9 to 5: Do You Know if Your Boss Knows Where You Are?
Case Studies of Radio Frequency Identification Usage in the Workplace
The RAND Corporation did a study of six private-sector companies examining their policies for collecting, retaining, and using records obtained by RFID enabled access cards. RAND found that most were using the Radio frequency auto identification devices to collect and link information about the employees their whereabouts and behaviors in a manner that was not known or agreed upon by the employees beforehand.
The RAND report states;
“RFID tags and fine-grained access controls within a building make it possible to observe the movements of any employee all the time.”
This study illustrates some of the problems with RFID that many people may not be aware of due to the hidden nature of the ways in which information can flow and be connected.
It is not hard to fathom how RFID chips gained the moniker “spychips”
Companies use RFID workplace access cards to do more than just open doors (e.g., for enforcing rules governing workplace conduct). Explicit, written policies about how such cards are used generally do not exist, and employees are not told about whatever policies are being followed. Using such systems has modified the traditional balance of personal convenience, workplace safety and security, and individual privacy, leading to the loss of “practical obscurity.” Such systems also raise challenges for the meaning and implementation of fair information practices.
RAND found that; .five of the six companies interviewed said the records collected were used in ways that personally identified employees for uses such as monitoring the movements of a specific individual and in aggregate form, meaning that the technology was used to describe behaviors of many individuals without personally identifying them.
In the instances where individuals were individually monitored the companies did so to investigate accusations that the person was violating rules or in one case, just checking to see if the original employees of a company that was acquired were adhering to the policies of the new company
Rand also found out that “none of the companies has a limited data retention policy; they keep the records indefinitely” and in all cases the records of employees was linked to other companies databases usually to the human resources departments personnel files. And in one case the company had linked the employees’ unique ID number of their badge to medical records and in two other instances such data linking was done automatically.