Though employees in the US generally have a limited expectation of privacy in the workplace, various state laws extend specific privacy protections to employees.  Employers should consider the employee privacy laws in each of the jurisdictions in which they operate.  These laws may include:

  • Workstation Monitoring and Email Privacy Laws.  Connecticut and Delaware both have laws requiring that employers provide employees with written notice prior to intercepting or monitoring electronic communications or internet usage information.1
  • Social Media Privacy Laws.  To date, 26 states plus Guam have enacted legislation limiting an employer’s ability to access an employee’s social media accounts.  For example, California’s Employer Use of Social Media law prohibits an employer from requesting that an employee disclose social media user names or passwords, access personal social media accounts in the employer’s presence, or otherwise divulge personal social media.2  Most other state laws impose similar restrictions on employer access to social media information, and establish exceptions for publicly available information, employer-issued accounts, and access as needed for investigations or legal compliance.3
  • Biometric Information Privacy Laws.  Illinois, Texas, and Washington each have laws regulating the collection, storage, and disclosure of biometric identifiers, such as face scans, fingerprints, or voiceprints.4  In recent years, several employers have faced class action lawsuits alleging technical violations of Illinois’s Biometric Information Privacy Act (BIPA) due to the employer’s use of fingerprint timekeeping practices without sufficient notice and consent mechanisms.5
  • RFID Privacy Laws.  Employers routinely use radio frequency identification (RFID) technology for physical access security, and, in some cases, to monitor employee movement and behavior.  Some employers have gone a step further by encouraging employees to imbed RFID chips under their skin as a way to make purchases, access workplace devices, and unlock doors.  Several states have enacted laws regulating the use of RFID tags.6  For example, in Missouri it is a misdemeanor for an employer to require an employee to implant a personal identification microchip.7
  • Video Surveillance Laws.  Companies that use video monitoring in the workplace may be subject to various state video surveillance statutes in the jurisdictions in which they operate.  Under these laws, employers may be prohibited from recording in areas where employees may have a reasonable expectation of privacy, such as locker rooms or designated nursing spaces.  Employers may also be required to post a conspicuous notice that video recordings are taking place.  Additionally, to the extent employers capture audio recordings, they should consider whether consent of the other party is required in their jurisdiction.8

See Con. Gen. Stat. § 31-48d; Del. Code. tit. 19, § 705.

Cal. Lab. Code § 980.
See generally, Nat’l Conference of State Legislatures, State Social Media Privacy Laws (Nov. 6, 2018), available here.
See 740 Ill. Comp. Stat. 14/; Tex. Bus. & Com. § 503.001; Wash. Rev. Code § 19.375.
740 Ill. Comp. Stat. 14/.
See generally, Nat’l Conference of State Legislatures, Radio Frequency Identification (RFID) Privacy Laws (Nov. 6, 2018), available here.

Mo. Rev. Stat. § 285.305.1.

See V. John Ella, Employee Monitoring and Workplace Privacy Law, A.B.A. Sect. of Labor & Emp’t Law, Nat’l Symposium on Tech. in Labor & Emp’t Law (Apr. 6-8, 2017), 9-11, available here.

More topics in this series