Employee Privacy: Wrap-up & Review

What started as a tightly focused look at employee privacy expectations bloomed into a full on review of the interplay of employee and company expectations, rights and responsibilities.

HR is like that sometimes. you start out simple and end up going through the looking glass.

So the posts titled "Employee Privacy..." cover this timely and important subject thoroughly through many perspectives. There is also an outline of the main points your policy should include.

helpdeskHR is always ready to support small businesses with top notch Human Resources guidance gained in big business. This is a flashpoint issue for all companies, regardless of size.

Lance

Employee Privacy: Policy Content Detail

This post is not a policy document per se, but it does examine the critical content elements regarding employee privacy and employee usage of company property.

1. Define "company property:" Start with all electronic devices such as computers and telephones, include company media such as email and network, then go on to physical items like documents, file cabinets and employee lockers. You get the idea. And remember, this is just a definition.

2. Establish that a "legitimate business purpose" is the justification for the Company to monitor and review employee usage of any company property, including electronic devices and media.

NOTE: It is illegal to monitor employee usage without prior notice in California. This is why it is essential that employees sign acknowledgement of this policy and receive periodic reminders.

3. Address "inappropriate or inaccurate" material which is not permitted on company property. Examples are illegal, harassing, threatening, hateful and defamatory material.

4. State that violation of the above policy makes the employee subject to disciplinary action including termination of employment.

This is one more case of managing correctly from the start and thereby avoiding unnecessary problems and expenses later.

Lance

Employee Privacy: Policy Content

The following elements are essential in an Employee Privacy/Use of Company Property:

-define and designate "company property" which will include all electronic devices and media, desks, cabinets and lockers

-define "legitimate business purpose" for investigating company property used by employees

helpdeskHR NOTE: Random monitoring employee used company property or monitoring without the employee's knowledge is not advised and can lead to serious legal problems for the Company.

-define inappropriate and unacceptable material on employee used company property

-state disciplinary consequences of violating this policy

Next, a closer look at each element.

Lance

Employee Privacy: Make a Policy

It is very important to have an Employee Privacy/Company Rights Policy in writing. This would be an included element in any Handbook an employer has.

I suggest a title like "Policy for Employee Usage of Company Email, Internet, Voicemail and Other Company Property." This is comprehensive but does focus on electronic media and devices. It will define the parameters and restrictions for use of company property and the basic zero expectation of employee privacy related to these media and devices.

This is a prominent hot topic in the world of labor law at this time.

This is one of the key subjects to address during new hire on-boarding. Periodic reminder postings and emails are also a very good idea.

Lance

Employee Privacy: Work on Employee Property

It is not uncommon for employees to do work on their home computers or other devices. This subject must be addressed in the same manner as non-work hours and locations.

It is important that employees get prior approval before accessing any company data using their personal or home computers.

As I see it, the most glaring pitfall of permitting this practice is the possibility of some personal information of the employee's getting mixed in with the company data. For instance, a personal letter or photo getting into a report or something grossly inappropriate from the employee's data making its' way into a work document or email.

If the employee had prior  approval that would mitigate the circumstances except in the most extreme cases. If they do not have approval then the employee is solely responsible for any mishaps.

But here is a critical restriction. The employer has no right to intrude into the employee's personal data beyond that which is involved in the error.

Clearly the Best Practice is to restrict the performance of company work to company owned devices.

Lance

In The News: "Firms Adjust to Workers & Their Gadgets"

Today's San Jose Mercury News talks about employees using personal mobile devices to connect with company networks.

The security issues are chilling, both intrusion into the company network and loss of company data through employee carelessness. One firm permits personal device access with very tight controls and has the ability to erase all data, business and personal, from the device. That approach makes sense to me but does raise the employee privacy issue.

helpdeskHR recommends:
1. Know your employees and factor that into your decision on the use of personal devices
2. Have a signed acknowledgement of whatever policy you adopt to document employees' prior knowledge of the policy governing them - this is always very important
3. Include in the acknowledgement the disciplinary ramifications of non-compliance
4. Implement a policy that works for your situation and apply it uniformly

I do not recommend checking employees' personal devices unless you have a strong reasonable and defendable justification for doing so. If it is just a suspicion, get professional advice from helpdeskHR.

