How can you protect your data without violating employee rights?
Part II
Cyber security is a hot topic right now. Everyone wants to remind you that your data is at risk and that more data breaches come from employee activity than any other area. From CTO’s to controllers, companies are writing strict employee policies trying to protect their confidential information. “You cannot disclose any confidential or sensitive company information without getting permission!” or “No posting of company information in public forums (i.e. Facebook, Twitter, etc.).” Sound familiar?
In Part I of this article, how these policies violate the National Labor Relations Act was discussed.
However these policies can also violate Illinois Right to Privacy in the Workplace Act.
The Right to Privacy in the Workplace Act says:
“… it shall be unlawful for an employer to refuse to hire or to discharge any individual, or otherwise disadvantage any individual, with respect to compensation, terms, conditions or privileges of employment because the individual uses lawful products off the premises of the employer during nonworking hours.”
That means you cannot take action against an employee for lawfully posting on social media during nonworking hours. So what does that mean?
CAN’T DO
– Can’t restrict employee lawful activities “off duty”
– Can’t request or require any employee or prospective employee to provide any password or demand access to their social networking website
CAN DO:
– Restrict activities at work, including internet use, email, and social media policies
– Download programs that monitor computer/internet usage (must give notice)
So does that mean you can’t create policies to protect your confidential information or how employees post about your company or their co-workers on social media platforms? No it doesn’t. The policies discussed in Part I of this article still apply and you can create polices about how employees treat each other on social media. You can even take action against harassing or discriminating conduct between co-workers on social media that was made during their off hours. Why? Because of the key word “lawful”. Harassment and discrimination is not lawful, so it can be regulated – within reason. Consider this sample policy from the NLRB:
While your free time is generally not subject to any restriction by the Company, the Company urges all employees not to post information regarding the Company, their jobs, or other employees which could lead to morale issues in the workplace or detrimentally affect the Company’s business. This can be accomplished by always thinking before you post, being civil to others and their opinions, and not posting personal information about others unless you have received their permission. You are personally responsible for the content you publish on blogs, wikis, or any other form of social media. Be mindful that what you publish will be public for a long time. Be also mindful that if the Company receives a complaint from an employee about information you have posted about that employee, the Company may need to investigate that complaint to insure that there has been no violation of the harassment policy or other Company policy. In the event there is such a complaint, you will be expected to cooperate in any investigation of that complaint, including providing access to the posts at issue.
This policy does not violate the Right to Privacy in the Workplace Act because it reminds employees that they are still subject to the company’s harassment and discrimination sections of the employee handbook and it also focuses on being respectful to fellow employees and does not restrict their lawful interactions.
Navigating the world of employment laws is tricky, but when it comes to protecting your company data one thing is clear, do not trample on your employees rights in the name of protecting your business from a cyber breach. You will have jumped out of the frying pan and into the fire.
Should you have any questions about how to protect your data without violating employment laws, contact Waltz, Palmer & Dawson, LLC at (847)253-8800.
Waltz, Palmer & Dawson, LLC is a full-service law firm with various areas of service to assist your business, including: Employment Law, Intellectual Property, Commercial Real Estate, Business Immigration, Litigation and general Business Law services. Individual services include Estate Planning, Wills and Trusts, Probate, Guardianship, Divorce and Family Law.
This article constitutes attorney advertising. The material is for informational purposes only and does not constitute legal advice.