New York State Enacts Employee Monitoring Law
On November 8, 2021, New York Governor Kathy Hochul signed a new electronic monitoring law, requiring private New York employers who monitor employees’ telephone, email, and internet access or use to provide new employees with written notice of these practices. This law is effective May 7, 2022.
The new legislation covers all private employers with a place of business in New York State, irrespective of their size, and applies to any employer who “monitors or otherwise intercepts telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage of or by an employee by any electronic device or system.”
Employers covered by this law must provide the notice in writing and ensure employees acknowledge the notice in writing or electronically. A notice of the electronic monitoring must also be posted in a “conspicuous place which is readily available for viewing by employees subject to the monitoring.”
The notice should clearly and effectively advise employees “that any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems may be subject to monitoring at any and all times and by any lawful means.”
There is an exception; the notice requirement does not apply to “processes that are designed to manage the type or volume of incoming or outgoing electronic mail or telephone voice mail or internet usage, that are not targeted to monitor or intercept the electronic mail or telephone voice mail or internet usage of a particular individual, and that are performed solely for the purpose of computer system maintenance and/or protection.”
Simply put, electronic monitoring practices that are for general system maintenance or protection (anti-virus monitoring, for example), rather than targeting an individual, are not covered by this law.
Employers are advised to review their policies and seek advice on what actions must be taken to comply with this new law by the May 7, 2022, effective date. Some additional steps to consider:
Draft a notice using the new, required language quoted above.
Audit your systems to ensure routine processes such as firewalls and proxy servers are not performing additional tasks that may trigger a notice requirement.
To ensure all new hires receive the notice and return the acknowledgment, incorporate it into your onboarding procedure..
Update your employee handbook, offering clear guidance on the company’s employee monitoring policy.
Consider having employees acknowledge an on-screen statement before they can access the company systems.
Post the notice in a conspicuous, readily available location in the workplace.
Act now; employers in violation of the law could face up to $500 for the first offense, $1,000 for the second offense, and $3,000 for the third, and each subsequent, offense.