Employee Privacy Rights

Employee Privacy Rights

 

Key California Employee Privacy Rights:

  1. Video monitoring is restricted to places at work where work is being performed, and requires disclosure that monitoring is being conducted.
  2. An employer may not compel an employee to reveal his username or password to access the employee’s postings, and may not “look over the employee’s shoulder” while requiring the employee himself to log on.
  3. Phone calls at work are subject to being monitored if the monitoring is disclosed by recorded announcement or a beeping signal.
  4. Workplace romances can be restricted between managers and subordinates, but are in tension with the right of free association and privacy of one’s relationships while off-site and during off-hours.
  5. GPS tracking is the new wild west of privacy invasions, with little court guidance or legislation to define its limits. Generally, GPS tracking of employees must be limited to their movements during the performance of their work, unless used to track company vehicles or other property to confirm the property is being used only for business purposes.
  6. Drug Testing is a growing practice among employers concerned with safety issues, workplace accidents, and poor performance caused by drug use. Courts are allowing pre-employment drug testing.  Post-employment testing is allowed when an incident gives rise to a reasonable suspicion of illicit drug use. But drug use policies must be in place notifying employees that drug testing will occur.

Video Monitoring at Work.

California privacy law for employees prohibits video monitoring in work areas where employees reasonably expect to be left alone.  This would clearly be dressing rooms, locker rooms, showers, and toilet facilities.  The protection may extend to break room and lunch rooms.  California law prohibits the use of two-way mirrors in restrooms, locker rooms and similar locations.  The argument can be made that constant surveillance of an employee by video camera is unreasonable, and even outrageous, where the employee is in a non-sensitive job uninvolved with large sums of money or not privy to highly sensitive and confidential information.  The need and justification for video surveillance is less where there is little or no interaction with the public.  But in every situation, secret monitoring is illegal.  The employer must provide disclosure of the extent and duration of the monitoring, and obtain the employee’s explicit understanding that continuing employment is conditional on consent to the monitoring.  Wise employers will obtain records of the employees’ written consent.

Social Media Monitoring.

The federal government is collecting massive amounts of social media data and processing it through sophisticated filtering applications to identify potential security threats.  In a concurring opinion in United States v. Jones. Summary of United States v. Jones (SCOTUS)  Justice Sonia Sotomayor argued that it is time to reign in the government’s warrantless search for any social media information posted electronically.  “This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,” she wrote [PDF].

What if police or investigators use false identities to engage a person they believe may be about to commit a crime?   The IRS and private debt collectors use such tactics to locate persons and identify assets, for example.  Government agencies use automated tools to filter postings for analysis.  This use of false identities to investigate potential crime is not per se illegal, but may become illegal if the probing goes into private matters unrelated to the suspected criminal activity.

In private industry, employers may gain increasing access to applications that are used to sort persons by age or race or other demographic characteristics legally irrelevant to the hiring decision.  One such application was released by a private company, then used cull LinkedIn pages to sort profiles by age.  When LinkedIn discovered the practice, and users complained, the application was removed.  See LinkedIn Age Discrimination.

Firing of employees for social media postings most often occurs when an employer learns of a negative comment concerning company management, but it may occur as well because of a life style the employer does not condone as appropriate to the company’s image or morality.  States are now adding social media privacy protections by statute.  For example, California enacted Labor Code Section 980 in 2013 to prevent employers from accessing employee social media.  However, about half the states have yet to enact some form of protection against punishing employees because of their social media postings.  Section 980 is typical of most state statutes limiting employer social media snooping.  The law prohibits an employer requiring or requesting an employee or applicant:

  1. to disclose a username or password for the purpose of accessing personal social media;
  2. to access personal social media in the presence of the employer;
  3. to divulge any personal social media with some limited exceptions of allowing the employer to conduct an investigation into a likely violation of law or likely employee misconduct, and then to be used only for the purposes of the investigation.

These social media statutes also generally prohibit employer retaliation against employees who refuse to provide an employer access to personal social media in violation of the statute.

Employees should beware who they befriend at work, as a co-employee may allow access that exposes the non-consenting employee’s postings.  The argument can be made however that an employer that uses threatening tactics to reach a co-employee’s postings violates both the target employee and the “consenting” co-employee’s privacy rights.

