Practical privacy and simple cybersecurity.
TheNewOil.org

Privacy in the Workplace

I’ve been writing a lot of posts about abstract topics lately, so this week I want to come back down to earth and write something practical and helpful. Chances are that if you’re reading this, you have a job or are looking for one, which means this should be pretty applicable to most everyone. So without further ado, let’s talk about how to enter the workplace while still respecting your privacy as much as possible.

Fields of Work

In an ideal world, the most privacy-respecting job would be some sort of self-employment where you can funnel all payment and legal activity (taxes, invoicing, etc) through an LLC. The job itself would be something that focuses on your work and not you. For example, being an actor or an artist puts the focus on you and your skills. Owning an electrical company or being a freelance technician of some kind allows you to hide behind a brand (ABC Electrical or Smith Designs, for example). But most of us don’t have the desire to be self employed for any number of legitimate reasons. I’ve done it at least part-time consistently since I was out of college and it’s hard work. So if you’re self-employed or want to be, my advice would be to set up an LLC and funnel all your work and assets through that. It protects your privacy but also protects you and your possessions legally. I’m not an expert on this, and laws vary from place to place, so I’m not going to go into detail but do your own research if you think this might be for you. For the rest of us, let’s start at the beginning.

Searching for a Job

Most of us have to go find a job. Whether you go the networking route or sign up for job-hunting sites, from a privacy perspective, I would approach it the same way: get a work email and a work phone number. Your work email should be professional without giving away too much about you, ex “jsmith@protonmail.com” or “john.smith@tutanota.com.” You can get a work phone number using Voice-over-IP (VoIP).

Using separate contact information will serve three purposes. First, you can compartmentalize your life. When searching for a job, you’re going to have to sign up for a lot of sites and make accounts to submit applications and put your contact information out there publicly, which means you’re going to get lots of spam and get your information sold and resold. Having separate contacts means less crap in your personal email and less chance of your personal email getting caught up in data breaches, thereby possibly compromising your other personal accounts. Second, it allows you to set healthy work/life boundaries and turn work off after hours. If you have a separate work email and work phone number, you can simply ignore them or disable them when you’re off the clock (if you work one of those jobs where you’re not on call). Finally, your email and phone number are as good as your social security number these days. Using your personal email – even if it looks professional – or your personal phone number makes it easier for your potential employer to look you up and find all your social media accounts and personal information. I’m not saying you should hide your Facebook from your employer so you can talk bad about them on a bad day. Personally I find that both immature and unprofessional. But I do believe that what you do off the clock is none of your employer’s business and so they shouldn’t be entitled to be able to find and track you off the clock. Using alternate contact information will help maintain that boundary.

Paperwork

Filling out any paperwork nowadays essentially comes down to one question: “Does this person need this piece of information?” When it comes to employment information, the general answer is “yes.” Most of the time, they do need your legal name and your social security number for tax purposes. They do need your bank account for direct deposit (feel free to opt for a check instead, it will be slower but it’s technically one less data breach you need to worry about). Do they need your home address? In my experience, no. I’m not a lawyer, so I can’t guarantee the legality of this, but in my experience I’ve always given my PO Box and that’s always sufficed. Notice that I’m not giving them a fake address. Anything they send me will still reach me. I’m not dodging anything. But it’s not my boss’s concern where I lay my head at night. I show up on time and sober, I do my job, and I do it well. That’s where our relationship ends.

In the Office

Once you actually start work, the main thing I recommend is to establish a fake name right off the bat. Go by a middle name, or a nickname version of your real name (ex “Bob” instead of “Robert” or “Bill” instead of “William”). Nobody will question it, and most of the time when you meet someone new they ask what you prefer to go by anyways. Obviously if you go by “Shadow” or “Big Z” you might get some weird looks, but your middle name won’t really raise any eyebrows. This might seem overkill, but if you use a different name it makes it harder for someone to search you. Your coworkers probably aren’t going to stalk you, workplace stalking is thankfully relatively rare, but personally I fall into the camp of proactivity: in other words, if something happens you can’t erase whatever your coworkers learn about you. It’s better to decide on a case by case basis who you want to invite over for the barbecue at your place rather than decide later that one of your coworkers is targeting you for some reason and trying to get them to back off.

My only other piece of advice would be try to keep your workspace clear of identifying information. It’s probably safe to change your computer wallpaper to an NFL logo if you really like that team, and maybe hang up that drawing your toddler drew. But maybe think carefully about putting up pictures of your family on that last vacation, or even having a physical calendar with appointments on it, and definitely don’t leave sticky notes lying around with your passwords.

Devices

Let’s take a moment to talk about devices. The general rule of thumb is that if they want you to use a certain program, the company should supply a device. It is unfortunately very common for people to add their work email to their phones’ mail app, or to download an app to clock in and out. At the time of this writing, employers are increasingly turning to spyware to ensure that employees are actually working and being productive during company time.

I’m going to admit right off the bat: I’m speaking from a place for privilege. I have a good resume and excellent work ethic. Finding a new job is not particularly difficult for me.

If your employer is asking you to download ANYTHING on your device, I first recommend checking what it does. It may just be to clock in and out, or to allow you to view company project files in the field. Those are probably not as worrisome as a screen-mirroring software. Next, check the privacy policy and permissions of the app or software. Most privacy policies are not worded too confusingly, although they are pretty vague. Either way, it should give you enough information to decide if you’re comfortable putting that program on your personal device.

If you find anything concerning, approach your boss respectfully. Point out your concerns and ask if there’s an alternative or if they can provide a company device. If they refuse, you now have a choice to make. You can try to get an alternate device – such as an old phone lying around in the closet – or you can straight up refuse. Generally speaking, it is illegal for an employer to force you to download company programs to your personal devices. However keep in mind that finding a lawyer and taking the case to court can be costly and time consuming, and the company can find other excuses to fire you or make your life suck. Pick your battles. I recommend that a hard line in the sand be software designed to ensure your productivity – aka the screen-mirroring stuff I mentioned before that ensures you’re doing your work at home. I personally would quit before I’d agree to that. The company would have to provide me with a device. But as I said before, I also acknowledge that I’m coming from a place of privilege there and not everyone has that luxury. If your employer is drawing that line in the sand, see if you can find any lawyers who will take your case for cheap or pro bono. Most US states also have a legal aide society designed to help lower-income people get legal assistance for free or cheap. Check into that.

Personally, my recommendation is to keep your personal device as free of work stuff as possible. For example, don’t put work email on your phone. This goes back to the work/life balance thing. Try to keep your phone clear of apps as most of them do collect more information than they really need and apps can be a security risk anyways. If your employer asks you to use an app for legitimate purposes – again such as timekeeping – see if you can just use the mobile website instead.

Finally, if you are issued a company device, just assume that everything you do with it can be seen by your boss. Don’t use it for personal email or to check Facebook or any of that stuff. Use it for work only. Completely shut it down and store it safely when it’s not in use. Make sure to use the same security protocols on your work device as you do your personal one (VPN, strong passwords, privacy-respecting browser, etc).

Conclusion

The main ideas here can be summed up as “separate your work and personal lives.” A lot of this stuff may seem paranoid and overkill, and honestly it probably is. But you never know when you’ll have a disgruntled coworker, an unstable client who doxes you, or when the third-party service your HR department uses will have a data breach, or when your employer turns out to be crappy and tries to track your device without your consent. Additionally, as I said in the first point, compartmentalizing allows you to establish and, more importantly, enforce a healthy work/life balance. If you don’t have work email on your phone, you don’t check it on nights and weekends, and you turn off your work VoIP number after hours, people will have no choice but to respect that.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...