New York State Flag

On November 8, 2021, New York Governor Kathy Hochul signed into law an amendment to the New York Civil Rights Law that requires employers with places of business in the state to provide prior notice concerning the monitoring of employee telephone, email, or internet usage. Although the amendment will not take effect until May 7, 2022, employers may wish to begin updating their policies and implementing systems to furnish the required disclosures in advance of the amendment’s effective date.

Which Businesses and Individuals Are Covered?

The law applies to any private individual or entity with a place of business in New York.

Which Electronic Monitoring Activities Are Covered?

The law applies broadly to telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage “of or by an employee by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio, or electromagnetic, photoelectronic or photo-optical systems.” Given this broad definition, it is likely that most private employers in the state will be impacted by the law.

Which Electronic Monitoring Activities Are Exempted From Coverage?

Despite its broad reach, the law does not cover processes “designed to manage the type or volume of incoming or outgoing electronic mail or telephone voice mail or internet usage.” The law also does not apply to processes “that are not targeted to monitor or intercept the electronic mail or telephone usage of a particular individual.” Lastly, processes that are “performed solely for the purpose of computer system maintenance and/or protection” are not covered by the law.

What Are Some of the Compliance Obligations?

The law requires private employers that “monitor[] or otherwise intercept[] [employee] telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage” to provide written notice to all employees subject to electronic monitoring. In addition, employers must post a notice of electronic monitoring in a “conspicuous place which is readily available for viewing” by affected employees.

What Information Must Be Included in the Notice?

Under the law, employers are required to notify employees that “any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system” may be subject to monitoring “at any and all times by any lawful means.” The law requires that the written notice advise employees that the electronic devices or systems that may be subject to monitoring include, but are not limited to, “computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems.”

What Are Forms of Proof That Notice Has Been Furnished to Employees?

The law requires that employees acknowledge receipt of the notice, “either in writing or electronically.” Employers should consider retaining written or electronic records of the notification to and acknowledgement by each employee who is subject to electronic monitoring.

When May Notice Be Furnished to Employees?

New York employers may want to provide written notice of electronic monitoring to current employees prior to May 7, 2022, the effective date of the amendment. Pursuant to the law, employers must furnish new employees with notice “upon hiring.” Accordingly, employers may wish to update their policies and begin issuing notices in early 2022 to ensure compliance with these requirements.

What Are the Consequences of Violating the Law?

The law provides for the imposition of civil penalties for violations of its requirements. Employers found to be in violation of the law are subject to civil penalties ranging from up to $500 for a first offense to up to $3,000 for a third offense and for each subsequent offense. The Office of the New York State Attorney General will enforce the law.

The New York office of Ogletree Deakins will continue to monitor developments with respect to the implementation of the new law and its impact on the workplace, and will post updates on the New York blog as additional information becomes available.

Author


Browse More Insights

Modern dark data center, all objects in the scene are 3D
Practice Group

Cybersecurity and Privacy

The attorneys in the Cybersecurity and Privacy Practice Group at Ogletree Deakins understand that data now accumulates quickly and transmits easily. As the law adapts to technical advancements, we effectively advise our clients as they work to comply with new developments and best practices for protecting the privacy of the data that their businesses collect and retain.

Learn more

Sign up to receive emails about new developments and upcoming programs.

Sign Up Now