I run a consulting business and of late, I have run into employees or Former employees of companies who have mentioned how upset they were that HR decided to post their picture, name, department, supervisor, etc. on an Internal Intranet web system without their permission. Not knowing how to answer these folks, I'm wondering from you HR pros and legal scholars out there - what are the legal rules for this? Should there be disclousures signed before HR decides to do this to an employee? Does an employee have a right to say how much information they wish to disclose for anyone in the company to have access to? Or are these postings harmless and these employees Corporate trouble makers? Where can I be guided to more information about this? Thanks so much!

To me, there is a difference between a protected internal network and posting information on the WWW.  Who has access to the internal system?  Is it password/firewall protected?

Personally, I would inform applicants/new hires of what will be posted so that it does not come as a shock. I would even add it into an employee handbook if you have one.  If the new hire has an issue with it, I would do a little more investigation as to why they do not want their information posted and even give them the reasons that it makes good business sense.  For example a person being stalked by an ex-spouse, etc.  There will be situations that will deserve an allowance, but not everyone that comes forward. 

Certain states have employee privacy laws, but I don't know of any that they would apply to information shared internally for business needs.  Certain information is bound by confidentiality laws (ADA, HIPAA, etc).  But a lot of employment information is not.

Often when employees bring a complaint and state something is "against the law", I ask them to provide me with a cite to the law they are referencing. Most of the time they can not do so.  And since most states are "at will", you could terminate the employee or refuse to hire someone who refuses to allow you to use their information on the internal system, as long as there is no law that protects them for this reason.

 Here is one good article I found: http://www.corporatewebsite.com/articles/getting_your_intranet_focused%3A_7_tips_for_effective_personalisation about business needs of an intranet

I would agree with HRforME.  As long at the information is located on a secure company Intranet and you only include pertinent work information, you should be safe.  I know some companies allow for a picture opt-out and/or inclusion of EE submitted bio info.

The content is as important as the location.  For instance, posting everyone's SSN and birthday along with their name and address is a bad plan.  Keep in mind that, even if there is no specific law against the disclosure, there still may be tort feasance.  On the other hand, people do not typically own photographs of themselves taken in public places.  If you are at a professional basketball game and your picture winds up in the paper, you have no special ownership of that image and the newspaper doesn't owe you anything.  The employment situation is a little different because it's not a public place in the same sense as an entertainment venue with 50,000 seats.  A lot boils down to whether or not employees have "a reasonable expectation of privacy" at the work place.  Our handbook stipulates that, to the extent allowable under the law, employees have no reasonable expectation of privacy at work.  Assuming you don't have any state law issue in play, I think putting contact information on the intranet that happens to have a picture of the person (say, from their ID badge), there is likely no problem for the Company except whatever may bubble up from upset employees.  Rolling it out properly in advance so that people aren't surprised would be a big step in the right direction to manage the situation well.

I agree with the other posters that the answer to your question will depend based upon the nature of the information that is provided. I know many companies (especially larger companies that have multiple locations and a corporate office) will publish lists with employee name, position, telephone number and email address.  This way if someone at one location needs to know the HR Managers name at another location then they have that information.  I don't see an issue with this.  The company is providing information to help the employees do their jobs. 

There are some people that just don't want their name listed anywhere.  These are the same people that don't have any credit cards, pay cash for their cars, get a live paycheck, etc.  I can say all this because I have had an employee like this in the past. He was a very private person and didn't want any information about him anywhere. We came to an understanding that his name would only be used where absolutely necessary so that he could get his job done and others could contact him to get their job done.  He was never mentioned in newsletters, acknowledged during his birthday month, etc. because that is what he wanted. 

 

 

Thank you ALL for your replies. There are wonderful resources and knowledgable HR people here and I will be reading this everyday!! 

IT HR brings up a real good point as well about employees who only want their name used where abosultely necessary...but the best reason I can see is in HOW an HR specialists rolls this out to the employees.

Let me just say that one instance that made me ask all of you HR pros here was that of an employee who said his company IT deaprtment just sent out a company wide memo the day they launched the infomation on the Intranet  - the employee was caught off guard and rattled so much, they resigned. The info seemed harmless to me: name, title, location of employee, supervisor and whatever corporate exra actrivities they belonged to (carpool, committees, etc.) but this employee took exception to not knowing before the launch, his birthdate and hiring date published and the picture off of the employee badge that was being used online - and the fear of the company Intranet being hacked into because he explained the company had problems with IT and he felt the Intranet or Internet wasn't as safe as he was confortable to feel. I think that may have impacted the employee the most.

How this information is rolled out to make the employee feel comfortable is as much as important as an employee feeling that HR "just doing it" because HR can. Maybe some HR departments need a little PR training too.