Digital technology has fundamentally and forever changed the way we share information about ourselves. New formats like Instagram, Twitter, and Facebook create opportunities to instantaneously share our experiences and create community, but they can also blur the boundaries between our private and public lives by creating digital records that can be aggregated, copied, shared, or otherwise disseminated and taken out of context. This has raised many complicated questions about the definition of privacy generally, and it has diminished our ability to keep separate personas at work and at home, “IRL” versus online. The boundaries between work and home have been further muddled by incentives for employers to monitor employee health, a growing culture of Bring-Your-Own-Device (BYOD) workplaces, and affordable innovations in monitoring and tracking technology. This creates a need for us to define what it means to have privacy in the relationship between employers and their employees, and to create a culture of workplace privacy, which state legislators are now attempting to do.
Creating a regulatory framework for employee privacy that sufficiently addresses the variety of workplace settings equitably and comprehensively is a difficult task. Businesses face complex risks as a result of employee behavior—from monetary losses to legal liability—and technological monitoring is a tempting way to mitigate some of these risks. In addition to the tremendous variety of business practices and workplace cultures, some businesses have legal reporting requirements that necessitate the monitoring of employee communications.
But workplace privacy protections can benefit both individuals and employers. The freedom to have private lives outside of work and private thoughts at work is critical to supporting a creative and diverse workforce built on respect for individual dignity. There are clear risks for employees if their employer learns private, sensitive information, including termination or other forms of retaliation. Sensitive information in this context includes anything about the employee’s health, job search, plans to unionize, or attempts at whistleblowing. But there are risks to employers in learning this information as well. For example, if an employer learns an employee’s religious affiliation and subsequently fires them, the employee might be able to claim their termination was the result of discrimination. And privacy in the workplace plays a bigger role than protecting against these relatively straightforward harms. Workplace privacy protections grant employees the freedom to ruminate on new ideas, to act without second guessing their decisions, and to solve problems in diverse ways. This can contribute to the health of an organization and encourage innovation.
The benefits and risks of employee privacy have been recognized by policymakers working to re-establish boundaries. With limited guidance in federal law, state legislatures and interested stakeholders have begun to propose and institute legislation regarding employee rights in the workplace. These proposed pieces of legislation have some promise for improving the state of employee privacy, but the dynamic nature of technology requires flexible and creative solutions from employers and technology companies.
This paper first describes the current legal landscape of employee privacy at the state level, followed by a synopsis of three efforts to create a unified state law. We then use three case studies of workplace technology trends to demonstrate the privacy risks posed by current and future technology, and examine how the current proposals fall short. Finally, we propose methods to mitigate some of these threats through policy, innovation, and legal expectations.