Chapter 14
The Employee’s
Right to Privacy, and
Management of
Personal
Information
Copyright 2015 McGraw-Hill Education. All rights reserved. No
reproduction or distribution without the prior written consent of
McGraw-Hill Education.
14-1
Learning Objectives (1)
 Describe the nature of privacy as a fundamental
right
 Explain the three general ways in which privacy
is legally protected in the United States
 Understand the legal concept of “reasonable
expectation of privacy” and its application to the
workplace
 Apply the standard for unreasonable searches
and seizures under the Fourth Amendment
14-2
Learning Objectives (2)
 Explain the distinctions between public- and
private-sector privacy protections
 Describe the legal framework that applies to
private-sector privacy cases
 Identify and differentiate the prima facie cases
for common-law claims of privacy invasions
(intrusion into seclusion, public disclosure of
private facts, publication in a false light, and
breach of contract/defamation)
14-3
Learning Objectives (3)
 Explain the extent to which an employer can
legally dictate the off-work acts of its employees
 Discuss how advances in technology have
impacted employee privacy, and the key
business justifications for employee monitoring
 Explain the most effective means by which to
design and to implement a technology use policy
 Describe the legal environment that surrounds
employee use of social media technologies
14-4
Are There Guarantees in Life?
 The right “to be left alone”
 Privacy as a federal constitutional right
 Griswold v. Connecticut 1965
 “penumbras” of the Bill of Rights
 Emper legitimate interests v. Empee privacy
 Global marketplace  different rules elsewhere
 Even if Employer may collect data, duties to
safeguard Employees’ personal information
14-5
Realities about Employee Privacy
Rights (1)
 Employees do not have an absolute right to
privacy in their workplace
 Balancing test
 In the private sector, the federal Constitution
does not protect employee right to be free from
employer unreasonable searches and seizures
 Contrast public-sector where government is employer
 Some states (CA) have right to privacy in state
Constitution
14-6
Realities about Employee Privacy
Rights (2)
 All employees are safeguarded to some extent
by common law protections against invasions of
privacy
 Any time an employee gives information to an
employer, the employer is bound to use it only
for the purpose for which it was collected, and
may not further disseminate it without
employee’s permission
14-7
Background
 Privacy may be protected by
 Constitution (federal or state)
 federal and/or state statutes
 common law principles (will vary by state)
 Fundamental rights: A right guaranteed by the
Constitution, whether stated or not
 Required disclosure of certain types of personal
information should be considered an unreasonable
search
14-8
Workplace Privacy, Generally (2)
 No broad rights to personal workplace privacy
 No comprehensive federal workplace privacy legislation exists
 States will vary widely in their coverage
 Review: Employees may be fired at-will
(provided it is not for illegal reasons)
14-9
Zones of Workplace Privacy
“Reasonable” areas in which to
expect privacy in the workplace
• One’s body and physical space; one has a reasonable expectation
to be free from a pat-down or body search
• Normally private locations, such as a purse or briefcase
• Personal information, accessed without permission
14-10
Public-Sector Employee Privacy(1)
 Review: government as employer means federal
Constitutional protections apply
 The Fourth Amendment: protection against
unreasonable searches and seizures
 Violation if the search is ‘Unreasonable’
 Unjustified at its inception
 Impermissible in scope as carried-out
 Case: O’Connor v. Ortega
14-11
Public Sector Employee Privacy (2)
 Search warrant usually required
 Exception: strong state interest and pervasive
regulation of industry
 Balancing test of legitimate interests: e.g., drug
testing of railway workers for safety
 Search of employer-owned property: written
policy can reduce employee’s reasonable
expectation of privacy (lockers, computers)
 False imprisonment concern
14-12
Public Sector Employee Privacy(3)
 5th and 14th amendments tests
 ‘Strict scrutiny’ of fundamental rights requires
‘compelling state interest’ justification (high hurdle)
 Other rights: search must be ‘rationally related to a
valid state interest’ (low hurdle)
 Is the right fundamental?
