Personal Privacy in an Information Society. Forces for Change


External forces can impinge heavily on employment-related record keeping. Government action, technological change, evolving managerial viewpoints and techniques, perspectives and goals of business firms and labor unions, market forces, and change in the composition and character of the work force can all have an effect. Yet because policy must be future-oriented, it is important to try to identify significant trends.


The blurring of boundaries between public and private institutions that has shaped the nation's economic life over the last three decades is not likely to be reversed. More frequent and extended interaction with government inspectors, auditors, and contract monitors makes it likely that records will be required to support a larger range of decisions, including personnel decisions. This is likely to make managers more careful about what goes into records.

The main focus of legislative and regulatory intervention affecting the employment relationship appears to be in the area of general welfare of employees rather than labor-management relations per se. The Equal Employment Opportunity Act [42 U.S.C. 2000 et seq. (1972)] and the Occupational Safety and Health Act (OSHA) [29 U.S.C. 651 et seq. (1970)] suggest the path this trend may take. The perception that an individual's rights and liberties need more protection in his relationships with private-sector institutions is becoming widespread. Fair information practice legislation, such as the Fair Credit Reporting Act [15 U.S.C. 1681 et seq. (1971)] and the California law that permits employees to have access to their personal records [California Labor Code Sec. 1198.5] reflects this disposition.

In addition, some protective labor legislation, such as the Employee Retirement Income Security Act (ERISA), [P.L. 93-406, 88 Stat. 829 (1974)] underscores the increasing importance of the employer's role as provider of social and economic benefits. Yet neither the actual requirements imposed by such legislation, nor the regulations issued by government agencies to implement it, account for its overall impact on the collection, use, and disclosure of information about employees. For example, the Equal Employment Opportunity Commission has not required employers to create or maintain any specific records on individuals, 8 and yet its actions in pursuit of its statutorily defined obj ctives have forced employers to create records in order to demonstrate compliance. If an affirmative action program is required, as under the Rehabilitation Act [29 U.S.C. 701 etseq. (1973)] or the Age Discrimination in Employment Act [29 U.S.C. 621 et seq. (1967)], or is voluntarily undertaken out of a sense of corporate responsibility, records are essential. State laws have also had an impact upon the collection of information about employees and, most particularly, about applicants.

The long-term impact of some of this legislation is still not clear, however. Currently, the Occupational Safety and Health Act (OSHA) appears to be one of the laws most likely to raise significant fair information practice concerns. It provides in part that where standards have been promulgated with reference to specific health hazards:

where appropriate, any such standard shall prescribe the type and frequency of medical examinations or other tests which shall be made available, by the employer at his cost, to employees exposed to such hazards in order to most effectively determine whether the health of such employees is adversely affected by such exposure. [15 U.S.C. 636(b)(7)]

Results of these examinations or tests must be furnished to the employee's physician at the employee's request. They can also be made available to a prospective employer pursuant to authorization by the employee. This raises the prospect that an employee's r cedical records might follow him from job to job.9 Some workers have already declined to take the physicals employers are required to make available, and it has been suggested that one reason for their refusal is their fear of the consequences of having a known disability dccumented in their records. While a full discussion of this potentially serious problem is beyond the scope of this chapter, it seems clear that using information about previous exposure to health hazards in making determinations about an individual's suitability for employment or promotion is not consistent with the protective intent of the OSHA statute.

The Commission foresees that government involvement in selected aspects of the private-sector employment relationship will increase. The impact on employment record-keeping practices will be mixed, but the overall effect will probably be continuous reinforcement of the incentive to make, keep, and use records about employees. Barring a fundamental reconceptualization of governmental policy affecting the private-sector employment relationship, the likelihood is that incremental changes will perpetuate existing trends. Thus, for the future as in the present, the important task is to eliminate and guard against dangers inherent in existing policy and practice.


