What You Don’t Know Can Hurt You

An executive vice president was passed over for the presidency because the personnel record contained a copy of his personal physician’s notation saying that the executive had difficulty managing his personal finances.

It was not true. His physician had made the notation when groping for the cause of his patient’s recurring headaches.

An office manager was turned down for several jobs because a computer record carried an unfounded critical remark made by a third-grade teacher over 30 years ago.

A young executive was denied promotion because his personnel record contained an investigative report saying “known to have used drugs.” It wasn’t true. A neighbor had told an investigator she thought she had heard that he once tried marijuana.

Such wrong, harmful information in personnel files is more common than you may think. It may be in yours.

How does it get there? It’s directly attributable to the shortcomings in the information-privacy practices of many business organizations.

This was revealed by a 29-page research survey, recently conducted at the University of Illinois, of 84 Fortune 500 companies with more than 3.2 million employees.

One-third of the companies do not have an executive responsible for overseeing safeguards on personnel information, nor do they periodically review their personnel-information practices.

Seventy-five percent of the companies supplement background information on employees - and half don’t tell their own personnel about it.

Some of the information comes from consumer reports, too many of which contain errors. Other information comes from investigative firms.

Sixty-seven percent of the companies use investigative firms, some of which employ surreptitious means when data are not available legally or ethically. Rarely are the data verified. Investigative firms have impersonated physicians, nurses and even agents of the Internal Revenue Service and Federal Bureau of Investigation.

The employee is left in the dark in other ways. Seventy percent of the companies give out information to credit grantors.

From there, personal information can go anywhere, including to mailing-list compilers, where it may be marketed for many commercial or political purposes.

Over one-third of companies do not inform their personnel of the types of records maintained on them, or how records are used. Over one-third of the companies use medical records in making employment-related decisions, in spite of the fact that medical information can be misunderstood by uninformed laymen. An ailment that is well-controlled might be a basis for limiting a promotion or even for firing.

Until employers adopt fair-information practices recommended by the U.S. Privacy Protection Commission almost 20 years ago, workers are left to seek employer cooperation voluntarily.

When the commission presented its report to President Jimmy Carter and the Congress on July 12, 1977, at the behest of many leading business executives and their trade associations it indicated that mandatory privacy protection through legislation might have been premature and could have caused unnecessary hardships.

Therefore, it recommended that business executives be given the opportunity to act on their own. The president and Congress endorsed that recommendation.

It hasn’t worked. Employees have to seek voluntary cooperation from their employers to see and copy their records and correct them where needed. They have to try to get the employer to use only relevant information when making decisions about them, to use the data only for the purpose for which it was given and to not maintain secret records.

At present, employers are not required to abide by such “fair information practices,” even though they make good management sense.

To assure that all companies maintain adequate privacy safeguards, Congress should enact federal legislation that requires minimum intrusiveness into the personal affairs of an individual.

Information you need to know should be the watchword. Fairness in dealings between employer and employee in securing and using information should be basic policy.

This would permit the individual to see and copy the data about himself or herself upon which a decision is based.

A means to enforce confidentiality should be provided by allowing punitive damages (capped at $10,000) for violations.

The fair-information practices that I have outlined here, and that our government should enact into law, have already been adopted by most of the other industrialized democracies of the world.

Meanwhile, for your own protection, you should find out what is in your personnel file. xxxx