Employee-privacy advocates are not in favor of biometrics in the workplace. But many employers do not share the concern. Biometrics are being used in workplaces across the country for purposes ranging from security to timekeeping and attendance.

What are Biometrics?

You may not know it, but you have probably seen biometrics in use numerous times. Catch any modern spy movie and there is sure to be a scene where the main character accesses the inevitable Restricted Area using the fingerprint of a dead man via a “borrowed” digit. Or maybe the triple-secret bank vault can be opened only via a retina scan of the bank’s Very Important President. You get the idea.

Biometrics run the gamut from simple to NASA-level technology. Biometrics on the most basic level could include simple ID badges with the employee’s mug-shot style photograph. Signatures are even included in biometrics that are used as a security measure. Today, employers utilize password-management systems that require employees to regularly change their personal passwords in order to access the company’s network.

The term “biometrics” refers to a method of authenticating the identity of an individual using enduring physical or behavioral characteristics. Any system that utilizes biometrics relies on the use of biometric identifiers. Also known as “BIs,” biometric identifiers are select pieces of information that relay an encrypted picture of some unique feature of the person’s biological makeup. Common BIs include fingerprints, retinal scans and voice scans.

Other identifiers that have been suggested and used include: hands, feet, faces, ears, teeth, veins, voices, signatures, typing styles (keystroke), gaits and odors.

How Effective Are Biometrics?

In the employment context, biometrics are used as an authentication tool. The BI is compared to the authenticated BI, which is stored in a database. Used this way, biometrics offer a nearly infallible security system. Unlike traditional security measures, like passwords or security badges, biometrics cannot be shared, lost, forgotten, stolen, or recreated.

But there are security risks for the user. For example, the authenticating, or original, data must be kept as secure as possible, which usually means not being sent wirelessly. And, if it is sent across a network, encryption should be at a maximum. As a compromise, systems often provide for a larger margin of error. And, unlike passwords and security questions, biometrics cannot be changed or revoked when the employment relationship ends.

What Else Could Go Wrong?

Well, lots, actually. Unauthorized access to highly sensitive personal information raises very legitimate concerns about identity theft–a problem that already has employers on high alert for potential liability. And, without any regulatory system in place, what about the potential privacy implications? Surely, employees will want to know what other information can be obtained should the wrong person have access to the database.

Not As Futuristic As You Might Think

Use of biometrics in the workplace is not just for the big screen. Biometrics as a timekeeping system have already been implemented in companies such as Dunkin’ Donuts and McDonald’s franchises. Biometrics as a security tracking system are being used at some Marine Corps bases. And cities and municipalities across the country use biometrics to track public employees for timekeeping and security.

As you might imagine, there are lots of voices in opposition of biometrics in the workplace. The American Civil Liberties Union (ACLU), has been one of the strongest. Labor unions also oppose this use of technology. Privacy and employee-rights advocates are equally unenthusiastic.

But advocates of biometrics (and the companies that make and sell biometrics-based systems), point to increased accountability and reduced employee fraud as the starting point for major cost savings and productivity.

We’ll have to keep an eye (or, in this case, a retina) on the use of biometrics at work.

For additional information, see More Employers Scanning Workers’ Hands
Biometric Technology Replacing Timecards; Employers Tout Efficiency, Unions Cry Foul a recent article on the CBS News website.

It’s 2008, do you know where your employees blog? Employers who fail to stay current with the popularity of blogging or who do not have a solid blogging policy in their Employee Handbook put themselves at a great disadvantage. Read on for some key points on the “whys” and the “hows” of a valid and comprehensive blogging policy.

Today’s Wall Street Journal features an article on blogger Heather Armstrong. Heather is most famous for being fired for writing about her co-workers on her blog, www.dooce.com. In fact, a blogger is “dooced” when he or she is terminated for blog comments.

Today, Heather is a full-time blogger writing mostly about her family life. Her blog is incredibly popular, receiving over four million hits each month. Her husband even quit his job to work on selling advertising for the blog.

The article causes one to think about just what risks employee run blogs pose for the workplace and how problems can be avoided.

Breach of confidentiality. A blogger may reveal confidential information about your company, including trade secrets. For example, a blogger complaining about a project assignment may, without thinking about the implications, reveal details of a new product that’s under development. Or an accounting department blogger complaining about having to work an all-nighter on a big stock deal may inadvertently be revealing insider information.

Defamation. The freewheeling culture of blogging may encourage people to say things online that could defame their employer, management, co-workers, customers, or competitors.

Harassing or otherwise offensive content. Imagine, for example, a situation in which an employee with a disability is being accommodated with a modified work schedule in compliance with the Americans with Disabilities Act. The employer has properly responded to inquiries about the arrangement by saying only that the company is handling the individual’s situation in accordance with federal law. A blogger complains that that “slacker” is being allowed to come and go as he pleases while the rest of the department suffers for it and speculates about the person’s possible medical condition.

Or imagine a blogger spreading completely speculative rumors that a recently promoted colleague got the job by performing sexual favors for the boss. Conversation that shouldn’t go unaddressed in the workplace can be extremely difficult to curb when it occurs anonymously in cyberspace.

Inappropriate content. Such content can range from postings that are disrespectful to your company to those that are completely unrelated to employment but may still reflect on you.

It’s important that you cover blogging in your Internet or electronic communications policy. The policy should prohibit disparaging the company or its employees, customers, or competitors either by name or implication. As with your other policies, it should be communicated to employees when they’re hired and periodically thereafter. It also should caution them that they must avoid creating the impression that the views expressed on a blog are anything more than personal opinions.

Following are some points you may want to cover in your blogging policy:
1. Persons who broadcast information regarding the company or its employees, customers, or competitors must make clear that views expressed in the blog are theirs alone and don’t represent the views of their employer.

2. In blogging, as in any other communication, employees must respect the company’s confidentiality and proprietary information. Employees should be reminded of the confidentiality provision in the employee handbook and, if they’re required to sign confidentiality agreements, of their commitments under those agreements.

3. Employees who have questions about the blogging guidelines should direct their questions to a designated company official who will serve as the authority on the policy and on helping them understand how it applies to their situations.

4. As with all communications, persons communicating through blogs are expected to treat the company and it employees, customers, and competitors with respect.

5. The company may ask that certain topics not be disclosed for confidentiality or legal compliance reasons, and employees are expected to honor those requests.

6. Employees are responsible for ensuring that their blogging activity doesn’t interfere with their work commitments, and they should be familiar with the company’s other policies regarding Internet use, which also apply to blogs.
The benefit of a blogging policy is that it puts your employees on notice of the standards of conduct that apply to blog postings. If you then learn that an employee has violated the policy, you can address the situation through the normal disciplinary process. Before imposing discipline, however, remember that state laws differ and certain types of communications may be protected under state and federal law. You might consider consulting counsel before taking any disciplinary action.

The Los Angeles Times recently reported that more than two dozen UCLA Medical Center employees are in the hot seat for illegally accessing Britney Spears’ medical records. The breaches reportedly occurred when Spears was admitted in January.

While the employees were unable to access the troubled pop star’s psychiatric records, they did snoop through records from her previous visits to the facility (including records from when she gave birth to one of her sons). At least 13 employees, none of whom are doctors, will be fired, while 12 others, including several doctors, will be disciplined.

It seems the nosy employee has struck again.

How to Curb the Curiosity?

There is no doubt that privacy can be hard to maintain in the workplace. Have you ever watched Jim or Dwight try to make sales calls on The Office? It seems that nobody’s personal or professional life is protected. Nosy employees love to be a part of everyone’s business, and they love to spread their knowledge down the gossip super-highway. Let’s face it, those UCLA Medical Center employees were not trying to view Spears’ medical records as a part of their continuing medical education.

Here are a few tips to curb curiosity in the workplace and increase your employees productivity.

1. Don’t Tell. Teach your employees to be close-lipped. My mom always said, if you want something to stay secret, then don’t tell…anyone. So, don’t. Also, the juvenile “I’ll tell you, but don’t tell anyone else,” never works. Bottom line, keep it to yourself.

2. Air the Laundry. If you have a secret, let it out. A nosy employee loves secrets. What fun is spreading gossip if it’s not supposed to be kept secret? This is particularly important with respect to big business announcements like promotions, demotions, and relocations. Get out in front of the potential rumor and ensure accurate information is spread.

3. Stand Up for Yourself. Have you ever watched two cowboys stare each other down? Good. Now tell your employees to do that to their nosy colleagues. Just kidding, we all know it’s better to take the high road here. Instead of staring, simply instruct your employees to reply to the Nosy Employee that the subject matter is personal and none of their business. Sure, the Nosy Employee will go elsewhere, but if the source is practicing Tip Number 1, there should be nothing to talk about.

4. Turn the Tables. Teach your employees to reply with a witty (but not juvenile or rude) response, like: “Why are you asking? What have you heard?” Then, refer to Tips Numbers 1, 2, and 3.

Privacy is an important issue for everyone. If your employees feel secure about their business, whether professional or personal, then it’s likely that they will be less distracted and more likely to, well, work.

On Monday, the Wilmington News Journal published an article about the effect an employee’s off-duty conduct can have on his or her employment. Our Section Chair, Barry M. Willoughby, was quoted in the article.

“Lifestyle discrimination” is a rapidly expanding area of the law with staunch advocates on both sides of the fence. “Off-duty conduct,” is anything an employee does during his non-working time that is not illegal but not usually “good” for you.

This topic first hit the news when employers began firing and/or refusing to hire smokers. This trend has continued to pick up supporters and is more common than ever. Another ideation of the same idea is to charge smokers a premium for health care. The “carrots and sticks” can vary a great deal and some of the better programs supplement these types of rules with “wellness benefits” where employees are eligible for all sorts of rewards for working towards a healthier lifestyle.

Some opponents of this trend claim that the consideration of non-workplace activity is a violation of employee’s privacy rights. Others express concern that the it won’t be long before “wellness initiatives” expand to other areas of employees’ private lives. For example, many critics worry that weight will be the next area of employer-legislation.

The idea is certainly not unimaginable. If employers want to “encourage” employees to get healthier by quitting smoking, it seems reasonable that they would also want their workers to eliminate the many health risks associated with obesity. On the issue of weight-based regulations in the workplace, Barry had the following to say:

“Weight becomes another issue,” said Barry Willoughby, chair of employment section at Young Conaway Stargatt & Taylor in Wilmington. If a person’s weight is due to a provable medical condition, the Americans With Disabilities Act may offer protections, but failing that, workers are at the mercy of the company.

“I don’t know any employer would actually do that,” he said, though complete worker protection for lifestyle choices would be possible only by an act of the General Assembly.

And it is very unlikely that the Delaware General Assembly will pass any broad-sweeping lifestyle anti-discrimination ban any time soon. This is especially unlikely given the State’s disposition for pro-business legislation. Unlike California, where employees have a vast variety of rights, Delaware tends to take a more conservative approach to its regulation of the workplace.

Until such laws were passed, though, businesses can continue to consider tobacco use, weight, or even alcohol use, in making employment decisions.

Last Night, I had the honor of presenting the Wallace N. Johnson Citizenship Award to Governor Ruth Ann Minner at the New Castle Chamber of Commerce Annual Dinner. The Governor, through the Delaware Cancer Consortium, has made fighting cancer a priority. As a result, Delaware’s cancer incidence rates are declining at four times the national average. Our death rate is declining at twice the national average.

While we are starting to turn the tide on cancer in Delaware, much remains to be done. Here are a couple of thoughts:

First, screening saves lives…and money. The earlier a cancer is detected, the better chance of survival. In fact, some screens can actually prevent a cancer from occurring. If that’s not enough to encourage screening, how about this? Early detected cancers are cheaper to treat. That’s what you call a win-win-win situation. As a result, employers should take an active role in encouraging their employees to get all appropriate cancer screenings. Have you thought about a floating screening day, so that employees can take off work to get a screen without losing pay?

