Organizations have collected data about their employees for quite some time.
data is necessary for management activities like hiring, payroll, and performance evaluation and
This data is gathered by monitoring employees of an organization.
Although employee monitoring is by no means a new phenomenon, the possibility to do so
without any human intervention or interruption.
The technology used to monitor employees is
very powerful and can easily provide data for every aspect of employees’ life, making
surveillance less overt and more diffused (Introna, 2000, 33).
This monitoring is often viewed as
a value added element of information systems, as designers are often required to design
technology, which will capture, analyze and disclose personal information.
Businesses’ information and communication systems are confronted by a great variety of threats.
Attacks originating from outside, such as hacking attempts usually get public attention.
threats, on the other hand, pose a significantly greater level of risk (Schultz, 2002, 527) and have
a heavier cost for organizations.
The term “insider threat” refers to threats originating from
employees of an organization, who have been given access rights to information and
communication systems, and misuse their privileges, performing actions that violate the security
of these systems.
Surveillance technology is increasingly applied by organizations in their
attempt to confront information systems security threats, and especially insider threats.
Definition of privacy
The term privacy is often misinterpreted.
“The right of the individual to control the
dissemination of information about oneself” (Rich, 1995, 4) is the broad definition that the
Supreme Court uses for privacy.
This is the definition that is applied to the context of privacy in
Contingency tests for privacy
There are three contingency tests that are applied on the individual basis to determine if an
employee has an expectation of privacy initially.
The three tests are: (Rich, 1995, 6)
A subject test:
This test evaluates the means by which an employee has attempted to
protect his/her privacy.
An objective test:
This test evaluates the expectation of privacy an employee has in
his office or desk in light of security measures and surveillance of employees in the
A reasonableness standard:
This test judges whether the inception and the scope of
invasion of privacy is reasonable under the circumstances
As result the employer has most of the decision making influence to determine if the personal
information was disseminated correctly or not.
Furthermore, it allows the employer to decide if