Six Things Every In-House Counsel Needs to Know About Employee Privacy Rights

December 10, 2016

Topics: Privacy in the Workplace

Employers need to monitor their businesses and their workplaces to protect against employee data theft, employee time abuse, and other actions. Employers also have certain obligations to respect their employees' work­place privacy rights. Here are six things every in-house counsel needs to know in order to help their clients do both.

1. Company computer and phone systems are (almost) never private for employees

Under federal and state law, employers can monitor employee activity on company computers and phone systems, but should destroy any expectations of privacy by having clear monitoring policies with signed employee acknowledgements. Even so, employers do not have carte blanche to monitor employees' personal e-mail and phone calls made through company equipment. Once an employer determines that a call or email is personal, then monitoring must generally stop.

2. Employers can look to video surveillance as a method of monitoring employees

Generally, employers can monitor the workplace with video surveillance in public places without employ­ee consent or notice (unless your workplace is unionized, in which case certain bargaining issues arise). New York labor law, however, prevents employers from using video surveillance to monitor employees in restrooms, locker rooms, changing rooms, fitting rooms, or other "room[s] designated by an employer for employees to change their clothes" unless the employer has a court order.  Sound recording is prohibited, however, and governed by complex wiretap laws.

3. Employees' public social media activity is not off limits to employers

Information that is freely accessible through the Inter­net is public information so there is generally no privacy limitation to employers' monitoring of their employees' publicly available activity (e.g., blogging, posting, commenting, "Like"-ing, "Tweet"-ing, etc.). However, employment discrimination laws may come into play and govern how information obtained online can be used (and should be stored).

Additionally, employers should not take actions to circumvent employee password protections on their private social media accounts. New York is poised to join other states in prohibiting employers from asking employees and job applicants for password information.2

4.  It's a-OK to track employees using GPS

Knowing your employees' locations can be important to track productivity and employee efficiency. To that end, employers may legally use GPS systems to track employees who carry company phones or drive company-provided vehicles-even without notice (although, again, union bargaining rights may trump). Using GPS offers real-time tracking of assets and employees, but tracking during non-work hours is potentially prohibited.

5. Employee images, likenesses, and voice recordings are protected by statute

Sections 50 and 51 of the New York Civil Rights Law protect a person's "name," "portrait," "picture," and-in the case of section 51 only-"voice" from being used for trade or advertising purposes without the person's "written consent."  Employers should thus obtain their employees written permission in writing before, for example, shooting pictures or video for a company website or marketing brochure. Under section 50, any "person, firm or corporation" who does otherwise is guilty of a misdemeanor, so prudence is warranted. Section 51 imposes civil liability and authorizes any victim to seek an injunction. Providing employees with a consent form to be signed on hire is a good way to avoid running afoul of these rules.

6. Employee Social Security numbers require enhanced privacy protections

Social Security numbers (SSNs) have enhanced privacy protections under New York law and may only be obtained by employers for taxation and benefits purposes.  But, once obtained, employers must handle SSNs with care, including "encrypt[ion]" if necessary.  Accordingly, employers generally may not print SSNs on employee IDs and must take other precautions to protect this information.  These rules apply not only to full nine-digit SSNs, but also to "any number derived from such number," including the last four digits.  Employers enjoy a safe harbor for unintentional violations of these rules resulting from a "bona fide error made notwithstanding the maintenance of procedures reasonably adopted to avoid such error."   But access to such information should be restricted to those with a business need to know.