by Joseph J. Lazzarotti, Attorney at Law, Jackson Lewis P.C.
Over the past several years, there has been a significant increase in the use of dashcam technology. The technology available in the market is quite advanced. As we observed here, these devices can be equipped with geolocation, AI, facial recognition, and other technologies. Designed primarily to enhance driver safety and fleet management, privacy concerns are tapping the brakes on implementation in California.
On September 29, 2022, Governor Gavin Newsom signed into law AB-984, and becoming effective January 1, 2023. The law builds on other privacy protections in California, such as the California Consumer Privacy Act and Penal Code Sec. 637.7. Section 637.7 prohibits using an electronic tracking device to determine the location or movement of a person, however, it does not apply when the vehicle owner (e.g., the employer) has consented to the use of the device.
Among other exciting provisions, including the latest in vehicle tech – digital license plates, AB-984 places significant restrictions on the use of an alternative device to monitor employees. Specifically, the law provides:
An employer, or a person acting on behalf of the employer, shall not use an alternative device to monitor employees except during work hours, and only if strictly necessary for the performance of the employee’s duties.
The statute defines monitoring to include, without limitation, “locating, tracking, watching, listening to, or otherwise surveilling the employee.” However, there is no definition of “strictly necessary,” making the statute more difficult to navigate.
Employers that choose to install such a device must provide notice to employees prior to monitoring with the device. That notice must, at a minimum, include the following:
(A) A description of the specific activities that will be monitored.
(B) A description of the worker data that will be collected as a part of the monitoring.
(C) A notification of whether the data gathered through monitoring will be used to make or inform any employment-related decisions, including, but not limited to, disciplinary and termination decisions, and, if so, how, including any associated benchmarks.
(D) A description of the vendors or other third parties, if any, to which information collected through monitoring will be disclosed or transferred. The description shall include the name of the vendor or third party and the purpose for the data transfer.
(E) A description of the organizational positions that are authorized to access the data gathered through the alternative device.
(F) A description of the dates, times, and frequency that the monitoring will occur.
(G) A description of where the data will be stored and the length of time it will be retained.
(H) A notification of the employee’s right to disable monitoring, including vehicle location technology, outside of work hours.
Employers that fail to comply can be subject to significant penalties. A civil penalty of $250 can be imposed for an initial violation, while a $1,000 per employee can be imposed for each subsequent violation. The statute expressly provides that penalties “shall be assessed per employee, per violation, and per day that monitoring without proper notice is conducted.”
In addition to penalties, employer have additional exposure if found to have retaliated against an employee for removing or disabling an alternative device’s monitoring capabilities outside of work hours. In this case, the employee “shall be entitled to all available penalties, remedies, and compensation, including, but not limited to, reinstatement and reimbursement of lost wages, work benefits, or other compensation caused by the retaliation.”
For employers considering using an alternative device to monitor employees in vehicles, there are at least two steps to take:
- Assess whether doing so is “strictly necessary” for the performance of the employee’s duties
- Provide advance notice of the monitoring
There are several other issues to consider as well, just looking at the items required to be included in the notice.
About the author
Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.
© 2022 Jackson Lewis P.C. Reprinted with permission. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.
Focused on labor and employment law since 1958, Jackson Lewis P.C.’s 950+ attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business. We help employers develop proactive strategies, strong policies and business-oriented solutions to cultivate high-functioning workforces that are engaged, stable and diverse, and share our clients’ goals to emphasize inclusivity and respect for the contribution of every employee. For more information, visit https://www.jacksonlewis.com.