Second, cancer happens. If your workplace hasn’t been touched by cancer yet, it will be. And, 80 percent of cancer survivors return to the workplace during or after treatment. Why not think about and plan for it now? Of course, you will have to meet your obligations under the FMLA and ADA, but there is so much more you can do. It all starts with talking with the employee with cancer. You should first discuss how much information they want to share with co-workers. Some employee will want to keep the diagnosis quiet while others will want to know everything they are going through with their co-workers. Next you can talk about what help do they need? Every employee will have different needs, but most will need some kind of help. For example, one may need meals cooked for her family. Another might need someone to watch his kids so that he can get treatment or just go to a movie. A human resources professional can help by organizing the workforce to meet an employee’s needs.

Third, knowledge is power. Most cancers are preventable. An employer can educate its workforce on simple ways to lower cancer risks like quitting smoking, exercising, using sun screen and eating healthy. Numerous non-profits, like the American Cancer Society, offer lunch time programs to provide such information.

The American Management Association (AMA) and The ePolicy Institute have recently released the results of their survey on Electronic Monitoring & Surveillance. The survey is of great interest to employers, who face more and more issues in this area.

Some highlights from the survey:

E-Mail and Internet-Related Terminations:

The 28% of employers who have terminated employees for e-mail misuse did so for the following reasons: violation of any company policy (64%); inappropriate or offensive language (62%); excessive personal use (26%); breach of confidentiality rules (22%); other (12%).

The 30% of bosses who have fired workers for Internet misuse cite the following reasons: viewing, downloading, or uploading inappropriate/offensive content (84%); violation of any company policy (48%); excessive personal use (34%); other (9%).

Internet, E-Mail, Blogs and Social Networking:

Employers are primarily concerned about inappropriate Web surfing, with 66% monitoring Internet connections. Fully
65% of companies use software to block connections to inappropriate websites—a 27% increase since 2001 when AMA/ePolicy Institute first surveyed electronic monitoring and surveillance policies and procedures. Employers who block access to the Web are concerned about employees visiting adult sites with sexual, romantic, or pornographic content (96%); game sites (61%); social networking sites (50%); entertainment sites (40%); shopping/auction sites (27%); and sports sites (21%). In addition, companies use URL blocks to stop employees from visiting external blogs (18%).

Computer monitoring takes many forms, with 45% of employers tracking content, keystrokes, and time spent at the keyboard. Another 43% store and review computer files. In addition, 12% monitor the blogosphere to see what is being written about the company, and another 10% monitor social networking sites.

Of the 43% of companies that monitor e-mail, 73% use technology tools to automatically monitor e-mail and 40% assign an individual to manually read and review e-mail.

Telephone and Voice Mail:

Six percent of employers have fired employees for misuse or private use of office phones. Fully 45% monitor time spent and numbers called, and another 16% record phone conversations. An additional 9% monitor employees’ voicemail messages. Most employers notify employees of phone (84%) and voicemail (73%) monitoring.

Video Surveillance:

Almost half (48%) of the companies surveyed use video monitoring to counter theft, violence and sabotage. Only 7% use video surveillance to track employees’ on-the-job performance. Most employers notify employees of anti-theft video surveillance (78%) and performance-related video monitoring (89%).

Global Satellite Positioning and Emerging Surveillance Technology:

Employers who use Assisted Global Positioning or Global Positioning Systems satellite technology are in the minority, with only 8% using GPS to track company vehicles; 3% using GPS to monitor cell phones; and fewer than 1% using GPS to monitor employee ID/Smartcards. The majority (52%) of companies employ Smartcard technology to control physical security and access to buildings and data centers. Trailing far behind is the use of technology that enables fingerprint scans (2%), facial recognition (0.4%) and iris scans (0.4%).