Lance

Employee Privacy: Social Media

Facebook, Twitter, Tumblr and all the rest provide a tempting feast of personal information. These and similar venues are just the current locations and trust me, future locations are on the way. Consider the cloud.

Lately I've been seeing articles about the use of social media in the employment relationship, including pre-employment.

I am, of course, excluding from this discussion the use of social and electronic media by employees to willfully be inaccurately, illegally or even inappropriately critical of their employer.

What I am referring to is the private pages people create for their friends and families. I see articles cautioning people about social media content becoming known to their employers, current or prospective. I also see headlines about employers accessing private pages without the employee's permission or requiring passwords in order to check social media content.

I strongly champion the company's right to operate a business, but I still consider what I describe in the above paragraph as going too far. It is just plain wrong in my opinion.

If an employer feels justified in that kind of intrusion, they might just as well have a live webcam watching the employee or a little cam-drone following them around.

I don't think an employer has any right or reason invading an employee's off-work privacy.

Employers do have the right and responsibility to conduct thorough investigation and research of  candidates' work history and performance. Employers also have full authority to monitor and correct employees' work behavior and performance.

Lance

Employee Privacy: Company Rights

Think of  a coin. On one side is employee privacy. On the other side is company rights. Once we leave the confines of company facilities, paid company work time or sponsored event, these two issues become mutually exclusive.

I assert strongly that employees surrender expectations of privacy when they are being paid to work (company time.)

I assert with equal emphasis that what employees do legally on non-company time is strictly private. Employers have no need or reason to have or seek knowledge of employees' or prospective employees' private activity.

Company time belongs to the company. Employee time belongs to the employee.

It is completely consistent then, to state that if employee work performance or attendance is impacted negatively by off-work activities, the work performance or attendance in question become the subject of counseling or discipline in the workplace.

This post opens the door to the very current issue of social media and the employer-employee relationship.

Lance

Employee Privacy: Non-Work Hour and Location Work Related Activities

The ONE EXCEPTION to work status and private life is the gray area of employee involved events.
Intuition might tell you that on non-Company time and location events that all bets are off and everyone is on his or her own.

An operating mantra is that any event which is Company sponsored, Company paid, Company encouraged, or involves primarily Company employees, is subject to the employment relationship. In essence the company is on the hook.

Here are some examples of when the employment relationship is in effect even though an event is not on Company time or location:
-Company sponsored events such as picnics, holiday parties, celebration dinners...the list goes on
-Work events like customer or vendor dinners, or off-site retreats or Company seminars
-Professional events for which the Company pays, like third party seminars and professional association meetings, also trade shows and job fairs
-Certain casual employee get-togethers like happy hours after work or Company sponsored softball leagues
-Social media when the  Company is the subject

This is really a perfect example of when employers need professional Human Resources support

Lance

An Illustrative Contrast

There is an after hours social gathering at a bar near the workplace and the Department Manager is in
attendance. A male employee makes repeated advances on a female co-worker who rebuffs him. The next day the female complains to the Manager or HR. This situation falls under workplace status, even if an extended workplace, and the male employee is appropriately disciplined.

By contrast, two employees join a non-Company sponsored basketball league, and one accuses the other of stealing equipment. Not the employer's problem. This is a private life issue.

These are hypothetical examples but provide the general framework for determining Company involvement.

Employee Privacy: On Company Time

This is really intuitive and self-evident, but for the record there is a reasonable employer expectation that employees are performing company directed work while on paid, company time. Therefore employees should not harbor any expectation of privacy related to their activities using company property on paid time.

This is why some companies limit web access from their VPN which restricts the websites employees may access. There is also software available to employers that monitors web activity by employees for management review and control.

I am always astounded by the indignation expressed when an employee is confronted with unauthorized use of company devices, especially web access, email and phones. Are you kidding me?

