Can Policies Override An Employee’s Privacy Rights?

February 19, 2018

Topics: Privacy in the Workplace

Multiple employment policies are recommended where an employer wants to make clear that employees’ should not have an expectation of privacy at work.  When it comes to privacy, the law often looks to what the individual would expect.  For example, employees would have a greater expectation of privacy regarding their activities in a locker room than they would in the lobby.  People have a greater expectation of privacy regarding conversations in their own home, than they do in an open-air train station.

Similarly, employees may have expectations of privacy regarding private emails they send at work over their company’s computer equipment.  Whether sent through the company’s email server, or by using the company’s internet to access the employee’s own private Gmail account, most employees think that their personal communication is exactly that—personal and thus private.  Employment lawyers have long recommended including statements in computer use policies saying that the equipment belongs to the company and any activity on it may be monitored by the company, so employees should have no expectation of privacy with regard to emails they send or receive over the company equipment.

But consider this scenario.  A company was visited by police officers seeking the home address of a current employee who happened to be out sick that day.  Employers have obligations to maintain the confidentiality of employee contact information in part due to their employee’s privacy rights and have no obligation to give this information to the police just because it is requested.  It is generally advisable to request the police return with a warrant or subpoena for the information so that the company is thereby compelled to provide it. However, this company considered implementing a policy saying that, should the police or other government entity inquire, it was company policy to provide employee contact information without first advising the employee.  Can they do this?  Possibly, but there are a number of factors to keep in mind.

1) The company should have its employment counsel provide guidance regarding any locally applicable privacy laws that might affect such a policy;

2) The policy should only govern releasing information to official sources such as the police, a government agency, the IRS etc. (and the practice should include confirming the identity of the requester before information is released);

3) Employees should be given the opportunity to opt out of the practice, as they may have reasons (on going custody battles or other legitimate reasons) for wanting to control access to their address, phone number, or other personal information;

4) The policy should provide that employees will be given notice of the fact that the information was provided shortly following the release of the information, along with information regarding to whom it was provided and what was given;

5) The policy should include a statement expressly destroying the employees’ expectation of privacy such as saying: “By continuing employment with the company, and signing the acknowledgement form accompanying this handbook, you expressly acknowledge your consent to this practice and waive any privacy rights with regard to the information provided under this policy.”

Consult employment counsel for what would be appropriate language in your location, but as with the computer use policy, it may be possible to destroy the employee’s expectation of privacy with regard to the treatment of their personal contact information through the implementation of such a policy.  Local laws differ so consultation is recommended.

Prior to implementing such a policy, employers should weigh the risks and benefits to themselves, their employees, and the government entities with which they seek to cooperated to determine whether the implementation of such a policy is prudent under the given circumstances.  Employment counsel can provide guidance with regard to this and other actions the company may wish to take regarding employee’s confidential contact information.