A lot of employees have concerns when it comes to their right to privacy and their employer’s access to sensitive and personal information. And rightfully so! From the moment someone applies for a position, the employer has information from your personal address, date of birth, and even social security number.
Gone are the days when disclosing personal information didn’t put the person at risk for identity theft and other crimes. That’s why it’s important for you to know exactly what your legal obligations are when it comes to protecting the privacy of your employees.
In this article, we will give you an overview of things you need to know about protecting your employees and ensuring your compliance with various laws.
What is personal information?
What constitutes “personal information” from a legal standpoint may differ from state to state. Recent legislation in California (discussed later in this article) defines this information as:
- education information
- characteristics of a protected category
- biometric information
- internet activity
- geolocation data
While not a comprehensive list, this type of information is a good place to start if you’re trying to define as a company what constitutes personal data.
Under what circumstances can employers disclose private information?
What and why employee information is disclosed may vary from state to state. You want to make sure that you’re up-to-date on your state’s laws governing employee privacy as well as federal laws.
That said, by and large employers can only disclose their employees’ personal information only if it is required by law or if they have a legitimate need within their company to do so.
For example, if an employee has a documented mental condition that may make them a threat to others, it is the employer’s responsibility to provide a safe work environment for all employees. Therefore, that information can legally be disclosed to those within the company who need to know that information.
If personal information that is disclosed does not pose a legitimate public concern, then disclosing the information would be an invasion of privacy, and employers can face severe consequences.
What kind of information can’t be disclosed?
There are both federal and state laws that put limits on what can be disclosed by an employer. One such law that governs this area is the Americans with Disabilities Act. One regulation the ADA requires is that employers keep any medical record information separate from personnel files.
This information can only be disclosed to supervisors and managers who are in charge of providing requested accommodations to employees.
The Family Medical Leave Act (FMLA) also requires that any documentation that involves medical histories is kept confidential unless supervisors or managers need the information for employee accommodations.
In 2020, the state of California passed the first comprehensive law that gives employees more control over personal information. While you may not be affected by the California Consumer Privacy Act (CCPA), it sets the bar for other states when it comes to drafting and passing their own information privacy laws.
Just some of the regulations this law has created that other states may follow include:
- Employers must tell employees what personal information it has collected, sold, or disclosed and to whom
- Employers must delete personal information after legal obligations to keep have passed
- Employees can request a copy of the information that has been collected, sold, or disclosed
- Employees can opt-out of the sale of their personal information if that’s an employer’s practice
California’s laws will surely become a framework for employee privacy rights nationwide. For the latest information on legislation in your state and beyond, look no further than Complete Payroll’s blog. We have articles about data privacy and much more to help answer all of your HR and payroll questions.