Basic Privacy Issues in the Workplace

Generally speaking, privacy rights are granted (if at all) by specific laws, rules, or regulations. Some of those rights apply in the workplace and some don’t. And even if there is no specific law, a right to privacy can be based on the legal common law concept of having a “reasonable expectation of privacy.” For employers and employees, privacy issues have become increasingly prevalent in the workplace, and with the increased use of electronic resources, privacy at work is even more complex. So it is important that managers and supervisors have a basic understanding of a few of the more frequent privacy rights and issues that can arise, as well as the boundaries that may apply.

There are several areas of human capital management in which privacy rights are established. Whether federal, state, or local law creates the right, you should be aware of the issues. Here is a general overview:

Personnel Records: Employees generally have a right to privacy in their personnel records, except in a few specific circumstances. That means employers are generally not permitted to disclose personnel records to third parties without a legal obligation to do so or the employee’s permission. The right can be found in state statutes, codes, or by judicial case law. Also, employees in most states have the right to request access to their personnel files upon proper notice.

Social Security Numbers: With the increase in identity theft, various statutory laws have been enacted to protect the privacy of social security numbers. For example, many states expressly limit and/or prohibit the use of all or part of social security numbers as computer passwords or employee ID numbers. Some states also limit whether and to what extent social security numbers can be used on itemized wage statements. There also are many state laws that require extensive disclosures by employers in the event a company suspects that certain kinds of personal information about employees or belonging to them may have been compromised.

Monitoring and Eavesdropping: There are extensive anti-eavesdropping laws that prohibit tapping into or listening to telephone conversations, voicemail systems, and electronic communications systems. For example, some states have civil and criminal statutes that require both parties to a telephone conversation to consent to being recorded or listened to, while other states require that only one party consent. Surveillance by camera is also subject to various legal requirements regarding notice and disclosure to employees.

  • There are several other federal and state laws that permit employers, in some circumstances, to monitor, save, record, access, or otherwise conduct surveillance of employees’ use of company electronic communication resources and systems. Usually, these laws require clear, unequivocal notice by the employer or owner of the electronic communication system that such monitoring and/or access may occur, and advance notice of the lack of privacy in the use of the systems. In many cases, advance consent by the users is also required by law. Consistent with these laws, most employers have policies regarding electronic resources that inform employees that access to and use of any data contained in any company-owned or -provided electronic resource system or tool, including but not limited to e-mail, use of the Internet, and voicemail, is not private to the employees, belongs to the company, and is subject to various types of monitoring, access, and disclosure by the company.
  • Most employers also have Information Security Policies with detailed information that every manager, supervisor, and employee must comply with at all times. Usually, employees are required to sign an acknowledgement that they have read and understood the policy and will comply with it.
  • Importantly, most employers include in their policies an express notice that puts employees on explicit notice that they have no privacy in their use of the company’s electronic communication resources or the information they access or create in it. This usually includes using company resources to access personal e-mail accounts.

Medical Records: Many different federal and state laws protect the privacy of employee medical information and require various disclosures about how the information is maintained, who has access to it, and how it may be used. Medical information about an employee must be kept separate from other employee records and access to it is severely restricted. The information is expected to be kept confidential between the company and the employee.

Drug Testing: Employers who conduct drug testing are required to maintain the confidentiality of the test.

Background Screening: Employers who require background checks as part of the hiring or employment process are required to maintain the confidentiality of the background information received. There are many laws that restrict the type of background information (such as criminal history, finances, bankruptcy, etc.) that an employer can inquire into, as well as how far back in time an employer is allowed to look. Included in these laws are various requirements to obtain consent to get the information and disclosures to the employee about how the information will be and ultimately is used. And there are additional notice requirements if the information is used to make an adverse employment decision.

There are also certain kinds of employee information that an employer is required to keep confidential, but which employees may have the right to disclose and discuss. For example, under the National Labor Relations Act (NLRA), employees have the right to engage in concerted, protected activities. And that right applies regardless of whether the employees are unionized. If an employee felt he or she was unfairly paid and got together with other employees to discuss their compensation, it could be an unfair labor practice under the NLRA to take action against the employees for disclosing or discussing wage information, or their terms and conditions of employment.

Some states also have statutes that make it illegal for employers to prohibit employees from discussing information that the employer is required to maintain as private and confidential. For example, California has labor code sections that make it illegal for employers to prohibit employees from discussing or disclosing their wages or working conditions, or to take action against them for doing so.

As you can see, employers need to be well versed in a multitude of federal and state laws regarding privacy. Human resources and legal professionals can help identify the laws that apply to you, and help you draft policies that meet your specific business needs. Be sure to work with your own experts so that customized solutions can be designed and implemented.

Barrie Gross is former Vice President and Senior Corporate Counsel (Employment Law) for an international Fortune 1000 company and is a regular contributor to She is the founder of Barrie Gross Consulting, a human resources training and consulting firm dedicated to assisting companies to manage and develop their human capital. Visit to learn more about Barrie and the services BGC provides.

Note: The information here does not constitute legal advice and should not be relied upon as legal advice. If you have a legal issue or wish to obtain legal advice, you should consult an attorney in your area concerning your particular situation and facts. Nothing presented on this site or in this article establishes or should be construed as establishing an attorney-client or confidential relationship between you and Barrie Gross. This article is provided only as general information, which may or may not reflect the most current legal developments or be complete.