October 28, 2021

Best Practices: Workplace Privacy

Advances in technology have created new concerns for workplace privacy. Automated systems, email and instant messaging technology have helped employers reduce operating costs and increase efficiency. These systems have also increased the employer’s risk when it comes to protecting information shared during the employment relationship.

The Right to Privacy
The U.S. Constitution does not explicitly provide for the right to privacy. Nonetheless, federal courts have acknowledged individuals do have certain rights to privacy, but only as to state, not private, actions (e.g., private citizen vs. state actor as opposed to private citizen vs. private citizen).

The California constitution does provide an express provision on the right to privacy, in both public and private settings. State law actions such as allegations of “unreasonable intrusion into an individual’s private affairs” also protect certain privacy interests of the employee as an individual. Finally, certain statutory actions, provide protections for private information and activities concerning employees.

Obtaining Private Information
Most private information is provided to employers voluntarily by the employee or applicant for purposes related to employment (e.g., obtaining the job, securing benefits, etc.). However, there are restrictions on the type of information that can be requested, in what form, and whether authorizations are required.

For information that is not voluntarily provided, the primary determinant as to what constitutes an invasion of privacy is whether the employer’s need for the information outweighs the intrusion on the employee’s privacy. For this reason, employees should be given advance notice as to what information may be needed to diminish or eliminate the employee’s reasonable expectation of privacy.

Medical Examinations
In addition to certain prohibitions on questions regarding a physical or mental disability and the timing and type of medical exams that may be required for employment as a result of the Americans with Disabilities Act (ADA) and similar state statutes, privacy concerns may also limit an employer’s right to an employee’s medical status and history. Employers have specific duties to maintain the confidentiality of medical-related information it receives in connection with workplace testing protocols (e.g., drug testing, pre-employment exams, fitness for duty exams), and keep such information separate from employee personnel files.

Using & Maintaining Private Information
Even without legislation, employers should make every effort to minimize use and disclosure of an employee’s private information (e.g., social security numbers and medical records). Procedures should be put into place to prevent unauthorized disclosures.

In California, statutory provisions require businesses, including employers, who have access to personal information (which includes a name with a social security number, driver’s license number, certain financial information or medical information; or a user name or email address in combination with a password or security question/answer) to take reasonable measures to prevent unauthorized disclosure of such information; destroy such information by a means that will make it unreadable or undecipherable; and disclose any breach in its computerized data system which could result in unauthorized access to such personal information.

Arizona has similar legislation requiring notification of any breach in the security of the computer system on which there is personal data.