What You Should Know:
Workplace data privacy covers far more than emails or internet use. In Massachusetts, many types of employee information, from medical records to surveillance footage, are legally protected. Employers must follow strict rules when handling employee data, and employees have rights against unreasonable invasions of privacy at work.
Data privacy is a common concern in today’s workplace, affecting everything from employee emails and internet use to medical information and security footage. In many workplaces, employees don’t always realize how much of their information may be collected, stored, or monitored as part of their day-to-day work. Additionally, data privacy can also be an issue for employees who work remotely but must access private or protected information when they are off-site. These issues come up more often than people expect, and there are some important things that both employers and employees should know.
What Counts as Employee Data Under Massachusetts Law
What actually counts as employee data? The short answer is: more than you might think. There is a lot of material in the workplace that might be considered data, including protected employee data. Examples of employee data in Massachusetts workplaces to which data privacy laws often apply include the following:
- Social Security numbers
- Pay information, such as bank account numbers
- Email passwords and the content of emails
- Social media passwords
- Medical information at work, including data supplied for a reasonable accommodation under the Americans with Disabilities Act (ADA)
- Drug testing results
- Biometric data, which can include fingerprints, facial features, typing rhythms, and other employee characteristics that can allow for employee identification
- Images or audio captured by security cameras or other workplace monitoring devices
- Performance reviews and documentation of disciplinary actions.
Generally speaking, information that is not publicly available may be protected under workplace data privacy laws. If you are unsure whether certain information is protected, it is worth asking questions. If you are not sure about specific data or information, you should talk to a lawyer about whether certain information about yourself is protected by privacy laws.
Employee Monitoring and Workplace Surveillance in Massachusetts
Data privacy in Massachusetts is taken seriously, and this includes employee monitoring and workplace surveillance. Any employee information obtained through monitoring or surveillance needs to comply with the Massachusetts “wiretapping” law. Despite its name, “wiretapping” laws are actually what govern when an employee can be recorded, through video and/or audio.
The Massachusetts wiretapping law makes it a “two-party consent” state. In practical terms, this means that everyone being recorded must give their consent.
Use of AI or Automated Tools
Massachusetts has a law that prohibits employers from administering lie detector tests to employees. Recently, some employees have argued that AI interviewing tools that are designed to interpret a job applicant’s or employee’s honesty could be unlawful under this law. At this point, however, the law has not reached a clear conclusion on this issue.
Employers may generally use AI or automated tools for other purposes, but they should also be careful to avoid any type of AI tool that could engage in unlawful discrimination on the basis of race, sex or gender, ethnicity, national origin, disability, and other protected identity features.
Access to Medical and Accommodation-Related Information
Employers may need to have medical information about an employee’s disability for purposes of providing a reasonable accommodation under the ADA. However, employers are prohibited from sharing this information. They cannot disclose general health details and cannot share specific medical records. A violation could allow an employee to file an ADA claim.
Sharing Employee Data With Third-Party Vendors
Massachusetts employers may be able to share certain types of employee data with third-party vendors, but there are important requirements to do so. In general, there must be full disclosures to employees, and employers must ensure that any third-party vendors have robust security procedures in place to ensure the protection of any shared information.
Retaining Employee Data After Employment Ends
Massachusetts law requires most employers to keep employee data and records for three years after the employee’s term of employment ends. While the employer holds onto those records, they must have the same data privacy procedures in place to protect the employee’s personal information.
Accidental Disclosures and Data Breaches
Businesses in Massachusetts that unintentionally disclose private data must report the data breach and notify any affected Massachusetts residents, including employees. If employers had appropriate security measures in place, there would not typically be liability concerns, but it is important to seek legal advice.
What Employers Should Be Reviewing
Employers should make sure that they have proper security measures in place to protect all employee data, and they should also review their practices to make sure they are in compliance with state and federal law.
Some employers may also be required to have Written Information Security Programs (WISPs) in place, which a lawyer can help with. Even if a WISP is not required, it may be a good business practice to ensure the protection of data and employee privacy.
What Employees Should Know About Privacy at Work
Employees in Massachusetts should know that they have numerous rights when it comes to privacy at work. Under Massachusetts law, every employee should know that they have a right against “unreasonable, substantial, or serious interference” with their privacy in the workplace. That can mean different things depending on the circumstances, so you should discuss any specific concerns with a lawyer.
Why Transparency and Clear Processes Benefit Both Sides
The best way for employees to work in a healthy environment and for employers to comply with state and federal laws is with transparency and clear processes all around. Employers need to know about privacy laws, comply with them, and take steps to protect employee data. At the same time, employees benefit from knowing their rights and understanding how their information is handled at work. When expectations are clear, it helps everyone focus on their jobs without unnecessary confusion or concern.
Contact a Massachusetts Employment Law Attorney in Boston and Natick
Do you have questions about your rights or obligations concerning workplace monitoring or data privacy in the modern workplace? We work with employees and employers alike in the Boston and Natick areas, and we can speak with you today about workplace privacy issues. Contact Rodman Employment Law for more information about how we can assist you.
