Search
 
 

Practices

 

Search

FILTERS

  • Please search to find attorneys
Close Btn

Publications

06/13/2022

Employee Privacy: Understanding An Employer's Obligations Under Complex Legal Landscape

As remote work, work-from-home and other flexible work arrangements are more popular now than ever before, many employers are growing more interested in monitoring their employees’ work-related (and not-so-work related) activities. However, these employers should be aware of various employee privacy rights as an increasing number of states are enacting employee-friendly protections.

For example, in Nebraska, the Workplace Privacy Act prohibits an employer from requiring an employee to provide their username, password or other similar information in order to access the employee’s personal Internet account(s) such as a social media account. This law also prevents an employer from requesting or requiring the employee to log into their personal Internet account in the presence of the employer so that the employer can scroll the contents of the personal account. This law further prevents an employer from requiring the employee to add anyone associated with the employer as a friend, follower, subscriber, etc. so that they may view the contents of the personal account. These restrictions are clearly intended to protect employees’ privacy interests associated with their non-work related, personal activities. Of course, Nebraska employers are still permitted to maintain policies regarding electronic devices, electronic communications and personal Internet use during working hours, but employers should be mindful of the limitations under the Workplace Privacy Act.

Also with respect to employee monitoring, a law recently went into effect in New York state that requires all private-sector employers to provide employees with advance notice of the employer’s electronic monitoring practices, including monitoring of employee internet usage and communications such as phone calls, emails and text messages. This notice must advise employees that “any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system” may be monitored “at any and all times by any lawful means.” Similar laws requiring such notice already exist in other states such as Delaware and Connecticut.

Employers are also increasing their use of biometric tracking in the workplace for various purposes including authentication, safety and security, and employee worktime. Biometric data can include facial recognition, fingerprints, retina/iris scans, voice recognition, and other similar physical characteristics that can identify a unique individual. Several states such as Illinois, Texas and Washington have enacted privacy laws specifically targeting biometric tracking of employees, and these laws have certain notice and consent requirements in addition to restrictions on the use and disclosure of an employee’s biometric data. Multi-state employers should therefore be aware of these restrictions prior to collecting employees’ biometric information.

In addition, there are broader and more comprehensive data privacy laws that have been enacted in numerous states, and these laws can impact the employment relationship as well. For example, California’s Consumer Privacy Act has been amended to specifically apply to employment information, beginning on January 1, 2023. There are also foreign privacy laws such as the EU’s General Data Protection Regulation (GDPR) that may apply to U.S.-based employers, depending upon where they collect and store certain categories of personal information about their employees. These laws generally impose obligations on employers with regard to the use and disclosure of employee data.

Please feel free to reach out to McGrath North’s employment law experts as well as our privacy and cybersecurity experts who can assist in navigating and understanding your obligations under this complex legal landscape.