The use of software products and networking in human resources functions raises three broad issues that employers need to address when choosing and implementing software: protection of employee privacy, adherence to statutory notice and reporting requirements, and record retention. While the proper use of HR software can lead to increased efficiencies, enhanced communications and heightened morale, the failure to address any one of these three issues can undercut many of their potential gains.
Most would agree that a work cubicle lacks the privacy of a bedroom, but where the line of privacy lies between bedroom and cubicle is a hotly-litigated issue. While there are cases galore on other aspects of workplace privacy, there's very little guidance in the area of automation and networking of HR information. As a result, as businesses consider who should be able to review or alter various HR records, the issues are likely to be more of style and corporate culture than legality.
However, there are two areas where federal law and a large number of state statutes do require absolute confidentiality: medical records and personnel files. The extent of these protections can vary widely from state to state, and violations of these privacy statutes can result in substantial liability and fines. While the safest course is to consult with counsel in the business' jurisdiction when deciding what limitations to impose and how to enforce them, there are some general considerations to bear in mind.
Medical records are a particular hot button under both state laws and federal law, such as the Americans with Disabilities Act as well as the Family Medical Leave Act. Employers need to remember that statutes restricting the dissemination of information on a person's medical condition are not typically limited to health-care providers.
HR records typically contain substantial amounts of medical information, including the results of a preemployment physical, information for Family and Medical Leave Act compliance, requests for reasonable accommodation under the Americans with Disability Act and related statutes, and employee assistance program participation. All of this information must be treated as highly confidential.
Additionally, good HR management segregates this information from the personnel file and greatly restricts access to it. Medical information is so highly confidential that, at a minimum, access to it should be restricted within a network or on a server that isn't in any way accessible to persons who aren't permitted to review it.
The contents of personnel files vary widely from employer to employer. Laws restricting disclosure of personnel files vary from jurisdiction to jurisdiction, but tend to be less strict than those governing medical information and typically permit more individuals to review them under a wider set of circumstances. Items within personnel files that are typically deemed confidential under state statutes and decisional law include performance reviews, disciplinary actions, complaints about harassment or other forms of discrimination, and the like.
The safest course is to treat these records similarly to medical records, in terms of making sure that they cannot be opened or tampered with by hackers and others who should not see them. If the employee is granted online access to her or his own personnel records, employers should make sure that the employee will not be able to edit the records to delete disciplinary reports, improve poor reviews or create salary increases.
Statutory Notice and Reporting Requirements
Government regulators in HR-related fields are beginning to catch up with technology. Some state regulations are already incorporating automation to increase opportunities for online and streamlined reporting, record keeping and employee notifications. While few federal regulations have yet been altered or added to address or make express use of automation and software programs in the human resources arena, many are reportedly in the planning stages. …