Employers often struggle with the balance between effective employee management and oversight and respect for employee privacy in the workplace. Striking the right balance is a difficult task for employers seeking to uphold high standards of behavior while acknowledging boundaries in the ability to monitor, search and restrict employees’ behavior in today’s legal climate.
Below we address common methods by which employers regulate employee behavior and applicable privacy boundaries.
Searches and monitoring employee communications
Prudent employers should have in place a policy clearly delineating the employee’s lack of right to privacy over employer property, email systems or data systems. Each claim of privacy has to be evaluated based on the conditions of the workplace at issue since work environments and needs vary widely. Factors to consider include the exclusive use of a workspace or technology and the storage of personal items or information with the employer’s knowledge, consent or tolerance. The existence or lack of a policy, as discussed below, is also a consideration.
Comprehensive written policies can defeat an employee’s expectation of privacy regarding use of workplace technology and use of employer property. This is because the continued belief in privacy after notice given in the policy is not objectively reasonable. The employer should implement a policy banning personal or other objectionable use of the computer or email system, and should state whether the employer monitors the use of the employee’s computer or email (when it has the right to do so). An employee may retain a reasonable expectation of privacy if the employer fails to implement policies, or acts inconsistently with its policies or warnings. Though it is difficult to police email systems, an employer’s good faith attempts to adhere to its written policy can provide a defense to an employee’s asserted claim of privacy.
Drug and alcohol testing
On Dec. 1, 2016, new regulations issued by the Occupational Safety and Health Administration (OSHA) regarding Recording and Reporting Occupational Injuries and Illnesses became effective. The regulations prohibit employers from retaliating against employees for reporting workplace injuries and illnesses. Although drug and alcohol testing was not mentioned in the Final Rule itself, OSHA noted that in some circumstances post-accident drug and alcohol testing could be a retaliatory practice.
To be clear, post-accident drug and alcohol testing is still allowed. However, there must be a “reasonable possibility” that drug or alcohol use caused or contributed to the reported injury or illness to justify requiring the employee to submit to a drug and/or alcohol test. Blanket requirements for post-injury or post-accident drug or alcohol testing could be considered a violation by OSHA. Examples of possible violations include requiring testing after a report of a repetitive strain injury or a bee sting.
Employers do not have to specifically suspect drug use by an individual employee to drug test, but there must be a reasonable basis to investigate whether drug or alcohol use may have caused or contributed to an injury or illness. OSHA’s regulations do not apply to mandatory Federal (e.g., DOT) or state workers’ compensation testing provisions or testing under a state drug-free workplace program to comply with workers’ compensation provisions. Furthermore, it does not apply to pre-employment, reasonable suspicion, random, return-to-duty, or follow-up testing.
Post-accident drug testing is not only permissible, it is still a reasonable and acceptable workplace safety practice. Employers should take precautions to ensure that their workplaces are safe, and drug testing is an important part of those precautions, but employers should review their policies to ensure compliance with OSHA’s new regulations.
Workplace violence can manifest itself in a number of ways – from threats and verbal abuse, to physical assaults and even homicide. As defined by OSHA, workplace violence is “any act or threat of physical violence, harassment, intimidation or other threatening disruptive behavior that occurs at the work site.”
Workplace violence is a widespread and significant issue for employers. In 2015, according to the Bureau of Labor Statistics (BLS), there were 16,380 non-fatal cases of intentional injury which required days away from work in private industry. Further, according to the BLS Census of Fatal Occupational Injuries, of the 4,679 fatal workplace injuries that occurred in the United States in 2014, 403 were workplace homicides.
There are no specific OSHA regulations related to workplace violence. However, under the general duty clause, Section 5(a)(1) of the Occupational Safety and Health Act of 1970, employers are required to provide their employees with a place of employment that "is free from recognizable hazards that are causing or likely to cause death or serious harm to employees." The courts have interpreted this general duty clause to mean that “an employer has a legal obligation to provide a workplace free of conditions or activities that either the employer or industry recognizes as hazardous and that cause, or are likely to cause, death or serious physical harm to employees when there is a feasible method to abate the hazard.”
One of the best protections employers can offer their employees is to establish a zero-tolerance policy toward workplace violence. This policy should cover all workers, patients, clients, visitors, contractors and anyone else who may come in contact with company personnel. It is critical to ensure that all workers know the policy and understand that all claims of workplace violence will be investigated and remedied promptly. Such policies should set out the employee’s right to conduct reasonable searches.
Employee behavior and activities
An employer is permitted to require a certain level of behavior from its employees. However, when an employer attempts to restrict an employee’s ability to engage in certain behaviors, the employee’s rights under Section 7 of the National Labor Relations Act (NLRA) may be implicated.
The NLRA protects an employee’s right to engage in “protected, concerted activity” – which has been interpreted to include employees’ abilities to criticize or protest their employers’ labor policies or treatment of employees. Restriction of Section 7 rights is most often implicated in employers’ social media and/or confidentiality policies.
Policies restricting the employees’ rights to engage in concerted activity may be found to violate the NLRA. For example, a rule that prohibits employees from engaging in “disrespectful,” “negative,” “inappropriate” or “rude” conduct toward the employer or management (absent sufficient clarification or context) may be found unlawful.
Rules requiring employees to be respectful and professional to people other than management personnel will generally be found lawful. Employers can generally prohibit “insubordination” and require coordination. For example, in 2016, the National Labor Relations Board found that Chipotle, LLC’s social media policy that prohibited disclosure of “incomplete, confidential or inaccurate information” as well as prohibit “disparaging, false or misleading” statements was overly broad and violated Section 7 of the NLRA. However, the Board found that the policy’s prohibition on harassing and discriminatory statements was lawful.
Employers must carefully draft social media and other policies regarding confidentiality or off-duty behavior to protect Section 7 rights. Such policies should be reviewed by legal counsel to avoid unfair labor practice charges for even non-unionized employers.
Striking the balance
Employers are entitled to many different avenues in managing their workforce. As detailed above, an employer is permitted to restrict and monitor, to an extent, an employee’s use of its email/data management systems, implement a drug-testing policy, prohibit behaviors that could be construed as workplace violence, restrict an employee’s gun rights at the workplace, and may require a certain level of behavior from its employees. A strong foundation of consistently applied policies and effective employee communications works to bridge the gap between employer management and employee privacy.