Employers’ Duties to Maintain Employee Privacy in a COVID-19 Pandemic

Posted by:

Dealing with illness in the workplace can be challenging under normal circumstances, but it is much more so in the midst of the Coronavirus pandemic. Many questions remain unanswered regarding the precise application of federal, state and local orders and their relationship with employee benefits. As COVID-19 becomes an increasing presence in California workplaces, and employers are forced to comply with government directives, it is just as important as ever for employers to take steps to maintain compliance with employee privacy regulations. Workers who suffer adverse employment decisions, such as pay reductions, furloughs and layoffs, may be particularly attuned to whether all their rights were respected in the process.

How much information may an employer request from an employee who calls in sick, in order to protect the rest of its workforce during the COVID-19 pandemic?

According to Guidance provided by the Equal Employment Opportunity Commission (EEOC) addressing the COVID-19 pandemic, employers covered by the Americans with Disabilities Act (ADA) may ask employees if they are experiencing COVID-19 symptoms such as fever, chills, cough, shortness of breath, or sore throat, but employers must maintain all information about employee illness as a confidential medical record in compliance with the ADA.

Does an employer have a duty to inform employees that one of their colleagues has tested positive for COVID-19?

Employers may be uncertain about whether to tell employees that there has been a reported case of COVID-19 in the workplace. Depending on the particular facts involved, information regarding illness of an employee or family member may be protected under the Health Insurance Portability and Accountability Act (HIPAA), the ADA or both.

A pandemic, on the other hand, likely alters those practices. In light of the rapid spread of COVID-19, employers should promptly inform workers if one of their colleagues tests positive for the virus. However, employers typically need not divulge the identity of an employee or employee’s family member to achieve the objective of maintaining a healthy workplace.

Employers may also choose to notify employees and other relevant parties that contagious illnesses may be present in any workplace and list precautionary steps suggested by medical professionals, such as the CDC. Even when not specifically required by law, it is important for business effectiveness to maintain the privacy of individual employees. These matters are best handled carefully to prevent unnecessary disruption in the workplace.

How should the employer communicate to employees that one of their colleagues has a suspected or confirmed case of COVID-19?

Clear, effective employer communications are critical to providing employees with relevant information, maintain order in the workplace, and reduce employees’ concerns. Employers should keep the following in mind when developing employee communications:

• Inform employees that the company will take any reasonable and necessary steps to ensure a safe and healthy work environment.
• Identify typical symptoms employees should watch out for.
• Include information on how to protect against getting the illness.
• Advise employees of any changes to policies.
• Notify employees of any discontinued travel.
• Ensure HR is available and prepared to address employees’ questions

What Are Employers’ Obligations to Prevent Harassment of Those Suspected of Being Infected?

Employers must take steps to prevent discrimination and harassment against individuals who have a potential claim that they are disabled due to a COVID-19 related reason. Employers should consider reminding employees of anti-harassment and discrimination company policies. Employers must be vigilant about promptly responding to and investigating any complaints of harassment or bullying in the workplace, and be conscious to limit the spread of rumors and speculation amongst the workforce.

Under the ADA, may an employer to require employees to provide a doctors’ notes certifying their fitness for duty when they return to work?

The EEOC says yes. The ADA permits such inquiries either because they would not be disability-related or, are justified under the ADA standards for disability-related inquiries of employees given the COVID-19 outbreak. However, doctors and other health care professionals may be too busy during and immediately after a pandemic outbreak to provide fitness-for-duty documentation. Therefore, new approaches may be necessary, such as reliance on local clinics to provide a form, a stamp, or an e-mail to certify that an individual does not have the pandemic virus.

Conkle, Kremer and Engel’s attorneys follow the legal developments concerning Coronavirus issues at the federal, state and local level. We are available to assist employers navigate their rights and obligations in these difficult times.

Print Friendly, PDF & Email
0

California Consumer Privacy Act of 2018 – A U.S. Version of EU’s GDPR

Posted by:

The California Consumer Privacy Act of 2018, regarded as the most comprehensive privacy law in the United States, was unanimously passed by the California legislature and signed into law by governor Jerry Brown on June 29, 2018. The bill (AB 375) was fast-tracked through the State Senate and Assembly in a rush to defeat an even stricter privacy ballot initiative, which was introduced by Californians for Consumer Privacy. After weeks of intense negotiations with technology companies, Californians for Consumer Privacy agreed to withdraw the initiative if AB 375 was signed into law.

The  new law, which takes effect January 1, 2020, is a reactive measure to recent privacy and data breaches, including the Cambridge Analytica scandal, and governs the use of California consumers’ data by larger companies. Businesses are required to disclose the categories of information to be collected prior to collection, as well as the identity of third-parties that are allow to access that information. Consumers also have the right to request the data that has been collected on them and may also request that the data be deleted. While consumers over 16 years old may opt out of having their data sold to third-parties without being penalized, businesses are prohibited from selling data collected from consumers under 16 years old unless these underage consumers affirmatively opt-in. The bill also gives California consumers the right to sue for up to $750 in the event of a data breach involving non-encrypted personal information due to the failure to implement and maintain reasonable security procedures and practices.

While this California law is the strictest in the nation, it is less restrictive than the EU GDPR.  For example, the GDPR requires consumers opt into, or give consent, by “clear affirmative action,” prior to the collection of personal data, whereas the California law only requires disclosure prior to the collection of personal data and allows them to opt-out of the sale of personal data. Most importantly, the GDPR requires any business that offers goods or services to consumers in the EU and collects any personal data from those EU residents to comply with the GDPR, while the California law only applies to companies that do business in California and satisfy one of the following criteria: (1) have an annual gross revenue exceeding $25 million; (2) in connection with a commercial purpose, annually buy, receive, sell, or share the personal information of 50,000 or more consumers; or (3) derive 50% or more of its annual revenues from selling consumers’ personal information.

The California Consumer Privacy Act may not remain in final form as passed. Tech companies have already expressed their desire to lobby legislators to change certain provisions of the law which they believe will result in unintended consequences. Lawmakers are expected to make amendments to the bill over the course of the next 18 months.

Conkle Kremer & Engel will continue to monitor the status of the California Consumer Privacy Act and will report on changes to the final version of this law, if any. CK&E has many years of experience advising clients about regulatory compliance issues they face, and helping them prepare for foreseeable changes in the law.

 

Print Friendly, PDF & Email
0