Employer Privacy Policies

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

In 2005 Michigan became the first state to pass a statute requiring employers to create an internal privacy policy that governs their ability to disclose some forms of highly sensitive information about their employees.  Michigan’s Social Security Number Privacy Act expressly requires employers to create policies concerning the confidentiality of employees’ social security numbers (“SSN”) and to disseminate those policies to employees.  New York adopted a similar statute.  Several other states – Connecticut, Massachusetts, and Texas – have statutes mandating the establishment of privacy policies that could also apply in the employer-employee context.

Companies should check whether they have a written policy concerning the use and disclosure of protected employee personal information.  If they do not, they should confirm that none of the states in which they operate currently require such a policy or are planning to do so through new legislation.

5

The number of states that have enacted statutes that may require employers to create employee privacy policies.1

$500

The fine that can be assessed under New York’s statute to employers who unlawfully disseminate an employee’s SSN.2

$275,000

The damages awarded to a group of Michigan employees who sued their union after it failed to safeguard their SSN.3

What to think about when drafting or reviewing an employee privacy policy:

  1. Does the privacy policy capture the main ways in which your organization collects personal information from its employees?
  2. Does the privacy policy discuss the confidentiality of employee SSN and other personal information?
  3. Does the privacy policy explain how employee SSN and other personal information are protected?
  4. Does the privacy policy limit who has access to information or documents that contain employee SSN and other personal information?
  5. Does the privacy policy describe how to properly dispose of documents that contain employee SSN and other personal information?
  6. Does the privacy policy describe the disciplinary measures that may be taken for violations?
  7. How will the policy be distributed to each employee?
  8. Can the average employee understand the policy?
  9. Does the privacy policy use terms that might be misunderstood or misinterpreted by a regulator or a plaintiff’s attorney?
  10. Does the privacy policy comply with the laws in each jurisdiction in which your organization is subject?

1. These states are: Connecticut (Conn. Gen. Stat. § 42-471), Massachusetts (201 Mass. Code Regs. 17.03), Michigan (Mich. Comp. Laws § 445.84), New York (N.Y. Lab. Law § 203-d), and Texas (Tex. Bus. & Com. Code Ann. § 501.052).

2. N.Y. Lab. Law § 203-d(3).

3. John F. Buckley & Ronald M. Green, State by State Guide to Human Resources Law § 1.36 (2015).

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide