7 simple ways companies can give better privacy protection to employees
The concept of online privacy protection doesn’t just apply to you as a consumer — it also extends into your workplace. Continued technological advances have made the modern workplace twice as efficient. Different types of software help facilitate everyday tasks, automate tedious processes, and connect coworkers across cities and states.
Today, employees don’t just use the internet to conduct research and send emails, they also use it to hold video meetings, process payroll, and share documents. But the more companies are reliant on technology, the bigger an issue online privacy protection becomes.
Privacy in the workplace
Workplace privacy is complicated. Employers have to collect a substantial amount of personally identifiable information (PII) to vet, hire, and pay an employee. Not only do employers have to conduct background checks on potential hires, they also need certain PII to run payroll, provide healthcare benefits, and protect employees in case of emergencies. As a result, employers have access to a host of sensitive information, including an employee’s:
Social security number
Health and medical records
Bank account number
Emergency contact information
There’s another layer of privacy concern beyond guarding employees’ personal information, though. Many employers reserve the right to monitor employees’ activity and communication records — from emails, work calls, and video conferences to web browsing and computer files. According to a report from PrivacyPolicies.com, 63% of employers monitor internet connections at work.
There are a few reasons for this type of monitoring, one of which is performance evaluation. Employers want to see whether employees are staying productive, meeting goals, and maintaining professional communications with their colleagues, customers, and clients. They also want to make sure employees don’t share proprietary information with outside parties.
Plus, monitoring employee behavior at work can help minimize an employer’s liability in sticky situations. If, for example, a vendor, customer, or employee makes a damaging claim against a company or decides to sue an employer, having a record of emails or other internal communications may help protect that employer.
Due to the normalization and necessity of monitoring, there tends to be a low level of privacy protection in most workplaces. And because employers own the network and devices their employees use, their right to monitor employee communications is also protected by law. There are only a couple of states, namely Delaware and Connecticut, that require employers to give notice to employees before monitoring their email.
That doesn’t mean employers can do whatever they want, though. Companies still need to offer a reasonable amount of privacy protection to employees. Taking steps to protect employees’ PII and educate them about privacy issues can help build trust and reduce the risk of identity theft and breaches.
Here are seven simple ways companies can better protect their employees’ privacy in the workplace.
Employers own all employee documents, devices, and communications, including email, phone, web, and video records
Employees are subject to monitoring without notice
Employees shouldn’t expect privacy when using company property or doing company work
2. Filter inappropriate sites
Many employees use the web for personal reasons during company hours. A 2015 FindLaw survey found that 50% of Americans use the internet for personal reasons at work. Think: checking social media, shopping, or reading the news.
Though some employers are comfortable with moderate personal internet usage, too much leeway can lead to compromising situations. That’s why it’s crucial for employers to set up internet filters that prohibit employees from visiting websites that wouldn’t be appropriate for a workplace environment. Restricting employees’ web access can actually help protect employees, plus it limits the amount of monitoring companies have to do.
3. Set up a private Wi-Fi network for employees
Public Wi-Fi doesn’t offer as much protection as a private network. It’s easier for hackers to intercept information on a public connection, but companies can give their employees a more private browsing experience by setting up a private Wi-Fi network. This helps lower the potential for data breaches and identity theft.
It’s also a good idea for employers to give employees access to a virtual private network (VPN) when working from home or working remotely. A VPN reroutes web traffic to a separate encrypted server, which helps ensure that sensitive company information, as well as employee PII, remain hidden from outside eyes.
4. Require two-factor authentication for company accounts
Companies can help safeguard employee PII by requiring workers to use two-factor authentication for company accounts. Two-factor authentication, which requires you to verify your identity when logging into an account, offers more privacy than the usual password-only method.
Here’s how it works: After you enter your password, you typically have to enter a short code sent to you via text before you can gain access to your account. The extra step minimizes the risk of unauthorized parties logging into or hacking employee accounts.
For maximum privacy protection, employers should require employees to use two-factor authentication for email, Google, and payroll portals, as well as shared accounts like Dropbox, Evernote, and Microsoft.
5. Restrict who has access to the cloud
The cloud is an efficient way to store company information and share information between employees, but it also creates privacy concerns. Instead of giving employees unlimited access to the cloud and the PII within it, companies should restrict cloud access to a select few individuals, like managers or IT experts. This ensures that only certain people can access encrypted cloud information, lowering the potential for data breaches or general PII misuse.
Companies should also make sure that the people who have access are well-trained in the software and understand how to set controls that help protect employee privacy. For example, an employer can enable a particular cloud setting that monitors who tries to gain access, so they can record any unauthorized attempts.
6. Store private records the right way
The easiest thing employers can do to protect employees’ PII is to store it properly. That means encrypting online files and giving only a couple trusted individuals, like an HR rep or head of accounting, access to this encrypted information.
Employers should also shred any physical documents they no longer need that contain sensitive employee information. How long an employer saves their employee records depends on the company, industry, and state laws, so it’s important to consult an HR rep, lawyer, or accountant to figure out when it’s appropriate to get rid of employee files.
7. Develop a guide for best privacy practices
Employers can discuss smart web browsing practices, suggest tools for enhancing privacy, and educate employees on the complex nature of social media privacy. Here are six privacy protection tips companies should share in their guides:
Change your social media privacy settings
Review your app permissions
Limit private information on public networks
Adjust your Google privacy settings
Look for “https” sites instead of “http”
Giving employees an easy-to-read handbook on internet privacy can help empower them to take action to protect their information.
Privacy is within your control
You may have limited online privacy in the workplace, but you should be able to choose exactly how much privacy protection you have everywhere else. FigLeaf wants to give you more control over your privacy online. With our all-in-one tool, you have the freedom to be as anonymous or as visible as you want on the web — and to change your mind whenever you feel like it.