One of the most important responsibilities of an employer is to protect the personal information of its employees. Employers who fail to do so may face lawsuits alleging an invasion of their employees’ privacy.
Some of the most common privacy issues employers must address with respect to employee personal information include public disclosure of personal information, data breaches, background investigations, and email accessibility issues.
Under state and federal laws, employees have a reasonable expectation of privacy in the workplace. If an employer publicly discloses personal information of an employee without their permission, it may constitute an invasion of privacy. This often relates to the publication of private and/or embarrassing personal information.
When a data breach results in the disclosure of an employee’s personal information, the employer faces potential liability. The most common types of data breaches involve stolen technology, such as the theft of a company computer, which would allow access to the personnel records of an employee.
A data breach could allow information including Social Security numbers, bank routing numbers, and drivers’ license numbers, to become public.
Employees have filed suits against employers following data breaches in which the employee’s information was used to make unauthorized credit card purchases or to file fraudulent tax returns.
In November the Pennsylvania Supreme Court found an employer liable based on negligence, following a data breach on the company’s computer network. The employees alleged the employer failed to take adequate security measures, such as using encryption techniques, firewalls, or authentication programs.
In addition to the monetary damages which resulted from the filing of false tax returns, the employees sought compensation for the allegedly increased risk of becoming a victim of an identity theft or financial fraud crime.
The court held that an employer has a duty to use “reasonable care” to protect their employees’ personal information that may be stored on a company computer. Whenever an employer collects and stores an employee’s personal information, there now exists a common law duty to properly secure the information and protect it from cybercriminals. Employers will have to demonstrate “reasonable” measures are in place to protect this information.
Employers also should be aware of the privacy issues associated with conducting background investigations on prospective or current employees. Under the federal Fair Credit Reporting Act (FCRA), an employer must have an applicant’s permission before using a third party to conduct a background investigation.
An employer’s access to an employee’s electronic communications, such as email, also may raise privacy concerns. Although the federal Electronic Communications Privacy Act of 1986 (ECPA) and the Stored Communication Act (SCA) protect individuals from having their email unlawfully or intentional intercepted, several exceptions potentially apply in the case of employee emails.
Employers often can access an employee’s email under the provider exception, business-use exception, and prior-consent exception to these federal laws. Employers should have clear policies in place with respect to the company’s email policy, to ensure compliance with federal and state laws.
At MacMain Leinhauser, our experienced Philadelphia business lawyers assist employers addressing the privacy concerns of their employees. With offices conveniently located in West Chester, Pennsylvania, we represent employers in Philadelphia, Chester County, and throughout Pennsylvania. To schedule a consultation, call 484-318-7106 or submit an online inquiry form.