Employee Privacy from the point of view of the employer: -What employers can and cannot monitor, review, and access in regards to their employees -Workplace searches -Electronic monitoring Employee Privacy from the point of view of the employee: -What employers should be doing to protect the privacy of their employees -Proper recordkeeping -Prevention of ID theft in the workplace After the presentation, Brittany will take questions from webinar attendees during a Q&A session. This webinar was posted on December 1, 2011 and presented by Brittany Cullison.

1. Understanding Privacy in the
Workplace
Presented by Brittany Cullison, PHR
December 1, 2011

2. Important Notice
• I am not an attorney.
• This is not a substitute for experienced
legal counsel.
• This is not legal advice.

3. What to expect
• Laws that govern privacy in the workplace
• What employers can monitor-- and the
right way to do it
• Employer’s obligations to protect
employee’s private information—and best
practice guidelines

4. What governs privacy in the
workplace?
• Fourth Amendment
– Not applicable for private employees, but
offers protection in some cases for public
employees
• Electronic Communications Privacy Act
– Governs the monitoring and recording of
employee electronic communications

5. What governs privacy in the
workplace?
• FCRA and FACTA
– Promotes confidentiality, accuracy, relevancy,
and proper use of that information
• EPPA
– Prevents use of lie detectors in employment
practices

6. What governs privacy in the
workplace?
• ADA and FMLA
– Recordkeeping and confidentiality of employee
medical information
• HIPAA
– Privacy of personally identifiable health
information
• GINA
– Restricts employers from acquiring and
disclosing employee genetic information

7. What governs privacy in the
workplace?
• Identity theft laws
– Federal and state level
• Common Law
• Contractual Privacy Claims

8. Employer Rights
• Electronic Monitoring
– Computers
– Emails
– Internet Usage- Social Media
– Telephone
• Video Surveillance
• Workplace Searches

9. Electronic Monitoring:
Computers
• Company issued computers
– Employers can monitor
– Should have clear policy that dissolves any
expectation of privacy
• “Personal” files, password protected documents
• Personal Computer used for Work
– May be subject to discovery in litigation, but
typically only if subpoenaed

10. Electronic Monitoring: Emails
• Company email
– Property of the company
– Employer can access
• Personal email accessed on company
computer
– Employer cannot access without employee
giving consent
– Stored Communication Act

11. Electronic Monitoring: Emails
• Stored Communications Act
– Established in 1986
– Title II of the ECPA
– Prohibits unauthorized access to electronic
communications stored on a third party site

12. Electronic Monitoring: Emails
• Company email
– Property of the company
– Employer can access
• Personal email accessed on company
computer
– Employer cannot access without employee
giving consent
– Stored Communication Act

13. Electronic Monitoring:
Internet
• Internet usage on company device
– Employers can monitor
– Should have a written policy
• Social Networking
– Public vs. private
– Use caution when disciplining an employee for
disparaging comments found
– Section 7 of NLRA- applies to union and non-
union

14. Electronic Monitoring:
Internet
• Social Networking
– If someone has access, they can share access
– Should have a written Social Media policy

15. Electronic Monitoring:
Telephones
• Business telephones
– May be monitored when:
• employee has given consent or
• “Business Extension” exemption
– Personal calls on business phones cannot be
monitored
• Company issued cell phones
– Should have a policy that dissolves expectation
of privacy
– Searches, reviews, and monitoring should be
done only for legitimate, business purposes

16. Video Surveillance
• Acceptable in open and public work areas
• If recording audio, must comply with ECPA
• Limit access to the recorded material to
designated management

17. Workplace Searches
• Reasonable expectation of privacy
– Company property vs. Employee Property
– Written policy
• Justified Search
– Reasonable suspicion
– Violation of another company policy
• Drug and Alcohol Policy
• Weapons in the Workplace
• Confidentiality

18. Workplace Searches
• Reasonableness
– Discretion
– Other investigatory methods exhausted
– Appropriate scope
• Never force an employee to submit to
search
• Have another witness present during a
search

19. Employer Responsibilities
• Identify Theft Prevention
– Policy, Procedure and Training
• Confidentiality of Medical Information
• Additional confidentiality and
recordkeeping practices
• Clearly communicate workplace
monitoring policies
• Train employees and managers

20. ID Theft Prevention
• Evaluate information security and disposal
– How easy is it for someone to access your
office during business hours?
– How long documents stay at the printer
before some one retrieves them?
– Are documents that contain personal
information left out unattended?
– Are computer screens being locked every
time someone leaves there desk?

21. ID Theft Prevention
• Are cabinets and drawers being locked?
• Are emails that contain personal
information being sent securely?
• Are documents properly shredded when
no longer needed?
• Who in the office has access to sensitive
information?

22. ID Theft Prevention
• Develop a protection plan
– Conduct a “walk through”
– Identify potential risks
– Create easy to follow guidelines and procedures
• Educate your employees
– The importance of protecting personal
information.
– Measure that the company will take to began
this process.
– How the will be enforced.

23. ID Theft Prevention
• Have a Breach Plan
– Notify employee, law enforcement and possibly
FTC
– Notify credit bureaus
– Conduct internal investigation
– Take steps to minimize or prevent additional
loss

24. Confidentiality of Medical
Information
• Do not request medical exam or make
inquiry unless employee poses direct
threat or it’s job related and consistent
with business necessity
• Medical information should be kept
confidential and in separate file
– FMLA certifications
– Worker’s Comp reports
– Medical exam results
– HIPAA regulated documents, if applicable

25. Confidentiality of Medical
Information
• Train supervisors on how to respond
• Educate employees on what is appropriate
to disclose in the workplace

26. Additional Confidential
Recordkeeping
• Consumer Reports
– Reports must be disposed of properly under
FACTA
• Investigations
– Confidential to protect witnesses and accuser

27. Policies
• Electronic Monitoring
– Define system covered
– Business-use only
– Discuss prohibited use
– Explain consequences
– Inform of employers’ right to monitor
• Telephone Monitoring
– Define purpose of monitoring
– Discuss calls that appear to be personal

28. Policies
• Social Media
– Define what social media is
– Apply it to business and personal
– Compare to other policies
• Workplace Searches
– Define purpose and search areas
– Ensure that a search is not an accusation
– Refusal may lead to disciplinary action or termination

29. Summary
• Privacy in the workplace is a combination
of employer rights and employer
responsibilities
• The key to monitoring employees is to
dissolve the expectation of privacy
• Employee information protection is in the
hands of HR

30. Questions?
Brittany Cullison, PHR
713-784-1181
bcullison@gnapartners.com
www.gnapartners.com

31. Resources
www.shrm.com
www.hrlaws.com
www.twc.state.tx.us
www.prospera.com