New York Employers Must Disclose Electronic Workplace Monitoring | FordHarrison | #itsecurity | #infosec


Employers often monitor employees for a number of reasons, including to ensure workplace policies and procedures are followed, to detect illegal behavior such as trade secret theft, or to comply with regulatory obligations. As a result, many employers provide notice of electronic monitoring as a matter of practice, via their employee handbooks. 

However, due to amendments to the New York Civil Rights Law, that become effective on May 7, 2022, New York employers are now required to explicitly notify employees if their electronic activity will be monitored and to obtain written acknowledgment from employees. The new law will see New York join Connecticut and Delaware among the states requiring disclosure of workplace electronic monitoring.

Which Businesses and Individuals Are Covered?

The law applies to all private employers as it broadly defines “employer” as any individual or entity, regardless of size, with a place of business in New York State. The law specifically excludes “the state or any political subdivision of the state.” 

Notably, the law does not define “employee,” making it unclear whether employers must provide notice and obtain written acknowledgment from individuals not considered employees (i.e. independent contractors or interns) but who nonetheless use the employer’s monitored electronic systems. Also unaddressed is whether individuals hired by New York employers to work remotely out-of-state are entitled to the requisite notice. In the absence of guidance, it may be prudent for employers to extend notice to and obtain written acknowledgment from remote employees as well as other individuals who use the employer’s monitored electronic systems. 

Which Electronic Monitoring Activities Are Covered?

The new law will apply to all private employers who monitor or intercept their employees’ telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage. 

Importantly, notice is not required for processes that are (i) designed to manage the type or volume of electronic mail, voicemail, or internet; (ii) targeted to monitor or intercept activities other than email, phone and internet activities; or (iii) performed solely for the purpose of computer system maintenance and/or protection. Accordingly, certain tasks such as spam filtering, proxy servers, or firewall protections in place merely to scan or block certain electronic transmissions are not covered. Similarly, because the law limits the notice requirement to email, telephone, and internet monitoring, surveillance by video cameras and location tracking should not be covered.

What Does the Law Require?

In practice, the law imposes three requirements. 

First, it requires covered employers to provide employees with a notice of electronic monitoring upon hiring to all new hires. The law provides language akin to a model employee notice that employers may use, which states:

[A]n employee shall be advised that any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems may be subject to monitoring at any and all times and by any lawful means.

Second, employers must also secure written acknowledgment from new employees that confirms their receipt of the notice. The notice can be provided, and the acknowledgment obtained, electronically. Note that the law does not require employers to provide notice to or obtain an acknowledgment from existing employees, though employers may choose to do so.

Third, employers must also post a notice of monitoring in a “conspicuous place which is readily available for viewing by [their] employees who are subject to electronic monitoring.” Employers should post this notice where they post all other legally required, employment-related notices. Although the law does not define a “conspicuous space,” employers with a remote workforce would likely satisfy this obligation by posting the notice on their intranet page or other company portal commonly accessed by employees, or as part of the log-in process to access the company’s computer system.

How Will the Law Be Enforced?

The law is enforced by New York’s attorney general. Violations of the law may subject employers to civil penalties of up to $500 for the first offense, $1,000 for the second offense, and $3,000 for the third and each subsequent offense. There is no private right of action. The law does not specify whether the failure to notify an employee and the failure to obtain the employee’s acknowledgment are separate violations.

Next Steps for Covered Employers

Businesses with employees in New York should take steps now to comply with the law’s requirements.

Specifically, companies should update their onboarding policies and procedures to ensure all new hires receive the required notice and execute the necessary acknowledgment. This includes identifying how new hires will be given notice and the collection and storage of acknowledgment forms. Further, employers should determine where the notice will be posted in the workplace, which may include their intranet sites or log-in portals. Employers should also review and, if necessary, update their employee handbooks to ensure existing monitoring policies reflect the law’s notice requirements. Finally, although the law specifically applies to new hires, employers would be prudent to follow the same steps for existing employees subject to electronic monitoring before the effective date.



Original Source link

Leave a Reply

Your email address will not be published.

+ seventy nine = eighty five