By John Alec Stouras
We are going to talk about employee privacy. Generally, businesses have a lot of room to surveil and keep business systems transparent. Nevertheless, your employees have some rights to privacy you may want to know about.
What Your Employees Need To Know
Before getting into the nitty-gritty about teaching your employees about privacy and cybersecurity issues and solutions, sit down and ask yourself why you should do this? If you answer the why, it’ll help drive your company and your employees to actually want to keep privacy and cybersecurity at top-of-mind awareness.
Here’s a couple to get started . . .
Your Customers Will Trust You:
Customers are becoming increasingly wary about how their data is collected, used and stored. According to Pew Research Center studies, more than 78% of Americans believe, in relation to companies who collect their data, that they do not have control over what data is collected, that the risks outweigh the benefits, and that they are concerned about how their data is used and stored (for more information, click here). Further, another study Pew conducted showed that most Americans are concerned and lack confidence of how companies use their data and that most companies will not properly notify them if their data was actually compromised (for more information, click here). Obviously, this is a serious customer concern in our current high-tech era. So, the greater the transparency and security for customers (through the good times and the bad times), the more secure customers will feel.
If you think customer satisfaction doesn’t tank when cybersecurity and privacy issues happen, check out some headlines. Zoom had a huge customer trust problem when “Zoom Bombing” was a common occurrence. “Zoom Bombing”, which is the term for people who for fun, break into random people’s Zoom conferences, had taken a huge toll of Zoom’s image and even public trading. For more information on how they responded to those incidents, click here. It is almost as important to know how a company responds to an incident than the incident itself. It can glean some insights on how you should or should not respond to a similar occurrence.
Your Team Will Be On The Same Page:
Having a team on the same page is the dictionary definition of a well-oiled machine. If everyone knows the correct policies and procedures and can confirm that they do understand how they operate, then you will not need to field as many security and privacy protocol questions. It allows you to focus on your business.
The Law May Require It:
This wouldn’t be a law blog post if I didn’t bring up the law. Lots of countries and regions including the EU, Canada, and the United States (especially California’s CCPA), require businesses to train their staff about privacy policies and practices. If you want to stay compliant with the law, and out of the iron sights of a lawsuit, you have to keep your employees well-informed and trained. These laws have various requirements, some overlap and others do not.
Breaching Law Means Fines
If you fail to comply with the law, they can levy heavy fines against your business. This also leads to bad publicity and can affect your customer’s opinion of your company.
An example would be fines under the CCPA; consumer lawsuits by each person can account for about 100 to 750 dollars in damages for each consumer (click here for more information). Further, if you violate the CCPA you may have violated other privacy laws and may be liable for fines from those. The problem is privacy fines can compound quickly because the Internet is so global and there are lots of laws to comply with. But, doing your best to comply can pay off in dividends.
Also, the General Data Protection Regulation (GDPR), Europe’s privacy law fines are high as to “make non-compliance a costly mistake.” The lesser amount of fines can reach up to 10 million euros, or 2% of the company’s annual revenue, whichever is higher.
The fine levying can be extremely high. But, there is always benefits for compliance for small businesses. As stated in this Forbes article, and as reiterated earlier, consumers want to do business with companies that protect their data. As a compliant organization, you’ll be able to market your adherence which in turn can help boost sales and customer loyalty. Click here for more information. This is a great recommendation. If I am a company, especially with a tech product, and put on my front page CCPA and GDPR compliant, I’d believe I’d have a very positive impact, specifically with privacy wonks, like myself.
What Training, Generally
Depending on what area of law covers your company (which may be many different types, so always contact an attorney) will dictate what types of measures you need to take. Hopkins & Carley, a IP firm based in the Silicon Valley, stated that the CCPA requires employees to have an understanding of how to direct customers to exercise their rights (one example is “right to access” under the CCPA), and that likely written training materials, recurring in person training, and internal privacy policies will likely help satisfy CCPA requirements. For more information, click here.
