J. J. Keller® Compliance Network Logo
Start Experiencing Compliance Network for Free!
Update to Professional Trial!

Be Part of the Ultimate Safety & Compliance Community

Trending news, knowledge-building content, and more – all personalized to you!

Already have an account?
FREE TRIAL UPGRADE!
Thank you for investing in EnvironmentalHazmat related content. Click 'UPGRADE' to continue.
CANCEL
YOU'RE ALL SET!
Enjoy your limited-time access to the Compliance Network!
A confirmation welcome email has been sent to your email address from ComplianceNetwork@t.jjkellercompliancenetwork.com. Please check your spam/junk folder if you can't find it in your inbox.
YOU'RE ALL SET!
Thank you for your interest in EnvironmentalHazmat related content.
WHOOPS!
You've reached your limit of free access, if you'd like more info, please contact us at 800-327-6868.
Policies related to privacy
  • Keeping confidential worker information private is an essential duty of employers, and they should have procedures and training to achieve this.
  • Employees can acquire greater peace of mind when their employer establishes a policy addressing the use of biometric data.

One of the more effective things employers can do is develop and enforce policies that remove employee expectancy of privacy. Workers should be informed upfront that the workplace is not a private place, and that to ensure security, the employer retains the right to perform:

  • Searches,
  • Inspections,
  • Checks, and/or
  • Tests.

These activities may involve all company property including grounds, buildings, company vehicles, rooms, offices, lockers, desks, computers (email and internet), and telephones.

Employers may retain keys to all lockable areas and make employees aware of this, as well as prohibiting the use of personal locks on company equipment.

If employers have such policies, they should be communicated so employees are aware of them, and the consequences of breaking the policies. Such policies should be read and signed by each employee to ensure awareness of them.

As an added measure, employers can post reminders of the policy in hard copy and electronically to promote the idea that the workplace is not private, and employees should have no reasonable expectation of privacy.

These policies should be applied to all employees to avoid any discrimination claims.

Employers have an obligation to keep private employee information private. These efforts can be enhanced via effective procedures and processes, along with any applicable training on the procedures and processes.

It’s also advisable to avoid crossing the line into an employee’s personal privacy. Unless absolutely necessary, employers should respect employee personal privacy, including such elements as medical information, family issues, etc., keeping in mind that laws protect a person’s individual privacy.

Employees should be trained how to respond to requests for information (including personal information) about other employees.

Medical information and privacy

Employers should maintain employee medical information they obtain, use, store, or disclose in separate and secure locations. The Equal Employment Opportunity Commission (EEOC) requires this for employee information obtained to ascertain the employee’s abilities to perform job-related functions.

The U.S. Department of Health and Human Services also has privacy requirements for personal health information related to an employer’s health plans. These requirements are spelled out in the Health Insurance Portability and Accountability Act (HIPAA). This information also must be kept private through policies, procedures, and physical security measures. Appropriate training is required for those who have access to this information.

These requirements could involve a separate file cabinet kept under lock and key, and only those with a legitimate business-related justification to access those files would have a key. Employers should be aware that requirements to maintain confidentiality do not end when an employee leaves the company, so mixing personnel files with medical files should be avoided even after an employee quits, retires, or is terminated.

Most employers have policies that protect the privacy of employee information. However, some employers were accessing this type of information and using it to make employment decisions. For example, an employer may learn that an employee being considered for a promotion has a serious health condition that may impede the employee’s ability to work long hours. Given this information, the employer passes over the employee based on this health information instead of focusing on the employee’s ability to perform the job.

Other issues of employee or applicant private health information relate to genetics. A noted case involved an employer that wanted applicants to submit to a medical test that would reveal a genetic disposition to a condition, which might later lead to expensive treatment. The employer was improperly using this information to weed out any undesirable future troubles.

When it comes to the privacy of employees’ medical information, many employers think of the Health Insurance Portability and Accountability Act (HIPAA). However, this law primarily applies to an employer’s activities related to a health plan. It does not cover activities as an employer that include requesting medical information from applicants or employees. Instead, those requests fall under the Americans with Disabilities Act (ADA).

Employers may request medical information when the need to know is job-related and consistent with business necessity. However, any decisions affecting employment must be based on objective medical evidence, not merely opinion or speculation.

Biometric tracking in the workplace

Whether for security reasons or for ensuring the validity of time clock punches, employers may be using varying forms of biometric tracking in the workplace. While facial recognition, retina or iris scans, and voice analysis are all types of biometric tracking currently in use, the most commonly used biometric identifier is a fingerprint.

Employers using biometric data in their employment practices need to proceed with a certain amount of caution, however. Aside from the inevitable employee concerns about how these identifiers will be used and protected, certain laws also affect how biometric data may be used.

For instance, Illinois’ Biometric Information Privacy Act requires that employers implement a strict retention schedule for any biometric data collected, which must also outline how and when the data will be destroyed. The law also requires that employees authorize the use of their biometric data, and that they be notified of the information that will be collected and how it will be used.

Even where the law doesn’t require one, a policy addressing the use of biometric data can help ease anxiety that might crop up for employees. With any relevant state laws factored in, a thorough policy should identify:

  • What biometric data will be collected,
  • The reasons for the biometric collection,
  • The employer’s commitment to keeping employees’ information confidential to help protect employees from identity theft,
  • The employer’s methods for safeguarding information (including retention periods and destruction methods), and
  • An individual to whom concerns about biometric data can be directed.