While the COVID-19 crisis spurred a shift to remote employment at an unprecedented rate, even before the pandemic began, many companies were already making gradual shifts toward allowing – or even encouraging – employees to work from home. Maintaining a remote workforce offers a variety of benefits under the right circumstances, but it presents a number of unique challenges for employers as well.
Many of these challenges fall in the area of employee privacy. When an employee is working from home, what privacy rights apply? How does the analysis change if the employee is using a company-issued smartphone or laptop? When can (and should) employers monitor their employees’ social media use and other online activity? In today’s environment, these are questions that employers need to be able to answer.
Balancing Employers’ Business Interests with Employees’ Right to Privacy
As with many legal issues, when it comes to employees’ privacy rights, there are few bright-line rules. Instead, companies must balance their legitimate business interests with their employees’ legitimate privacy expectations in order to arrive at sound and legally-justified decisions. In this regard, the nature of the employee’s conduct at issue, the setting in which the employee is operating, and the reasonableness of the employee’s expectation of privacy are all factors that need to be considered.
Numerous state and federal laws establish privacy rights for employees. These laws include, but are not limited to:
- Americans with Disabilities Act (ADA)
- Fair Credit Reporting Act (FCRA)
- Family and Medical Leave Act (FMLA)
- Federal Wiretap Act (FWA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Labor-Management Relations Act (LMRA)
- National Labor Relations Act (NLRA)
- Pennsylvania Drug and Alcohol Abuse Control Act
- Pennsylvania Mental Health Procedures Act
- Pennsylvania Wiretapping and Electronic Surveillance Act
While each of these laws establishes unique requirements and standards for employers, there is one common thread with regard to substantiating a claim for a violation of an employee’s right to privacy: In order for an employer’s conduct to be actionable, it must rise above the slights and discourtesies that are common in contemporary life, and must amount to a highly objectionable or offensive act.
Four Types of Privacy Intrusions that Can Trigger Employer Liability
With this framework in mind, there are four primary types of privacy intrusions that can trigger liability for employers under state and federal law. These are:
- An unreasonable intrusion on the employee’s seclusion
- Unreasonable publicity of the employee’s private life
- Appropriation of an employee’s name or likeness
- Publicity that unreasonably places the employee in a false light in the public eye
In order to avoid these types of privacy violations, employers must adopt and implement effective policies and procedures that take all pertinent statutory and common law rights into account. These policies and procedures should be tailored to the company’s specific risks and needs. In the remote employment context, they should address the concerns that relate specifically to employees’ remote work tools and settings. By establishing appropriate controls and setting reasonable expectations, employers can effectively mitigate risk in both the corporate office and at-home work environments.