A Wisconsin employer recently made headlines when it announced that it was offering its employees the option to be outfitted with a microchip to replace the cards or badges they use regularly while at work. The company, called Three Square Market, held a “chip party” on August 1 during which 41 out of its 85 employees opted to have the small chip implanted in their hand. Although the purpose of this RFID chip is limited to office functions such as making purchases in the break room market, logging into computers and printers, and accessing the building, one cannot help but think about the implications this type of technology could have on employee privacy.
Technology has become a mainstay in our professional and personal lives, and with that comes apprehension about how the information we transmit or store is being used and accessed. Even apart from the seemingly futuristic concept of “chipped” employees, privacy is still a major concern for many employees—a concern that has grown with the use of technology and the amount of data that can be obtained because if it. For example, most office employees use a company-provided email address and computer—and many use a company mobile device—on a daily basis. Some use a company vehicle that may be equipped with a GPS device. All of these tools create the opportunity for employees to be tracked or monitored.
While some activities, such as examining employer-sponsored email and internet usage on company devices, are generally accepted and within the bounds employers’ rights, others, like GPS tracking on a company-owned device, are less straightforward. States approach these issues differently, but one concept that is virtually universal is that of notification; employers that intend to monitor its employees (within the legal parameters set forth by their specific state) should clearly set forth its expectations in the employee handbook and obtain any necessary consent from employees. Although some employers may be tempted to monitor employee activity even outside of the office, a number of states, including Wisconsin and Illinois, forbid employers from requiring that employees disclose their usernames or passwords for their personal social media, email, and other internet accounts. Even if employers in Wisconsin and Illinois uncover information about an employee that it views negatively, such as frequent smoking or drinking, state law prohibits them from disciplining or terminating that employee (or refusing to hire an applicant) for his or her use of lawful products away from the employer’s premises during non-working hours.[1]
Although legislation is notoriously slow in keeping pace with changes in technology, some states have enacted laws aimed at enhancing privacy, both for employees and individuals generally. For example, Wisconsin law prohibits any person from mandating that an individual be implanted with a microchip, and a Missouri statute forbids employers from requiring that its employees do so.[2] As a direct result of the news regarding the chipped Wisconsin employees, a Pennsylvania state representative announced that she would introduce legislation specifically intended to “protect employees from being punished or retaliated against for choosing not to have the subdermal microchip or other technological device implanted.”[3]
These emerging issues are related not only to technology that can be embedded in employees, but also to information that can be extracted from them. Recently, a number of Chicago-area employers have been the subject of lawsuits for alleged violations of the Illinois Biometric Information Privacy Act,[4] which governs the collection, retention and destruction of biometric information (information captured from a “biometric identifier, such as a fingerprint, retina or iris scan, voiceprint or facial scan) in their use of biometric technology for attendance and timekeeping purposes.
These new methods of identification pose a particularly unique concern because, unlike Social Security or credit card numbers, individuals cannot simply replace their fingerprint if the this information becomes compromised. There have been similar concerns from employees regarding the collection and use of medical information, which has grown with the increased implementation of health and wellness programs that ask employees to answer medical questionnaires and, in some cases, provide a blood sample. For this particular topic, however, the EEOC has set forth guidelines that help employers ensure that their programs comply with the Americans with Disabilities Act, the Genetic Information Nondiscrimination Act, HIPPA and the Affordable Care Act.
Privacy concerns, both in and out of the workplace, have been present for many years, but this has become a much more significant issue in recent years as technological advancements have exploded in prevalence, complexity, and, as some may argue, intrusiveness. This area is constantly evolving, and it is critical that employers keep pace with these issues as they continue to evolve. For more information, please contact Erik Eisenmann.
[1] Wis. Stat. §§ 995.55, 111.321; 820 ILCS 55/5, 10
[2] Wis. Stat. § 146.25; Mo. Ann. Stat. § 285.035 (West)
[3] Pennsylvania House of Representatives, House Co-Sponsorship Memoranda, http://www.legis.state.pa.us/cfdocs/Legis/CSM/showMemoPublic.cfm?chamber=H&SPick=20170&cosponId=24350
[4] 740 ILCS 14/1–25.