Federal Agency Warns Companies Against Unchecked Surveillance of Employees
Federal Agency Warns Companies Against Unchecked Surveillance of Employees

By Naveen Athrappully

The Consumer Financial Protection Bureau (CFPB) issued guidance to protect workers against obtrusive employers hiring third-party tracking services to digitally monitor staff.

Reports produced by such services that include background dossiers and surveillance-based, “black box” artificial intelligence (AI) or algorithmic scores are used by companies to assess performance and inform decisions regarding the individual.

The CFPB says that “employers must obtain worker consent, provide transparency about data used in adverse decisions, and allow workers to dispute inaccurate information,” according to an Oct. 24 statement by the agency.

As companies increasingly deploy invasive tools to assess workers, they have to follow Fair Credit Reporting Act (FCRA) rules, said the CFPB.

“Workers shouldn’t be subject to unchecked surveillance or have their careers determined by opaque third-party reports without basic protections,” said agency director Rohit Chopra.

“The kind of scoring and profiling we’ve long seen in credit markets is now creeping into employment and other aspects of our lives. Our action today makes clear that longstanding consumer protections apply to these new domains just as they do to traditional credit reports.”

According to FCRA rules, consumer reporting has to follow certain guidelines. Besides having the right to know what is in an individual’s file, they must be told if certain information from the report has been used against them.

If an adverse action is taken based on a consumer report, the concerned individual needs to be informed of the details, including the name, address, and phone number of the agency that provided the information.

The FCRA rules grant rights to consumers to request their credit scores, dispute incomplete or inaccurate information, delete inaccurate data, obtain a “security freeze” on credit reports, and seek damages from violators.

“A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer,” said a summary of FCRA rights published by CFPB.

Why Employers Monitor

An August report by research group Cracked Labs said, “Employees are seen as major risks.”

Companies monitor staff to prevent careless security lapses that may culminate in a cyberattack, said the “Employees as Risk” report.

Software is deployed to analyze large amounts of activity log records and communications data, but in recent years, the purposes have gone well beyond cybersecurity, said Cracked Labs.

“The boundaries between information security, the protection of corporate information, fraud and theft prevention and the enforcement of compliance with regulatory requirements and organizational policies are becoming blurred,” Cracked Labs said.

The results of this intrusive monitoring may lead to arbitrary suspicions of workers, said the report, especially when the risk assessment is inaccurate.

“When employees or certain groups of employees get inaccurately accused of ‘anomalous’ or otherwise suspicious behavior by an organization’s cybersecurity, compliance or human resource departments or when they get automatically blocked from certain activity, this may lead to Kafkaesque experiences.”

Based on a March study published by PubMed, researchers concluded that worker surveillance is a “thorny issue,” and more research is required to gain clarity on the issue.

However, the researchers said, “The current study finds that workplace surveillance has overall damaging consequences for workers’ mental health.”

Meanwhile, the collection of vast troves of employee data by their employers poses a risk to workers in case of data breaches as sensitive information could end up in the hands of criminals.

According to a report by the Identity Theft Resource Center (ITRC), there were 3,205 data compromises last year in the United States, which resulted in more than 353 million total victims.

The health care sector was the most impacted industry with 809 compromises, followed by financial services, professional services, manufacturing, and education.

Last year, Tesla was impacted by a data breach that resulted in the theft of confidential information from 75,000 employees. In September 2023, Air Canada reported that a breach allowed intruders to access the personal information of some workers.

In its Oct. 24 statement, CFPB noted that the Fair Credit Reporting Act’s protections such as worker consent, transparency, and placing limits on what employers do with employee data “are essential in an era where worker data is increasingly commodified and used to make critical employment decisions.”

“By enforcing these rights, the CFPB aims to ensure that workers have control over their personal information and are protected from abuses. The CFPB will be working with other federal agencies and state regulators to ensure the responsible use of worker data,” the agency said.


Discover more from USNN World News

Subscribe to get the latest posts sent to your email.

USNN World News Corporation (USNN) USNN World News is a media company consisting of a series of sites specializing in the collection, publication and distribution of public opinion information, local,...