greater intrinsic motivation (Tomczak, Lanzo, & Aguinis, 2018, p. 257). Another study by Parham, Mooney, and Cairney (2015) finds that allowing employees to participate in security solutions development reduces the risk of lost productivity from employees by nearly 50% (p. 26)! So how do you encourage participation in the security and privacy process to increase autonomy, motivation, and productivity?
For starters, several ideas can be picked up from the privacy marketplace, which will assist in empowering employees to manage their privacy. First is the concept of privacy exchanges. Privacy exchanges are central authorities that allow individuals to set up their privacy terms, forming consent, and standardizing the process of creating and applying privacy preferences throughout organizations (Pascalev, 2017, p. 39). The concept of a privacy exchange is similar to what we see on Facebook or LinkedIn with employee self-managed access but allows one application to provide standardized consent and allows employees to make decisions on access control. One such example is Identos (https://identos.com/federated-privacy-exchange/). The idea of allowing employees to participate in privacy decisions doesn’t have to be complicated if you don’t have a large IT organization.
Another idea would be allowing employees to participate in the production of organization-wide policies. You can create employee committees comprised of individuals throughout the organization to participate in the creation and clarification of policy. This employee participation can then be advertised to show that as an employer, you are listening to your employees feedback and creating buy-in. Need proof that this works? Take a look at Chory et al. (2016), who find that employee’s that aren’t able to participate in policy and procedure development view those items as unfair and non-representative!
See you this Thursday for the final segment on information access protection!
Chory, R., Vela, L., & Avtgis, T. (2016). Organizational surveillance of computer-mediated workplace communication: Employee privacy concerns and responses. Employee Responsibilities & Rights Journal, 28(1). 23-43. doi:10.1007/s10672-015-9267-4
Drake, J. (2016). Asking for Facebook logins: An egoist case for privacy. Journal of Business Ethics, 139(3). 429-441. doi:10.1007/s10551-015-2586-4
Parham, A., Mooney, J., & Cairney, T. (2015). When BYOD meets big data. The Journal of Corporate Accounting & Finance, 26(5). 21-27. doi:10.1002/jcaf.22059
Pascalev, M. (2017). Privacy exchanges: restoring consent in privacy self-management. Ethics and Information Technology, 19(1). 39-48. doi:10.1007/s10676-016-9410-4
Tomczak, D., Lanzo, L., & Aguinis, H. (2018). Evidence-based recommendations for employee performance monitoring. Business Horizons, 61(2). 251-259. doi:10.1016/j.bushor.2017.11.006