ETHICS & VALUES IN BUSINESS

CHAPTER 6 - Privacy
INTRODUCTION
Employers today would scarcely dare to intrude so openly into the private lives of their
employees. Among the tools available to present-day employers are quick and inexpensive drug
tests, pencil-and-paper tests for assessing honesty and other personality traits of employees,
extensive computer networks for storing and retrieving information about employees, and
sophisticated telecommunication systems and concealed cameras and microphones for
supervising employees’ work activities.
Consumers have joined employees as targets for information gathering by American
corporations. The same surveillance techniques that are used to monitor employees are now used
to detect theft by store customers. Video cameras are commonplace in retail stores, and some
retailers have installed hidden microphones as well. The main threat to consumer privacy comes
from the explosive growth of database marketing. The countless bits of information that
consumers generate in each transaction can now be combined in vast databases to generate lists
for direct-mail and telemarketing solicitations. Public records, such as automobile registrations
and real-estate transfers, are also readily available sources of information for the creation of
specialized lists. The collection of information about users of the Internet, which is in its infancy,
has immense potential for marketers.
CHALLENGES TO PRIVACY
Privacy has become a major issue in government and business in recent years for many reasons.
One is simply the vast amount of personal information that is collected by government agencies.
The need to protect this information became especially acute after the passage of the Freedom of
Information Act (FOIA) in 1966.
Employee Privacy
Government is not the only collector of information. Great amounts of data are required
by corporations for the hiring and placement of workers, for the evaluation of their
performance, and for the administration of fringe-benefit packages, including health
insurance and pensions. Private employers also need to compile personal information about
race, sex, age, and handicap status in order to document compliance with the law on
discrimination. In addition, workers’ compensation law and occupational health and safety
law require employers to maintain extensive medical records. Alan F. Westin, an expert on
privacy issues, observes that greater concern with employee rights in matters of discrimina-
tion and occupational health and safety has had the ironic effect of creating greater dangers to
employees’ right of privacy.
WORKPLACE MONITORING.
Monitoring the work of employees is an essential part of the supervisory role of management,
and new technologies enable employers to watch more closely than ever before, especially when
the work is done on telephones or computer terminals. Supervisors can eavesdrop on the
telephone conversations of employees, for example, and call up on their own screens the input
and output that appear on the terminals of the operators. Hidden cameras and microphones can
also be used to observe workers without their knowledge. A computer record can be made of the
number of telephone calls, their duration, and their destination. The number of keystrokes made
by a data processor, the number of errors and corrections made, and the amount of time spent
away from the desk can also be recorded for use by management. Even the activities of truck
drivers can be monitored by a small computerized device attached to a vehicle that registers
speed, shifting, and the time spent idling or stopped.
Companies claim that they are forced to increase the monitoring of employees with these
new technologies as a result of the changing nature of work. More complex and dangerous
manufacturing processes require a greater degree of oversight by employers.
Although the information gained is generally held in confidence, it is available for company use
when an employee files a workplace injury claim or sues for discrimination, wrongful discharge,
or any other wrong. In some instances, employers have used the threat of revealing unrelated
embarrassing information in court to dissuade employees from pressing a suit.

