Employee records and employee communications are stored and shared electronically almost universally now. Texas and federal laws have played catch-up with technology in defining the rules as to who, including the employee and the employer, has a legitimate interest in knowing about workers. In other words, what information should an employee reasonably expect to share and what an employee may keep to itself. Considering the growing interest in protecting data, what can an employee do when the employer crosses the line or fumbles the issue so badly that other people take your data, even possibly about your non-work life? So far, what Texas employees who work for private employers have are some very fact-and-circumstance-specific rules, sometimes organized around the kind of information at risk, and sometimes organized around the means of communication, or a mix thereof.
Many employees are concerned about the privacy of their personal phone calls, texts, emails and social media posts at work. It’s good to understand employee rights because employers have broad, but not unlimited, rights to monitor communications that make use of employer-owned phones, computers and networks. Employees have the right to expect that personal data is protected. Learn how you can protect your employee communications.
Our Employment Lawyers Can Help You Protect Private Employee Communications
If you believe that your right to keep personal information and personal employee communications private was violated by your employer, the Texas employment attorneys at Kilgore & Kilgore may be able to help. Click the following link to learn more about our representation of employment rights in the workplace: Employee Rights in the Workplace. Use this link to contact us through our website for a free evaluation of the facts of your case: Contact Kilgore & Kilgore.
Employee Rights Regarding Phone Calls
Under the Texas Anti-Wiretapping Law, an employer commits a second-degree felony when it intentionally intercepts a wire, oral or electronic communication without consent. The critical concept is consent. Since Texas is a one-party consent state, a phone conversation may be recorded with the consent of one party, such as a supervisor, without the consent or knowledge of the other person on the phone, including an employee. Remember that this may include calls placed from a private phone to an employer phone or vice versa.
Under federal anti-wiretapping law, an employer may monitor its own telephones to protect its system from being misused. If employers do not give employees prior notice that all phone conversations are monitored and an employer eavesdrops even after it is apparent that a phone conversation is private, an employee may have an invasion of privacy claim. Many employers solve this problem by giving notice in an employee handbook.
The bottom line: You should assume that calls placed to or from a work phone are not shielded by privacy laws. There are exceptions, but it may take litigation to enforce these, and by then, of course, your information may have been compromised.
Employee Communications on Workplace Computers
Texas law generally prohibits unauthorized access of computers, their networks, and their systems. However, an employer may access a company-owned computer even if it is in the possession or control of an employee. This right extends to an employee’s use of a private email account protected by a personal password, using the company email system and stored on a company-owned computer. The key concept is employer ownership of the hardware, software or the system. The issue can become far more complicated, however, when an employer encourages employees to use their own electronic devices at work or during working hours.
The takeaway: An employee has only very limited, if any, reasonable expectation of privacy when using a company-owned computer, regardless of location or account accessed. Employers are very often advised to adopt communications guidelines that discourage the use of personal devices for work purposes, simply to avoid confusion about privacy rights.
Employee Communications on Social Media
When an employer’s own policies authorize review, the federal Stored Communications Act (SCA) permits employers to access all private communications stored on an employer-provided wire or electronic communication services. The key concept is employer ownership of the device or service. From a practical perspective, it would be rash for an employee to leave personal passwords on an employer-provided device, since this gives the employer access to that sensitive data.
However, the SCA prevents employers, without employee authorization, from reviewing an employee’s private communications not stored in the employer’s system, including an employee’s personal secure website, private Facebook or other social media page, or personal emails provided by a third-party internet or email service provider. Beyond that, however, we are in the uncertain realm of “what ifs.”
What if an employee uses private media to post genuinely offensive images or threats of violence about co-workers? This may run afoul of criminal statutes.
What if the employee handbook covering unionized employees broadly prohibits employees from posting statements online that could “damage the company, defame any individual or damage any person’s reputation?” The National Labor Relations Board has ruled that such a policy violated the National Labor Relations Act because it interfered with an employee’s rights to engage in protected activities.
What if an employer encourages employees to use their own social media outlets to promote the company’s products or services? It may become unclear who owns or should control the social media account of an employee who is essentially acting as an in-house influencer.
The issue: In general, an employee who wishes to challenge an employer’s practice of accessing private or personal calls, internet activity, email accounts or social media accounts must:
- demonstrate that the intrusion would be highly offensive to a reasonable person; and
- refute the employer’s defense that the employee consented to the alleged invasion or had no reasonable expectation of privacy.
This can be a difficult argument to make, depending on the circumstances. An ounce of prevention may be the wiser route.
Medical Information, Banking Information, Tax Information and Employee Records
This is a slightly different kind of privacy issue because it relates to the security measures an employer uses in collecting, handling and storing employee records. Think of all the information you have given your employer: Social Security number, banking data, driver’s license number, medical information and family details. These categories of information tend to be protected by specific statutes. Protected health information, for example, is covered by the federal Health Insurance Portability and Accountability Act (HIPAA) as well as the Texas Medical Records Privacy Act.
Even if accessed or saved on a company-owned laptop, it is unlikely that any federal or Texas state court would grant an employer the right to review tax records without prior consent, given case law that consistently disfavors disclosure. Apart from the pieces, the kind of wholesale hacking operation that compromises large quantities of employee records is an identity theft nightmare, but it is also rare. The Texas Business & Commerce Law requires a company that loses sensitive personal information of employees through hacking to promptly notify the victims, so that they can take steps to protect themselves from identity theft. Identity theft is a federal crime, regarded as a felony offense and punishable by a fine, time in prison, and/or restitution to the victim. Any suspected misuse of personal data should be reported to the Federal Trade Commission.
A defensive approach: Now may be a good time to know more how your employer safeguards employee records. The hallmarks of a good information security policy may include:
- designating all information relating to an employee’s personal characteristics or family matters as private and confidential;
- releasing information relating to an employee only on a need-to-know basis, or if a law or court requires the release of the information; and
- centralizing and processing of all information requests concerning employees within the company.
Read More about Employee Rights
If the privacy of your electronic employee communications or electronic employee records has been compromised at work, remember that you have employee rights that can be enforced under Texas and federal law. To read about some of the employee rights matters our employment lawyers have undertaken, click this link Employee Rights Articles. Contact us for a free review of the facts of your case by clicking here and sending us a contact request Contact Kilgore & Kilgore.