Finally get that promotion? Get exclusive content, tips and tools to help you excel.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
HR professionals will likely play an increased role in cybersecurity
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
The rapid expansion of workplace technology—from employer use of GPS tracking and biometric data to big data in general and HR analytics—will create more compliance challenges for HR professionals this year, employment law attorneys told SHRM Online.
Businesses need to be aware of state-law issues with employee monitoring and privacy as laws develop in this area, said Matthew Deffebach, an attorney with Haynes and Boone in Houston.
HR professionals will likely play an increased role in cybersecurity, said Joseph Lazzarotti, an attorney with Jackson Lewis in Morristown, N.J. "Many organizations are realizing that cybersecurity cannot be left solely to the IT department."
A comprehensive program requires more than passwords, firewalls and encryption. The human element is critical, he said, noting that strong programs must reflect an understanding of the business and the different roles employees play. Programs should include:
Because of the continued risk posed to confidential and personal information, HR professionals are becoming more involved in organizations' cybersecurity planning and implementation to help mitigate that risk, Lazzarotti said.
Employers increasingly have the capability to monitor employees' whereabouts through GPS tracking on vehicles and mobile devices. But there could be legal ramifications for doing so.
For example, Lazzarotti said, when organizations use GPS to track locations of company equipment, in part for securing the data on that equipment, it raises potential privacy issues for employees.
The federal Driver Privacy Act of 2015 addresses privacy concerns for data collected on event data recorders (EDRs)—which are installed in vehicles to record accident information. Under federal law, data recorded or transmitted by an EDR can't be accessed by anyone other than the vehicle's owner or lessee.
"Thus, organizations that want to use EDRs to monitor employee-owned vehicles need to obtain consent, among other things," Lazzarotti noted.
State laws may also limit GPS tracking. For example, California's penal code generally prohibits individuals from electronically tracking other people. But again, consent is key, because the law doesn't apply when the registered owner, lessor or lessee of a vehicle has consented to the use of the tracking device in the applicable vehicle.
Illinois law also requires a vehicle owner's consent to use GPS tracking, unless a law enforcement agency is legally performing the tracking.
Connecticut employers can use GPS in company-owned vehicles without providing notice to workers, but employers in the state must post a notice when using electronic monitoring systems on the company's premises.
Biometric Data Collection
Biometric information—including fingerprints and facial recognition technology—may be used for time-keeping, for secure entry into buildings and to log into systems. Using such data can be convenient for employees and more secure for employers by doing away with scan cards that can be lost or stolen. But using biometric data may also have legal ramifications.
[SHRM members-only HR Q&A: May employers track employees' attendance by using biometric timekeeping systems?]
Employers should make sure employees consent to the data collection and understand how the information is being used, Deffebach said. They must understand applicable state laws when it comes to using employee biometric data.
The Illinois Biometric Information Privacy Act of 2008, for example, limits how businesses can use employee data and provides steps employers must take when obtaining such information.
In 2017, states such as Alaska, Connecticut, Massachusetts, New Hampshire and Washington also initiated or passed legislation to enhance protections for biometric information.
The Illinois law spawned multiple class-action lawsuits over the last few years concerning the collection, safeguarding and retention of biometric information, Lazzarotti said. "Claims against employers increased dramatically during 2017, and that trend is expected to continue."
HR needs to be in the loop when it comes to technology and security issues in the workplace. "Very often, HR professionals are not aware of what is going on at all their locations concerning such things as perimeter security," Lazzarotti said. "The organization's loss prevention team may have installed biometric scanners for all employees' access, without even thinking to alert HR."
But HR must understand the "who, what, where, why and how" concerning the technology being used, he said. For example, HR should determine what information is collected and whether it is being stored by the employer or a third-party vendor. HR also may want to evaluate the different technologies on the market and help select the vendor.
Importantly, handbook policies must be dusted off and updated to reflect the latest and greatest technology in use, Deffebach said. Employers need to ensure workers know what information is being collected and how it is being used, and they need to comply with state notice and consent laws. "Employers can't simply rely on the old, 'We can read your e-mails' notice," he said.
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies