NY will require employers to provide employee lookout

Employers who monitor the electronic activities of their employees should note that New York State will soon require employers to (i) provide written or electronic notice to employees when hiring such on-site monitoring. work, and (ii) publish a notice of such monitoring. Such notice must be posted in a conspicuous place. Although many employers already provide a lookout as part of their cybersecurity and privacy programs and / or through their manuals or other stand-alone policies, and some employers also provide such a notice to their employees to limiting claims and claims that employees have expectations of privacy in the use of employer email and other electronic systems, New York State raises specter of enforcement activity and civil penalties if an employer’s opinion does not describe the monitoring used in the employer’s systems in an appropriate and visible manner.

New York’s new electronic surveillance law

On November 8, 2021, Governor Kathy Hochul enacted legislation that amends civil rights law and requires New York State employers to notify an employee upon hire when the employer “watches or intercepts” telephone calls, e-mail or Internet use or access using “any device or electronic system” (the “Act”).[1] The notice must be in writing or sent electronically, and the employee must acknowledge receipt in writing or electronically. In addition, the employer must post the notice “in a conspicuous place”.[2] The law will come into force on May 7, 2022. As of that date, new hires should receive the notice, and the notice should be posted prominently in a physical location or on the company’s intranet, for example. example.[3]

Employers who break the law, which the Attorney General is authorized to enforce, can face civil penalties of up to $ 500 for the first offense, $ 1,000 for the second offense, and $ 3,000 for the third and each subsequent offense.[4] There is no private right of action. However, employees making other types of complaints based in whole or in part on their expectations of confidentiality in the workplace, may seek to strengthen their claims in the event of non-compliance with the law. Although New York State does not currently recognize a common law tort based on invasion of employee privacy, it is likely that employees making claims or defenses in employment disputes may seek to take advantage of any failure to comply (for example, where evidence of employee misconduct is discovered through surveillance for which no notice has been provided).

The law also provides for a safe harbor, under which “[t]The provisions of this section do not apply to processes designed to manage the type or volume of incoming or outgoing e-mail or telephone voice mail or Internet use, which are not intended to monitor or intercept e-mail or voice mail, telephone or the Internet. the use of a particular individual, and which are carried out uniquely for maintenance and / or protection of the computer system. “[5] Thus, certain system-based tasks such as spam filtering, proxy servers, or firewalls that only scan or block certain electronic transmissions would not be covered by an activity that would trigger the notification requirements of the email. Law. Nonetheless, employers should list these systems, such as data loss prevention tools, to determine if they perform additional functions that may trigger a notice requirement.

Definitions of the terms “monitor”, “interception”, “transmission” and “photoelectronic or photo-optical systems are clearly absent from the law”. Certain definitions of some of these terms are included in other laws, for example the Federal Wiretap Act (18 USC §§ 2510-2522), the Electronic Communications Privacy Act (18 USC §§ 2510-2523) and the Stored Communications Act. (18 USC §§ 2701-2712). Nonetheless, questions remain open as to how the statutory terms might be applied in the particular context of the Act.

Moreover, the Act is not, on its face, limited to employer systems or applications. Thus, there are open questions regarding the applicability and implementation of any notice requirement where an employee’s usage can be monitored when the employee accesses a provider’s system or device. employer.

While the law can be seen as a new burden on New York employers, some other states have similar laws in place already.[6] This is because employers who regularly monitor phone, email and internet usage for regulatory purposes may already have some type of notice in place. Even so, the Act may require an employer to update this notice or the applicable provision in the employee handbook or otherwise available electronically, and post the revised notice accordingly.

What New York Employers Should Do Now

  • Audit electronic devices and systems and IT practices regarding security, regulatory needs, data loss and compliance to ensure you have a full understanding of all the ways in which employee electronic use may be monitored or intercepted .

  • Write a notice that conforms to and accurately reflects practices regarding monitoring or interception of e-mail and other electronic systems, including telephone calls and Internet use, and provides it, with a thank you section, to new employees in accordance with the law.

  • Incorporate the acknowledgment requirement into the onboarding or other standard process no later than May 7, 2022, to ensure that an acknowledgment is signed (on paper or in electronic format) or otherwise electronically proven at the start of employment and before the start of any surveillance or interception.

  • Consider updating the manual (s) and any other relevant policy to provide clear and ongoing guidance regarding the types of surveillance or interception that occur, and confirm that there is a recognition section for it. manual or policy.

  • Post an electronic surveillance notice in a location (physical or online, or both) visible to employees who are subject to such surveillance.

[1] A.430 / S.2628, NY Civ. Rights Act § 52-c.2. (A). “Employer” includes “any individual, company, partnership, business or association with a place of business in the state”, but does not include “the state or any political subdivision of the state”. NY Civ. Rights Act § 52-c.1.

[2] Identifier.

[3] The stated purpose of the Act is “[t]o Require employers who engage in employee email monitoring to notify their employees of this monitoring. “S.2628. As stated above, the legal provisions cover the monitoring of electronic systems in addition to electronic mail.

[4] NY Civ. Rights Act § 52-c.3.

[5] Identifier. § 52-c.4. (emphasis added).

[6] See, for example, Of the. Code tit. 19, § 705 (b) (prohibiting the employer from monitoring or intercepting telephone and electronic communications and Internet use and access without notice to employees of such practice or policy).

© 2021 Epstein Becker & Green, PC All rights reserved.Revue nationale de droit, volume XI, number 344

Source link

Comments are closed.