Workplace Privacy
By Susan Buckner, J.D. | Legally reviewed by Aviana Cooper, Esq. | Last reviewed June 06, 2024
Editorial Note: We earn a commission from affiliate partner links on FindLaw. Commissions do not affect the editorial integrity of our legal content.
This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.
The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.
The Supreme Court created the American right to privacy in its decision, Griswold v. Connecticut (1965). The Court took elements of the First, Third, Fourth, Fifth, and 14th Amendments and ruled that U.S. citizens have a constitutional right to privacy in all their affairs.
Employees surrender some of their rights when they go to work. But they still have a reasonable expectation of privacy at the workplace. Employers can only peek so far into their workers' lives on company time. Business owners must balance their workers' rights with their company's needs for protection.
Federal and state laws allow employers to limit employee privacy while at work. This article discusses the limits of employee rights and employer invasion of privacy within the law.
What Are Employee Privacy Rights?
Employees have basic rights to privacy in their workspace. Some of these rights include:
- The right to a locker or space to keep personal items secure.
- The right to keep sensitive information confidential, such as medical records and family addresses.
- The right to privacy in bathrooms or changing rooms.
- The right to clear company policy outlining employee rights and expectations.
Human resources must keep most employee information confidential. There may be exemptions for certain business purposes. The best way to ensure compliance with the law is to keep all employee information secure unless an employee or law enforcement requests it.
Drug Testing
Substance abuse is a protected disability under the ADA. Employers may not ask job applicants about prior drug use; a drug test may not be required before a job offer. Employers cannot make a drug test part of the hiring process. They may only order a drug test after an offer has been made. The job offer may be conditional upon passing the test. Once you're hired, drug testing can be required by the terms of your job. For instance, if your job requires you to drive or operate heavy equipment, you may have to submit to drug and alcohol testing for safety reasons.
If an employee discloses a prior history of substance abuse or becomes enrolled in a treatment program, that is private information. Employees may sue for unlawful termination if they lose their job for disclosing the fact.
Electronic Monitoring and the Internet
Most privacy concerns today focus on computer usage and internet use. Cybersecurity is a growth industry, thanks to unrestricted computer use. Internet and email policies should keep your business safe and limit non-business internet use.
The Electronic Communications Privacy Act (ECPA), enacted in 1985, gives limited protections to employees and employers. It extended the provisions of earlier wiretap laws to include emails, computer messages in transit, and stored data. Updates to the ECPA came in 2001 and 2006 through the USA PATRIOT Act. The latest update, the FISA Amendments Act of 2008, added computer wiretap regulations.
The General Data Protection Regulation (GDPR) is a European law and one of the most stringent data protection guidelines enacted. It affects all businesses operating in the European Union and any sites that may attract European consumers, regardless of the site's location.
State law has been more responsive to changes in the internet, social media, and employee use of data systems. In 2023, the California Privacy Rights Act (CPRA) extended restrictions on how employers may collect, use, and share personal data collected from employees. This law also limits employee monitoring in the workplace.
Employers should keep tabs on their state legislatures. This is a fast-moving area of law that changes every election cycle.
Monitoring Employees, Emails, Phone Calls, and More
Since the COVID-19 emergency 2020, more employees have begun working remotely or in a hybrid situation. At the same time, business owners became concerned about their employees' activities during business hours. Small business owners cannot afford to pay workers sitting home playing video games.
Federal law prohibits wiretapping or pen registers (a device that tracks phone numbers made by a phone without listening to calls) even when done by the private sector. In some jurisdictions, keystroke logging, software that tracks keystrokes per hour, may be considered wiretapping. Keystroke logging is also easy to defeat: open-source software is available that will "click" a keyboard often enough to trick the computer into thinking the operator is working.
The safest way to monitor workers is to have a reasonable Internet and computer policy. Such a policy should be in writing, signed by the employee. The policy should spell out exactly what is and is not allowed and why the policy is in place.
The policy must be clear and not subjective. Employees should know what they can and cannot do. For instance:
- Employees should not send personal emails from company computers for any reason. Company emails should state they are confidential or private. Employees' emails may be subject to review or retention for some time. In most cases, employee email is not private.
- Employees should not use personal cell phones during company time except for emergency or business-related calls. Employers may monitor business phones. If they do, state law may require an announcement or 10-second tone informing callers the phone is monitored.
- Employers may track or block website access. There are legitimate business reasons for blocking certain sites. Some sites are not secure or known hacking sites.
Written policy for computer use should use precise terminology. Vague statements like "Employees must use reasonable care when using computers" are insufficient. Owners cannot be too cautious. "Employees may only access .gov, .edu, and .org sites" is much better.
Hire an Employment Law Attorney
Employees have a diminished expectation of privacy at work. It's important to keep your employee monitoring policies and practices in line with your state privacy laws. If you would like help establishing monitoring practices and policies at your business, you should contact an experienced employment law attorney near you.
FindLaw will earn a commission if you purchase business formation products through these affiliate links.
Meet FindLaw's trusted partner LegalZoom, an industry leader in online business formations
Kickstart your LLC in minutes!
Join the millions who launched their businesses with LegalZoom.
LLC plans start at $0 + state fees.
Prefer to work with a lawyer?
Stay up-to-date with how the law affects your life

Learn more about FindLaw’s newsletters, including our terms of use and privacy policy.