 Implicit in the concept of ordered liberty
 Deeply rooted in this Nation’s history and tradition
 No general right of the individual to be left alone
14-13
The Privacy Act of 1974
 Regulates the release of personal information
about federal employees by federal agencies
 Basic principles
 Employee access to their files
 Mechanism to correct or amend information
 Prevention of inappropriate revelation of information
 Maintenance of information
 Eleven exceptions to the act
14-14
Wiretapping
 Federal Wiretap Act – Title III
 Governs the interception of oral, wire, and electronic
communications related to specified criminal activity
 Model for statutes in most states
 Wiretapping on the rise, few applications denied
 ECPA covers all forms of digital communication
 Prohibits unauthorized eavesdropping, access to
messages
 ‘in-transit’ limitation, ‘consent’ exception
14-15
Private Sector Employee Privacy
 In private-sector employment environment:
 No constitutional protection triggered
 Less privacy protection, unless provided by policy or
collective bargaining contract (union workplace)
 Compliance-related costs for private employers
 Private-sector employers’ flexibility to craft
policies that suit need and company culture
14-16
Legal Framework for Employee Rights
in the Private Sector
 At-will employment review: Employers are free
to fire an employee—and employees are free to
leave the position—at any time and for any
reason
 Protection for private-sector employees
 State and federal laws prohibiting adverse
employment action, e.g., for discriminatory reasons
 Employment at-will limited by certain statutes and
common law
14-17
Bases for Right to Privacy in the
Private Sector (1)
 State law-based claims – generally little statutory
protection for private employees
 Contrast: some state constitutions and statutes (CA)
 Common law torts: ‘tort’ is a private wrong in
which one person (e.g. employer, here) causes
injury to another person
 Allows the injured person to sue the alleged
wrongdoer and to collect damages
 The injury can be physical, mental, or financial
14-18
Bases for Right to Privacy in the
Private Sector (2)
 Privacy Protections at common law (torts)
 Intrusion into Seclusion
 Wrongful invasion – objectionable to a reasonable person
 Scenario 1
 Public disclosure of private facts
 Intentional or negligent public disclosure of private matters
 Such disclosure would be objectionable to a reasonable
person of ordinary sensitivities
 Case: Yoder v. Ingersoll-Rand Company a.k.a. ARO
14-19
Bases for Right to Privacy in the
Private Sector (3)
 Privacy protections at Common Law (continued)
 Publication in a false light
 Public disclosure of facts that place the employee in a false
light
 Defamation
 Libel vs. slander
 Compelled self-disclosure
 Breach of contract
 Per policies or specifics of employment agreement or CBA
14-20
Regulation of Employee’s Off-Work
Activities
 Generally, private activities may be regulated if
off-work conduct affects employee performance
 E.g., drug, tobacco, alcohol use, weight, various
recreational activities, moonlighting, relations with coworkers or competitors, ‘poor reflection’ conduct
 State statute exceptions limit employer reach
 NY case: dating not ‘recreation’ (?) within state statute
 Don’t ignore ‘carrot’ approach, e.g., incentives
 General note: U.S. companies with operations in
EU must comply with its data protection laws
14-21
Employer’s Information-Gathering
Process/Justified Use/Disclosure of Information
 Proper documentation is important HR function
 Risks in process of information gathering
 Harassment
 Improper data management
 Improper dissemination of information
 Function creep: expands uses beyond purpose
 Collection and retention should be conscious
policies
14-22
Employer’s Information-Gathering
Process/Justified Use, Disclosure of Information
 Collection and retrieval of information
 Limitation of questions to potential employee
 Proper storage of information
 ‘BYOD’: employee personal devices in
workplace -> further complication of
management
 Transfer of info, e.g., References
 Admin password abuse
14-23
Employee Monitoring: Old Practice,
New Face
 Employer monitoring has rich tradition and
raises legal, ethical concerns
 New technologies dramatically increase data
volume, reach, power and range of issues
 Productivity measurements emphasis (currently)
 Boundary-less workplace: “always-on”
 New technologies: GPS, RFID, Biometric ID
 Ubiquity of Social Media
 access to data and reliance on it
14-24
Evolving Legal Environment (1)
 Statutes and cases beginning to address
surveillance and monitoring issues
 Case: City of Ontario v. Quon
 Balance of privacy and business justification interests
 Business justification receiving weight in early cases,
esp. re employer-issued instrumentalities
 Courts favor ‘notice’ that reduces privacy expectations
 State statutes limit compelled access (passwords)
 Exemptions for specific justifications (e.g. investigations)
14-25
Evolving Legal Environment (2)
 Productivity-related monitoring, blocking
 Boundary-less workplace also increases personal
use of employer assets
 Burgeoning availability of tools re keystrokes, voice
patterns, screen caps, even fidget monitors. Scenario 3
 Other business interests: evidence of employee
misconduct, IP protection or liability, viruses,
hacks, reputation-related issues
 Policy clarity, employee notice key prevention
14-26
Percentage of Large U.S. Companies
That Monitor Employee E-mail
14-27
The Case of Employee E-mail
 Employers’ needs vs. employees’ right to privacy
 Interception (ECPA) vs. hard drive monitoring
 Cases suggest no reasonable expectation of
privacy on employer instrumentalities, accounts
 Even when policy and statements are otherwise
(Harvard leaks case)
 As always, policies should address corporate
interests and practices (which then need to be
followed through by employer)
14-28
Developing Computer Use Policies
 Policies – written, communicated to employees,
and followed
 Suggested guidelines
 Appropriate coverage
 Employee access to information gathered
 Ban on continuous monitoring and secret monitoring
 Only job relevant information collected
 Only for business interests
14-29
Blogging and Other Social Media (“Web
2.0”) (2)
 Employer Social Media policy recommendations:
 Defined objectives that do not overreach
 A reminder that company policies apply
 Personal comment rules
 Disclosure, monitoring, and copyright reminders
 Consider photo, video, audio coverage
14-30
Privacy Rights Since September 11,
2001
 USA PATRIOT Act
 Allows government to monitor anyone on the Internet
simply by contending that the information is “relevant”
to an ongoing criminal investigation (FISA courts)
 Employer response to governmental request for
information: comply voluntarily, ask to seek
employee permission or require subpoena
 Monitor for future anti-terrorism measure and
their implications for privacy
14-31
Management Tips
 Prevention is key: sound policy development,
communication and follow-through are essential
 Develop policies to reduce and define employee
‘expectation of privacy’
 Monitor technology policies for developments
(e.g., email, and IM, and next generations)
 Gather and protect data pursuant to defined
business purposes
 Give ‘consideration’ for any employee waivers
14-32