But let the employee beware.  If your internet site privacy settings are “public,” it would be difficult to make the case for privacy.  In my experience as a litigator, I find it standard operating procedure for the defense to search LinkedIn profiles, and any other public postings, to obtain as much information about a Plaintiff as possible, including work history that may be falsely stated or omitted in response to Discovery.

The NLRB (National Labor Relations Board) has issued rulings that indicate an employer may not interfere with employee’s efforts at concerted activity in addressing common workplace grievances.  If employees express this “concerted action” through social media postings, it is illegal to discipline the employee because of these postings even if those postings are negative and critical of the company.  These rulings are not limited to existing Union employees, but can include non-union employees as well who share information they believe will lead to improving their work conditions. See NLRB Fact Sheet — Social Media.

Privacy of Phone Calls at Work.

Employers may monitor calls at work to maintain quality control, especially in customer service positions.  In California, where the call in intrastate (i.e., the parties to the conversation are all within California), state law requires that the participants be first informed the conversation is being monitored, or that a beep tone be included to indicate recording.  But federal law, covering calls outside of California, does allow unannounced monitoring of phone calls.  See Electronic Communications Privacy Act, 18 USC 2510, et. seq.  An important exception is made for personal calls. Under federal case law, when an employer realizes the call is personal, he or she must immediately stop monitoring the call. (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983)) However, when employees are told not to make personal calls from specified business phones, the employee then takes the risk all calls on those phones will be monitored.

Many employers, especially those conducting inside sales calls or customer service, track the number, duration, and destination of each call, and can sort these by employee with a “pen register.”  This data is then used to reward or punish (usually to punish) the employee.  These registers, derived from the company’s business phone, over the company’s telephone network, and intended to track only business calls, are legal.  An employee working in this environment likely has little expectation that a personal call will not potentially be tagged, and used for discipline.  The case would be different if the employer generally did not enforce a strict business use policy, but singled out an employee for discipline for an illegal purpose, such as discrimination or whistleblower retaliation.

Ultimately, a wise employee will use a personal mobile device unconnected to the employer’s network, and off the employer’s premises, during rest or meal breaks to obtain privacy of personal calls.

Anti-Fraternization Policies [Workplace Romances]

More women in the workplace, and longer hours for both men and women, result in more workplace romances.  Recent gender discrimination cases allow women who are not in a sexual relationship with the boss to claim gender discrimination where the sexually involved female peer gets preferential work treatment.  Miller, et al. v. Department of Corrections, et al., 36 Cal.Rptr. 3d 797, 115 P.3d 77, a case in which co-workers were affected by a supervisor/subordinate(s) relationship.  For federal same sex discrimination and harassment law, see Oncale v. Sundowner (1998) 523 U.S. 75.  In Oncale, oil platform workers singled out another male to deride him by references to his sexuality and gender.  The harassment was without sexual desire, and used only to humiliate their heterosexual co-worker.  The point of Miller and Oncale is that gender discrimination occurs even without sexual interest in the victim where the victim is harmed by use of sexual activity or terms.  This law sets up a situation where one or more employees seeing that an employee of the same sex is getting ahead at work because of a sexual relationship with the boss can bring a case for gender discrimination.

Employers clearly have a legitimate concern with avoiding sexual harassment lawsuits or gender discrimination claims.  [a consensual relationship once ended can turn into a retaliation lawsuit when a supervisor either continues unwanted pursuit or punishes the former lover with harassment].  On the other hand, employees assert they have a right of free association and privacy concerning their conduct off-site as long as it does not impact their work behavior.

Employers set up “anti-fraternization” policies to prevent sexual harassment and gender discrimination liability.  Complicating matters, if the romantic relationship continues, is the “consenting” partner really welcoming the supervisor’s approaches, or simply tolerating them in order not to lose her job or an opportunity?  A proactive policy attempts to present these co-worker relationships from the outset, but is such a policy too extreme?

If an employer goes to far to snoop into private employee conduct not affecting the workplace, it could be subject to a common law claim for emotional damages for invasion of privacy, and if the employer acts to deny the employee the usual benefits of employment, it could be subject to a claim of lost wages and emotional harm for “wrongful termination in violation of public policy.”