Also, there are many different requirements, especially for how Human Resources handles sensitive applicant information. The law really does not give businesses much help on what resources they need to access. Assuming your business isn’t in the privacy compliance realm, you may need help. No worries, resources are out there and I am here to help provide you some, right now!
Organizations, such as Clarip (here) and the IAPP (International Association of Privacy Professionals, here) offer privacy training courses not only for you, but your employees. Further, they offer some free resources on compliance, such as checklists, and even can directly give your business personal staff training. There is a link for the IAPP’s information on getting staff training here. Using resources, such as the ones above for getting staff training, would be a huge leap in being compliant. Also, you could learn a thing or two about what compliance is and what it truly means to be CCPA and GDPR, (Another acronym inserted here for those big legal acronyms) compliant.
Because the law is a tad vague on what needs to be done for training, the completion of a privacy training course would be a huge indicator that you are conducting training to be a more compliant company, with the added benefits of being compliant in the section above.
Now that’s a lot of tools for you to have when training your staff, but what about your staff’s privacy, do they have any? Are there any laws to keep in mind? Yes, two both of those inquiries. You’ll learn more about that below!
What You Need To Know About Employees and their Privacy
You betcha! Though computer and email communication monitoring are generally okay for employers, employees do have various rights to privacy when it comes to work. Private companies and businesses generally can do email, computer, and phone monitoring of work phones, tablets, and computers, but should notify employees of this type of conduct. There are limitations to such conduct legally speaking. One of them is the ECPA.
The ECPA, Electronic Communications Privacy Act, generally, prohibits employers monitoring personal phone calls, texts, and communications even if they were done while they were at the Company’s property (meaning physical location, not the system). A link to the ECPA can be found here.
When it comes to privacy laws, it almost always means transparency. Many of the laws on the books require you to at least tell your employees that business communications are being monitored. This makes sense, as you wouldn’t want to find out mid-work that everything you’ve been doing has been monitored the whole time and that you have not been told about it at all. It feels as if it’s a breach of trust. Keep your employees’ trust and the well-oiled machine chugs along smoothly.
When it comes to video surveillance, you have the right to surveil the business premises and parking lot of your business, but you must notify your employees of this practice. However, you have to be sensitive as employees have a reasonable expectation of privacy in some spaces. As Foster Swift Collins & Smith, a law firm out of Michigan, used the example of putting a video camera in a bathroom stall would breach that reasonable expectation of privacy. For more information on their firm and video surveillance article, click here.
Also, any type of surveillance that is done through the digital realm is another door for cyber hackers to access. You may think, why would hackers want to break into my surveillance system? There is actually a couple reasons. The first is a bit more juvenile and it may be to be a fun prank, or to give some people who have voyeuristic intrigue. The other is much more sinister, which is for ransom and exploitation. Keep this on your mind when making professional surveillance decisions.
At the end of the day, employee privacy comes down to common sense. If it’s a business email, of course you have the right to look at it, but if it’s a personal text, you do not. Breaching employee privacy can lead to lots of different problems and choosing to surveil your employees can also open up to other types of legal issues.
Need Help? Seek Help!
These are all very difficult concepts to negotiate by yourself. Getting professional training assistance through the IAPP and Clarip can make it more negotiable! Also, getting Employment and Privacy lawyers can assist you with various legal issues that may arise during the regular course of business. Contacting legal assistance and receiving a free consultation literally will not cost you a cent.
Use your best judgment, and just remember train your staff, and know your staff members’ rights.
Are you interested in launching or sustaining a pandemic proof small business? Spot issues, take action, stay safe, and thrive in a post Covid-19 world with Legalucy. Learn more at thelucyreport.com
Your interaction with Legalucy and mypandemicproofbusiness.com does not create an attorney client relationship. We provide information for your reference only. Such information should not and cannot be construed as legal advice. For more information, please contact email@example.com.