|Sanjay Gupta Head/ BSA India/ and Director (Legal Affairs)/ Microsoft India: "India doesn't have a privacy law for its citizens and this loophole can be used by companies to exploit employees"|
What was completely taboo once is an acceptable practice today as companies seek to keep closer tabs on what their employees are up to at work and how they're utilising their time at their work stations.
While some amount of monitoring can be expected, given the spate of cases of data theft, and more worryingly, terror attacks, it may be time to become a bit more careful about your conduct at work. "India doesn't have a privacy law for its citizens and it is this loophole that companies can exploit to ferret out this kind of data," says Sanjay Gupta, Chair, India Committee 2007 for Business Software Alliance and Director-Intellectual Property (IP) Rights, Legal and Corporate Affairs, Microsoft India.
Others such as Pawan Duggal, a Supreme Court lawyer and expert on it and ip law, argue that in the absence of a privacy legislation, self-regulation is perhaps the best way to go as far as employee privacy is concerned. "A company can easily administer an HIV test on candidates and if they're found positive, refuse to hire them on vague medical grounds.
|"The only protection offered is under Article 21 under the Right to Life": Pawan Duggal Advocate (IT and IP Expert)/ Supreme Court|
Indeed, when BT tried to speak to technology companies, most of them (including global players such as hp and Accenture, and local behemoths such as Infosys) declined to comment.
The security blanket
Handy tips to safeguard your privacy at workplace.
One foot forward
Head (Business Excellence & Quality)/Unisys Global Services: "UGSI has made it mandatory for all employees to undergo Online Basic Privacy Training"
Better safe than sorry
Part of the problem, according to some critics, is that companies have over-sanitised their offices and made all intrusions into an employee's work life fair game for systems administrators and supervisors. "In most advanced countries, invasion of privacy is considered a violation of individual rights. Unfortunately, in India where there are no specific privacy laws, there is little relief an aggrieved individual can get from the legal system. In the eagerness to portray ourselves as a 'trustworthy outsourcing' destination, employers are investing in the latest electronic gadgets to monitor employees and brazenly infringing their right to privacy," says Anish Singh, CEO of Techbridge Networks, a Bangalore-based hr outsourcing and consulting company.
This means that it's up to the employees to decide what boundaries to set for themselves. "The only protection offered is under Article 21 of the Constitution (under the Right to Life), but we rarely see any cases of corporate oversight on this front," says Duggal.
While it may help to be careful, most employees don't really understand the meaning of basic terms such as privacy and IP. "We've had to educate people literally from the ground up on these issues and it is only over the last couple of years that awareness has reached a reasonable level," says Gupta.
As awareness grows, however, it is also important to draw boundaries between what is acceptable usage of the internet (and, indeed, other forms of communications) at the workplace. "Most clauses (in a contract) are focussed on protecting company IP, data, knowledge of business plans and customers," says Pravin Chand Tatavarti, MD for the India operations of Allegis, a staffing and recruitment services company.
Unlike Unisys, an Infosys representative claimed that India's best known name in it "doesn't have any such standard policies. While we have policies in place on internet usage and some other areas, there is no written policy on privacy of employees. We don't even use a standard disclaimer in the e-mails we send."
While most companies are very specific on what data employees can take in and out of their workplace, few, if any, have any contracts lined up to protect employees. "Most organisations are particular about making their employees sign non-disclosure agreements, confidentiality memorandum and a business code of conduct. However, I haven't heard of any (agreement), which commits to safeguarding the privacy rights of its employees or even one that proactively offers advance warning that the employee's on-job performance, work habits, interactions with co-employees or outsiders could be under surveillance," says Techbridge's Singh.
Rather than try to test these limits, it may be advisable to limit non-work communication, especially on the office e-mail and chat servers, says Raghu Raman, CEO, Mahindra Special Services, an it security consultancy. "Some obvious areas that are off-limits for employees are pornography and most file sharing networks, while social networking sites are often blocked to prevent dangerous content from sneaking onto company servers," he says.
Being careful about your personal data doesn't begin at your office; it extends some way back into the recruitment phase itself when you're asked specific personal details and companies file away these details for records. "It is important to check what companies do with this kind of data and how they ensure it's either properly stored or safely destroyed. These aren't questions that people ask often enough," says Duggal.
Chaitanya Nadkarny, Director (Operations and HR), ThoughtWorks Technologies India, argues: "It is possible that in the services industry, such job contracts might require sharing of employee data. Companies have to brace themselves for legal consequences of sharing such information and where such possibilities exist, the recruiting model will have to take them into account."
With the law offering limited options, legal experts and employees feel that it is better to err on the side of caution rather than "expose" private and confidential data to prying eyes. At the same time, it is important to keep tabs on how companies use personal data submitted for recruitment, medical examinations and the like. As Duggal says, at the end of the day, companies don't want the negative publicity that comes with any incidents of private data getting lost or reaching the wrong hands.