Privacy Perils: Five Key Challenges for Employers
This excellent article from Faegre & Benson LLP highlights the following challenges engendered by recent privacy law developments:
Challenge #1: Employee Medical and Disability Information
Challenge #2: Workplace Monitoring and Searches
Challenge #3: Background Checks and Employee Testing
Challenge #4: Off-Duty Conduct
Challenge #5: Multi-State and Multi-National Challengesexplains.
The article concludes:
"There are no easy answers to HR privacy compliance, particularly for multi-state or multi-national employers. However, the following practices will help employers mitigate privacy risks across multiple legal frameworks and business settings:
Adopt appropriate policies. All employers should have policies that notify employees about any monitoring protocols and specifically state that employees should not have any expectation of privacy in work-related communications, systems, or facilities. Employers should also consider implementing privacy policies that set out requirements regarding the use, disclosure, and protection of personal information (such policies may be required under HIPAA and certain foreign country laws).
Adopt a “minimum necessary” standard. Employers should limit the acquisition, use and disclosure of sensitive employee information to the minimum amount necessary for business purposes.
Implement appropriate safeguards. Employers should assess whether they have adequately protected sensitive employee information and should implement additional appropriate safeguards, such as access control and role-based security protocols.
Educate supervisors and managers. All supervisory employees should be educated about employee privacy rights, advised to refrain from unnecessarily discussing or disclosing personal information, and instructed to seek HR or legal counsel as appropriate when privacy issues arise.
Look before you leap. Before implementing monitoring policies or protocols, or seeking information about individual employees, employers and their counsel must determine what statutory and other restrictions apply."