Your confidential employment file contains everything an identity thief would need: your name, address, Social Security number, tax forms, and maybe even bank account numbers or medical information. Because employers have so much of their employees’ personal information, it is important that they keep it safe. However, a recent Seattle Times article reports that a Banana Republic customer received confidential files for about 20 former Gap employees instead of the clothing she had ordered online. Fortunately for both Gap and its employees, the customer reported the problem. However, where an employer breaches its duty to protect its employees’ right to privacy, it can sometimes lead to a lawsuit.
Employees’ Privacy Rights Under Washington Law
Washington law protects a person’s right to privacy in sensitive personal information. With regard to employment files, the accidental or intentional disclosure of that information would violate the employee’s privacy if a reasonable person would have been highly offended by the disclosure and the information does not legitimately concern the public. An employee whose privacy has been violated by the disclosure of confidential employment files can take legal action for damages caused by the disclosure.
Certain federal laws also protect employees’ personal information in the hands of employers. For example, employees may have to share medical records with their employers in order to receive leave under the Family Medical Leave Act (“FMLA”). In that case, the employee’s information should be kept in a confidential medical file that is separate from normal employment files. The medical information can only be disclosed to specific people in certain situations.
Employers’ Responsibility to Protect Employees’ Private Information
Employers have a general duty not to violate an employee’s right to privacy. However, because of the sensitive information that employers possess, Washington imposes specific requirements for destroying employees’ personal information and notifying employees of possible unauthorized access to computer files.
When employers decide they will no longer retain an employment file, they are required to take all reasonable steps to destroy the employee’s personal information. If the employee’s privacy is violated because the employer failed to properly destroy the file, then the employee can file a lawsuit for damages. It is important to note that this law only applies if the employer still has control of the file. If the employer has given the file to the employee or transferred it somewhere else, the employer is not liable.
If employers keep personal information on a computer and the computer has been hacked, Washington law requires the employer to inform anyone whose information may have been accessed. This law protects the personal information of any person, including people such as customers and contractors in addition to employees. Employers should let the affected people know about a breach of its system as quickly as possible. The only legal reason to delay notification is if law enforcement has requested it.
In the case of the Gap employee records, the customer informed the company, which then informed its employees. It appears that the mix-up did not cause too much damage, but it could have. The disclosure of employees’ personal information can cause financial and legal problems for both employees and employers. When that happens, an employment attorney can help.