Should romances at work be categorically prohibited?  This is not only a legal question, but it is a practical consideration.  There is so much opportunity for interaction at work that two people have the opportunity at work to assess qualities they may find attractive.  For example, social skill, competency, honesty, industriousness, as well as communication skill, dress habits and grooming are on on daily display.  The workplace is also a place to see how people deal with frustrations and stress.   The case could be made that the workplace is an excellent clearing house for a potential mate, and certainly superior to a gathering of strangers at a local bar.  There is another practical consideration.  People who feel a strong attraction will inevitably find a way to date.  The issue will then be:  can they be discreet, and can the company accommodate a natural and inevitable human tendency that in itself is either morally positive or at least neutral?  Could the case also be made that discreet co-workers showing maturity in managing their emotions and respecting boundaries are going to be happier, and therefore more productive?

The scope of an anti-fraternization policy may determine its legal enforceability.  A categorical prohibition of peer to peer relationships is likely too extreme, as the opportunity for using managerial prerogative to harass the non-consenting employee is less.  On the other hand, prohibiting supervisor-subordinate romances has been upheld by the courts [CITE] as a legitimate effort to prevent potential sexual harassment situations.

Some employers take a middle ground.  They require romantically involved co-employees to disclose the relationship per company policy, with assurance that there will be no retaliation for the disclosure.  The employer then takes pre-decided measures to mitigate the potential for sexual harassment or gender motivated discrimination.  These measures can include reassigning employees to create more separation and remove supervision of one romantic partner over the other.  There can also be an explicit signed agreement by the involved employees of how they will conduct themselves when interacting at work.  These precautions, while unpleasant for everyone, can be at least accepted and understood if the Company explains its purpose is to protect against gender based claims or potential sexual harassment charges.

One duty is clear:  There should always be an anti-sexual harassment policy in writing, and it should be communicated clearly to all employees, supported by sexual harassment training.  This is the primary employer defense to a charge of sexual harassment.  But within this policy can be a margin of permission for consensual co-worker relationships, and the training can encompass the limits on such romances to the extent they affect the work environment and the performance of work.  These restrictions could include:

  1. That the supervisor will no longer be the partner’s supervisor, but the employee will either give up the relationship or consent to being transferred;
  2. That there will be no overt physical displays of affection in the workplace as these undermine the business professionalism needed to maintain workforce morale;
  3. There will be no favoritism in the assignment or conduct of work accorded to the romantic partner.
  4. That if the relationship ends, there is to be no recrimination or retribution by either party;
  5. That there is an avenue of complaint if unwanted and unwelcome sexual advances occur, and specific guidelines are provided to deliver that complaint. There will follow swift investigation and appropriate corrective action by the employer, including immediate termination of employment.

GPS Tracking.

Many of us have some form of GPS tracking on our smartphones, especially the navigation apps.  Most of these GPS driven apps include a list of permissions we grant to the developers of the app to collect data and track our location.  Of course, most of us haven’t thought through the implications clicking the “install” button.  But tracking data can be the subject of a criminal subpoena, for example, that could result in evidence against you.  There are also “stalking apps” that allow one user at all times to see the location of all other users subscribing to the same app service.  Really, do you want that? On the other hand, GPS is great other desirable purposes:  we want to know traffic congestion, best routes, distances, and even the progress of our FedEx or UPS shipments.  Trucking companies want to keep track of their trailers and drivers.  These are legitimate and useful applications.

Bills are being introduced from time to time in the U.S. Congress to require clear disclosure and consent for such tracking practices, with exceptions only for parents to track children, emergency services, and law enforcement.   Somehow, this legislation, if wise, will find the right balance between use and abuse.

https://www.privacyrights.org/workplace-privacy-and-employee-monitoring#5video

In 1976 I wrote a privacy article for the San Diego Law Review.   In that article, I quoted Justice Louis Brandeis for his far reaching definition of privacy:  “[The founding fathers] conferred, as against the Government, the right to be left alone — the right most valued by civilized men.”

At the time of course the idea of digital information was unimagined by most people, but within the next two decades, personal computers and the internet were ubiquitous.  The question then as now for appellate judges is to fashion primal privacy law to resolve new digital privacy disputes.

We know we are not “left alone” either by private employers or the government.  To the contrary, our age has a “Big Brother” feel to it with the mechanisms of digital snooping having been seized by the government in the national interest, or by employers for the monitoring of employee competency and compliance with company rules.   The danger in allowing this creeping authority to snoop is that “we the people” will be desensitized to loss of  personal liberty.  Employees must see that the digital line between public work and private behavior will inevitably be crossed.  Judges untrained or actively luddite are poor protectors of privacy.   Too often these jurists rely on an over simplified heuristic:  if it happens at work, it is not private.

