Privacy issues in the workplace have become a greater concern, given the proliferation of electronic communication in the business environment. While large corporations often have teams of legal counsel helping organizations stay on top of workplace policies and adverting costly lawsuits, small and mid-sized businesses don’t always enjoy such resources.

A company that implements and adheres to a clearly defined employee privacy policy can avoid many lawsuits. Written policies also provide employees with much appreciated clarity on areas that might otherwise be ambiguous.

E-mail & the Internet
The increasing sophistication of e-mail and Internet services, and their users, brings a new host of privacy issues. For example, an employer could be held liable if an employee uses e-mail for inappropriate or illegal activity, such as sexually harassing another employee; sending or receiving virus-infected material; sending or receiving obscene material or infringing on a copyright or trademark.

A policy should give the employer permission, under clear procedures, to monitor e-mail and Internet communications and clearly define prohibited activity.

An example: your e-mail and other computer files are to be used for business purposes only. Management reserves the right to enter, search and monitor your computer files or e-mail, without advance notice. A search will be conducted when justified by business purposes, such as investigating theft, disclosures of confidential business information or personal abuse of the system.

Searches
An employer also has a legitimate interest in maintaining the security of its property and assuring its employees do not bring illegal, controlled or dangerous materials onto company property. Most courts have upheld the employer’s right to search its own property, such as a desk or a locker, when there are grounds for suspicion and when the search is conducted properly. Again, to avoid intruding on employee rights, a written policy should state the possibility of search.

Good Employer Practices
While it is recommended that an organization consult with counsel prior to implementing privacy policies, following are a number of recommended employer practices to minimize the risk of infringing upon employees’ rights:

• Establish privacy policies that clearly state the company’s right to monitor employee behavior or search property. Require all employees to sign it.
• Place a copy of the signed policy in employees’ personnel files.
• Consult state privacy laws, as they supersede federal laws.
• Avoid intrusive data collection.
• When seeking information about an employee, restrict the inquiry to matters that pertain to an individual’s suitability or ability to perform a job.
• When sensitive information is obtained, make sure the information is available only to employees who have a need to know in order to perform their duties and who have been required to maintain confidentiality.
• Ensure employee files are accurate, complete and relevant; avoid disclosing information unless required by law.
• Do not release any private information for reference checks ― verify employment dates only.

Federal and state laws, as well as numerous court rulings govern employee privacy issues. Employers should consult a lawyer prior to implementation of privacy policies. The information contained in this article is based on U.S. law and should not be considered legal advice. If you have questions regarding the issues raised here, we recommend you seek legal counsel.