In the notable words of Warren Buffet, "Risk comes from not knowing what you are doing". Businesses, Companies and Organizations must take employee privacy as important as they take customer/client privacy. This article demystifies the concept of employee privacy in light of what is expected of Employers in the workplace.

Introduction

With the global recognition of vast use of the digital space in the workplace, employee privacy has become a greater concern as more employees have turned to the Internet and other electronic media to communicate both on and off the job. Although many of these accounts may seem private, in reality employees have very little privacy.

In Nigeria, employers can generally search through anything that happens on company computers and other devices because employee privacy expectations are subjective as most times the workplace policy may cancel any objective expectation to privacy.

Globally, employee workplace rights include the right to freedom from harassment and discrimination of all types, right to expect fair wages, right to have a workplace free of toxic substances, dangerous conditions, and other safety hazards and the right to privacy. These rights apply to the worker's personal items, which include briefcases or handbags, as well as storage lockers and private email accessible only by the employee.

An employee privacy rights are the rules that limit how extensively an employer can search an employee's possessions or person; monitor their actions, speech, or correspondence; and know about their personal lives, especially but not exclusively in the workplace. The nature and extent of these protections have become a greater concern in recent years, especially with the growing elements of the digital space. Many of these means of communication may seem private, but in truth, there is hardly any real privacy to be had with them. Employers usually search through anything that appears on company computers, and they can conduct searches on the employee's social media and the internet. Technology lets employers keep tabs on many aspects of employee workplace activity. Numerous kinds of monitoring are legal, and most employers do monitor their employees' activities on some level. Certain applications allow employers to observe their employees' "digital footprints" and thereby gain insight into employee behavior. Nearly any activity on your office computer can be monitored, almost completely without regulation. The employer may watch, read, and listen to most of the employee's workplace communications. Employees should bear in mind while using their employer's equipment, their expectations of privacy cannot be guaranteed.

Legislative framework regarding Employee rights

1. Labour Act, Cap L1 Laws of the Federation of Nigeria, 2004 – This is the principal legislation governing employment in Nigeria. It provides the definition of who an employee is at section 91 of the Act to mean:

"... any person who has entered into or works under a contract with an employer, whether the contract is for manual labour or clerical work or is expressed or implied or oral or written, and whether it is a contract of service or a contract personally to execute any work or labour ...."

It also stipulates at Section 7 of the Act that the employer must, not later than three (3) months after the commencement of employment, provide workers with a written statement specifying inter alia, the nature of the employment, rates of wages, termination notice, and terms and conditions of service i.e. work hours, holidays etc.

2. Pension Reform Act 2014 – This Act makes provisions for a uniform contributory pension scheme for organizations in both the public and private sectors in Nigeria.

Section 2 of the Act provides that private sector employers are entitled establish a contributory pension scheme, for the benefit of their employees, wherefrom retirement benefits would be paid to such employees. An employer is duty bound to deduct at source, the employee's contribution and within seven (7) days from the date of payment of salary, remit the employee and employer's contributions to the employee's preferred Pension Fund Administrator.

3. Employees Compensation Act 2010 – This act provides for compensation for injuries sustained in the work place or occupational diseases picked up in the course of employment whether at the usual place of employment or outside it.

4. Industrial Training Fund Amendment Act, 2011 – This Act imposes a duty on employers to provide training for their indigenous staff with a view to improving their job related skills.

5. Trade Unions Act, 2004 – Under Nigerian law, one of the fundamental human rights entrenched in and protected by the Constitution is the right to peaceful assembly and association. Nigerian courts have upheld this right to freedom of association by holding that the right to form or join any political party or trade union is exclusively that of the individual citizen and not that of his employer. Accordingly, every worker or employee in Nigeria has the right to, in conjunction with others to form a trade union or join an existing one. The decision whether or not to exercise this right rests solely with such an employee, and he can neither be compelled to form or join a trade union nor can he be prevented by his employers from so doing, at least not overtly.

As we all know, the business landscape is hurriedly re-orienting itself to provide the digital consumer with a safe space where their data is protected round the clock. However, it is important to note that the employees have just as much right to privacy in the workplace.

The outbreak of Covid-19 forced the whole world to switch overnight to remote work, organizations turned to digital collaboration and productivity tools to enable their workforce to continue their day-to-day operations. With little to no time to vet third-party vendors, organizations had to purchase and implement technology quickly or use free applications without weighing vulnerabilities in some cases. This hasty transition was not without its risks, especially for employees.

With the trends of having remote and hybrid work routine, this has made employee privacy key in organizations all over the world. For instance, the steep rise in user base for video conferencing tools caught the hackers' attention and live meetings were invaded in some cases. Details of many employees' personal lives were archived in vendors' data records, at risk of being compromised unless the vendor has a stringent data protection program.

When privacy is assured, the trust relationship between the employer and the employee grows stronger. You build more loyal employees who are willing to go the extra mile for customers, ultimately resulting in a positive impact on your bottom line. As such, employee privacy should not be treated as a feature but as a non-negotiable given.

PRINCIPLES OF EMPLOYEE PRIVACY

Businesses and organizations are encouraged to start incorporating the following five basic principles for employee privacy and confidentiality into their codes of conduct1.

  1. No one should hold on to personal information about an employee that's not necessary for the operation of the business.
  2. Only members of staff who, in their course of work, need access to employees' personal data should be authorized to have such access.
  3. No personal data of employees should be given to anyone in the business without authorization.
  4. No personal data of employees should be given to outsiders without authorization from the employee unless the employer is required by law to provide the information.
  5. The business does not concern itself with its employees' activities after hours and outside of work unless these activities affect the reputation of the business.

However, times have evolved and we must be more intentional about employee privacy by implementing these key principles. They include:

  1. Data collected from employees must have a predefined purpose.
  2. Remove privacy measures that become disproportionate to the purpose they were to achieve.
  3. Employers should only collect the minimum amount of information necessary from your employees.
  4. Employers must not leave their employees in the dark as they should be clear on who has access to the employee's information.
  5. Employers should apply privacy measure for all employees without discrimination and protection autonomy.
  6. Employers should not hesitate to retrace steps taken early and adjust accordingly as things change.

How can employers protect the privacy rights of employers?

It is important that businesses and organizations implement privacy principles in order to maintain security and workplace confidence. Here are some recommendations for employers when managing their employees.

1. Develop a privacy policy

Developing a workplace privacy policy ensures that there is a consistent approach to protecting privacy rights. The policy should provide guidelines as to what personal information the business collects and why, the process for accessing and correcting personal information, and how the business will respond to requests for such information. The policy should address the expectations on the use of social media, the internet and other technologies in the workplace.

2. Open communication

Having open communication about how the business is protecting personal information builds confidence amongst the employees. It is key that employees are comfortable enough to discuss issues of privacy and that the current policy framework reflects individual needs.

3. Training

Training workshops is another strategy that can communicate the business' privacy policies. Employers can distribute copies of the business policies as well as guidelines to the use of electronic communications, including social media, in the workplace. This ensures that employers convey their obligations and that employees further understand the scope of their privacy rights.

CONCLUSION

Employee privacy is as much a leadership prerogative as anything else. It requires organizational commitment on a recurring basis. Employee data, like customer data, is of critical importance and warrants the same level of protective measures like robust encryption both at rest and in transit, clear data handling statements, and informed consent. In the case of third-party services, the safe choice for businesses is to work with vendors who espouse an ethical approach to data privacy protection, are compliant with local regulations, and would never monetize data.

Footnote

1. Susan Stelzner, Editor-in-Chief of the Labour Law for Managers on the Basic Principles of Employee Privacy.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.