Understanding employee privacy


Published on

Employee Privacy from the point of view of the employer:
-What employers can and cannot monitor, review, and access in regards to their employees
-Workplace searches
-Electronic monitoring

Employee Privacy from the point of view of the employee:
-What employers should be doing to protect the privacy of their employees
-Proper recordkeeping
-Prevention of ID theft in the workplace

After the presentation, Brittany will take questions from webinar attendees during a Q&A session.

This webinar was posted on December 1, 2011 and presented by Brittany Cullison.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Understanding employee privacy

  1. 1. Understanding Privacy in theWorkplacePresented by Brittany Cullison, PHRDecember 1, 2011
  2. 2. Important Notice• I am not an attorney.• This is not a substitute for experiencedlegal counsel.• This is not legal advice.
  3. 3. What to expect• Laws that govern privacy in the workplace• What employers can monitor-- and theright way to do it• Employer’s obligations to protectemployee’s private information—and bestpractice guidelines
  4. 4. What governs privacy in theworkplace?• Fourth Amendment– Not applicable for private employees, butoffers protection in some cases for publicemployees• Electronic Communications Privacy Act– Governs the monitoring and recording ofemployee electronic communications
  5. 5. What governs privacy in theworkplace?• FCRA and FACTA– Promotes confidentiality, accuracy, relevancy,and proper use of that information• EPPA– Prevents use of lie detectors in employmentpractices
  6. 6. What governs privacy in theworkplace?• ADA and FMLA– Recordkeeping and confidentiality of employeemedical information• HIPAA– Privacy of personally identifiable healthinformation• GINA– Restricts employers from acquiring anddisclosing employee genetic information
  7. 7. What governs privacy in theworkplace?• Identity theft laws– Federal and state level• Common Law• Contractual Privacy Claims
  8. 8. Employer Rights• Electronic Monitoring– Computers– Emails– Internet Usage- Social Media– Telephone• Video Surveillance• Workplace Searches
  9. 9. Electronic Monitoring:Computers• Company issued computers– Employers can monitor– Should have clear policy that dissolves anyexpectation of privacy• “Personal” files, password protected documents• Personal Computer used for Work– May be subject to discovery in litigation, buttypically only if subpoenaed
  10. 10. Electronic Monitoring: Emails• Company email– Property of the company– Employer can access• Personal email accessed on companycomputer– Employer cannot access without employeegiving consent– Stored Communication Act
  11. 11. Electronic Monitoring: Emails• Stored Communications Act– Established in 1986– Title II of the ECPA– Prohibits unauthorized access to electroniccommunications stored on a third party site
  12. 12. Electronic Monitoring: Emails• Company email– Property of the company– Employer can access• Personal email accessed on companycomputer– Employer cannot access without employeegiving consent– Stored Communication Act
  13. 13. Electronic Monitoring:Internet• Internet usage on company device– Employers can monitor– Should have a written policy• Social Networking– Public vs. private– Use caution when disciplining an employee fordisparaging comments found– Section 7 of NLRA- applies to union and non-union
  14. 14. Electronic Monitoring:Internet• Social Networking– If someone has access, they can share access– Should have a written Social Media policy
  15. 15. Electronic Monitoring:Telephones• Business telephones– May be monitored when:• employee has given consent or• “Business Extension” exemption– Personal calls on business phones cannot bemonitored• Company issued cell phones– Should have a policy that dissolves expectationof privacy– Searches, reviews, and monitoring should bedone only for legitimate, business purposes
  16. 16. Video Surveillance• Acceptable in open and public work areas• If recording audio, must comply with ECPA• Limit access to the recorded material todesignated management
  17. 17. Workplace Searches• Reasonable expectation of privacy– Company property vs. Employee Property– Written policy• Justified Search– Reasonable suspicion– Violation of another company policy• Drug and Alcohol Policy• Weapons in the Workplace• Confidentiality
  18. 18. Workplace Searches• Reasonableness– Discretion– Other investigatory methods exhausted– Appropriate scope• Never force an employee to submit tosearch• Have another witness present during asearch
  19. 19. Employer Responsibilities• Identify Theft Prevention– Policy, Procedure and Training• Confidentiality of Medical Information• Additional confidentiality andrecordkeeping practices• Clearly communicate workplacemonitoring policies• Train employees and managers
  20. 20. ID Theft Prevention• Evaluate information security and disposal– How easy is it for someone to access youroffice during business hours?– How long documents stay at the printerbefore some one retrieves them?– Are documents that contain personalinformation left out unattended?– Are computer screens being locked everytime someone leaves there desk?
  21. 21. ID Theft Prevention• Are cabinets and drawers being locked?• Are emails that contain personalinformation being sent securely?• Are documents properly shredded whenno longer needed?• Who in the office has access to sensitiveinformation?
  22. 22. ID Theft Prevention• Develop a protection plan– Conduct a “walk through”– Identify potential risks– Create easy to follow guidelines and procedures• Educate your employees– The importance of protecting personalinformation.– Measure that the company will take to beganthis process.– How the will be enforced.
  23. 23. ID Theft Prevention• Have a Breach Plan– Notify employee, law enforcement and possiblyFTC– Notify credit bureaus– Conduct internal investigation– Take steps to minimize or prevent additionalloss
  24. 24. Confidentiality of MedicalInformation• Do not request medical exam or makeinquiry unless employee poses directthreat or it’s job related and consistentwith business necessity• Medical information should be keptconfidential and in separate file– FMLA certifications– Worker’s Comp reports– Medical exam results– HIPAA regulated documents, if applicable
  25. 25. Confidentiality of MedicalInformation• Train supervisors on how to respond• Educate employees on what is appropriateto disclose in the workplace
  26. 26. Additional ConfidentialRecordkeeping• Consumer Reports– Reports must be disposed of properly underFACTA• Investigations– Confidential to protect witnesses and accuser
  27. 27. Policies• Electronic Monitoring– Define system covered– Business-use only– Discuss prohibited use– Explain consequences– Inform of employers’ right to monitor• Telephone Monitoring– Define purpose of monitoring– Discuss calls that appear to be personal
  28. 28. Policies• Social Media– Define what social media is– Apply it to business and personal– Compare to other policies• Workplace Searches– Define purpose and search areas– Ensure that a search is not an accusation– Refusal may lead to disciplinary action or termination
  29. 29. Summary• Privacy in the workplace is a combinationof employer rights and employerresponsibilities• The key to monitoring employees is todissolve the expectation of privacy• Employee information protection is in thehands of HR
  30. 30. Questions?Brittany Cullison, PHR713-784-1181bcullison@gnapartners.comwww.gnapartners.com
  31. 31. Resourceswww.shrm.comwww.hrlaws.comwww.twc.state.tx.uswww.prospera.com