Home | Databases | WorldLII | Search | Feedback Australian Law Reform Commission - Reform Journal

SaratChandran, Priya --- "Workplace Privacy and CSR" [2005] ALRCRefJl 30; (2005) 87 Australian Law Reform Commission Reform Journal 49

Reform Issue 87 Summer 2005/06

This article appeared on pages 49 – 53 of the original journal.

Workplace privacy and CSR

By Priya SaratChandran*

The widespread use of surveillance and other privacy-invasive practices in the workplace was the subject of the Victorian Law Reform Commission’s (VLRC’s) workplace privacy reference, which recently concluded with the release of its final report in October 2005.

The VLRC considered the benefits and risks posed by a wide range of potentially privacy-invasive practices, including all forms of surveillance, Internet and email monitoring, medical, alcohol and drug, psychological and genetic testing, and searching of workers.

What is the link between workplace privacy and corporate social responsibility? The answer depends on what ‘corporate social responsibility’ is taken to describe. One submission to the Parliamentary Joint Committee on Corporations and Financial Services (PJCCFS) inquiry describes CSR as a term ‘used to broadly describe a view of corporate governance which advocates the pursuit by companies of a broader range of objectives than simple profit-making’.¹ Both the ‘range of objectives’ and the mode of ‘pursuit’ can vary markedly between definitions. Some are general and describe managing ‘business processes to produce an overall positive impact on society’.² Other definitions of CSR specifically identify objectives such as ‘a continuing commitment by business to behave ethically and contribute to economic development while improving the quality of life of the workforce and their families as well as of the local community and society at large’.³

I would argue that workplace privacy is relevant to a number of objectives contemplated by CSR.

Workplace privacy as a human right

In the context of workplace privacy, the link between CSR and compliance with internationally recognised human rights is clearly established under the principles contained in the United Nations Global Compact. The first two principles of this voluntary initiative state:

• Principle 1: Businesses should support and respect the protection of internationally proclaimed human rights; and

• Principle 2: make sure that they are not complicit in human rights abuses.⁴

The treatment of privacy within a human rights framework is an approach mirrored in the United Nations Universal Declaration of Human Rights⁵ and the Council of Europe’s Convention for the Protection of Human Rights and Fundamental Freedoms.⁶ Rights to privacy are also contained in various constitutional bills of rights.⁷

The VLRC adopts a human rights approach in its final report, rather than relying on a CSR rationale, but the approaches are not inconsistent. Where corporate social responsibilities are taken to extend to human rights, workplace privacy must be seen as forming part of these obligations. The UN Global Compact and the UN Norms on the Responsibilities of Transnational Corporations and other Business Enterprises with Regard to Human Rights⁸ establish that even though states have the primary responsibility to ensure protection of human rights ‘transnational corporations and other business enterprises, as organs of society, are also responsible for promoting and securing the human rights set forth in the Universal Declaration of Human Rights’.⁹ These international instruments will be of increasing relevance to the Australian domestic context as some states and territories towards establishing domestic human rights jurisdictions (for example, the ACT’s Human Rights Commission Act 2005 and the establishment of a Victorian Human Rights Consultation Committee).

Workplace privacy as a social value

It is clear that Australians regard privacy as an important social value.¹⁰ The VLRC recognises that the right to privacy is a fundamental human right recognised in international law. But human rights are individually based rights. It is the VLRC’s view that privacy rights direct our attention to the importance of autonomy and dignity in the everyday lives of individuals, and also reflects privacy as a value to society as a whole. Questions about how workers’ privacy should be protected are linked to broader questions about the nature of our society and about the aspects of our humanity that should be protected from incursion. From this perspective privacy is a social value—the protection of which becomes a (corporate) social responsibility.

Workplace privacy as a labour right

Consideration of privacy issues invariably intersects with the broader industrial context. Two excellent examples of this can be noted in the areas of anti-discrimination and occupational health and safety (OH&S) laws. Requiring a worker to submit to an alcohol and drug test may constitute a breach of the worker’s privacy. If test results were used to unlawfully discriminate against a worker (for example, if the test is used to detect and discriminate against pregnant women), then anti-discrimination protections would apply. This illustrates how a privacy invasion can lead to a discriminatory outcome.

