Employers receive a large amount of information about employees that they are not legally allowed to share with outside parties. Most laws that relate to the confidentiality an employee is entitled to in the workplace are made at the federal level rather than the state, making them fairly uniform across the country. Generally, violations of these laws result in civil rather than criminal penalties. Laws relating to workplace confidentiality can be broken down into three main categories: those dealing with personal information, with privacy and with medical information.
Employers are legally required to keep private information proffered to the employer during a job application, as well as certain other job-specific information. While applying for a job, an employee often provides a variety of sensitive information, including financial and credit information, as well as his education and his employment records. Employers are not allowed to share this information with outside parties without an employee's consent; sharing financial information can be considered a criminal violation.
Employees are afforded a certain amount of privacy in the workplace. Generally, employers are allowed to monitor employees only insofar as it allows the company to run effectively without severely compromising an employee's right to privacy. For example, while a company is allowed to set up surveillance cameras to prevent employee theft, these cameras cannot be set up in a bathroom. With certain types of surveillance, such as some types of computer surveillance, the employer must first notify its employees that the surveillance will occur.
Employers often have access to sensitive information related to an employee's medical history. While employers are allowed access to only some of an employee's medical files -- for example, an employer may be allowed to examine files from an employee claiming worker's compensation -- this information cannot be shared with other employees or with outside parties. Many limits of employers' use of medical records are set by the federal Health Insurance Portability and Accountability Act, sometimes called "the Privacy Rule."
If an employer violates an employee's legally protected right to privacy or to confidentiality, it might be liable for civil damages. An employee whose rights have been violated can generally sue an employer for two reasons. First, the employee might have suffered financial damage due to the exposure of guarded information, such as through the loss of another job. Second, the employee might have suffered emotional damage, such as through social stigmatisation or through the invasion of privacy.