Protect and Manage Employee Privacy
- An employer should develop and implement policies that address privacy in the workplace and employee expectations of privacy including, but not limited to, workplace monitoring and surveillance, electronic monitoring and employee computer, telephone, email, internet use, drug testing and medical testing of employees and protection of employee records and confidential information.
- Access to employee information should only be provided to a small number of employees for a limited purpose.
- An employer should keep employee medical records separate from personnel files.
- All employee and personnel records should be kept in a secure location such as a locked office or file cabinet. All sensitive computer files should be password protected.
- An employer should have a policy that employer-provided email should only be used for business purposes. This permits an employer to monitor a business account without risking invading an employee's privacy.
- An employer must have a legitimate business reason for engaging in any conduct that may impact employee privacy.
- An employee must consent in writing to the release of their personal information to third parties.