H.R. Confidential: Who Needs to Know?

Blog Post created by 1068289 on Sep 11, 2017

From Guest Contributor Jenny Sweet, Attorney at Soule Employment Law Firm, Service Provider for CAI's Pre-Paid Legal Services Plan.

As a part of your membership dues, CAI members now receive employment law advice from experienced attorneys. Services are provided by independent, local, NC-licensed attorneys assigned to serve CAI members in an open-ended, no-extra-fee environment.

Contact Attorney Jenny Sweet at 919-878-9222 or 336-668-7746.


Though not as flashy as the 1997 hit movie I’m punning, HR professionals handle protected personally identifiable information and private health information daily. They also wield an odd power to investigate employee conduct and “snoop” on employees’ workplace activity through access to company email and security systems. However, with this odd power comes a lot of confidentiality questions, and many employers have reached out to me lately about various employee privacy concerns. So, let’s tackle a couple of these issues:


Issue One

Scenario: You find out a newly terminated employee has been sending personally identifiable employee information (Social Security numbers, dates of birth, etc.) to his personal email address from his work computer. You are immediately concerned about this data breach. What should your organization do?


Resolve: In NC, the Identity Theft Protection Act provides  protections and requires certain actions from employers in the event of breaches (see specifically § 75-65). If necessary, employers should report the breach to local law enforcement and through the NC Department of Justice’s website, but must at least provide notice to the affected employees. The Federal Trade Commission also offers guidance on how to respond to a data breach or how to best protect employee privacy and your business from data leaks.


Issue Two

Scenario: Your employee, Frankie Fightstarter, has been having major performance issues. Coworkers complain that he is operating a personal business during company time using company assets. Frankie’s coworker even submits a recording she made on her cell phone of a conversation she had with Frankie about his on the clock personal business work. You speak to Frankie, and he admits nothing. So, per your company policies, you review security video footage of Frankie’s open seating work area, the coworker’s mobile recording, and Frankie’s company email for evidence of these activities. When confronted with your investigation's findings, Frankie says the company has violated his privacy by utilizing these various methods. Did the company do anything illegal?


Resolve: In NC, Frankie’s coworker, as a party to the conversation, was within her right to record their conversation, as NC is a one-party consent state. As such, the company could utilize this conversation in its investigation with the coworker’s consent. NC also allows recording of public common areas (without sound), and NC courts have not extended as “reasonable” an employee’s expectation of privacy in an open office environment (or hallways, break rooms, or other common areas). Additionally, as Frankie was utilizing the company’s computer and email network for his personal purposes, the company has a right to review those assets. As always, it is best to provide employees notice of your company’s intent to monitor communications and assets within your employee handbook policies and to receive an acknowledgement of such.   


For more information about confidential information or workplace privacy, please contact your Advice and Resolution team, CAI's Pre-Paid Legal Services Plan, or peruse myCAI for excellent articles, documentation, and training materials.


Legal Disclaimer: Jenny Sweet is licensed in the state of North Carolina. This article discusses general principles of North Carolina and federal law. It should not be considered legal advice for a particular factual setting and does not create an attorney-client relationship.


Image courtesy of The IPKat via Creative Commons License.