Question: What privacy rights do my employees have and how can I comply with the laws protecting privacy rights?

Answer: In light of recent data breaches, people are increasingly concerned with protecting their privacy rights. California employees are no exception. The California Constitution identifies certain inalienable rights for citizens, including “pursuing and obtaining safety, happiness, and privacy.” Additionally, employees in the state are covered by statutes that protect their privacy inside and outside of the workplace. To comply with these laws, employers must be aware of the state’s stringent privacy rules and should establish policies designed to comply with the law.

Employers have a non-waivable duty to protect personal employee information. Businesses that maintain personal information about a California resident are required to protect that information from, among other things, unauthorized access, use, or disclosure. Personal information includes, but is not limited to, an individual’s name, social security number, driver’s license or identification card number, financial account number, medical information, health insurance information, and username or email address in combination with a password. Additionally, employers have a duty to disclose security breaches of computerized personal information. Employers who breach these duties may be liable for monetary damages.

California employers should exercise care in connection with workplace monitoring, such as video surveillance and listening to employee telephone conversations. Employers are prohibited from video monitoring work areas where employees reasonably expect privacy such as dressing rooms, locker rooms, showers, toilet facilities, and possibly even break or lunch rooms. Employers cannot monitor or record personal employee phone calls or calls made between parties in California without the parties’ consent, except in limited situations. When employers have a legitimate business purpose for video or telephonic monitoring, it is a best practice to disclose the monitoring to employees in a handbook, memo, sign, or by other means that will be understood by employees.

Additionally, California imposes limits on conducting background checks such as credit or criminal history reports. An employer may not ask an outside agency to perform a background or credit check on an applicant or employee in California without first giving proper notice to the individual, obtaining the individual’s consent, and giving the individual an opportunity to request a copy of the report. The employer’s notice must be clear and conspicuous on a form that contains only the disclosure. California law also requires new consent each time an investigative report is sought during employment if the report is for purposes other than suspicion of wrongdoing or misconduct. California recently enacted a “ban-the-box” law that prohibits employers from asking job applicants about their criminal history until after a conditional offer of employment is made. Before taking any adverse employment action based on a report, employers must follow very specific procedures in writing.

To ensure compliance with California’s employee privacy laws, employers should implement workplace policies that communicate the employer’s practices and business reasons for them, and obtain advance written employee consent when required by law. Employers should also implement appropriate safeguards for storing, using, and disposing of private employee information. Finally, employers should not infringe on employee privacy except where necessary to serve the employer’s legitimate business purposes, and should choose the least intrusive means available to accomplish that purpose.