Eyes on You

Making sense of employee privacy rights in the workplace.

Employees may believe the Fourth Amendment gives them protection when it comes to privacy in the workplace and the watchful eye of a Big Brother employer. But, what employers and employees alike may not realize is that the Fourth Amendment doesn’t apply to the private sector.

“There’s a fairly common misconception that people have a right to privacy, no matter where they are - at home or in public - whether they’re using email or making a phone call. They feel if it is personal, they have a right to protect it, but the Fourth Amendment doesn’t apply to employees working in public or private companies, only government workers,” said Christine Pecha, JD, vice president and senior claims consultant, HUB International.

According to Pecha, there’s still little law on the subject of privacy in the workplace and to date, few courts or state legislatures have addressed the implications of new technology on employee privacy. As with many other areas, legal decisions on workplace privacy to date have focused on what is considered “reasonable.” What does “reasonable” mean? Pecha explains that for the employee, it may mean using 15 minutes here or there during lunch and break times to do personal things as well as visiting websites (excluding gaming or explicit sites).

For the employer, “reasonable” means monitoring employees on the company’s devices only or in public places, i.e. where the business is located. However, using tracking devices, such as GPS, webcams or cameras in personal areas, such as a home or workplace bathroom, cross the line of “reasonableness”. In some highly publicized cases, courts have asked if monitoring activity was limited to protecting company equipment or if surveillance extended to an individual’s private space.

Establish clear companywide policies and apply them consistently

According to a survey by the ePolicy Institute, 83 percent of employers have policies restricting personal use of company equipment. The same survey showed that 28 percent of employers have terminated employees for email misuse; 26 percent of these cases were for excessive personal use[1].

With clearly written policies and procedures and consistent enforcement, employers can help prevent such situations. Pecha offers some tips for creating and enforcing privacy policies across your organization:

1. Craft precise rules, not just general statements, as part of the employee handbook. Employees need the policy spelled out clearly to understand its parameters.
   • The equipment "is owned by the business" and specify
     which equipment, i.e., phone, laptop, computer, etc.
   • The business has "the right to monitor the use of the equipment and will do so on a regular basis."
     
2. Spell out the repercussions for improper behavior or usage, including a path to termination. Will a warning be issued?
3. Each employee should be made aware that these policies apply to all, regardless of position or seniority. Over time, employees should be reminded of the policies and procedures.
4. Add a message on computers that pops up every time employees sign in, reminding them their computer is being monitored. Tracking software should be technically appropriate, i.e. it tracks frequency and duration as well as actual visits to inappropriate websites as opposed to adware for example.
5. Apply policies consistently. Where there are mixed messages from one employee to the next, the court can side with the employee, Pecha says. The older employment rules, Title VII for example, which prohibits discrimination, also applies to this fairly new context.
6. Address performance as a whole. There may be issues with an employee’s overall performance. If computer usage is the main problem, it is a good idea to focus on clear misuse, such as regular and significant personal use or visits of inappropriate websites, which can be verified. This avoids the pitfall of what might be considered “pretextual”, i.e. that the computer activity was not the real issue.

Social Media: a new frontier for employers

The widespread use of social media has opened another series of workplace privacy issues.

While social media use typically takes place outside of the workday and on the employee’s own device, the employer continues to have a legitimate business interest and may have the right to intervene if they can show the employee’s social media activity is hurting their business. For example, an employee at a large retail chain was recently terminated for Facebook posts that were deemed by the company harmful and damaging to its reputation. At least five states, including New York, Colorado, North Dakota, Montana and California now have laws prohibiting companies from terminating an employee because of their off duty social media posts unless they can prove the comments will damage the company.

On the other hand, social media has revolutionized the hiring process, as more and more employers use it to conduct potential candidate searches and informal background checks. One study revealed that 52 percent of companies currently use social networking websites to identify and screen potential candidates for a position[2]. Even more significant is that as many as 48 percent of those who used social media to research a candidate found information that caused them not to hire the individual.[3]

While social media can help an employer make a more educated hiring decision, the Equal Employment Opportunity Commission (EEOC) is currently looking into the impact this practice can have on candidate selection. For example, what if a person discusses religious beliefs or medical issues online and is subsequently not hired, due to information the employer was never entitled to ask about nor intended to have during the hiring process? In that situation, the employer’s burden of proof could be difficult.

What we have to realize ultimately, Pecha says, is that everything we post on social media is for public consumption. Friends, family members, business contacts and current and even potentially future employers can and may see it.

“When something finds its way on social media, it not only becomes public information but it also has a wide audience and can have sometimes unexpected readers,” said Pecha. “In essence, when using social media, we’re publicizing our comments on a virtual blackboard for the world to see.”

Contact your HUB executive liability consultants for more information on the risks and challenges associated with workplace privacy practices.

[1] ePolicy Institute’s 2009 Survey. http://www.epolicyinstitute.com/2009-electronic-business-communication-policies-procedures-survey-article

[2] Careerbuilder.com Survey, May 2015

[3] ibid.