PSYCHOLOGICAL TESTING.
One particular area of concern has been psychological testing. Tests that measure job-related
abilities and aptitudes have raised little opposition. However, employers have increasingly come
to recognize that an employee’s psychological traits are important, not only for predicting
successful job performance but also for identifying potentially dishonest and troublesome
employees.
This latter goal is the appeal of integrity tests. Large numbers of honest people are denied jobs
and suffer a stigma because of faulty testing, and a few rogues slip through. One benefit of
integrity tests, therefore, may be to enable employers to recruit a work force that will tolerate
shabby treatment without retaliating.
Consumer Privacy
Concern about consumer privacy has focused primarily on the gathering and use of information
in database marketing. Businesses have discovered that it pays to know their customers.
However, the main value of a database of consumer information lies in the capacity to generate
customized mailing lists. If a company can identify the characteristics of potential customers by
age, income, lifestyle, or other measures, then a mailing list of people with these characteristics
would enable the seller to reach these customers at relatively low cost. Such targeted selling,
known as direct mail, is also potentially beneficial to consumers, because a customized mailing
list is more likely to produce offers of interest to consumers than is a random mailing.
The growth in database marketing has been facilitated by computer technology, which is
able to combine data from many sources and assemble them in usable form. For example, by
merging information about an individual with census data for that person’s zip-code-plus-four
area, it is possible to make reliable inferences about income, lifestyle, and other personal charac-
teristics.
ISSUES IN CONSUMER PRIVACY.
One issue in the use of databases to generate mailing lists is
the right of control over information. If we reveal some information about ourselves to a
company, does that company “own” the information? For example, does a magazine have a right
to sell a list of its subscribers to a direct marketer? We voluntarily provide our name and address
to the magazine for the purpose of obtaining a subscription, just as we reveal our annual income
to a bank in order to obtain a loan. These are examples of the primary use of information. The
use of information for some other purpose is labeled secondary.
Other issues concern access to information and potential misuse. Although an individual’s
annual income is generally regarded as personal; people may not be upset to learn that this infor-
mation is used to generate a mailing list—as long as no one has access to the information itself.
Ethical questions about employee and consumer privacy are unavoidable because obtaining and
using personal information is essential in both employment and marketing.
But everyone has a legitimate interest in maintaining a private life that is free from unwarranted
intrusion by business.

THE MEANING AND VALUE OF PRIVACY

A definition of privacy has proven to be very elusive. After two years of study, the members of
the Privacy Protection Study Commission were still not able to agree on one. Much of the
difficulty is due to the diverse nature of the many different situations in which claims of a right
of privacy are made.
The literature contains many attempts to elucidate privacy as an independent right that is not
reducible to any other commonly recognized right. The literature contains many attempts to
elucidate privacy as an independent right that is not reducible to any other commonly recognized
right. Three definitions in particular merit examination. One, which derives from Warren and
Brandeis and finds expression in Griswold v. Connecticut, holds that privacy is the right to be
left alone—the most comprehensive of rights and the right most valued by civilized men.
Thus, cases in which companies refuse to hire smokers are better analyzed as limitations of
liberty rather than invasions of privacy.
A second definition of privacy is defined as control over information about ourselves. According
to Alan F. Westin, “Privacy is the claim of individuals to determine for themselves when, how,
and to what extent information about them is communicated to others.”
A third, more adequate definition of privacy holds that a person is in a state of privacy
when certain facts about that person are not known by others.

Utilitarian Arguments
Why do we value privacy so highly and hold that it ought to be protected as a right? Certainly,
we desire to have a sphere of our life in which others do not possess certain information about
us. But the mere fact that we have this desire does not entail our having a right of privacy; nor
does it tell us how far a right of privacy extends. Some arguments are needed, therefore, to
establish the value of privacy and the claim that we have a right to it.
One of the consequences cited by utilitarians is that great harm is done to individuals when
inaccurate or incomplete information collected by an employer is used as the basis for making
important personnel decisions. The lives of many employees have been tragically disrupted by
groundless accusations in their personnel records, for example, and the results of improperly
administered polygraph and drug tests. The harm from these kinds of practices is more likely to
occur and to be repeated when employees are unable to examine their files and challenge the
information (or misinformation) in them.
A drawback to this argument is that it rests on an unproved assumption that could turn
out to be false. It assumes that on balance more harm than good will result when employers
amass files of personal information, use polygraph machines, conduct drug tests, and so on.
Furthermore, the argument considers only the possible harmful consequences of privacy
invasions. However, some practices, such as observing workers with hidden cameras and
eavesdropping on business conducted over the telephone, are generally considered to be morally
objectionable in themselves, regardless of their consequences. Honest workers, for example,
have nothing to fear from surveillance that is designed to protect against employee theft, and
indeed the use of hidden cameras in a warehouse can even benefit those who are honest by
reducing the possibility of false accusations.

Expanding The Scope of Consequences.

Monitoring and surveillance in the workplace, for example, affect job satisfaction and the sense
of dignity and self-worth of all workers. They send a message to employees that they are not
trusted and respected as human beings, and the predictable results are a feeling of resentment and
a decline in the satisfaction of performing a job.
Privacy and Identity
Some writers argue that privacy is of value because of the role it plays in developing and
maintaining a healthy sense of personal identity. According to Alan F. Westin, privacy enables
us to relax in public settings, release pent-up emotions, and reflect on our experiences as they
occur—all of which are essential for our mental well-being. A lack of privacy can result in
mental stress and even a nervous breakdown.

Kantian Arguments
Two Kantian themes that figure prominently in defense of a right to privacy are those of
autonomy and respect for persons. Stanley I. Benn, for example, notes that utilitarian arguments
for a right of privacy are not able to show what is morally wrong when a person is secretly
observed without any actual harm being done. “But respect for persons,” Benn claims, “will
sustain an objection even to secret watching, which may do no actual harm at all.” Benn’s
argument thus appeals to both Kantian themes by arguing that invading a person’s privacy
violates the principle of respect for persons and prevents a person from making a rational choice
as an autonomous being.
The Role of Privacy in Socialization
Several philosophers have suggested that the key to a more satisfactory theory of privacy can be
constructed by understanding the way in which individuals are socialized in our culture.34
Privacy, in the view of these philosophers, is neither a necessary means for realizing certain ends
nor conceptually a part of these ends. People at different times and places have been socialized
differently with regard to what belongs to the sphere of the private, and we might even be better
off if we had been socialized differently.
Both utilitarian and Kantian arguments point to a key insight: Privacy is important in some
way to dignity and well-being.
Both utilitarian and Kantian arguments point to a key insight: Privacy is important in some
way to dignity and well-being.

THE PRIVACY OF EMPLOYEE RECORDS

The arguments in the preceding section show that privacy is of such sufficient value that it ought
to be protected. There are many instances, however, in which other persons and organizations are
fully justified in having personal information about us and thereby in intruding into our private
lives. The task of justifying a right of privacy, then, consists not only in demonstrating the value
of privacy but also in determining which intrusions into our private lives are justified and which
are not.
Let us consider the issues that must be addressed in developing the case for a right of privacy in
employee records and in formulating a company privacy protection plan for these records.
Among the issues are the following:
1. The kind of information that is collected.
2. The use to which the information is put.
3. The persons within a company who have access to the information.
4. The disclosure of the information to persons outside the company.
 5. The means used to gain the information.
6. The steps taken to ensure the accuracy and completeness of the information.
7. The access that employees have to information about themselves.
The first three issues are closely related, because the justification for an employer’s possessing
any particular kind of information depends, at least in part, on the purpose for which the
information is gathered. An invasion of employee privacy is justified, however, only when the
information is used for the intended purpose by the individuals who are responsible for making
the relevant decisions.
Companies are generally justified in maintaining medical records on employees in order to
administer benefit plans, for example, and to monitor occupational health and safety. If these are
the purposes for which a company gathers this kind of information, then it follows that (1) only
medical information that is essential for these purposes can be justifiably collected; (2) only
those persons who are responsible for administering the benefit plans or monitoring the health
and safety of employees are justified in having access to the information; and (3) these persons
must use the information only for the intended purposes. There are three corresponding ways in
which employees’ right of privacy can be violated. These are when (1) personal information is
gathered without a sufficient justifying purpose; (2) it is known by persons who are not in a
position that is related to the justifying purpose; and (3) persons who are in such a position use
the information for other, illegitimate purposes.
WHAT JUSTIFIES A PURPOSE?
There is considerable room for disagreement on the questions of whether any given purpose is a
legitimate one for a business firm to pursue, whether a certain kind of information is essential for
the pursuit of a particular purpose, and whether the information is in fact being used for the
intended purpose.
RESOLVING DISAGREEMENTS ABOUT PURPOSE
Employers must be able to acquire the information necessary for complying with legal
requirements about taxes, social security, discrimination, health and safety, and the like. As a
result, employers are justified in asking potential employees about their educational background,
past employment, and so on, but not, for example, about their marital status, because this
information is not necessary in order to make a decision about hiring.
Disclosure to Outsiders
The fourth issue—concerning the disclosure of personal information to persons outside a
company—arises because of the practice, once very common, of employers sharing the content
of personnel files with landlords, lending agencies, subsequent employers, and other inquiring
persons without the consent of the employees involved.
The Means Used to Gather Information
Justifying the means used to gather information, which is the fifth issue, involves a different set
of considerations. Use of certain means may violate an employee’s right of privacy, even when
the information gathered is of a kind that an employer is fully justified in possessing. Examples
of impermissible means are polygraph testing and pretext interviews.
In general, less intrusive means are morally preferable to those that are more intrusive.

