Several states have enacted legislation requiring employers to create internal privacy policies that govern the disclosure of employee personal identifying information. In 2005, Michigan became the first state to pass such a statute. Michigan’s Social Security Number Privacy Act expressly requires employers to create policies that ensure the confidentiality of employee social security numbers and to disseminate those policies to employees. New York adopted a similar statute. Several other states – Connecticut, Massachusetts, and Texas – have statutes mandating the establishment of privacy policies that could also apply in the employer-employee context.

Companies should verify that they have a written policy concerning the use and disclosure of protected employee personal information; if they do not they should confirm that none of the states in which they operate currently require such a policy or are considering enacting employee-privacy-policy legislation.

Click here to view the table.

What to think about when drafting or reviewing an employee privacy policy:

Click here to view the table.