Further increase in the benefits and services provided by employers is likely to contribute to further government involvement in the employment relationship. Fringe benefits have become a significant part of employee compensation in American industry. Beyond paid vacations and recreational programs, they now include pension plans, family health and medical benefits, and extended or supplementary unemployment insurance. For example, as of three years ago, the employers of some 65 percent of all private-sector, nonfarm workers offered pension plans.l0; This expansion increases the dependence of employees upon their jobs, and quite possibly their reluctance to change jobs, while, at the same time, adding to the amount and variety of information an employer maintains about employees.

Medical services and health and accident insurance are increasingly provided to employees and their families.11 As elsewhere, limitations on the kind of information gathered in these contexts are few because almost any personal information may be related to an individual's health, and because the expected confidentiality of the patient-physician relationship serves to legitimate probing inquiries. In the employment context, however, the provision of medical services and the processing of medical insurance claims raise acute privacy protection problems.

In practice, corporate and professional ethics tend to discourage abuse. Yet, so long as there are no absolute barriers to an employer's use of its employee medical and insurance claims records, and as long as employers are in some cases required to use such records, a privacy problem of potentially major proportions exists. For example, Department of Defense Industrial Security regulations require employers to report any information that would reflect on the reliability of employees who work on classified projects.12 Information on employees and their dependents in medical treatment or insurance claims files is not excluded from this requirement.


In large organizations with highly specialized divisions of labor andwell-established standards and procedures governing performance in theworkplace, personnel management strives for rational ways of makingselection, assignment, and promotion decisions. Fair and equal treatmenthas been a major objective of personnel offices throughout the country.It has been widely suggested, however, that this tendency is counter-productive for organizations in rapidly changing environments with highlyskilled and educated workers, and with tasks that require constantdevelopment of new systems and products. The role of personnel management in such "post-bureaucratic" organizations is changing. Setting uptemporary project-type organizations-firms within a firm-is a way ofoperating whose popularity is growing. Staffing is crucial in this type oforganization, and standard personnel department placement techniques are often irrelevant in such situations. Thus, authority for personnel decisions may be increasingly transferred to the project manager whose principal concern is fitting the individual with the necessary skills into the work team.

There is a strong trend in management away from formal, rule-bound relationships and toward the encouragement of openness and the development of commitment. The implications of this trend for the protection of personal privacy are, however, unclear. While a focus on commitment, teamwork, and adaptability tends to create a consultant market for behavioral scientists, this does not mean that the pressures on management to justify its past and present decisions on the basis of detailed records will cease to grow. On the one hand, the so-called "behavioral approaches" to management tend to stress "the importance of collecting accurate, timely data about aspects of the organization not normally closely monitored evidence as to employee job satisfaction, the accumulation of specialized knowledge and skills, signs of interdepartmental conflict, and the like."13 Yet, on the other hand, their net effect may be to focus decisions concerning employees more sharply than at present on work-related matters.


Recent years hale brought a tremendous increase in the capabilities of computer-based personnel systems. Use of these systems varies widely. The private organizations reporting to the Commission differed considerably in the extent to which they hale automated their personnel files. To date, technological innovations in information storage, transfer, and display hale not generally increased the amount of information about individual employees that is collected, maintained, or disclosed. Indeed, the Commission's inquiry indicates that adaptation to automated systems usually means that the information to be maintained in the data base is carefully screened for cost effectiveness. Furthermore, the emphasis on accuracy and timeliness of information associated with automated systems, and the practice of providing a print-out of the record for verification by the employee, hale been positive factors from a privacy protection viewpoint.

While cost will always be a consideration, computer technology promises to remove many limitations on record-system development in the near future. Improved computer capabilities, micrographics, and new duplication and transmission techniques promise to make the capture, transmission, and retrieval of information more and more economical in comparison with manual processes, and more readily available in highly selective formats to geographically separated users. Although these technical capabilities will not in themselves present privacy protection problems, trends and developments associated with them may pose problems that do not exist today. The types of records maintained in easily retrievable form will expand, and it seems likely that behavioral science data concerning employee attitudes and values will have an enhanced role in personnel decision making.

