Electronic Privacy in the New Restatement of Employment Law

The inaugural Restatement of Employment sets out ALI’s carefully considered (and what will likely be extremely influential) views concerning the law of employee privacy.*  There is a lot to unpack here (and the structure of this section of the Restatement is not as clear as it could be), so this post will provide a practical overview.

The basic idea: the new Restatement protects employee electronic privacy interests against “wrongful employer intrusions.” §7.01   Such interests include “…electronic locations, including work locations provided by the employer, in which the employee has a reasonable expectation of privacy.”  § 7.03  In addition, employees have a right to have information of a “personal nature” protected from employer view. § 7.04. Finally, employees also have a right to the “non-disclosure to third parties of the employee’s information of a personal nature disclosed in confidence to the employer.” § 7.05.

Some observations:

(1) Whether there has been an employer intrusion upon an employee’s privacy depends on whether the employee had a reasonable expectation of privacy (the“threshold question of whether a privacy interest is implicated.”)  Reporter’s Note to Comment A of 7.02.

(2) As noted, there are three distinct privacy interests; accordingly, there are three different measures of “reasonable expectations” of privacy:

– privacy expectations as to the employee’s person and locations, including virtual electronic locations;

– privacy expectations as to information disclosure to the employer; and

– privacy expectations as to information disclosure to other employees or third parties. Id.

(3) An employee’s expectation of privacy in electronic locations can be defeated by notice to the employee. Comment F to §7.03 says that a “clearly communicated employer notice that a location is not private, or uncoerced employee consent to an employer intrusion into a certain location, will generally defeat expectations of privacy.”  Without notice, an employer should not rely on its ownership of an electronic location to be dispositive or even helpful: “[t] he employer’s ownership or control of the premises or particular equipment does not necessarily preclude an employee from having a reasonable expectation of privacy in particular work locations.” Comment E to 7.03. Notably, the Restatement extends the “reasonable expectation” framework into nonworkplace (that is, home) electronic locations as well.

(4) The definition of an electronic location is very expansive. It includes all electronic “places” such as laptops, desktops, cell phones, the cloud, password protected blogs/social media.  Comment C to 7.03.  Given the rapidly transforming landscape of technology in the workplace, it may be hard for employers to keep up: an expectation of privacy in any new data pool could create an employer-free zone (there are some exceptions).  As the technology advances, employers should be careful to ensure that notices concerning privacy are up-to-date and to identify with particularity those locations that are not private (if any are).

(5)  Section 7.05 provides that “[a]n employer intrudes upon the privacy interest [of an employee] by providing or allowing third parties access to [confidential] employee information without the employee’s consent.” There is a duty to  not release the information voluntarily (with a few exception) and although not expressly set out, there appears to be a duty to use reasonable means to secure that information.  Comment D §7.05. The Reporter’s note to §7.04 provides an insight when discussing PII: “… the employer and/or its plan retain a duty to keep such information private, both under § 7.05 (infra) and the Health Information Portability and Accessibility Act (HIPAA).”  So the real question that is unanswered: does this Restatement believe there is a tort for failure to protect PII from a data breach?  Surprisingly (and I fess up to my quick read), the Restatement does not appear to seriously wade into employer duties concerning data breaches as they relate to employee data.

More to come…

*-   I am working from ALI’s proposed final draft,  about which it says: “This draft contains all sections of this project and was approved by the membership at the 2014 Annual Meeting, subject to the discussion at the Meeting and to editorial prerogative. This material may be cited as representing the Institute’s position until the official text is published.”

If you wish to buy the restatement from ALI, please click here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s