Select your state

Employment law

privacy rights

Personal Information of Current or Former Employees

An employee’s right to privacy in the workplace generally includes the employee’s personal information and activities at work. Private companies have some legal obligations to their employees, but most of an employee’s privacy rights are determined by company policy. Government officials, however, generally have an obligation not to disclose employees’ personal information. For example, federal government officials are bound by The Privacy Act of 1974 not to disclose any personal information and to take precautions to keep personal information confidential—unless the disclosure is made following a written request by the person whose information is disclosed or with the prior written consent of the person whose information is disclosed. See 5 U.S.C. §552.

Job References and Other Information Requests

It is generally not recommended for employers to give out any information about current or former employees in response to phone calls or e-mail inquiries seeking information about specific individuals—including full name, date of birth, social security number, address, bank account information, wages, or work schedule—as it is very difficult for the employer to confirm the identity and motivations of such a caller or e-mail sender. Although the inquirer could be a prospective employer calling for job reference information or a bank seeking to verify employment on an employee’s loan application, the inquirer could also be a debt collector disrupting the employee’s workday, an identity thief, or a disgruntled person seeking to harm the employee. An employer or former employer should take additional precautions when responding to such information requests.

Video Surveillance and Monitoring of Employee Phone, Computer, and Internet Use

A private employer is generally allowed to monitor the telephone, computer, and internet use of its employees during work hours and on company-owned equipment. But such electronic monitoring of employees should be well-defined in an employee handbook, for example, and acknowledged by employees. An employee electronic monitoring policy should state that employees have no expectation of privacy while on company property (except in the restroom or a breastfeeding room, for example) or when using company resources (computer, internet, telephone, automobile, etc.).

Monitoring laws vary from state to state, but the federal Electronic Communications Privacy Act of 1986 (ECPA) is a federal law (statute) that governs an employer’s monitoring of electronic communications in the workplace in all states. See 18 U.S.C. §2511. The ECPA generally prohibits an employer from intercepting its employees’ oral, wire, and electronic communications—unless the employer’s interception of those employee communications falls within one of the exceptions in the statute. For example, the business purpose exception allows employers to monitor oral and electronic communications if the employer can show a legitimate business purpose for doing so. The consent exception allows an employer to monitor employee communications if the employer has the employees’ consent to do so. And the ECPA’s restrictions may be limited to the transmission of electronic communications and may not include the employer’s storage of electronic communications. But state laws may also apply—including state statutes, court opinions, and constitutions—and may further restrict an employer’s ability to monitor employee communications in the workplace.

An employer may also want to use video surveillance to protect against workplace misconduct such as (1) theft of personal property; (2) theft of intellectual property (data, etc.); (3) sexual or other harassment; (4) workplace accidents; and (5) idle employees. But when using video surveillance in the workplace the employer must be aware of state laws and issues such as (1) whether the surveillance is in a public area (hallway or workspace) or a private area (bathroom or breastfeeding room); (2) whether the camera is in open view or hidden; and (3) whether audio/sound is captured in addition to the capture of visual images/video. Employers should not monitor employees or capture video or audio where employees have an expectation of privacy.

Drug and Alcohol Testing

Private employers generally have the right to test employees for drugs and alcohol but must maintain the confidentiality of test results to protect employees’ privacy interests. An employer that wants to test employees for drugs and alcohol should have a detailed, written policy explaining the company’s drug and alcohol testing policy in the employee handbook or other materials, with a written acknowledgment by employees that they have received the employee handbook or drug and alcohol testing policy.

Searches of Personal Space or Workspace

An employer may have a policy that allows it to search the desk or personal workspace of an employee, or the company property used by an employee—such as an automobile, computer, phone, container, notebook, or other property—while it is on company property. Under some circumstances—such as an employer’s reasonable belief the employee is stealing or embezzling property from the employer—the employer may have a right to search an employee (pockets, etc.) or the employee’s personal property that is not owned by the company (purse or computer bag)—but such searches may lead to legal liability and should not be undertaken without input from a lawyer.

Employers and Health Information in the Workplace

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule controls how a health plan or a covered health care provider shares an employee’s protected health information with an employer.

Employment Records

The HIPAA Privacy Rule does not protect an employee’s employment records, even if the information in those records is related to the employee’s health. In most cases, the HIPAA Privacy Rule does not apply to the actions of an employer.

If an employee works for a health plan or a covered health care provider:

• The Privacy Rule does not apply to the employee’s employment records.

• The Privacy Rule does protect the employee’s medical or health plan records if the employee is a patient of the provider or a member of the health plan.

Employer’s Requests For Employee Health Information

An employer can ask an employee for a doctor’s note or other health information if the employer needs the information for sick leave, workers’ compensation, wellness programs, or health insurance purposes.
But if an employer asks an employee’s health care provider directly for information about the employee, the health care provider cannot give the employer the information without the employee’s authorization, unless other laws require them to do so.

Generally, the HIPAA Privacy Rule applies to the disclosures made by an employee’s health care provider—not the questions the employer may ask.

In Texas, employees have certain privacy rights regarding their personal information. Federal laws like the Privacy Act of 1974 and the Electronic Communications Privacy Act of 1986 (ECPA) set the baseline for these rights. The Privacy Act restricts federal officials from disclosing personal information without consent, while the ECPA limits employers from intercepting communications, with exceptions for business purposes and employee consent. Employers in Texas are advised to be cautious when responding to requests for employee information to avoid unauthorized disclosures. For electronic monitoring, Texas employers should have clear policies that inform employees of the lack of privacy expectations on company property and when using company resources. Video surveillance is permissible in public work areas but should respect privacy in areas like restrooms. Drug and alcohol testing by private employers is allowed, but results must be kept confidential. Employers may search company property but should be cautious when searching personal property without legal guidance. Health information in the workplace is protected under HIPAA, and employers cannot access an employee's health information without authorization, except for specific purposes like sick leave or insurance. Employment records are not covered by HIPAA, but medical records are protected if the employee is a patient or member of the health plan. Employers can request health information from employees but not directly from health care providers without the employee's consent.

Legal articles related to this topic