Invasion of Privacy in the Workplace

In 1973, the NCAA enacted a rule prohibiting student athlete drug use. Unfortunately, there was no standardized drug test to enforce the rule. At the 1983 Pan American Games in Caracas, Venezuela, several college student athletes tested positive for prohibited drugs, causing great embarrassment for the NCAA and raising questions about competitive fairness. How was the alleged “drug ban” being enforced?

The NCAA needed a solution, which, unfortunately, would invade the privacy of student athletes. In 1986, the NCAA adopted a mandatory drug testing program. Among other things, the drug testing policy required student athletes (1) to disclose medications they may be using and other information about their physical and medical conditions; (2) to urinate in the presence of a monitor; and (3) to provide a urine sample that reveals chemical and other substances in their bodies.

In 1990, a linebacker on the Stanford football team and the co-captain of the Stanford women’s soccer team sued the NCAA, alleging that the drug testing requirements violated their right to privacy. In the landmark case of Hill v. Nat’l Collegiate Athletic Assn. (1994) 7 Cal. 4th 1, 38, the California Supreme Court held that Article I, Section 1 of the California Constitution, which recognizes certain “inalienable rights” including the right of privacy, creates a private right of action against private parties.

The NCAA won the appeal and is able to administer drug tests, but Hill set a precedent that private parties can be sued for constitutional privacy violations. In the employment context, this means that employees can sue employers for invasions into their private lives. This includes, among other things, medical information background checks, drug tests, social media inquiries and GPS tracking.

It’s a Balancing Act

In order to prevail on a claim based on invasion of the California constitutional right of privacy the employee must show that 1) The employer engaged in conduct that invaded employee’s privacy interests, 2) The employee had a reasonable expectation of privacy as to the interests invaded; 3) The invasion was serious; and 4) The invasion caused plaintiff to suffer injury, damage, loss or harm.

As a defense, an employer may assert that the invasion of privacy is justified because it substantively furthers one or more countervailing interests. In other words, there is a balance of interest. On one side is the employee’s privacy. On the other side is the employer’s business reason.

Drug Tests

One of the most prevalent employee privacy violations is the drug test. Employers fear the potential harm that may come to customers, co-workers and/or company property when an employee comes to work under the influence of a controlled substance. Employees do not want employers to have access to their blood or urine because it can reveal other things, including prescription drugs, a disability or even pregnancy.

The nature of the drug test, the equipment used, the manner of administration and its reliability are important factors. For example, a drug test of an existing employee without any individualized suspicion has been found reasonable when the employee is in “a safety or security sensitive position.” Smith v. Fresno Irrig. Dist. (1999) 72 Cal.App.4th 147, 159. On the other hand, direct monitoring of a person providing a urine sample is an unreasonable intrusion. Smith v. Fresno Irrig. Dist. (1999) 72 Cal.App.4th 147, 160.

“The primary focus of a state constitutional privacy claim in the employee drug testing context is a reasonable balancing test—balancing the drug test’s intrusion on the reasonable expectations of the employee against the drug test’s promotion of the employer’s legitimate interests.” Kraslawsky v. Upper Deck Co. (1997) 56 Cal.App.4th 179, 186-187.

Even if the invasion of privacy is justified, the employee may prevail on an action “by showing there are feasible and effective alternatives to defendant’s conduct which have a lesser impact on privacy interests.” Hill v. National Collegiate Athletic Ass’n, supra, 7 Cal.4th at 40.

Social Media

Labor Code § 980 prohibits an employer from asking an employee or applicant to provide access to his or her personal social media account or to disclose a personal social media password. In addition, an employer is prohibited from taking retaliatory action against an employee who refuses to comply with such a request. Exceptions are permitted when the employer needs the employee’s username or password to access an employer-issued electronic device. An employer may also request personal social media access when conducting an investigation of employee misconduct if the information is reasonably believed to be relevant and is used solely for the investigation.

Background Checks

An employer who obtains an “investigative consumer report” in connection with its personnel decisions (hiring, promotion, reassignment, retention, etc.) must comply with the requirements of both the federal Fair Credit Reporting Act (FCRA, 15 USC § 1681 et seq.), and the California Investigative Consumer Reporting Agencies Act (ICRA, Civ.C. § 1786 et seq.).

Under California law, private employers may not ask job applicants about any arrest or detention that has not resulted in conviction of a crime or participation in a diversion program, or any conviction that has been judicially dismissed or ordered sealed pursuant to law (including Pen.C. §§ 1203.4, 1203.4a, 1203.45 and 1210.1). For more information, see the article on “Ban the Box” laws.


Any employee who believes their employer is unreasonably invading their privacy should consult a qualified employment law attorney. Employers should also consult an attorney before administering a drug test or searching the private property of their employees. Failure to do so can bring serious liability.

Contact Information