Lance

Employee Privacy: On Company Property - Pt. 2

Some folks may not like this but whenever an employee enters company property they leave their privacy expectations at the door. That's just the way it is.

But there is a real-life calibration to that proclamation. If the employee obtains prior approval from their supervisor or manager to use their workstation or a conference room for personal reasons, then life is good.

All this applies to any company facility. For example, an employee who works in the Newport Beach Sales Office for a telecom, wants to use a conference room in the Los Angeles headquarters office building for a personal transaction, would need approval in advance.

Otherwise, work facilities are for work, and play places are for play.

Lance

Employee Privacy: On Company Property

This title really has two interpretations.

1. Any work or communications using company property such as computers, phones or email are the property of the company, not the employee. This should be clearly stated up front so that employees to not foster false expectations of privacy.

If an employee uses company property for personal reasons, that becomes grounds for disciplinary action.

2. Generally speaking, an employee work in a company facility to perform work for the company. However, if they are on non-paid time such as lunch breaks and use their personal property (phone, tablet, etc...) that activity would be personal and private to the employee.

I limit the employer's authority and interests to company property and paid company time.

Lance

Employee Privacy: Update

Here is labor law update effective 1-1- 2012.

When an employee communicates with their attorney using a company computer, that communication in not confidential and therefore considered not privileged. This stems from a California Appeals Court ruling in 2011.

This beautifully illustrates my contention that employees should have no real expectation of privacy when using company property. Employers will fortify their position by making employees aware of your company policy and documenting the action for the record, including an employee signed receipt.

Lance

Employee Privacy: Company Rights & Expectations

Any company or employer has the reasonable expectation that employees will work productively on paid time and when using company property. N'cest paz?

It is also reasonable for employers to restrict the use of company property to work use. This then excludes company property from personal use of any kind. Electronic devices such as computers, email and phones are absolutely included.

So when there is an investigation or termination of employment procedure, employees are required to surrender these devices and their content immediately, with no questions asked. If they do not they are obstructing a company investigation.

I have had cases in which employees were using these same three devices to run entire personal businesses - on company paid time! One employee consistently logged close to eight hours a day on their DJ enterprise. Unbelievable.

As a practical matter, in cases of involuntary termination, always remove personal electronic or real property from company devices and return it to the employee. Always have a witness present when you are doing this and DOCUMENT the procedure and property involved.

Lance

Employee Privacy: Employee Expectations

Here it comes, right up front.

My opinion is that employees should have no expectation of privacy while on company time or using company property. OMG, dad, that's so not fair!

I happen to think it is perfectly fair, reasonable and legal. Company time is paid work time and, as such, should be applied to work. Company property belongs to the company. Property includes desks, file cabinets, computers, phones and even lockers.

In real life, workplace toilet and general restroom facilities have a customary exclusion from surveillance. If the employer suspects illegal activities in such facilities, Human Resources or legal advice is necessary. If you suspect illegal items or weapons to be present in employee property such as backpacks, the same advice is required.

In normal day-to-day business operations however, company property and paid work time offer no expectation of privacy.

But what about employee expectations? My experience is that many employees do expect privacy and therefore it is a reality which needs to be addressed. By that I mean that your employees should be told from day one what the policy is at your workplace. Doing so is a Best Practice in so many areas.

In my experience I have encountered cases in which employees ran entire small businesses on their work computer while on company time and others where employees used a company van for prostitute encounters.

And before you think I'm just a big meanie, I also believe the company connection to the employee ends after paid work time and off company property. I do not agree with crawling all over social media and such stalking of employees. If something comes to your attention however, such as an employee tweets about the money they've embezzled, all bets are off.

Lance

Employee Privacy: Overview

There is no more current issue than employee privacy. Social media, prevailing attitudes, political flashpoint events, national security and technology advances all fuel the fission reaction that is this subject. Personal privacy in the United States is the most vulnerable it has ever been and this translates directly into the workplace.

We're going to examine several aspects of the subject of employee privacy:
-employee expectations
-company rights & expectations
-on company property
-on company time
-non-work hours and locations
-communicating privacy policy


Lance