Placing workers under constant overt surveillance is an example of a potentially privacy-invasive practice that can result in increased levels of worker stress. In a submission to the VLRC, a former call centre worker stated:

‘...eventually the pressure got to me and I could no longer continue. Many other people I spoke to found it stressful to be monitored so heavily.’¹¹

Here a privacy invasive practice leads to a stress-based OH&S issue. The policy flipside is that employers also use overt surveillance to protect the safety of workers, (for example, the use of security cameras in banks).

Given the complex interaction of these laws within the workplace, privacy issues may surface in areas regulated by anti-discrimination and OH&S laws. At the international level, anti-discrimination and OH&S obligations of corporations are expressly reflected in the UN Norms on the Responsibilities of Transnational Corporations and other Business Enterprises with Regard to Human Rights¹² and in the OECD Guidelines for Multinational Enterprises.¹³ As illustrated, workplace privacy practices may be indirectly (and usually reactively) covered by these labour rights and protections.

Workplace privacy as a compliance obligation

While legal and other regulatory obligations may be imposed on corporations, it does not follow that all corporations are necessarily complying with them:

‘Significant anecdotal evidence suggests that where compliance with existing laws...is in strong and direct conflict with short-term financial interests, many organisational decision makers currently chose to prioritise duties regarding profitability above those concerning meeting regulatory requirements. This is particularly the case where penalties for legal and regulatory infringements are minor in comparison with the costs of compliance.’¹⁴

As stated in the PILCH submission to the PJCCFS inquiry, ‘compliance with all applicable legal and regulatory obligations is fundamental to the practice of CSR’.¹⁵ An example of this is contained in the CSR policy of insurance multinational Aviva, which states that it is committed to ensuring that its business ‘is conducted in all respects according to rigorous ethical, professional and legal standards’.¹⁶ If the VLRC’s workplace privacy model was adopted, corporations operating in Victoria would have to include it as part of their general compliance obligations.

Whether it is regarded as a human right, social value, labour right or as a compliance obligation, workplace privacy clearly has a place within a corporation’s broader corporate social responsibilities. If we accept the link between workplace privacy and CSR, what do the VLRC’s recommendations mean for employers/corporations in practical terms?

Why regulate workplace privacy?

VLRC consultations revealed that employers used surveillance to protect property and control computer equipment, measure performance and productivity, reduce the risk of legal liability, gather evidence relevant to legal issues and maintain safety and security.¹⁷

Unions informed the VLRC that the use of such practices led to concerns about workers’ autonomy and dignity being undermined; lack of transparency about what practices were being used and why; practical difficulties in workers’ ability to withhold consent to such practices’ the blurring of the distinction between workers’ private and working lives; and potential discrimination.¹⁸

The VLRC found that the existing legal regime was inadequate in balancing the interests of workers and employers. The patchy nature of existing laws and the permeation of various technologies into the market had resulted in lack of guidance for both employers and workers. The VLRC was also concerned about the overall social effect of technology on workers’ lives and rejected the notion that worker consent was a sufficient safeguard. The VLRC found that the inconsistent level of protection offered to workers by existing laws and employers was insufficient, and necessitated direct government regulation.¹⁹

Proposed regulatory regime

The VLRC recommended that a Workplace Privacy Act be enacted and administered by an independent regulator.²⁰ The main concepts underpinning the proposed regulatory model were the need to balance the interests of workers and employers and to match the regulatory response to the seriousness of the privacy intrusion.

In the VLRC’s draft Bill, an obligation is placed on employers not to unreasonably breach the privacy of workers, and a set of principles is included to clarify the nature of the obligation. This includes establishing that the use of a practice is for a purpose directly connected to the business and is proportionate to the risk being managed. Adequate safeguards must be instituted and workers must be informed and consulted.

The principles are supplemented by codes of practice, setting out the practical detail for employers and workers. If a worker makes a complaint about an employer’s use of a practice, compliance with an advisory code can be a defence to the claim. Examples of practices covered by advisory codes include overt surveillance, psychological and medical testing and searching of workers.

Mandatory codes of practice cover practices involving more serious invasions of privacy such as covert surveillance and alcohol and drug testing. Covert surveillance involves an element of entrapment because it does not provide workers the opportunity to modify or change their behaviour. Alcohol and drug testing involves the removal, often by non-medical personnel, of bodily samples from a worker. It is also a form of testing that is being used with increasing frequency within the workplace. Employers must comply with the requirements of a mandatory code in order to defend a complaint against these practices.

Finally, the VLRC has recommended a complete ban on the surveillance of workers in toilets, washrooms, change rooms and lactation rooms. Such practices demean a worker’s autonomy and dignity, and represent an intrusion that is totally unacceptable by community standards.

If the VLRC’s recommendations were adopted, corporations would be required to meet their workplace privacy obligations pursuant to the Workplace Privacy Act as part of their compliance obligations. Such regulation would also have implications for a corporation’s broader corporate social responsibilities in upholding internationally protected human rights, labour rights and community-based social values.

Regulatory parallels

A number of interesting parallels can be drawn between the VLRC’s recommendations on workplace privacy and the current debate about whether to regulate the social responsibilities of corporations. In formulating its recommendations to the Victorian Attorney-General, the VLRC grappled with similar philosophical and regulatory considerations about whether or not to legislate, and if so, how? Such questions invariably arise when dealing with policy areas that have been historically under or de-regulated.

Do corporations have social responsibilities?

A recurrent question that arises in the CSR debate is the so-called ‘amoral’ character of the corporation. Does corporate expenditure incurred without the sole aim of profit-maximisation amount to ‘spending someone else’s money for the general social interest’²¹ or should this be a power that lies solely with the government?²² Persuasive arguments exist about corporations taking into account the broader competitive context (which include social and environmental responsibilities that impact on the reputation and long-term sustainability of a corporation).²³ In deciding to recommend direct regulation of workplace privacy, the VLRC has implicitly determined that corporations are not ‘amoral’, but owe clear social and moral responsibilities to their workforce.

‘Regulation’ by market forces?

In reaching this conclusion the VLRC considered whether market regulation was sufficient or whether government regulation of workplace privacy was warranted. Some employer representatives consulted by the VLRC argued that regulation of practices was not required except where an identifiable market failure had occurred.²⁴ According to this argument, where unsavoury workplace privacy practices detracted from the attractiveness of the business, market pressures would force the employer to modify or dispense with such practices.

With the exception of a few examples of consumer-driven change (for example, Nike outworker practices), the VLRC concluded that for the vast majority for corporations the interplay of market forces did not ‘correct the use of technologies, imbalances of power and inequalities in demand, which resulted in different levels of protections for different workers.²⁵ As such the VLRC rejected the market failure argument, favouring instead direct government regulation. This parallels arguments by advocates for legally mandated CSR. The rationale is summed up by Professor David Vogel of the Hass School of Business, University of California, Berkeley who says of regulating corporate social responsibility:

‘Civil and government regulation both have a legitimate role to play in improving public welfare. The former reflects the potential of the market for virtue, the latter recognizes its limits.’²⁶

Other forms of regulation

Some advocates for legally mandated CSR have suggested amending directors’ duties to allow directors to place long-term values (social responsibilities to workers, communities and the environment) ahead of shareholder’s short-term returns.²⁷ As the current CSR framework is voluntary in nature, ‘top-down’ adherence to such regulatory requirements by directors and management of companies is not necessarily guaranteed. Legislative amendments of the kind suggested would provide an added compliance mechanism for legal obligations such as those proposed under the workplace privacy regulatory regime.

In terms of approach, in recommending the regulation of the actual ‘practices’ that could lead to privacy invasive outcomes, the VLRC does not separate out or protect commercial activities from moral and social responsibilities but rather combines them. Unlike some CSR approaches, moral and social responsibilities such as workplace privacy are not made peripheral to profit-making functions. Instead the way in which business functions are carried out becomes integral to the meeting of these responsibilities.

The VLRC also had to grapple with the primacy of profit making versus other competing interests (social and ethical responsibilities). In the context of workplace privacy neither profit making (productivity) nor privacy as a human right could be considered ‘absolute’ rights. Instead the VLRC adopted a ‘balancing of interests’ approach, which allowed for a differentiated regulatory response to the complexities of the numerous interests at stake. Given that the regulation of corporate social responsibilities shares a similar context, the VLRC’s balancing of interests approach achieved through an escalating model may be usefully considered within the corporate social responsibility regulatory debate.

Where to for workplace privacy?

