NY will require employers to provide employee lookout

Employers who monitor the electronic activities of their employees should note that New York State will soon require employers to (i) provide written or electronic notice to employees when hiring such on-site monitoring. work, and (ii) publish a notice of such monitoring. Such notice must be posted in a conspicuous place. Although many employers already provide a lookout as part of their cybersecurity and privacy programs and / or through their manuals or other stand-alone policies, and some employers also provide such a notice to their employees to limiting claims and claims that employees have expectations of privacy in the use of employer email and other electronic systems, New York State raises specter of enforcement activity and civil penalties if an employer’s opinion does not describe the monitoring used in the employer’s systems in an appropriate and visible manner.

New York’s new electronic surveillance law

On November 8, 2021, Governor Kathy Hochul enacted a law act that changes civil rights law and requires employers in New York State to notify an employee upon hire when the employer “monitors or intercepts” phone calls, emails or use or access to the Internet using “any electronic device or system” (the “Act”).[1] The notice must be in writing or sent electronically, and the employee must acknowledge receipt in writing or electronically. In addition, the employer must post the notice “in a conspicuous place”.[2] The law will come into force on May 7, 2022. As of that date, new hires should receive the notice, and the notice should be posted prominently in a physical location or on the company’s intranet, for example. example.[3]

Employers who break the law, which the Attorney General is authorized to enforce, can face civil penalties of up to $ 500 for the first offense, $ 1,000 for the second offense, and $ 3,000 for the third and each subsequent offense.[4] There is no private right of action. However, employees making other types of complaints based in whole or in part on their expectations of confidentiality in the workplace, might seek to strengthen their claims in the event of non-compliance with the law. Although New York State does not currently recognize a common law tort based on invasion of employee privacy, it is likely that employees making claims or defenses in any one for which no notice is given. has been provided).

The law also provides for a safe harbor, under which “[t]The provisions of this section do not apply to processes designed to manage the type or volume of incoming or outgoing e-mail or telephone voice mail or Internet use, which are not intended to monitor or intercept e-mail or voicemail telephone or Internet use of a particular individual, and which are carried out uniquely for maintenance and / or protection of the computer system. “[5] Thus, certain system-based tasks such as spam filtering, proxy servers, or firewalls that only scan or block certain electronic transmissions would not be covered by an activity that would trigger the notification requirements of the email. Law. Nonetheless, employers should list these systems, such as data loss prevention tools, to determine if they perform additional functions that may trigger a notice requirement.

Definitions of the terms “monitor”, “interception”, “transmission” and “photoelectronic or photo-optical systems are clearly absent from the law”. Certain definitions of some of these terms are included in other laws, for example the Federal Wiretap Act (18 USC §§ 2510-2522), the Electronic Communications Privacy Act (18 USC §§ 2510-2523) and the Stored Communications Act. (18 USC §§ 2701-2712). Nonetheless, questions remain open as to how the statutory terms might be applied in the particular context of the Act.

Moreover, the Act is not, on its face, limited to employer systems or applications. Thus, there are open questions regarding the applicability and implementation of any notification requirement where an employee’s usage can be monitored when the employee accesses an employer’s provider system or device. .

While the law can be seen as a new burden on New York employers, some other states have similar laws in place already.[6] This is because employers who regularly monitor phone, email and internet usage for regulatory purposes may already have some type of notice in place. Even so, the Act may require an employer to update this notice or the applicable provision in the employee handbook or otherwise available electronically, and post the revised notice accordingly.

What New York Employers Should Do Now

  • Audit electronic devices and systems and IT practices regarding security, regulatory needs, data loss and compliance to ensure you have a full understanding of all the ways in which employee electronic use may be monitored or intercepted .

  • Write a review that complies with and faithfully reflects practices regarding the monitoring or interception of e-mail and other electronic systems, including telephone calls and internet use, and provide it, with a recognition section, to new employees in accordance with the Act.

  • Incorporate the acknowledgment requirement into the onboarding or other standard process no later than May 7, 2022, to ensure that an acknowledgment is signed (on paper or in electronic format) or otherwise electronically proven at the start of employment and before the start of any surveillance or interception.

  • To consider update the manual (s) and any other relevant policies to provide clear and ongoing advice regarding the types of surveillance or interception that are occurring, and to confirm that there is an acknowledgment section for the manual or policy.

  • Post an electronic surveillance notice in a location (physical or online, or both) visible to employees who are subject to such surveillance.

[1] A.430 / S.2628, NY Civ. Rights Act § 52-c.2. (A). “Employer” includes “any individual, company, partnership, business or association with a place of business in the state”, but does not include “the state or any political subdivision of the state”. NY Civ. Rights Act § 52-c.1.

[2] Identifier.

[3] The stated purpose of the Act is “[t]o Require employers who engage in employee email monitoring to notify their employees of this monitoring. “S.2628. As stated above, the legal provisions cover the monitoring of electronic systems in addition to electronic mail.

[4] NY Civ. Rights Act § 52-c.3.

[5] Identifier. § 52-c.4. (emphasis added).

[6] See, for example, Of the. Code tit. 19, § 705 (b) (prohibiting the employer from monitoring or intercepting telephone and electronic communications and Internet use and access without notice to employees of such practice or policy).

© 2021 Epstein Becker & Green, PC All rights reserved.Revue nationale de droit, volume XI, number 344

Comments are closed.