How much privacy can we have at the workplace?

Apparently, not very much.

There is no explicit constitutional guarantee to the right of privacy in Singapore. Neither is there an overarching legislation that protects it. Privacy law, more specifically, the protection of data, resides in various pieces of legislation designed specifically to deal with issues relating to their respective sectors e.g. Banking Act, Telecommunications Act, Computer Misuse Act etc. While there is a recognized tort of harassment in Singapore (Malcomson Nicholas Hugh Bertram v. Mehta Naresh Kumar, [2001] 3 Sing. L.R.(R) 379), the invasion of privacy per se is not a cause of action.

So how do employers monitor their employees?

1. Video surveillance: Cameras can be installed openly or secretly. While certain areas are conventionally off-limits e.g. the bathroom, there is nothing that legally prohibits the installation of cameras there. One could cite s. 509 of the Penal Code as support against the installation of cameras in the women’s bathroom. However, one has to prove that in installing the cameras, the employer intended to outrage the modesty of women entering the bathroom. Furthermore, there is no legal countenance of any sort for the installation of cameras in male bathrooms.
2. Telephone surveillance: Some employers use systems that can monitor call content and breaks between receiving calls.
3. Keystroke loggers: Software that can capture every key ever entered on the keyboard and even how much time was spent on it.
4. Packet sniffing software: Used to track all forms of electronic communication over the company network such as internet surfing, file sharing, chat sessions or emails. Some companies even assign people to manually read and review emails.
5. Smart ID cards: Can be used to track employees’ location in the office. The employer can for example find out how long an employee spends washing his hands at the sink.
6. Global Positioning System (GPS) tracking: Also used to hunt down employees’ locations, can be incorporated into cell phones or vehicles.

Why do employers monitor their employees?

1. Data security: with the development of corporate espionage as an industry, employers have genuine concerns in finding out what their employees are up to.
2. Productivity: Obviously, employers are annoyed when employees spend their working hours surfing porn or auctioning items on eBay.
3. Increasing role of electronic evidence in courts: Singapore courts have been readily embracing electronic evidence in court proceedings.

How prevalent is such monitoring?

While the author was unable to find local statistics on workplace monitoring despite his best efforts, he did manage to find statistics on workplace surveillance from the United States which might be indicative to a certain extent. One should note however, the difference in the development of privacy rights in the U.S. as well as its more prevalent cyber litigation culture as well as litigation culture in general which may account for differences with Singapore.  As an aside, the scant local literature on the topic of workplace surveillance and privacy is perhaps indicative of the level of importance (or lack thereof) placed on the topic in Singapore’s context. Anyway, back to the statistics (courtesy of the “2007 Electronic Monitoring & Surveillance Survey” by the American Management Association (AMA) and the ePolicy Institute):

1. 66% monitor Internet connections.
2. 65% use software to block connections to inappropriate Websites—a 27% increase since 2001 when AMA/ePolicy Institute first surveyed electronic monitoring and surveillance policies and procedures.
3. 45% of employers tracking content, keystrokes, and time spent at the keyboard.
4. 43% store and review computer files.
5. 12% monitor the blogosphere to see what is being written about the company.
6. 10% monitor social networking sites.

Of the 43% of companies that monitor e-mail, 73% use technology tools to automatically monitor e-mail and 40% assign an individual to manually read and review e-mail.

What laws are in place to deal with these issues?

“Anti-surveillance privacy laws”, such as those used to charge “peeping toms”, tend to be handled by trespass-related torts or crimes. However, an employee will find it hard to bring an action under trespass to land for example in a case whereby the employer conducts video surveillance of the employee at the office, because the location where the alleged trespass took place i.e. the office is property in possession by the employer. The employee merely has a license from the employer to occupy the office to carry out his work and therefore has no standing to sue the employer.

It remains to be seen however, whether the tort of trespass to chattel can be used to counter the installation of tracking software in employees’  electronic equipment. It is arguable that possession of the chattel during work is held by the employee rather than the employer. However, most of the time, the installation of such software tends to take place before the equipment is handed over to the employee, thus possession resides within the employer when the act giving rise to a claim of trespass occurs.

Aside from workplace surveillance, it should be noted that the Model Data Protection Code (MDPC), a voluntary self-regulatory code for data protection with governmental support developed by the National Internet Advisory Committee (NIAC) in 2002 explicitly exempts the processing of employment data from being regulated by the principles under the code, citing an undue burden on employers that could affect competitiveness. They did so even while noting that the European Union (EU) has criticized a similar exemption in Australia. The EU noted that such information is very sensitive and should be protected. Quite apart from the effectiveness of a self-regulatory scheme, the EU’s proposition is one that the author agrees with. Since compliance costs for such codes are often negligible as stated in the NIAC’s report for the MDPC, the benefits of proper data protection far outweigh compliance costs.

The case against monitoring employees

Overt and intrusive monitoring creates an atmosphere of distrust and paranoia. Working in such an atmosphere lowers morale and saps productivity in the long run. Furthermore, the costs (both monetary and manpower) of active monitoring is also significant. It is also unrealistic to expect an employee to devote himself solely to work during office hours; moments of brief relaxation are sometimes necessary to ensure the employee is better equipped to handle the stress of working.

Conclusion

If the measure of a civilized society is its regard for personal autonomy, the respect of human privacy (i.e. the right to be left alone) deserves the full protection of the law.

However, the legitimate claims for workplace surveillance should be recognized, given the risk of corporate espionage and the rise of electronic communication as legal evidence. Furthermore, the respect of privacy must be tempered against the abuse of employer resources by the employee to the detriment of the employer.

Legal support is definitely needed to address the lacuna of invasive intrusion of privacy, both at the workplace and indeed in general, as highlighted by the inadequacy of ordinary trespass laws in dealing with such cases.

In the meantime, until the courts or parliament turn their mind to the issue at hand, it is important that both employers and employees should work out effective solutions (for example: Acceptable Use Policies negotiated by both parties) that address both the need to protect privacy against unnecessary intrusion as well as legitimate reasons for work surveillance.