The VLRC’s report is being considered by the state government and the Victorian Attorney-General has foreshadowed he would bring it before the Standing Committee of Attorneys-General with the aim of achieving national consistency on issues such as workplace surveillance. A push towards national consistency in this area would clearly affect the corporate social responsibilities of businesses with national operations.

We will have to wait and see what the final form workplace privacy regulation will take in Victoria, and nationally. However, in the event that workplace privacy regulation is adopted, and with the convergence of domestically-based human rights regulation with links to international instruments, this will have clear implications for governance fields such as CSR. Could it offer us a glimpse of an emerging, inter-connected human rights-based corporate jurisprudence?

Ms SaratChandran is a Policy & Research Officer with the Victorian Law Reform Commission.

The views expressed are the author’s, and do not represent the views of the Commission, except where expressly noted.

The author wishes to thank Tamar Primoratz for her research assistance.

Endnotes

1. Public Interest Law Clearing House (PILCH) Corporate Social Responsibility and the Corporation Act 2001—A Discussion in Relation to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Social Responsibility, 5.

2. See <www.mallenbaker.net/csr/CSRfiles/definition.html>.

3. World Business Council for Sustainable Development, Corporate Social Responsibility: Making good business sense (2000), at www.wbcsd.org/web/publications/csr2000.pdf at 21 December 05.

4. www.unglobalcompact.org/AboutTheGC/TheTenPrinciples/index.html at 21 December 05.

5. Article 12 states, ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interferences or attacks’.

6. Article 8 states ‘(1) Everyone has the right to respect his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, or the protection of health or morals, or for the protection of the rights and freedoms of others’.

7. For a report on countries whose citizens have express constitutional rights to privacy or bills of rights containing rights to privacy see M Rotenberg and C Laurant, Privacy and Human Rights 2000: An International Survey of Privacy Laws and Development (2000) <www.privacyinternational.org/survey> at 22 August 2005.

8. <www.unhchr.ch/huridocda/huridoca.nsf/(Symbol)/E.CN.4.Sub.2.2003.12.Rev.2.En?Opendocument> at 21 December 05.

9. Ibid.

10. See, eg, Roy Morgan Research, Community Attitudes Towards Privacy 2004 (2004).

11. See Victorian Law Reform Commission Workplace Privacy Issues Paper (2002), Submission 5.

12. See B (2) ‘Right to equal opportunity and non-discriminatory treatment’ and D (7) ‘Rights of Workers’ on the provision of a safe and healthy working environment.

13. See IV ‘Employment and Industrial Relations’, 1(d) and 4(b).

14. Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005, 1.

15. Public Interest Law Clearing House (PILCH) Corporate Social Responsibility and the Corporations Act 2001—A Discussion Paper in Relation to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Social Responsibility, 1.

16. See Aviva’s CSR policy at <www.aviva.com/index.asp?pageid=101> at 21 December 05.

17. For employer perspectives see Victorian Law Reform Commission, Workplace Privacy Options Paper (2004), 3.9–3.47.

18. For worker perspectives see ibid, 3.52–3.101.

19. For detail on the VLRC’s findings see Victorian Law Reform Commission Workplace Privacy Final Report (2005).

20. For detail on the proposed regulatory regime and the draft Bill see ibid, ch 3 & 4, Appendix 5.

21. M Friedman, ‘The Social Responsibility of Business is to Increase Profits’, New York Times (Magazine), 13 September 1970 as quoted in Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005, 5.

22. Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005, 5.

23. See M Porter and M Kramer ‘The Competitive Advantage of Corporate Philanthropy’, Harvard Business Review Reprint RO212D (2002) quoted in Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005 5 and the Monash University Department of Business Law and Taxation Submission as quoted in Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005, 7.

24. See Victorian Law Reform Commission Workplace Privacy Final Report (2005), 30.

25. Ibid, 31.

26. D Vogel, ‘The Limits of the Market for Virtue’, Ethical Corporation, September 2005, 44-6 quoted in Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005, 6.

27. Monash University Department of Business Law and Taxation Submission as quoted in Futureye, Submission to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Responsibility, 4 November 2005, 7. See also Public Interest Law Clearing House (PILCH) Corporate Social responsibility and the Corporation Act 2001—A Discussion in Relation to the Parliamentary Joint Committee on Corporations and Financial Services Inquiry into Corporate Social Responsibility.