In a business setting, the importance of maintaining privacy extends beyond the scope of one’s personal privacy to that of each employee. Confidentiality should be at the top of every pizzeria owner’s maintenance checklist. How safe is your staff’s personal information?
Regulations vary by state, but all employees have a general right to privacy. Consult an employment and labor lawyer if you’re uncertain that your business is a privacy compliant. “Generally, most states provide individuals with a common law, or case-law-created, right to privacy,” says J. Hagood Tighe, partner in the Columbia, South Carolina office of national labor and employment law firm Fisher & Phillips. “While the types of protections vary, the idea is that individuals have a right to keep some parts of their personal life from the public. Additionally, state and federal law may also impose a burden on employers to keep employee information confidential.”
Information that should be kept secure includes, but is not limited to: social security numbers; drivers’ license numbers; background search results; salary information; performance evaluations; and disciplinary and legal issues (garnishment actions, workers’ comp matters, employment discrimination) private, which is covered under several laws, including the Americans with Disabilities Act (ADA), Family and Medical Leave Act (FMLA), Health Insurance Portability and Accountability Act (HIPAA), etc. “Medical information, including doctors’ correspondence, FMLA paperwork and the like should be kept confidential in a separate file for each employee under lock and key,” says attorney David Gevertz, vice-chair of the labor and employment department of Baker, Donelson, Bearman, Caldwell & Berkowitz, PC.
Some items that might be overlooked but that should be kept private are sales invoices to major customers and from major vendors, training materials including managers’ manuals, and routine financial data, according to Gevertz. Joe Crowley of Pisa Pizza in Malden, Massachusetts, relies on a combination of a POS system and other privately located files to protect employee information. He also keeps a close eye on other confidentiality issues, such as staff gossip about salary discrepancies and personal matters, both of which are frowned upon at Pisa Pizza. “I’ve had to pull employees aside and say, ‘Money is confidential and personal information is confidential,’” says Crowley.
Many pizzeria owners find it easier to keep employee info private via electronic means. “I’ve always been meticulous about our employee information, making sure we have the right documents and that they are protected,” says Ben Nighswander, owner of B. Antonio’s Pizza in Fort Wayne, Indiana. “The best thing I ever did was convert all of our paper files to electronic. I can restrict access very easily so that certain employees can see specific information and keep certain info in separate folders with separate access. Before, I would have had to have multiple file cabinets with multiple keys. This way the information is kept centrally, I can access it from anywhere, and I can keep people out based on their security settings.”
In the event that you know or suspect that an employee’s security has been breached, make sure you inform the employee as well as researching and investigating any potential action that could have occurred on your business’ premises or among employees. Not only is this a sign of good faith to your employees, it will provide you with a paper trail or record of activity recording your efforts should there be any further inquiry by authorities.
“We typically advise companies to provide notice to the affected employees, even if they are not sure the information has been compromised,” says Tighe. “There are now some federal and state laws that, in some circumstances, require notice to the individuals so that they can take steps to protect and monitor against identity theft. Information regarding these issues is available at www.FTC.gov.”
Background checks or other inquiries are also a target for potential security breaches. “We only provide minimal information, such as confirming whether or not the person was employed, dates of employment, job title and salary,” says Robin Gittrich, human resources consultant for Toppers Pizza, headquartered in Whitewater, Wisconsin.
Does your business monitor employees through visual or electronic means? Certain legal stipulations apply to these situations as well. “Visual monitoring is generally allowed in most states provided that employees are made aware that the monitoring is occurring, and so long as the monitoring is in public places (e.g., not in a dressing room or restroom),” says Gevertz. “Audio recording is likewise permissible, although video plus audio recording is prohibited under federal law absent extraordinary circumstances, as it constitutes a wiretap. The lawfulness of searching an employee’s property is so highly contingent on the circumstances (e.g., state law, whether the search is conducted on company property, the urgency of the search, the employee’s reasonable expectation of privacy, whether an existing policy is in place, whether all employees undergo the same search, etc.) that it is almost never a good idea to conduct such a search without prior legal clearance.”
The jury is still out on what constitutes private when it comes to the online world. “The law is developing and trying to keep up with social media,” says Tighe. “If an employee posts information on their Facebook page or blog about a supervisor, the law is unclear as to whether it is protected. If the Facebook page was not open to the public, and the employer obtained access surreptitiously, this could be unlawful. On the other hand, if the supervisor was a ‘friend’ of the employee, the access may be legitimate.”
Employees should be made aware of any and all policies pertaining to monitoring. “Toppers Pizza employees must assume that everything that is said over a company phone and everything that is written on a company computer is public,” says Gittrich. “The electronic equipment that we provide and its contents are owned by Toppers Pizza, and we have an electronic communications policy because we are concerned with protecting our confidential information and avoiding misuse of our electronic systems.”
We take privacy for granted, often underestimating its importance until it’s compromised. It’s important to have a managerial staff in place that is trustworthy, knowledgeable and well trained in privacy practices to prevent confidentiality breaches. “You have to have trust in your managers, but they are human too,” says Jeff Varasano, owner of Varasano’s Pizzeria in Atlanta, Georgia. Mistakes and crimes can and still do happen, and your business should be prepared to handle such instances.
“If you are proactive, you avoid 90 percent of problems, rather than waiting for it to happen,” adds Crowley.
Lee Erica Elder is a freelance writer in NYC.