California in 2015 enacted laws reaching to police collection of digital evidence without a warrant.  WIRED.  While these are restrictions on police, and not private employers, they are instructive on the scope of expanding public policy protecting personal privacy in California.  The 2015 warrant laws imply a recognition that electronic devices are no different than desk drawers or private lockers, and the contents, although digital, are no different than handwritten letters found in those drawers or lockers.

Adding to the force of the extended privacy argument is that the California Constitution since the 1970s has accorded privacy rights to individuals against invasion of those rights by other private persons or entities.  In this, the California state Constitution accords greater privacy protection than the federal Constitution. Article 1, Sec. 1 of the state Constitution makes the following declaration of fundament rights:   “All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.”

If an employer in California violates an employee’s reasonable expectation of privacy, the employee may recover emotional damages.  If the employer fires the employee for asserting or using a privacy right, for example, for off-duty, off-site conduct, the employer will be liable for “wrongful termination in violation of public policy.” The issues become more clouded if the conduct occurs on site, using the employer’s network and devices.  The issue will often turn on a judicial determination of the employee’s “reasonable expectation” his or her email, telephone call, internet use, or digital file to be “private.”

Monitoring an employee with a GPS tracking device makes sense in industries where employees are making deliveries, executing outside sales or traveling in company owned vehicles. In those situations tracking the employee’s whereabouts allows the employer to know that the employee is being productive while on the clock and that company provided cars, phones, tablets, etc. are being used in a work related matter. However, when the tracking extends after work hours, an issue is presented that has not been addressed by the Court.

Recently a lawsuit was filed, Arias v. Intermex Wire Transfer LLC, presenting the issue of whether an employee was wrongfully terminated for deleting a GPS application that tracked her movements twenty-four hours a day. In addition to wrongful termination for resisting the twenty-four-hour tracking, issues of third party privacy violations as well as first amendment violations may be raised.

Although the U.S. Supreme Court has not dealt directly with GPS tracking of employees, two cases,United States v. Jones, 132 S. Ct. 945, 565 U.S. ___ (2012) and City of Ontario, California v. Quon 523 U.S. 75 (1998), concerned police use of digital data.  [These cases therefore suggest, but do not control, how private employers may use GPS.] In Jones, the Court addressed the issue of GPS tracking on vehicles and held that police must first obtain a warrant before placing a GPS tracking device on a suspect’s car. Quon by contrast was a case by a police officer who claimed that his managers invaded his personal privacy by using data of his personal calls on a government issued mobile phone as basis to discipline him for salacious personal calls made on the phone.  Quon held that an employer could access and read the officer’s text messages because the department incurred the costs of providing the mobile phone network.  The court reasoned that access to the data was for a legitimate work related purpose, and that the employee’s expectation of privacy was offset by the employer’s property interest in the mobile phone service.

As a Plaintiff’s employment attorney, I am convinced that a GPS device that tracks private time use of a company vehicle without voluntary written disclosure and consent will likely result in liability to the employer.  In part, I base this conclusion that if a private employer provides either a vehicle or a use stipend for the costs of the vehicle, it is providing a form of compensation for services rendered.  By analogy, an employer could not insist that an employee provide an accounting of how he spends his paycheck merely because the employer paid his salary.

But what if the company vehicle is to be used only for company purposes, giving the employee the right to use the company vehicle only for the commute to and from work?  Given the pervasive use of GPS, and the desensitization over time to the concept of “personal privacy,” and that the employer has a legitimate interest in assuring its vehicle is not used for personal business by the employee after work hours, the GPS use would likely not be an invasion of privacy, especially if the employee was informed that the GPS would be activated whenever the vehicle was in use.   But as of January 2016 I have found no reported California decisions that address private employer abuse of GPS devices.

Drug Testing and Privacy Rights.

A California employer may require new applicants for employment to submit to drug testing before accepting employment.  In Loder v. Glendale (1997)14 Cal. 4th, the California Supreme Court prohibited drug tests of current government employees, including those seeking promotion, to situations where the government agency had a reasonable suspicion that the employee was under the influence of non-prescription drugs.  Loder however was decided based on government action, and may have relied on a more severe scrutiny of government intrusion into personal privacy.  However, it has value as precedent in non-government cases because the California Constitution protects individuals from both government and non-government privacy intrusion.

