Compliance & Privacy

US State Privacy Laws and Employee Monitoring: A 2024 Compliance Map

By Elena Vasquez · · 9 min read
US State Privacy Laws and Employee Monitoring: A 2024 Compliance Map
TLDR: US state privacy laws affecting employee monitoring are expanding rapidly. In 2024, at least 12 states have laws that directly impact how employers can monitor employees, with more legislation pending. This guide maps the key requirements by state.

The Patchwork Problem

Unlike the EU, which has GDPR as a unified privacy framework, the United States has no federal employee privacy law. Instead, employee monitoring is governed by a patchwork of state laws that vary dramatically in scope, requirements, and enforcement.

For organizations operating across multiple states — which in the remote work era means most organizations — this creates a compliance nightmare. What's legal in Texas might require employee notification in New York and explicit consent in Connecticut.

12states with laws directly affecting employee monitoring
7states with pending employee monitoring legislation in 2024

This guide maps the key requirements as of Q2 2024. Note: this is informational guidance, not legal advice. Consult with employment law counsel for your specific situation.

Tier 1: States with Explicit Employee Monitoring Laws

New York: Effective May 2022, employers with electronic monitoring must provide written notice upon hiring and display a notice in a conspicuous location. Covers email, internet, and telephone monitoring. Violations carry civil penalties up to $3,000 per employee.

Connecticut: One of the oldest state monitoring laws (1998). Employers must provide written notice of electronic monitoring types, including email, internet access, and telephone usage. Stronger than New York because it applies to all monitoring, not just electronic.

Delaware: Similar to New York — requires written notice of electronic monitoring at hire and ongoing conspicuous display. Covers email, internet, and telephone.

California: While no specific employee monitoring statute exists, the CCPA/CPRA creates significant obligations for employee data collection, including the right to know what data is collected and the right to delete personal information. The 2024 CPRA enforcement actions have been more aggressive than anticipated.

Teambridg compliance: Teambridg's platform includes configurable employee notification templates for all Tier 1 states. When you add an employee in a regulated state, the system prompts you to send the appropriate notice. See our compliance guide for setup details.

Tier 2: States with Relevant Privacy Protections

Several states don't have employee-monitoring-specific laws but have broader privacy protections that affect monitoring practices:

  • Illinois (BIPA): If your monitoring involves biometric data (facial recognition, fingerprint scanning), Illinois's Biometric Information Privacy Act requires explicit written consent. Penalties are severe: $1,000-5,000 per violation.
  • Texas and Washington: Biometric privacy laws similar to Illinois but with different enforcement mechanisms
  • Colorado: The Colorado Privacy Act (effective 2023) gives employees data access rights and requires privacy impact assessments for high-risk processing activities — which includes employee monitoring
  • Virginia: The VCDPA provides consumer rights that extend to employees in certain contexts, including the right to access and delete personal data

The trend is clear: state privacy protections are expanding, and employee monitoring is increasingly in scope. Organizations that build their monitoring practices to the highest standard now won't need to scramble when their state passes new legislation.

Pending Legislation to Watch

Several states have employee monitoring bills in various stages of the legislative process in 2024:

  • Massachusetts: Proposed bill requiring consent for AI-driven employee assessments
  • New Jersey: Proposed electronic monitoring notification requirements similar to New York
  • Maryland: Proposed restrictions on facial recognition in the workplace
  • Minnesota: Proposed employee data transparency requirements

At the federal level, the proposed STOP Spying Bosses Act would create national standards for employee monitoring, but its passage remains uncertain. If it passes, it would preempt state laws in some areas while establishing a federal floor.

A Compliance-First Approach

Rather than tracking compliance requirements state by state, we recommend a "highest common denominator" approach:

  1. Always provide written notice of monitoring to all employees, regardless of state. It's required in some states and best practice everywhere.
  2. Never use biometric monitoring without explicit consent. Period. The legal and reputational risks aren't worth it.
  3. Provide data access. Let all employees see what's collected about them, regardless of whether their state requires it.
  4. Minimize data collection. Collect only what you need. This is good practice, good ethics, and increasingly good law.
  5. Document everything. Your monitoring policy, your legal basis, your employee notifications, and your data practices should all be documented and reviewable.

The regulatory landscape is only moving in one direction: more protection for employees, more transparency requirements for employers. Building to that future now saves money, reduces risk, and builds trust. For more on ethical monitoring practices, see our ethics framework for AI monitoring.

Ready to try transparent employee monitoring?

Teambridg is free for teams up to 3 users. No credit card required.

Get Started Free Download Timebridg
US privacy laws state regulations compliance employee monitoring law 2024
← Back to Blog