Management, compliance & auditing

10 things employers need to know about workplace privacy laws

Ravi Das
May 28, 2018 by
Ravi Das

In today's fast-paced business world, a lot of job-related duties can be done virtually, or either in a brick-and-mortar office. Employees can use their Smartphones, social media accounts, and even personal Email to do what they need to do to get their work deliverables done on time. With this new fast becoming the norm in the workplace, employees feel that they have unlimited freedom when they use work-issued equipment, hardware, and software.

However, this is far from the truth. You, the employer has certain freedoms as well to monitor your employees, and to make sure that they are not stepping out of bounds to the rules that you have set forth. This article reviews what you need to be aware of concerning the privacy laws as it relates to the workplace.

What You Need to Know

  1. Computer and Workstation Monitoring:
    Generally, you the employer can pretty much monitor what your employees are doing on work-related computers, wireless devices, and even Smartphones. Since technically your business or corporation owns all of this, you are free to deploy any kind of monitoring tool that you feel is appropriate. For example:

  • You can view what is on the desktop, and what is stored on the hard drives.
  • You can keep track as to how much time your employee's computer or wireless device remains idle.
  • You can even install keystroke monitoring software to see what your employees are typing on their keyboards.
  • However, the key rule here is that as you bring on new employees, you must notify them first that their work-related actions will be subject to monitoring.

    1. E-Mail monitoring:
      Since you are providing an E-Mail system for your employees, you have every right to inspect and review the contents of it at any time you feel it is appropriate. This even holds true for personal E-Mail accounts such as Gmail, Yahoo Mail, Hotmail, Instant Messages, etc. With this, you can only inspect these personal accounts on the equipment that you have issued to your employees. You obviously cannot monitor this kind of activity on their personal devices. You can even monitor those E-Mails that are marked as "Private."
    2. The monitoring of telephone devices:
      Generally speaking, you are allowed to listen in on conversations that employees are having provided that it is a work-issued phone. In fact, employees who work for call centers routinely have their conversations monitored by their supervisor to ensure quality control and to give appropriate feedback. However, you cannot monitor a phone call if the conversation is private nature unless you have notified the employee that all phone calls are subject to monitoring. This holds true for even company issued Smartphones. However, the law becomes murky when an employee uses their personal Smartphone to conduct work-related matters. This is known as "Bring Your Own Device," or "BYOD," and you, the employer must stipulate in exact terms as to how a personal Smartphone should be used for work-related matters.
    3. The use of video monitoring:
      By law, you can deploy video cameras to protect company property. These cameras can be plain sight, or they can even be installed covertly. You can even use video cameras to monitor employee productivity. An interesting point here is that in the case of video surveillance, legally, you are not required to notify your employees that they are indeed being watched.
    4. GPS Tracking:
      If you give an employee a company issued vehicle to travel in (such as your sales team), then you almost have complete freedom to monitor your employee's activities in it, where they drive, how fast they are driving, how long they remain idle, etc. As the present time, very few United States courts have addressed the legalities involved in GPS Tracking.
    5. The delivering of Postal Mail:

      In this regard, employees should not expect any privacy what so ever, and you can open their mail, as long as it has been delivered to the place of business or corporation. Although federal law prohibits the actual obstruction of postal mail, it is considered delivered once it is dropped off at your doorsteps. In fact, the USPS Domestic Mail Manual stipulates the following:

      "All mail addressed to a governmental or nongovernmental organization or to an individual by name or title at the address of the organization is delivered to the organization . . ."

      (SOURCE: 1)
    6. The use of Social Media:
      Since the use of these tools is also used for marketing purposes of the business or corporation, you need to spell out in very specific terms how Social Media can be used in the workplace. For example, you do not want your employees to use these tools to publish bad news about your or your company. However, at the same time, you also want your employees to post information about your products and services, and the latest news that is happening. Also, keep in mind that some states have even adopted laws that can prohibit you from punishing an employee if they use company-issued equipment to log into their personal Social Media accounts if they are not communicating or posting anything negative about the company. To get a good example of what your Social Media policies should be like, click here to download this free resource.
    7. The usage and storage of passwords:
      Despite the other technological tools that have been created to replace the password, it is still used today as the primary means of security on company-issued hardware as well as software applications. Legally, you can ask for the username or password from an employee when it comes to accessing work issued equipment, but under no circumstance are you allowed to ask for their personal usernames and passwords even if they use work-related computers and wireless devices.
    8. Taking a lie detector test:
      While these tools can be used to a great extent in the world of law enforcement, they cannot be used, under most circumstances in the workplace to determine if an employee is telling the truth or not. In this regard, the employee is highly protected by the Employee Polygraph Protection Act, also known as the "EPPA." The exact details of this legislation can be seen here.
    9. After hours business activities:
      In these instances, you virtually have no control over what your employees do or how they conduct themselves after work hours. They are protected by what is known as "Lifestyle Discrimination Laws." However, the one thing that you do control over is how they conduct themselves in the physical location of the business or corporation, even if it is after work hours. For instance, they probably will not be able to host private parties, invite family or friends over, or even conduct personal matters or transactions. However, you as the employer must make this clear in your employee handbook, and explicitly state that the premises cannot be used for conducting personal matters after work hours.


    This article has examined some of the key privacy issues that Corporate America is facing today. Although you, the employer, do have broad latitudes when it comes to monitoring your employees in the workplace, it is important that you do not abuse them. Also, keep in mind that it is your due diligence to inform new employees (legally, before they start conducting work-related matters) that they should not expect any form of privacy, and that they are subject to monitoring during work hours.

    If ever in doubt about the Privacy Laws, it is always recommended that you consult with an attorney that specializes in this area.


    Ravi Das
    Ravi Das

    Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

    You can visit the company’s website at (or; and contact Ravi at