What information can an employer disclose about you?

Has your employer made known any of your private health information to your co-workers? Has your employer installed visible cameras above the business cash register? Do you feel that your employer has hired a private detective to monitor where you go after work?

The law protects an employee’s right to control the disclosure of private information. Things like job applications, criminal background checks, credit histories, complaints and commendations all contain potentially private information about an employee, and if an employer carelessly discloses them, the employee can bring a claim for invasion of privacy. Generally, an employer can disclose private information only if the disclosure is required by law or if there is a legitimate business need. Take, for example, an employer who has information about the dangerous mental state of one if its employees. An employer is required to provide a safe workplace and cannot be sued for disclosing that information to the union. Similarly, in that same example, the employer has a legitimate business interest in protecting its plant and other employees from danger.

However, if the employee can show that the disclosure was about the employee’s private life, the disclosure of such information would be offensive to a reasonable person of ordinary sensibilities, and there is no legitimate public concern, the employer will be liable for invasion of privacy. For example, that an employee is HIV positive or is a member of Alcoholics Anonymous.

These same rules apply to employee surveillance. An employer can videotape or monitor an employee if there is a legitimate business need. So, an employer can place cameras above the cash register; the legitimate business need there is preventing of theft. However, it is unlikely there would ever be a legitimate business need for a camera in a locker room.

Statutes, both federal and state, place limits on what employee information employers can disclose. For example, the Americans with Disabilities Act requires employers to keep information about an employee’s medical condition separate from the employee’s personnel file and treat it as a confidential medical record. Under the ADA, this information can only be disclosed to supervisors and managers as to the accommodations the employee needs, to first aid and safety personnel if the employee needs emergency treatment as a result of the disability, and to government officials investigating compliance with the ADA.

Similarly, the Family and Medical Leave Act requires employers to keep records that relate to medical certifications, recertifications, or medical histories confidential excepting the same scenarios as under the ADA.

An employee’s genetic information is also protected from free and full disclosure under the federal Genetic Information Nondiscrimination Act and the Texas Genetic Discrimination Law.

There are also recently-imposed requirements about how employers treat consumer information. Consumer information includes credit reports, credit score, investigative consumer reports, check writing history, insurance claims, or residential or tenant history. The federal Fair and Accurate Credit Transactions Act requires employers to take reasonable measures to protect consumer information from being misappropriated. Reasonable methods mostly include the disposal or destruction of sensitive consumer financial information. The Texas Identity Theft Enforcement and Protection Act imposes similar obligations on employers to protect sensitive person information from unlawful use.