The Loder case held that except for security personnel and employees with access to highly sensitive information, random, unannounced tests without basis to suspect drug abuse, and without prior notice and consent to testing, is illegal.

“The party claiming a violation of the constitutional right of privacy established in article I, section 1 of the California Constitution must establish (1) a legally protected privacy interest, (2) a reasonable expectation of privacy under the circumstances, and (3) a serious invasion of the privacy interest.” (International Federation of Professional & Technical Engineers, Local 21, AFL-CIO v. Superior Court (2007) 42 Cal.4th 319, 338, citing Hill v. National Collegiate Athletic Assn. (1994) 7 Cal.4th 1, 39-40.)

Cases generally hold that a drug test of an existing employee without any individualized suspicion is unreasonable unless the employee is in a safety- or security-sensitive position.” (Smith v. Fresno Irrigation Dist. (1999) 72 Cal.App.4th 147, 160 citing Kraslawsky v. Upper Deck Co. (1997) 56 Cal.App.4th 179, 187, fn. 8 (Kraslawsky); Kemp v. Claiborne County Hosp. (S.D.Miss. 1991) 763 F.Supp. 1362, 1367 [“the safety sensitivity of an employee’s job is a highly important factor in the balancing test to determine the reasonableness of a drug testing procedure”].)

In an unpublished decision of the Court of Appeal (the case may not be cited as authority, but is useful for this article only to provide guidance), Aro v. Legal Recovery Law Offices, Inc., D065422 (Cal.App. Dist.4 04/08/2015) the court held that an employer policy that provided for drug testing where there was suspicion of did not allow an employer to conduct drug testing in situations where there was no reason to suspect drug abuse.  Further, a random testing could be justified only if the employee was in a highly sensitive position involving security or sensitive financial information.  The employees in Aro were not warned of an immediate onsite urinalysis testing for drugs, and were threatened with suspension or firing if they did not submit.  The employees were not in security or safety positions, and were not privy to sensitive financial data.   An employee first refused, was threatened with suspension and firing, and then signed two consent forms.  He was tested and told the test was positive for marijuana although he was never provided with the written test results.

The employee challenged the “consent” as coercive, and challenged the testing as “unreasonable and outrageous” [two requirements for the case] based on the employee’s lack of a “security or security-sensitive position.”  The employee also introduced evidence that the drug testing was manipulated to give the employer an excuse for firing when the employer’s motive was to retaliate against the employee for making a wage claim for overtime.

This illustration indicates the close relationship between the company’s explicit drug-testing policy and the employee’s continuing “reasonable expectation” of privacy.  The expectation is closely linked to the published company policy.  If the testing goes beyond the policy, the employee’s reasonable expectation may be violated.  Further, a current employee has a reasonable expectation of privacy preventing random testing unless he or she is in a safety or security related position.  Finally, when the testing is conducted but the written results not shared, there is always the potential for employer abuse of the test to get rid of an employee in retaliation for asserting his legal rights.

Conclusions Restated

  1. Video monitoring is restricted to places at work where work is being performed, and requires disclosure that monitoring is being conducted.
  2. An employer may not compel an employee to reveal his username or password to access the employee’s postings, and may not “look over the employee’s shoulder” while requiring the employee himself to log on.
  3. Phone calls at work are subject to being monitored if the monitoring is disclosed by recorded announcement or a beeping signal.
  4. Workplace romances can be restricted between managers and subordinates, but are in tension with the right of free association and privacy of one’s relationships while off-site and during off-hours.
  5. GPS tracking is the new wild west of privacy invasions, with little court guidance or legislation to define its limits. Generally, GPS tracking of employees must be limited to their movements during the performance of their work, unless used to track company vehicles or other property to confirm the property is being used only for business purposes.
  6. Drug Testing is a growing practice among employer’s concerned with safety issues, workplace accidents, and poor performance caused by drug use. Courts are allowing pre-employment drug testing.  Post-employment testing is allowed when an incident gives rise to a reasonable suspicion of illicit drug use. But drug use policies must be in place notifying employees that drug testing will occur.
%d bloggers like this: