Privacy issues concern your employees, your customers, and your company information. While the pandemic is waning, many of the business practices adopted in the past year will continue to be used. These include remote work arrangements, teleconferencing, and, by for companies, new research and development. These practices present privacy issues that should be addressed. Consider the following:
Employees’ information
How much can you know about an employee’s health status? Federal law (HIPAA) provides for confidentiality of health information. The Privacy Rule in HIPAA controls what a health care provider can share with an employer. Other federal laws dictate that employers must maintain the confidentiality of employee health-related information. For instance, the Americans with Disabilities Act requires an employer to keep medical information about a disabled employee in a file that’s separate from a personnel file. The Genetic Information Nondiscrimination Act (GINA) requires any DNA information to be kept separate as well.
Privacy in the workplace
How much can or should an employer intrude on employees’ personal activities? With technology, such as GPS, employer-provided cell phones, and company computers, employers have the ability to monitor employees’ phone calls, email, online searches, and even their whereabouts. And there can be testing for alcohol and drug use. The question is should employers monitor activities, and what limitations does the law impose?
Companies have a legitimate interest in knowing what employees are doing on company time and with respect to company information (e.g., trade secrets and other proprietary information) and property (e.g., theft of inventory; misuse of company vehicles, such as texting while driving). But how much should companies snoop via public information on Facebook and other social media postings? State law may bar employers from using job applicant’s social media information. Check NCSL’s list of state social media privacy laws.
And there are restrictions for drug and alcohol testing, which varies by state. National Drug Screening, Inc. has a list of state rules. It’s important to note that the rules on testing for marijuana (medical marijuana is legal in 36 states and recreational use is legal in 15 states plus D.C.) is a developing area.
Risks of privacy violations
How has COVID-19 changed the rules for privacy? As a result of the pandemic, many employees were or are still working remotely. They’re sharing information. They are doing videoconferencing. These and other activities present risks for privacy violations. The FTC offers 10 privacy tips for businesses going videoconferencing. Tip #10 says it all: Establish preferred videoconferencing practices at your business. This will help to avoid disclosing sensitive information, which could violate legal and business standards for privacy.
Website privacy
How much customer information can you use? Big tech companies, such as Facebook and Google, have come under scrutiny for their practices regarding the use of subscriber/viewer information. While as yet there’s no federal legal requirement to display a privacy policy informing subscribers about the use of their information, EU countries and others around the world do. (California has a strict privacy policy, although it’s probable that most users don’t read any posted policy.) So, too, does Google Analytics, Apple App Store, and other commercial sites. Thus, it’s highly advisable for you to have one for your site. You can use a free privacy policy generator to create one for your site if you don’t yet have one. Here’s the privacy policy for BigIdeasForSmallBusiness.com.
Final thought
Apple CEO Tim Cook said: “Right of privacy is really important. You pull out that brick and another and pretty soon the house falls.”
It’s clear that social media, concerns about terrorism, and other issues have already eroded some sense of privacy. From a business perspective, be sure to protect it as the law and business policy dictates.