Privacy & Data Security
|May 26, 2004 10:38 pm
||re: re: re: Tracking everyone's employment status: Any legal constraints?
| Greg Broiles
My hunch is that your biggest problem in the US is (or might eventually be) the Fair Credit Reporting Act, since that's the dominant federal "privacy" statute applicable in the US. However, saying it's the biggest doesn't mean it's very big.
I expect this would start to be problematic if/when it started being used in a historical fashion - e.g., not just "A works for Bigco today", but "Look at this! A worked at Enron and Arthur Andersen 10 years ago, so he must be a crook! I won't hire him now!"
I expect it would be also problematic if the system stored the (supposed) reasons why someone stopped being employed - e.g., "A got fired from Bigco for smoking pot in the men's room" or "A quit and took the stapler from his desk when he left".
Further, the lack of an entry in the database could be treated as information, which might not be an intended consequence - e.g., "A told me he worked at Bigco five years ago, but that doesn't show up in the database, so he's a liar, and I'm not hiring him/giving him a credit card/letting him go out on a date with my daughter."
From a political/moral perspective, I think that's where all the action is, too. If the purpose (and actual effect) of the system is to enable relatively benign transactions to occur, that most people want to have occurring (e.g., ordering office supplies), only the hardcore complainers will be mad about it. But they're mad about everything, so you'll never get anything done if you listen to them.
On the other hand, if the system is designed for use (or capable of use) beyond that - if it turns into some sort of data mining opportunity, whereby the big computer in the sky knows where I worked and everywhere I ever worked, and I need to be prepared for questioning and/or marketing every time I give someone my name or use my debit card, well, then, that would suck.
In particular, do I want to get kicked out of Circuit City because I live at the same address as someone who works for Good Guys, and they think I'm spying on their prices/store layout?
Do I want to be at a disadvantage, resume-speaking, because I have spent my life being self-employed or working for small companies that are too small to sign up for participation in the big employer database?
Part of what's difficult about this sort of thing is that it's hard for participants (or third party subjects who don't have a lot of choice about whether or not they're included) to know what's going to be done in the future. Maybe you're setting up a system that you honestly intend and foresee that will only store current data, and will only be used to purchase office supplies ... but somewhere down the road, your company gets acquired by Choicepoint or TRW or Doubleclick, and now all of your nice trusted data gets sent straight to the Privacy Death Star.
Ultimately (and technically) a lot of the information you're talking about isn't really "private", from a legal (fourth-amendment flavored) viewpoint, since it's already likely been shared with any number of people who don't have a duty to keep it confidential - e.g., credit grantors, credit reporting agencies, landlords, payroll processing companies, tax preparers, the IRS and state tax agencies, banks, and anyone who sees an employee walking around with their McDonald's uniform shirt on.
Still, it is "personal", even if it's not really private, and people sure do get mad when they feel like their personal space has been violated.
That's my $.02. Not legal advice, not based on research, just off-the-cuff impressions from a privacy nut with a law degree. :)
> Joseph Urban wrote:
> Hello Greg,
>That's relatively accurate. But, DatabaseCo would probably not hold "A's" title and responsibilities at first. This is not meant to be a role-management system.
>Also, all companies are willing participants. And, the user - "A" - doesn't know (or have to know) about the tracking process.
>> Greg Broiles wrote:
>> Would you care to elaborate on the scenario you're describing?
>>I think what you're talking about is this: there's a company, Bigco, who employs A in some capacity. Bigco notifies Databaseco that A is an employee of Bigco, perhaps including details about A's title, responsibilities, etc..
>>Databaseco keeps a big list of employers and employees, so that, for example, if A wants to order some office supplies on behalf of Bigco, OfficeSupplyco can verify independently (through Databaseco) that A is really an employee of Bigco, and is allowed to order office supplies for up to $500, etc.
>>Is that what you mean?
Private Reply to Greg Broiles (new win)