In this lesson, we will look at general employee confidentiality and privacy rules, as well as federal guidelines and laws that apply to confidentiality and privacy in the workplace.
Jennifer comes in to work on a Monday morning and turns on her computer, which in turn activates a security camera in the corner of her office pointed right at her computer screen. As her computer boots up, she sees a key log algorithm cross the monitor noting how many keystrokes she made the day before. She also notices a message from the human resources team asking her to explain the postings she made on a social media site over the weekend.
Sounds like a scene from some futuristic science fiction story, doesn't it? Well, not really. Today's workplace is not the same as the workplace of the 1920s, or even the 1970s. Technology has made it easier for employers to monitor their employees' every move. But how much of it is legal, or even ethical? Let's take a look.
Confidentiality is an expectation that information will be kept private or not made available for everyone to see. Employers have access to an enormous amount of information about their employees. What kind of information can an employee reasonably expect an employer to keep confidential? They should have an expectation that any personally identifying information, such as their address, phone number, Social Security number, age, national origin, or medical information, should be available only to those people in the organization who have a need to know.
For example, Bob in production does not need to know Jennifer's status as a disabled person if she doesn't work directly for him. However, Sally in human resources may need to know about Jennifer's disabilities to make sure appropriate accommodations can be made.
Similarly, there should be an expectation of confidentiality for management information, such as what's in an employee's personnel file. Jennifer's interactions with her manager, her performance reviews, any disciplinary actions, or investigations that she is the subject of, including reasons for termination, should only be available to those who need to know. While sharing or not protecting this information is largely not illegal, it is ethically questionable. Knowing that management information could make you the subject of office gossip could affect the morale of the workplace if everyone thought their private management dealings would be made public.
Let's face it, employers are entitled to some information. They may conduct pre-employment or periodic drug testing, and they can use those results to determine employability or continued employment. In regards to employee emails and files, employers can search them if company resources, such as computers, internet, and email servers, are used.
So what is protected in terms of privacy? Employees have a right to privacy for their personal possessions, such as purses, pockets, briefcases, and even lockers if they have provided the locks. They even have a limited right to privacy when using their employers' computer systems or internet. While their personal emails are protected, until or unless an employer reads the email, how does the employer know it is personal? That is a gray area.
There are a number of federal laws designed to protect privacy and confidentiality in the workplace. They don't cover everything that could happen, but they try to cover the basics. Let's look at some of the biggies:
- Privacy Protection Study Commission, 1977: A set of 34 guidelines for employers in relation to employee privacy. The goal is to protect the privacy of the individual without curtailing the ability of an organization to do business.
- Health Insurance Portability and Accountability Act (HIPAA), 1996. This is a big one that protects the privacy of medical records for employees and patients.
- Genetic Information Non-Discrimination Act (GINA), 2008. This is relatively new, as genetic testing has recently become more commonplace. Employers cannot ask about the results of a genetic test or ask that one be conducted in order to make employment decisions.
- Electronic Communications Privacy Act (ECPA), 1968. This one guards against deliberate surveillance on personal calls as well as other electronic communication. Business calls are not exempt, so always keep it professional.
- Occupational Safety and Health Administration (OSHA) has enacted lots of important legislation to ensure that workers are safe, and to protect employees from retaliation for reporting violations in safety at a company.
In addition to federal regulations, many states have their own responses to what is acceptable and expected regarding confidentiality and privacy in the workplace. And as technology has grown more sophisticated, the lines on confidentiality and privacy have gotten murkier.
So what about our friend Jennifer from earlier? Is her employer allowed to use surveillance cameras, keep track of her keystrokes, and monitor her social media postings? The short answer is yes, but there are stipulations.
The federal wiretap law prevents the recording of audio, so they can use a camera for surveillance, but not one with audio capability. There are no restrictions on keystroke monitoring, as employers could be collecting information on productivity.
But monitoring her social media postings is a tricky area. Both federal and state laws limit what an employer or potential employer can legally use from a social media site. If employers have a practice of monitoring social media, they must inform their employees of the nature of that monitoring. Employers cannot require the employee to provide usernames or passwords to social media accounts.
Employees have some protections in terms of privacy and expectations that information will not be made available for everyone to see, referred to as confidentiality. Employers cannot watch their employees' every move. Employers are responsible for keeping personal identifying information, such as addresses, phone numbers, and Social Security numbers, confidential and only available to those people within the organization who need this information for legitimate purposes. There is an expectation that management information, such as performance reviews and disciplinary actions, is also confidential, but there aren't any laws specific to that.
Employees can expect that their personal space, such as purses and briefcases, are private spaces employers can't invade. They can also expect that personal phone calls or emails are also inviolate, but that is a gray area when the employee is using company resources, such as computers or the internet. Employers can monitor employees' keystrokes and use a camera for surveillance, and are even allowed to monitor social media. Federal laws, as well as state laws, protect employees' privacy and guarantee confidentiality of certain information. Some examples of relevant federal laws include:
- Privacy Protection Study Commission: A set of guidelines that protect the privacy of the employee without curtailing the ability of an organization to do business.
- Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of medical records for employees and patients.
- Genetic Information Non-Discrimination Act (GINA) states that employers cannot ask about the results of a genetic test or ask that one be conducted in order to make employment decisions.
- Electronic Communications Privacy Act (ECPA) guards against deliberate surveillance on personal calls as well as other electronic communication.
- Occupational Safety and Health Administration (OSHA) ensures workers are safe and protects them from retaliation for reporting safety violations.