1

Employee Privacy Report

Reyte On Publishing

http://WritersBlock-Aid.com
 2
Email Communication Policy

At the place of employment new subscribers receive an email welcoming them to the services

provided. There will also be information about all of the different services as well as how to

contact someone with questions. At times our company sends by email service announcements to

notify them of changes in price or a problem with a service interruption or how to handle an

issue. If the subscriber has called for an appointment or to add additional features, or a service

call for repairs, they could receive an email to inform them of this news. This is done in order to

ensure the customer is aware of when and how we are responding to their requests or other

needs. It is always an option to opt-out of any emails that are related to their services. However

by email is one way in which the company communicates important service announcements or

even legal changes possibly caused by state or federal laws.

This company does reserve the privilege of sending out promotions by email to the extent

allowed by law. There will always be directions to control the number of communications sent

and the frequency including opt-out details. There will most likely be an online site to which the

subscriber can refer for more information or contact number for questions.

Right to Privacy or Customer Proprietary Network Information (CPNI)

The company is allowed to review or update the personal identity of any information that

iscollected and stored about a subscriber receiving service within the business records. This

information is primarily billing and accounting data. This information will be sought out and

verified by official channels to make certain the correct data has been updated on the subscriber.
 3
Internet privacy and CPNI issues

An area of the Internet concerning self-regulation being the best way for subscribers to obtain

privacy protection. Internet services will not share your CPNI with third party sources without

your consent. The company abides by the COPPA legislation that was passed by the 105th

Congress. We are in total agreement to protect young children’s privacy. COPPA stands for

Children Online Privacy Protection Act (Smith, 1999).

What are some of the laws relating to employee e-mail and Internet privacy?

Internet Privacy and email legislation (Hoofnagle, 2005):

HR 2622 Fair & Accuracy Credit Transaction Act

Refers to parameters to establish identity theft agencies and handling of credit card information.

For example posting only the last four digits of credit card and/or bank numbers or accounts on

receipts.

HR 1731 Identities Theft Penalties Enhancement Act

Establishes the terms under which identity theft becomes a violation of the law and a felony and

requiring mandatory sentences be instituted.

HR 3162 US Patriot Act

Enlarges the jurisdiction of law enforcement’s ability to monitor the online activities of

employees or the public.

FTC Laws

The FTC has in place several laws at the federal level that are designed to intervene on the

disclosure of public data. It also requires businesses to verify and validate their intent to assure

consumers that data is secure.

 4
Three laws that are designed to cover this area Section 5 of the Federal Trade Commission Act,

the Fair Credit Reporting Act (FCRA), and Title V of the Gramm-Leach-Bliley Act.

P.L. 108-159 The FACT Act Has the most sweeping protections against identity theft so far

according to federal regulations. Points covered under this law (FTC Rules, 2004):

• Requires consumer reporting agencies (CRAs) to follow certain procedures concerning when

to place, and what to do in response to, fraud alerts on consumers' credit files;

• Allows consumers one free copy of their consumer report each year from nationwide CRAs

as long as the consumer requests it through a centralized source under rules to be established

by the FTC;

• Allows consumers one free copy of their consumer report each year from nationwide

specialty CRAs (medical records or payments, residential or tenant history, check writing

history, employment history, and insurance claims) upon request pursuant to regulations to

be established by the FTC;

• Requires credit card issuers to follow certain procedures if additional cards are requested

within 30 days of a change of address notification for the same account;

• Requires the truncation of credit card numbers on electronically printed receipts;

• Requires business entities to provide records evidencing transactions alleged to be the result

of identity theft to the victim and to law enforcement agencies authorized by the victim to

take receipt of the records in question;

• Requires CRAs to block the reporting of information in a consumer's file that resulted from

identity theft and to notify the furnisher of the information in question that it may be the

result of identity theft;

 5
• Requires federal banking agencies, the FTC, and the National Credit Union Administration

to jointly develop guidelines for use by financial institutions, creditors and other users of

consumer reports regarding identity theft;

• Extends the statute of limitations for when identity theft cases can be brought.