Instantaneous availability of information on employees at many locations may centralize some decisions now made locally; it certainly will raise the significance of need-to-know criteria in any policy governing disclosure of records within a firm. Centralization of files also increases the capability of organizations to respond to external requests for information about their employees. While the Commission's hearing record documents the reluctance of firms to disclose information about employees or former employees, easy retrieval may intensify pressures to make information available for purposes other than those for which they were originally collected.

In sum, the Commission subscribes to the view that information abuse does not flow automatically from advanced information technologies, and that better protections for personal privacy have often resulted from computerization.14 Yet, it also has reason to believe that ready access to large amounts of recorded information tends to create incentives to use that information for purposes that are inconsistent with the purposes for which it was originally collected. Thus, capabilities of information-processing technologies to be available in the 1980's make it imperative that responsible policies and practices governing the use of information generated in the employee-employer relationship be developed promptly.


As elsewhere, the Commission has formulated its recommendations on records generated by the employment relationship in the light of three broad public-policy objectives: (1) to minimize intrusiveness; (2) to maximize fairness; and (3) to create a legitimate, enforceable expectation of confidentiality. In contrast to other areas, however, the Commission envisages adoption of most of its employment-related recommendations by voluntary action. The exceptions are all instances in which statutory or regulatory action appears to be both necessary and feasible. For example, the Commission recommends a statutory prohibition against the use of some exceptionally intrusive techniques for collecting information about applicants and employees, such as truth verification devices and pretext interviews. It also recommends amendment of the Fair Credit Reporting Act to regulate further the conduct of background investigations on applicants and employees, and proposes legislative or administrative action to constrain some practices of Federal agencies which impinge on the private-sector employment relationship. In other recommendations, however, the implementation strategy the Commission recommends is by and large a voluntary one.

Private-sector employers maintain many different kinds of information about their employees in individually identifiable form. The use of that information in decision making about employees is, however, difficult for an outsider to describe, particularly since employment decisions frequently are not solely based, on recorded information. Both the scope of records and the elusiveness of Their use distinguish employment record keeping from most other areas the Commission has studied.

Further, as stressed earlier, the absence of a general framework of rights and obligations that could accommodate disputes about recorded information places severe limitations on the extent to which rules governing the creation, use, and disclosure of employee records can be enforced. The Commission believes that flexibility in decisions about which job an employee is best suited to perform is essential to good management and should be constrained by public policy only to the extent that employers show themselves unable or unwilling to respond to concerns about the protection of employee privacy. Nonetheless, the enforcement- problem is the primary reason why the Commission does not believe that many of the privacy protection issues the private-sector employee-employer relationship raises can be resolved by legislated record-keeping requirements.

One can conceive of approaches to enforcing rules the Commission recommends for voluntary adoption by means which do not involve the creation of new labor laws, but all of the ones the Commission considered, it found wanting. One might give an employee a right to sue for failure to produce records on request, for example, but such a right would hardly be effective where records are difficult to identify with any reasonable degree of specificity; where it is difficult to link adverse decisions to records; and where it is often difficult to determine even that a particular decision was adverse. Given this situation and the possibility of reprisals, it seems reasonable to expect that most employees would be unwilling to sue an employer for access to records, or for correction of erroneous records. Furthermore, without specific protections, record-keeping personnel might find themselves in an awkward bind, if, for example, persons with more status in the organization pressured them to divulge information they were required by law to keep confidential. If they complied, they would violate the law; if they refused, they might lose their jobs.

In many other areas the Commission has studied, there are either Federal or State bodies responsible for monitoring the operations and performance of particular industries, such as insurance and banking. In the employment area, however, enforcement through government monitoring of employment record keeping, or even through a system whereby an employee could complain to a government agency about his employer's failure to comply with privacy protection requirements, would require creation of a new government program. Given the great number of records that would be eligible for oversight under the Commission's recommendations, and the fact that the collection and use of records varies considerably among employers, it would be a massive task for any government agency to oversee effectively the internal record-keeping practices of private employers. Such intervention by government, moreover, could markedly change the character of the employee-employer relationship in directions the Commission has not considered itself competent to evaluate.

