Blog Post 2 – Intrusion Protection - The role of legislation, information technology policy, training, and transparency in privacy.

Print

            Intrusion protection comes from the non-intrusion view of privacy and is the concept of being free from intrusion or being let alone.  The theory was initially proposed in 1890 by Samuel Warren and Louis Brandeis (Tavani, 2007, p. 5).  An example of non-intrusion would be the fourth amendment of the U.S. Constitution, which limits unreasonable search and seizure. 

            Four themes emerged from my research on things your employer could be doing right now to ensure that we are free from intrusion as viewed in the figure below: 

            In terms of suggestion one, there is quite a bit of existing legislation that exists in the United States, providing varying levels of privacy protection.  Some states, like California and their CCPA initiative, are working hard to get up to speed with privacy legislation.  From a constitutional perspective, there is a weak right to privacy (Blair, 2018).  Several federal laws on the books already offer limited privacy protection for employees, including:

Three states, Illinois, Texas, and Washington, have laws prohibiting the interception of any personal communications without obtaining consent (Areheart & Roberts, 2019, pp. 762–762).

            Next up, is the creation of revisiting of written information technology policies.  How many of you work for a company which provides transparent policies to employees?   Research shows supplying clear policies not only mitigates legal threats for companies but leads to acceptance of those employees and a perception of fairness to employees (Tomczak et al., 2018, p. 254).  How many of you work for organizations that might have policies, although might be as clear as mud?  Policies need to be clear and unambiguous, written from a pro-employee perspective, while explaining what expectations employees should have to privacy (Chory et al., 2016, p. 39; Cortini & Fantinelli, 2018, p. 165; Katasabian, 2019, p. 248).  

            Policy for employees needs to be clear in purpose, stating any intent to monitor, applications that may be monitored, and how the corporation deals with the data.  Employers should have a few specific policies with special provisions, including:

  1. BYOD Policy – Including assurances that employers will avoid viewing personal content on devices
  2. Social Network Policies – Allow employees to use their voices and decrease feelings of privacy invasion by specifying what social networking sites are work only, let employees know what behavior is off-limits, let employees know what social media access is acceptable while at work
  3. Email Management Policies – Specify what rules apply to personal email sent from work accounts, rules on accessing private email accounts from work, or what activities are regulated in terms of communications from work devices

            Topic three is changing the way that training is provided to employees.  Does your organization provide awareness training concerning security policy, threats, or safeguards in use at the organization?  Training allows employees to ask questions about these topics in the workplace and should be extended regularly (Blair, 2018, p. 167).  Research by Lee, Lee, and Kim (2016) indicates that trained employees are more willing to participate in an organization’s information sharing and security activities (p. 63).   What if your opinion matches the research of Baxter, Holderness, and Wood (2016) that employees often dislike IT security and privacy training (p. 119)?  You change it up!

            Implementing gamification to training by employing gaming principles to training can improve learning!  Add stories or themes with point training, leaderboards, and achievements, making the experience fun, informative, and less tedious for employees (Baxter et al., 2016, p. 120).  Baxter (2016) demonstrated that gamification of training leads to higher employee satisfaction levels while introducing marginal improvements in overall learning!

            Finally, employers need to exhibit more transparency for employees.  If an employer has a problem with perceptions of organizational fairness, they should be transparent about employee monitoring and explain reasons as to why employers find monitoring necessary.  Employees are not unreasonable!  One idea is to extend a written promise to employees that your staff will not view personal content on employee devices where possible.  Gain consent for monitoring and collecting someone’s personally identifiable information, provide transparency to employees about how their data is being used and reused.

            Next week we will discuss interference protection along with its tie into policy and personal control over information. 

 

References

Areheart, B., & Roberts, J. (2019). Gina, big data, and the future of employee privacy. Yale Law Journal, 128(3). 710-790.

Baxter, R., Holderness, D., & Wood, D. (2016). Applying basic gamification techniques to IT compliance training: Evidence from lab and field. Journal of Information Systems, 30(3). 119-133. doi:10.2308/isys-51341

Blair, L. (2018). Contextualizing bring your own device policies. Journal of Corporation Law, 44(1). 151-170.

Chory, R., Vela, L., & Avtgis, T. (2016). Organizational surveillance of computer-mediated workplace communication: Employee privacy concerns and responses. Employee Responsibilities & Rights Journal, 28(1). 23-43. doi:10.1007/s10672-015-9267-4

Cortini, M., & Fantinelli, S. (2018). Fear for doocing and digital privacy in the workplace: A dual pathway model. Management Revue, 29(2). 162-178. doi:10.5771/0935-9915-2018-2-162

Katsabian, T. (2019). Employees' privacy in the internet age. Berkeley Journal of Employment and Labor Law, 40(2). 203-255 doi:10.15779/Z38NG4GS3G

Lee, C., Lee, C., & Kim, S. (2016). Understanding information security stress: Focusing on the type of information security compliance activity. Computers & Security, 59. 60-70. doi:10.1016/j.cose.2016.02.004

Tavani, H. (2007). Philosophical theories of privacy: Implications for an adequate online privacy policy. Metaphilosophy, 38(1), 1. doi:10.1111/j.1467-9973-2006-00474.x