About 40 percent of employment practices liability policies (EPLI) that I review fail to cover allegations of employment-related breach of privacy. These range from complaints that the employer failed to protect sensitive medical information properly to accusations of “spying” in areas such as locker rooms where employees might have a reasonable expectation of privacy.

I continually review a variety of EPLI products, both as monoline insurance policies and as policies packaged with other coverages, with my work for RiskProNet International, an association of independent brokers in North America. The findings indicate that far too many businesses fail to appreciate the risk of privacy complaints, as well as the potential for cyber liability claims concerning privacy.

The plaintiffs’ bar predicts that privacy will soon replace wrongful termination as a hot workplace issue, according to the Fair Measures Inc. website.

New Questions

Technology is posing new questions for employment practices underwriters.

A California woman filed a lawsuit after her employer told her to install an application on her smartphone that monitored her locations. She felt that was a reasonable request during working hours, but she objected to the fact that the app operated 24/7.

An article in Inc. magazine with the title, “When Monitoring Your Employees Goes Horribly Wrong,” outlines additional pitfalls. In perhaps the most unusual case, a surveillance camera was mounted on a drone to monitor work on the upper levels of a construction site. It captured video of two employees having an amorous moment during their break. The employees were fired, and successfully sued the company, saying they could not have been seen from the ground and they expected privacy during the work break.

Common Situations

Below are the most common situations leading to workplace privacy lawsuits, according to Nolo Press:

  • Deception. An employer fails to mention that a routine medical examination includes an analysis of a urine sample for drugs. An employee cannot be fired because of drug traces in his urine unless he was told about this in advance.
  • Violation of Confidentiality. An employer asks for health information to be sure employees are capable of doing the job and promises to keep the information confidential. The employer can be held liable if it is disclosed to a third party, either deliberately or as a result of a cyberattack.
  • Secret Monitoring. An employer may install visible video cameras above cash registers to help ensure that cashiers are not stealing. However, hidden video cameras in a restroom would likely be considered an invasion of privacy.
  • Monitoring Private Life. In general, an employer may not monitor employees when they are not at work or dismiss them for legal activities, such as working in a political campaign.

Coverage

Cyber insurance could potentially address some of these issues, but there is great variety among cyber insurance products, and recent surveys indicate only about 35 percent of employers are actually purchasing cyber insurance.

Appropriate coverage is available in the marketplace. Consider EPLI “fine print” when reviewing policies to make sure these provisions are present:

  • Does the appropriate EPLI definition of “employment-related wrongful act” include work-related breach of privacy?
  • Is there any exclusionary language concerning employer-related monitoring of social media?
  • Is there any exclusionary

language on employer-provided technology, such as cell phones and other electronic devices?

If the answer is yes, approach the underwriter for improvements in the language relating to the exact exposure situation.

Be sure that the questions on the application that address specific employer-related electronic surveillance methods are answered fully and truthfully.

Beware of policy language that seems to impose unfair restrictions.

If your EPLI insurer doesn’t meet these standards in having “employment-related” breach of privacy as a covered wrongful employment practice, then it’s important to seek it elsewhere. If this exposure isn’t addressed in the EPLI main definition, it’s unlikely that it can be added by endorsement. Share this article with a colleague.

 


About Dick Clarke

Clarke is a consultant to RiskProNet International, an association of insurance brokers in North America. He retired in 2016 from RiskProNet founding member J. Smith Lanier & Co. Email: DickClarkeInsuranceAnswers@gmail.com.