Employee Privacy from the point of view of the employer:
-What employers can and cannot monitor, review, and access in regards to their employees
-Workplace searches
-Electronic monitoring
Employee Privacy from the point of view of the employee:
-What employers should be doing to protect the privacy of their employees
-Proper recordkeeping
-Prevention of ID theft in the workplace
After the presentation, Brittany will take questions from webinar attendees during a Q&A session.
This webinar was posted on December 1, 2011 and presented by Brittany Cullison.
2. Important Notice
• I am not an attorney.
• This is not a substitute for experienced
legal counsel.
• This is not legal advice.
3. What to expect
• Laws that govern privacy in the workplace
• What employers can monitor-- and the
right way to do it
• Employer’s obligations to protect
employee’s private information—and best
practice guidelines
4. What governs privacy in the
workplace?
• Fourth Amendment
– Not applicable for private employees, but
offers protection in some cases for public
employees
• Electronic Communications Privacy Act
– Governs the monitoring and recording of
employee electronic communications
5. What governs privacy in the
workplace?
• FCRA and FACTA
– Promotes confidentiality, accuracy, relevancy,
and proper use of that information
• EPPA
– Prevents use of lie detectors in employment
practices
6. What governs privacy in the
workplace?
• ADA and FMLA
– Recordkeeping and confidentiality of employee
medical information
• HIPAA
– Privacy of personally identifiable health
information
• GINA
– Restricts employers from acquiring and
disclosing employee genetic information
7. What governs privacy in the
workplace?
• Identity theft laws
– Federal and state level
• Common Law
• Contractual Privacy Claims
8. Employer Rights
• Electronic Monitoring
– Computers
– Emails
– Internet Usage- Social Media
– Telephone
• Video Surveillance
• Workplace Searches
9. Electronic Monitoring:
Computers
• Company issued computers
– Employers can monitor
– Should have clear policy that dissolves any
expectation of privacy
• “Personal” files, password protected documents
• Personal Computer used for Work
– May be subject to discovery in litigation, but
typically only if subpoenaed
10. Electronic Monitoring: Emails
• Company email
– Property of the company
– Employer can access
• Personal email accessed on company
computer
– Employer cannot access without employee
giving consent
– Stored Communication Act
11. Electronic Monitoring: Emails
• Stored Communications Act
– Established in 1986
– Title II of the ECPA
– Prohibits unauthorized access to electronic
communications stored on a third party site
12. Electronic Monitoring: Emails
• Company email
– Property of the company
– Employer can access
• Personal email accessed on company
computer
– Employer cannot access without employee
giving consent
– Stored Communication Act
13. Electronic Monitoring:
Internet
• Internet usage on company device
– Employers can monitor
– Should have a written policy
• Social Networking
– Public vs. private
– Use caution when disciplining an employee for
disparaging comments found
– Section 7 of NLRA- applies to union and non-
union
15. Electronic Monitoring:
Telephones
• Business telephones
– May be monitored when:
• employee has given consent or
• “Business Extension” exemption
– Personal calls on business phones cannot be
monitored
• Company issued cell phones
– Should have a policy that dissolves expectation
of privacy
– Searches, reviews, and monitoring should be
done only for legitimate, business purposes
16. Video Surveillance
• Acceptable in open and public work areas
• If recording audio, must comply with ECPA
• Limit access to the recorded material to
designated management
17. Workplace Searches
• Reasonable expectation of privacy
– Company property vs. Employee Property
– Written policy
• Justified Search
– Reasonable suspicion
– Violation of another company policy
• Drug and Alcohol Policy
• Weapons in the Workplace
• Confidentiality
18. Workplace Searches
• Reasonableness
– Discretion
– Other investigatory methods exhausted
– Appropriate scope
• Never force an employee to submit to
search
• Have another witness present during a
search
19. Employer Responsibilities
• Identify Theft Prevention
– Policy, Procedure and Training
• Confidentiality of Medical Information
• Additional confidentiality and
recordkeeping practices
• Clearly communicate workplace
monitoring policies
• Train employees and managers
20. ID Theft Prevention
• Evaluate information security and disposal
– How easy is it for someone to access your
office during business hours?
– How long documents stay at the printer
before some one retrieves them?
– Are documents that contain personal
information left out unattended?
– Are computer screens being locked every
time someone leaves there desk?
21. ID Theft Prevention
• Are cabinets and drawers being locked?
• Are emails that contain personal
information being sent securely?
• Are documents properly shredded when
no longer needed?
• Who in the office has access to sensitive
information?
22. ID Theft Prevention
• Develop a protection plan
– Conduct a “walk through”
– Identify potential risks
– Create easy to follow guidelines and procedures
• Educate your employees
– The importance of protecting personal
information.
– Measure that the company will take to began
this process.
– How the will be enforced.
23. ID Theft Prevention
• Have a Breach Plan
– Notify employee, law enforcement and possibly
FTC
– Notify credit bureaus
– Conduct internal investigation
– Take steps to minimize or prevent additional
loss
24. Confidentiality of Medical
Information
• Do not request medical exam or make
inquiry unless employee poses direct
threat or it’s job related and consistent
with business necessity
• Medical information should be kept
confidential and in separate file
– FMLA certifications
– Worker’s Comp reports
– Medical exam results
– HIPAA regulated documents, if applicable
27. Policies
• Electronic Monitoring
– Define system covered
– Business-use only
– Discuss prohibited use
– Explain consequences
– Inform of employers’ right to monitor
• Telephone Monitoring
– Define purpose of monitoring
– Discuss calls that appear to be personal
28. Policies
• Social Media
– Define what social media is
– Apply it to business and personal
– Compare to other policies
• Workplace Searches
– Define purpose and search areas
– Ensure that a search is not an accusation
– Refusal may lead to disciplinary action or termination
29. Summary
• Privacy in the workplace is a combination
of employer rights and employer
responsibilities
• The key to monitoring employees is to
dissolve the expectation of privacy
• Employee information protection is in the
hands of HR