Corporate Privacy Issues
Corporate information privacy covers several issues. Because companies have a number of different kinds of records, they must approach privacy from many angles. The three major corporate privacy concerns are:
- Privacy of employee data
- Privacy of customer data
- Privacy of corporate data
In general, employees have no expectation of privacy in their workplaces. In most cases, this means that employers can monitor an employee’s work activities, as well as telephone and email conversations. Employers can also monitor employee internet access and computer use. In most cases, it is best if employers give their employees notice that they are monitoring employees in this way.
Employers also can monitor employee workspaces and offices. They can use closed circuit television (CCTV) or other video tools to do this. Similar to other types of monitoring, it is best if the employer gives notice about the monitoring. Although the ability to monitor is broad, employers usually cannot monitor locations such as bathrooms, locker rooms, and employee lounges. Some courts have held that employees do have a reasonable expectation of privacy in these areas.
NOTE
A nonprofit organization does not distribute its profits to owners or shareholders. Instead, it puts its profits back into the organization to help pursue its goals. Many charities are nonprofit organizations.
Companies must protect certain types of information belonging to their employees. For example, if a company provides an employee health plan, it must keep some information private. The Health Insurance Portability and Accountability Act (HIPAA) requires companies to protect some information about employee health plans. A company with an on-site health clinic must protect employee medical records under HIPAA and state laws.
Companies also must protect customer data. Some companies must protect consumer information in special ways. For example, the Gramm-Leach-Bliley Act (GLBA) requires companies to protect consumer financial information. Some states also have laws that require companies to protect the personally identifiable information (PII) of their customers. If the company suffers a security breach that compromises PII, then it must inform its customers about the breach. The purpose of these laws, called data breach notification laws, is to help protect people from identity theft.
Finally, companies have their own internal records to protect. These records may contain data about the company’s organization, finances, human resources, and legal matters. In general, a company’s directors and officers always have the ability to see all company records. In a small company, the owner has this right. They also can enter employee offices to review records. They have the ability to do this in the regular course of business because they are responsible for the business and its successful operation.
In corporations, the directors of a company have an absolute right to be able to inspect the company’s records. Shareholders also have a right to inspect corporate records. However, the shareholder’s inspection right is not as broad as a director’s right. In most states, shareholders have a right to inspect some records during regular business hours. They must make a written request to inspect corporate records that must include the shareholders’ reason for wanting to review the records.
Companies also have records regarding their products and services that they must protect. Some of these records might be trade secrets, information about company products or services that helps one company compete against another company. Trade secrets are a form of intellectual property; therefore, a company must protect its trade secret information. If a company properly protects this kind of information, it is entitled to legal protection.