Employers are justified in seeking information about drug use by employees in the workplace,
for example, but such means as searches of lockers and desks, hidden cameras in rest rooms,
random drug tests, and the like are not justified when sufficient information could be gathered by
less intrusive means, such as closer observation of work performance and testing only for cause.
An objection to constant monitoring, personality tests, and the use of polygraph machines is that
they collect more information than is necessary and that they collect it indiscriminately. As a
person, one can shape how one appears to others and create an identity for oneself. A machine
that registers involuntary responses denies people the power to do that.

Accuracy, Completeness, and Access

The last two issues are concerned primarily with matters of fairness. If the information in
personnel files and other corporate databases is going to be used to make critical decisions about
wage increases, promotions, discipline, and even termination of employment, then it is only fair
that the information be as accurate and complete as possible and that employees have access to
their personnel files so that they can challenge the contents or at least seek to protect themselves
from adverse treatment based on the information in them.
Employers who maintain inaccurate or incomplete files and deny employees access to them
are not invading the privacy of their employees, as the concept of privacy is commonly defined.
What is at issue is not the possession of personal information by an employer but its use in ways
that are unfair to employees. The right that employers violate is a right of fair treatment, which is
not the same as a right of privacy.
PRIVACY ON THE INTERNET
A 1999 study found that 92.8 percent of the websites surveyed collected at least one
piece of personal information, such as name and e-mail address, and 56.8 percent collected at
least one type of demographic data, such as age, gender, or zip code. Only 6.6 percent of these
sites collected no information. Some information is provided overtly by the user as a condition
of making a purchase or gaining access to Web pages. Other information is obtained covertly,
without the user’s knowledge or consent.
What’s Wrong with Information Collection?
Although consumers may feel a lack of privacy when browsing the Internet, is this feeling well-
grounded? Scott McNealy, the chairman and CEO of Sun Microsystems, once remarked, “You
have zero privacy anyway. Get over it!”47 Much of the information compiled is publicly
available; the Internet only makes its compilation easier and cheaper than in the past. Moreover,
we give up a great deal of information in order to enjoy the benefits of Internet commerce, and
so perhaps some loss of privacy is a trade-off that we voluntarily make.
Principles for Protecting Privacy
The Federal Trade Commission list of five principles is representative of the many documents on
Internet privacy.
1. Notice/Awareness. Disclose the identity of the collecting party, the information
collected, the means for collecting it, and the uses to which the information will be put.
2. Choice/Consent. Provide a mechanism for choosing whether to allow information to be
collected.
3. Access/Participation. Allow consumers access to the information collected about them
and the opportunity to contest the accuracy or completeness of the data.
4. Integrity/Security. Inform users of the steps taken to protect against the alteration,
misappropriation, or destruction of data and of the action that will be taken in the event of a
breach of security.
5. Enforcement/Redress. Assure consumers that the company follows responsible information
practices and that there are consequences for failing to do so.
Although substantial agreement exists on these five principles, much depends on their
interpretation and implementation.
Implementing Internet Privacy
Principles are of little value if they cannot be successfully implemented, and the Internet presents
unique challenges for implementation. Its decentralized, democratic structure makes centralized,
authoritarian approaches ineffective, as does its global reach. Because the Web is worldwide, so
too must be any successful regulatory scheme.
The most promising technology follows Lessig’s suggestion of creating an electronic butler
or a Cyber-Jeeves. This is a software program that would allow a user to answer a few questions
about the desired features of a website’s privacy policy and then determine whether sites to be
visited fit the user’s preferences. Such software is the goal of the Platform for Privacy
Preferences Project (P3P), which is being conducted by the World Wide Web Consortium. If
installed on most personal computers, a Cyber-Jeeves would force websites to adopt the privacy
policies that the majority of Internet users desire.

Finding the right means is a great challenge to business firms which must meet employee
and consumer expectations as they utilize new technologies. More than many business ethics
problems, protecting privacy requires a coordinated solution involving many parties. Until a
solution is found, though, the focus of businesses will remain on developing and implementing
privacy policies.