582 Part IV • The Information Management System
posted on a government Web site (Berman, 2003).
Embarrassing personal messages, as well as sensitive
information such as social security numbers, were among
the data posted.
According to an American Management Association
survey released in 2000, nearly three-quarters of employers
record employee Web use, voice mail, e-mail, or phone
calls; review computer files; or videotape workers.
Moreover, up to a quarter of companies that spy do not tell
their employees (Associated Press, 1997). The only federal
law that limits employer surveillance is the 1986 Electronic
Communications Privacy Act, which bans employer eaves-
dropping on spoken personal conversations.
Companies do not want their employees to waste
company time and resources on inappropriate activities
such as personal online shopping, chatting with friends,
gambling online, or visiting pornographic Web sites.
Moreover, managers can be held accountable for certain
illegal activities of employees even if they do not know
that these activities are taking place, so companies often
monitor employees in self-defense. For example, a single
offensive e-mail message circulated around the office by a
single employee can pose a liability risk for the company
(Nusbaum, 2003). For practical as well as ethical reasons,
it is important that the company policies for monitoring
employee activities and communications be carefully
considered and that they be clearly communicated to
company employees.
Ethics of Invasion of Privacy
It seems that invasion of privacy is unethical, for if you
invade someone’s privacy you are not treating that person
as you would want to be treated. However, some argue that
in some cases the resulting good can exceed the harm that
has been caused. This, of course, can be tricky as it might
be very difficult to accurately value the harm caused by a
loss of privacy, and it is common to ignore or to undervalue
the potential harm to others.
Laws on Privacy
In the United States, there is no comprehensive legal
right to privacy, but there is a great deal of legislation
that purports to offer some privacy protection. For exam-
ple, the following privacy laws were in existence by the
new millennium (Baron, 2000):
- The Fair Credit Reporting Act regulates the disclo-
sure of credit application data and credit histories. - The Privacy Act restricts a government agency from
gathering information for one purpose and using it for
another purpose or sharing it with another government
agency. For example, the IRS has been prohibited from
sharing income tax information with other agencies.- The Family Education Rights and Privacy Act pro-
tects the privacy of students by restricting access to
their student grade and disciplinary information. - The Electronic Communications Privacy Act pro-
hibits unauthorized access to e-mail. - The Video Protection Privacy Act prohibits video-
tape service providers from disclosing information
about video rentals. - The Driver’s Privacy Protection Act prohibits states
from selling driver’s license information. - The Health Insurance Portability and Accountability
Act protects your personal health information from
unauthorized disclosure. - The Children’s Online Privacy Protection Act pro-
hibits collecting information from children under the
age of 13 unless their parents authorize it.
In total, these federal laws provide a great deal of
protection in certain areas. Student information, electronic
medical information, and electronic communications are
reasonably well protected. However, although several
federal laws relate to protection of financial data, the total
result is not very impressive. The key financial data protec-
tion law is the Gramm-Leach-Bliley Act (GLBA), which
purports to protect the privacy of information collected by
financial institutions, but this protection is quite limited.
Furthermore, there is no federal protection of the privacy
of information collected by other businesses such as
merchants.
Financial institutions—businesses that engage in
banking, credit card issuing, insuring, stocks and bonds,
financial advice, and investing—often buy and sell the
information that they collect on you. The GLBA provides
limited privacy protections against the sale of this private
financial information as follows (this information comes
from the Web sites of the American Civil Liberties Union
and the Federal Trade Commission): - Financial institutions must develop precautions to
ensure the security and confidentiality of customer
records and information and to protect against unau-
thorized access to such records. - Financial institutions must provide the customer
with written notice of their information sharing poli-
cies when he [or she] first becomes a customer and
annually thereafter. - The customer has the right to opt out of sharing his
[or her] information with certain third parties, and
the above privacy policy notice must explain how,
and offer a reasonable way, for the customer to opt
out. However, the customer cannot prevent sharing