Data privacy continues to be a major focus of several state laws recently enacted or amended. Employee rights to privacy are especially important in light of the many ways employees can stay connected to the digital world throughout their working hours. Given the ease with which applications and devices can track, collect, and process personal information, you should establish well-defined rules of acceptable employment practices that comply with applicable data privacy laws. Employee data privacy rights have expanded significantly in recent years as employment-related privacy laws proliferate and companies become more aware of employee privacy. This is especially evident through the enactment of state employee monitoring laws, the expiration of employer exemptions under the California Consumer Privacy Act (CCPA), and the implementation of employee-specific privacy policies.
Employee monitoring
States are trending toward greater transparency and privacy in the workplace by passing laws that require employers to notify employees if they are being monitored.
In May 2022, New York became one of the latest states to recognize the importance of employee privacy through the enactment of an Employee Monitoring Act. By law, private employers with offices in New York must notify employees in writing if the employer monitors or intercepts an employee’s e-mail, Internet access or use, or telephone conversations. is needed. The written notice states that “Any telephone conversations or transmissions, email or transmissions, or Internet access or use by employees through any electronic device or system.”
New York follows Connecticut and Delaware, both of which have similar employee monitoring laws. Similarly, in Texas, it is considered an invasion of privacy for employers to monitor their employees’ electronic communications. Employers may monitor their telephone systems to ensure that employees are using the systems for their intended purpose. However, employers must notify employees that this monitoring may be taking place.
Based on these efforts, other states may follow suit and pass laws requiring employees to limit and/or inform employees of surveillance activities taking place in the workplace.
Employee data under CCPA
Since California enacted the CCPA in 2018, employers have been careful to see how the law applies to data collected and maintained about their employees. To date, employment data has been explicitly excluded from most CCPA requirements. However, as a result of the CCPA amendments contained in the California Privacy Rights Act (CPRA), which took effect January 1, 2023, many categories of employee data are now subject to CCPA requirements. Employers must comply with certain obligations regarding the processing of employee data.
Beginning in 2023, the CCPA will apply broadly to employee data. Employee data is now treated like any other commercial information, requiring covered employers to add employee and HR data to their ongoing compliance efforts. In the context of employment, personal information includes employee contact information, insurance and benefits choices, bank and account deposit information, emergency contacts, dependents, resume and employment history, performance reviews, pay slips, time punch records, stock and stock grants, compensation history and many other forms of data collected periodically throughout the employment relationship. Additionally, the CPRA introduces the concept of “sensitive personal information”, which includes financial information, social security numbers, communication content, health information, and biometrics.
To comply with the CPRA, employers must prepare and provide privacy notices to their employees or job applicants, enter into specific data processing agreements with vendors, and comply with the CCPA at or before the time personal information is collected. You must respect employee rights requests in accordance with personal data, and other compliance procedures.
Employee-specific privacy policy
As privacy concerns continue to rise among businesses, employees, and consumers, employers should adopt comprehensive and robust privacy policies to ensure that employees are aware of the collection, processing, storage, and sharing of personal data. It is imperative that you let us know how These policies are essential for companies that need to use and disclose employee personal data for business purposes. Important employee privacy policies include general employee privacy policies, bring-your-own-device policies, terms of use provisions, employee monitoring policies, and biometric collection policies. These policies increase transparency between employers and employees and set expectations for employee privacy.
In most cases, employee privacy policies are implemented as a means of complying with applicable workplace privacy regulations and legal requirements, such as those under CCPA/CPRA and the state employee monitoring laws mentioned above. For example, the Illinois Second District Court of Appeals recently announced that the Illinois Biometric Information Privacy Act (BIPA) requires private entities to publish written data retention and destruction policies at the same time or prior to collecting biometric data. and ruled that in certain circumstances prior employee consent must be obtained. to the collection.
An effective policy should define what constitutes personal information and the means by which it is collected. In addition, the policy should clearly stipulate the circumstances under which employees should not assume that their data or communications are private. For example, employees do not have reasonable expectations of the privacy of their phone calls, texts, emails, and social media communications sent on company-owned equipment. Similarly, software and his website that are not necessary for business purposes may be restricted according to policy or blocked to prevent problems. The policy should also state the conditions under which employee data is disclosed.
Moving towards 2022 and 2023, evolving legislation and growing personal awareness of personal data privacy underscore the importance of employee privacy commitments. Employers should be cognizant of the evolving legal landscape, which is increasing awareness of employee privacy, and stay up-to-date on any new obligations that may result.
