The North Carolina House recently passed the Job and Education Privacy Act (House Bill 846), which would prohibit employers from requesting that an employee or job applicant grant access to their personal electronic account or social networking account. The law would also prohibit employers from tracking an employee’s personal electronic communication device, such as a smart phone, laptop or tablet, by installing software on the device.
HB 846 provides an exception for employers in the financial services industry conducting internal investigations into employee wrongdoing, or complying with the supervision requirements of state or federal financial regulations. Employers are also allowed to have work place policies governing employee use of the employer’s electronic equipment including policies for internet use, social networking website use, and e-mail.
Public sentiment certainly seems to support bills like HB 846. Similar laws have been proposed in other states, as well as in Congress. After all who wants their employer snooping around their Facebook account? Analogously, while one may open their home to friends and family, few would want an employer to tour their home before the employer would extend a job offer.
Nevertheless, such laws can present logistical problems for employers. Many employers have B.Y.O.D. (Bring Your Own Device) programs, which allow employees the convenience of using their own tablet, smart phone or laptop for work. This results in the device containing both personal and business information. Since the employer’s information is on the device, the employer has an interest in the security of the device. A law like HB 846 would prohibit the employer from installing software on the device so it can be monitored or tracked if it were lost or stolen. Is the problem solved if the employee voluntarily allows such software to be installed on her device? According to HB 846 there is not an exception that would allow employers to install the security software if the employee allowed them to do so. Additionally, an employee, who at one time voluntarily agreed to have their device tracked or monitored, could later claim they were coerced into allowing the software. They might state they were told they would not have a job if they did not allow the software to be installed. In that circumstance, getting an employee to voluntarily allow security tracking software on her smartphone or tablet, would not necessarily insulate an employer from liability. Legislation like HB 846, therefore, could result in employers not offering a B.Y.O.D. program to their employees, because they could not adequately secure the information on the device without increasing their liability risk.
Another potential problem arises out of one of the exceptions in HB 846. Employers are allowed to have lawful social media and internet policies governing employee use of the internet, and social media networking, on the employer’s computer equipment. Would a policy stating that employees do not have an expectation of privacy in anything they do on the employer’s computers be lawful? I have seen cases in which an employer had a reasonable belief that an employee was using a company computer to trash the company through the employee’s social media account. In other cases, an employer has had reason to believe an employee was using the employer’s computer to steal information by sending it to their personal e-mail account.
In either situation shouldn’t the employer be able to access the employee’s personal account through the employer’s computer equipment being used by the employee, to determine if the employee is using this equipment to commit wrongful acts against the employer? Although HB 846 allows lawful workplace policies governing the use of the employer’s computer equipment, the policy might not be lawful if it allows what another section of HB 846 states is unlawful. Even if the intent of HB 846 is to allow employers to continue to control employee use of employer equipment, it allows more than just a little wiggle room for an employee to deny access to their accounts, and thereby hide their wrongdoing.
This all goes to show that in today’s world of interconnectedness, privacy lines are blurred when information is transferred between one device and another, from employer to employee, and from one account to another. Privacy can be a Rubik’s Cube. Each time the colors are aligned on one side of the cube, the previously aligned colors on the other sides are once again jumbled.
By: Rich Sheinis