As work-from-home arrangements remain widespread, many employees are asking the question – is my employer monitoring my electronic footprint, and is that surveillance even legal?

While a new law in New York doesn’t shed light on the latter question, it does force employers to notify employees, in writing, if they’re planning to monitor them.

Requirements of the New Law 

Effective May 7, 2022, New York’s Civil Rights Law § 52-c requires private employers in New York State who will be lawfully monitoring electronic employee communications to: (a) notify employees when they’re hired; (b) obtain the employees’ written or electronic acknowledgement of the notice; and (c) post the notice of electronic monitoring in a conspicuous place visible to employees.

How Will the New Law Affect Employees?

What practical effect, if any, will the new law have on employees? That will largely depend on what they choose to do once they find out that their employer is surveilling their electronic activities.

On that note, employees who challenge their employer’s surveillance practices based on a reasonable belief that the practice is unlawful may be protected from retaliation for doing so under New York’s whistleblower law.

That said, the new law does not specify what types of employee surveillance are “lawful,” which is a subject of a much broader discussion.

In many instances, the answer will depend on a multi-factor analysis, including whether the employee had a reasonable expectation of privacy, and the applicability of state and federal privacy laws including the federal Electronic Communications Privacy Act of 1986 and the Health Insurance Portability and Accountability Act (HIPAA), and the nature of their employment agreements and collectively bargained agreements.

For example, New York’s Wiretap Act makes it a felony to “unlawfully engage in wiretapping, mechanical overhearing of a conversation, or intercepting or accessing of an electronic communication.” However, an employee’s “consent” typically eliminates liability, making consent forms a relatively standard agreement that employees have to sign when they’re hire.

Another New York law, the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), requires covered employers to implement certain data security safeguards to protect employees’ personal information, such as their social security and credit card numbers, and their usernames or email addresses in combination with a password.

In conclusion, although the new data privacy law is a promising step toward employer transparency and accountability, there are still many complex questions when it comes to employee surveillance, particularly in the changing landscape of the workplace.