The Commission does, of course, recognize that a voluntary approach may not be effective. Indeed, a minority of the members of the Commission are convinced that it will not be. They do not agree that to give an individual a statutory right to see, copy, and correct a record an employer maintains about him must be, of necessity, to give him a right without a remedy. The entity the Commission recommends in Chapter 1 might give further consideration to this matter.

It should be noted that there are no legal barriers or conflicts with other laws that would prevent companies from voluntarily complying with the Commission's recommendations. In addition, the experience of companies that have complied voluntarily will no doubt guide future determinations as to the need for, and practicality of, legislative action. Thus, the Commission as a whole hopes that the analysis and recommendations in this chapter will move the society toward a better understanding of the issues involved, the remedies that might be possible, and the balances that need to be struck.


Although private-sector employers are increasingly aware of the need to control the collection, maintenance, use, and disclosure of information about employees, employer practices vary widely, as do their methods of conforming practice to policy. The Commission's hearing record illustrates this variety.

Some large corporations have developed comprehensive fair information practice policies that they have systematically communicated to their employees.15 Others have developed practices to deal with some privacy protection concerns, but not others.16 Most employers, however, have not undertaken any sort of systematic review of their employment record-keeping policies and practices with privacy protection in mind. If such studies are done, it is usually because of Equal Employment Opportunity Act requirements or because the firm wants to automate some of its employment-related record keeping.17 Only rarely has the employee's perspective motivated reform of record-keeping practices, and in only a very few instances has an employer invited active participation by employees in revising its policies and practices.18

Several employers testified that they had created privacy protection review committees to study and report on employment-related record-keeping practices. In some instances, these bodies have been given permanent advisory responsibilities. 19 Such high-level committees, however, are rare. Some corporations have issued statements of policy or principle which inform employees and the public of their concern about the employment records they maintain. Others, without making any formal statements, have instituted record-keeping procedures that take account of privacy protection concerns.20 One major corporation testified that it had had a policy of allowing employees to have access to their records for years, but in reviewing its practices, discovered that its employees were unaware of the policy.21 Nothing in the Commission's record suggests that such a finding is unusual.

Among organizations that have adopted policies or practices to regulate the handling of records about employees, few have any way of checking to see if they are being carried out uniformly.22 Moreover, action taken at the corporate level is not always communicated to field offices, and few employers testified that they penalize record-keeping personnel for failure to comply with administrative instructions about the handling of employee records.23

The first step for employers who want to develop and execute privacy protection safeguards along the lines recommended by the Commission is to examine their current record-keeping policies and practices. The Commission also believes that employees should be represented on any group that undertakes such an examination.

Any review of current policy and practice should look carefully at the number and type of records held on applicants, employees, and former employees, and the items of information in each record. It should examine the uses made of employee records, their flow both within and outside of the employing organization, and how long they are maintained. Compliance with established policies and procedures should also be reviewed, particularly when a corporation has offices and plants in different States or in foreign countries. Finally, the review should determine whether, or in what situations, an employer systematically informs individuals of the uses and disclosures that are made of employment records about them. The Commission, in sum, recommends:

Recommendation (1):

That an employer periodically and systematically examine its employment and personnel record-keeping practices, including a review of:

(a) the number and types of records it maintains on individual employees, former employees, and applicants;

(b) the items of information contained in each type of employment record it maintains;

(c) the uses made of the items of information in each type of record; (d) the uses made of such records within the employing organization;

(e) the disclosures made of such records to parties outside the employing organization; and

(f) the extent to which individual employees, former employees, and applicants are both aware and systematically informed of the uses and disclosures that are made of information in the records kept about them.

Once having initiated such a program, an employer should be in a position to improve, articulate, and communicate to its employees both its privacy protection policies and its internal arrangements for assuring that these policies are consistently observed.


