American workplaces are on the cusp—or already in the middle—of significant, widespread changes brought about by rapid advances in technology. Among other issues, new workplace technologies can often capture massive amounts of data about employees, providing employers access to ever-increasing amounts of information about their workforces. As employers continue to innovate and grow their digital capabilities, they must remain mindful of both maintaining the security of the data they collect and protecting, or at least being sensitive to, employee privacy concerns.

Background

  • A brief background of the current paradigm relating to employee privacy and cybersecurity in the workplace. 

The current rules of the road relating to balancing data security and employee privacy are an at-times unclear, but typically manageable, compliance hurdle. From a data integrity and security perspective, a web of local, state, federal and international rules impose obligations on many organizations to implement reasonable measures to maintain the security of sensitive data, and impose notification obligations if a breach occurs. While the European Union (EU) has adopted a uniform approach to privacy under the General Data Protection Regulation (GDPR), the United States has a piecemeal approach to privacy driven by, mostly, evolving state and local laws. For example, California recently passed GDPR-like legislation that may place limitations on employers’ use of employee or applicant data. The laws relating to data protection are evolving and require employers’ regular review of applicable federal and state regulations.