Why do companies require email & Internet policies?

Companies are concerned that employees may put their businesses at risk by opening up access

to hackers or others that may be attempting to gain entry to proprietary information.

Employer Policy

The employer may monitor email and Internet use to determine the level of productivity of a

department or individual. There is a concern of whether or not employees should be told they are

being monitored. There is software that allows the employer to record the keystrokes the

employees are entering to determine what type of site the employees’ access. Other programs

monitor email use, inappropriate use of the Internet, and the type of content being downloaded or

viewed (Hoofnagle, 2005).

Companies may also implement email and Internet policies to gain the trust of consumers to visit

their sites and make purchases. Without buyer confidence, there is no online sales, therefore in

order to gain the trust of the public in taking advantage of the convenience and variety of product

available online, privacy terms are drafted by companies and posted to their sites.

Use policies also help consumers to protect themselves by selecting stronger passwords, and

requiring multiple levels of security to gain access to online accounts. Requesting that phone

numbers and email addresses be verified before personal data such as access id and password be

released. Requiring verification of address by using copy of drivers license or requesting a copy

of pay stub or other personal records (Hoofnagle, 2005).

 6

The threat of Phishing"

One method used to obtain Personal Identity and Information (PII) is called "phishing." It refers

to an Internet-based practice in which someone misrepresents his or her identity or authority in

order to induce another person to provide PII. Some common phishing scams involve e-mails

that purport to be from financial institutions or ISPs claiming that a person's record has been lost

(Delio, 2005). The email will lead the visitor to site that is a duplicate or replication of the

original legitimate site and request personal info such as credit card numbers in order to capture

this information. In fact, a third party who is attempting to extract information that will be used

in identity theft or other crimes controls the e-mail or website. The FTC issued a consumer alert

on phishing in June 2004. An "AntiPhishing Workgroup" association has been founded to work

on resolutions to phishing.

The Threat of “Pharming”

A version of phishing, dubbed "pharming," involves fraudulent use of domain names. In

pharming, a hacker could temporarily take over a legal site's domain, and transfer traffic

redirecting it to an illegal site undercover of the legitimate site. The computer user sees the

intended website's address in the browser's address line, but instead, he or she is connected to the

hacker's site and may unknowingly provide PII to the hacker (Delio, 2005).

What assumptions could employees decide about work privacy?

Employees can assume there may be software on the PCs or computers that is monitoring their

access to the Internet. They can also assume the keystrokes made are being recorded to

determine what types of information is being viewed on the Internet. Lastly the employee may
 7
assume that the material being downloaded is also being recorded by the company with or

without their consent.

How can such policy affect the employee rights at work?

These policies affect employees by causing them to be more professional during work hours and

save their personal shopping, Internet browsing, and email communications for non-work hours.

It should improve productivity, as employees are not tempted to use the email or Internet for

personal business. However, employees may feel a bit more exposed by their employees. They

may consider the company as being too intrusive of their privacy and this may lead to a feeling

of resentment or suspicion on both sides.

 8
References

FTC Rules. (2004). The FTC rules on free credit reports. Retrieved October 10, 2009 from

http://www.ftc.gov/opa/2004/06/freeannual.htm].

Delio, M. (2005). Pharming Out Scams Phishing. Retrieved October 10, 2009 from

http://www.wired.com/news/infostructure/0,1377,66853,00.html

Hoofnagle, C. J. (2005). EPIC "Privacy Self Regulation: A Decade of Disappointment Retrieved

October 10, 2009 from http://www.epic.org/reports/decadedisappoint.pdf

Smith, M. (2005). 105th Congress COPPA. Retrieved October 10, 2009 from

http://www.ftc.gov/opa/2005/04/coppacomments.htm