Although consenting to the divulgence of information about oneself can have little meaning for an individual who needs a job, an employer's adherence to a fair information practice policy can alleviate an applicant or employee's sense of uncontrolled exposure to intrusion on his personal privacy. The preliminary health questionnaire used by the IBM Corporation, for example, includes a detailed explanation of its purpose.24 The Cummins Engine Company's employee profile form, a copy of which is routinely sent to all employees, lists all possible users within the corporation, tells which information on the form goes to which users, and invites employees to address questions to the record system manager or the personnel office.25 Other employers follow similar procedures.26

If, however, a category of employment records is not shared with applicants and employees as a matter of policy, prevailing practice appears to be for employers not even to inform employees that such a category of records exists. Some employers indicated to the Commission that employees, in their opinion, have no legitimate interest in knowing of the existence of certain records, such as evaluations of employee "potential" used for management planning or records associated with security investigations.27 This position is hard to defend, since it argues for record-keeping systems whose very existence may be concealed, a posture with respect to minimum standards of fairness in personal-data record keeping that even the investigative agencies of the Federal government have not vigorously put forward. Nonetheless, there are many who will still try to defend it.

In the Commission's view, an employer's fair information practice policy must recognize eight basic obligations:

(1) to limit the employer's collection of information about applicants and employees to matters that are relevant to the particular decisions to be made and to avoid items of information that tend to stigmatize an individual unfairly. This can be a difficult judgment to make as there is little agreement on the characteristics that suit an individual to a particular job. The J.C. Penney Company has recently made an interesting attempt to limit its information collection to relevant items, and as a result, the firm's new employment application no longer asks about such things as leisure activities, military history, convictions (except for specific offenses), physical or mental condition, or alien status.28

(2) to inform all applicants, employees, and former employees with whom it maintains a continuing relationship (such as retirees) of all uses that may be made of the records the employer keeps on them. This makes it possible for individuals to understand the record-keeping aspects of their employment relationships and thus, as indicated earlier, to alleviate any sense tip--.. may leave of uncontrolled intrusion on their personal privacy.

(3) to not' employees of each type of record that may be maintained on them, including records that are not available to them for review and correction, so that employees need riot fear that hidden sources of information are contributing to decisions about them

(4) to institute and publicize procedures for assuring that individually identifiable employment record, are (a) created, used, and disclosed according to consistently followed procedures; (b) kept as accurate, timely, and complete o., necessary to assure that they are not the cause of unfairness in decisions made on the basis of them; and (c) disclosed within and outside of the employing organization only according to stated policy;

(5) to institute and publicize a broadly applicable policy of letting employees see, copy, correct, or amend, and if necessary, dispute individually identifiable information about themselves in the employer's records;

(6) to monitor the internal flow of individually identifiable employee record information, so that information is available only as actually needed according to clearly defined criteria;

(7) to regulate external disclosures of individually identifiable employee-record information in accordance with an established policy of which employees are made aware, including specific routine disclosures such as disclosures of payroll tax information to the Internal Revenue Service and disclosures made without the employee's authorization in response to specific inquiries or requests to verify information about him; and

(8) to assess its employee record-keeping policies and practices, at regular intervals, with a view to possibilities for improving them.

In sum, as an overall framework for addressing fair information practice concerns in the employment relationship, the Commission recommends:

Recommendation (2):

That an employer articulate, communicate, and implement fair information practice policies for employment records which should include:

(a) limiting the collection of information on individual employees, former employees, and applicants to that which is relevant to specific decisions;

(b) informing employees, applicants, and former employees who maintain a continuing relationship with the employer of the uses to be made of such information;

(c) informing employees as to the types of records that are being maintained on them;

(d) adopting reasonable procedures to assure the accuracy, timeliness, and completeness of information collected, maintained, used, or disclosed about individual employees, former employees, and applicants;

(e) permitting individual employees, former employees, and applicants to see, copy, correct, or amend the records maintained about them;

(f) limiting the internal use of records maintained on individual employees, former employees, and applicants;

(g) limiting external disclosures of information in records kept on individual employees, former employees, and applicants, including disclosures made without the employee's authorization in response to specific inquiries or requests to verify information about him; and

(h)providing for regular review of compliance with articulated fair information practice policies.