Header graphic for print
Employer Law Report

Category Archives: Workplace Privacy

Subscribe to Workplace Privacy RSS Feed

Employer’s DNA test of employees in defecation investigation results in $2 million verdict for violating GINA while real “Poopetrator” remains on the loose

Posted in Employment Outtakes, Workplace Privacy

We would like to thank Adam Bennett, one of Porter Wright’s summer law clerks, for his significant contributions to this blog post.

If a recent federal court case is any sign of the times, employers should think twice before engaging in their own forensic crime scene style investigations of employee questionable behavior—even if the employee is suspected of repeatedly defecating in public areas of the workplace. Employers sometimes forget that the Genetic Information Nondiscrimination Act (GINA) prohibits requesting employee genetic information. Any improper request for employee genetic information is likely to lead to legal woes and a lot of dollars …

Big data in the workplace

Posted in Workforce Strategies, Workplace Privacy

I’m looking forward to joining my colleagues Dennis Hirsch and Jay Levine for a roundtable discussion of “Big data, data analytics and the law: What your company needs to know about the next big thing” on May 13. Here is a glimpse into what I plan to talk about from the employment lawyer’s perspective:

Even if we don’t know exactly how big data works, we know what it can do for us in our daily lives. Movie suggestions on Netflix. Targeted coupons at the grocery store. Cheap airfare and hotel rates. Facebook suggestions of people we may know. There is …

NLRB files complaint against postal service for not bargaining with union over effects of data breach incident

Posted in Labor Relations, Traps for the Unwary, Workplace Privacy

We all pretty much know the drill at this point. Organization announces data breach, sends out notices as required under state and/or federal law to those individuals that are affected, offers some kind of identity theft protection or credit monitoring service, awaits public criticism and backlash. The NLRB and the American Postal Workers Union (“AWPU”) apparently think that there should be an additional step when the data breach involves the personal information of employees who are covered by a collective bargaining agreement – bargaining over the effects of the data breach on, and the remedy to be provided to, the …

The U.S. Securities and Exchange Commission brings its first whistleblower enforcement action based upon an allegedly overbroad employee confidentiality agreement

Posted in Traps for the Unwary, Workplace Privacy

The U.S. Securities and Exchange Commission (SEC) has now brought its first whistleblower enforcement action against a publicly traded company under the Dodd-Frank Act of 2010 for utilizing an overly broad employee confidentiality agreement. Specifically, the SEC alleges that KBR, Inc., has violated the Act by implementing employee confidentiality agreements that “potentially discouraged” employees from becoming whistleblowers by reporting misconduct to the SEC. This is illegal under the Act, and specifically under SEC Rule 21F-17 which prohibits employers “from taking measures through confidentiality, employment, severance or other type of agreements that may silence potential whistleblowers before they can reach out …

Sony Data Hack: “You Can’t Lose What You Ain’t Never Had”

Posted in Workplace Privacy

Back in the 1960’s, legendary bluesman Muddy Waters wrote a song called “You Can’t Lose What You Ain’t Never Had.”

Now, it is Sony Pictures that is singing the blues, as damages continue to mount following the cyber attack on its data networks just before Thanksgiving. A shadowy group with possible connections to the North Korean government has claimed responsibility for the hack, which, to date, has resulted in exposure of Sony intellectual property (e.g., movie scripts), trade secrets (e.g., film budgets), employee personal information (e.g., employee and former employee home addresses and social …

Texas Federal Court decision illustrates need for BYOD policies

Posted in Workplace Privacy

Saman Rajaee was a salesman for Design Tech Homes. He used his personal iPhone to connect to his employer’s Microsoft Exchange Server, which allowed him to access his work-related email, contacts and calendar from his phone. Design Tech did not have a BYOD policy. When Rajaee’s employment terminated, Design Tech remotely wiped his phone, which deleted all of his data, including personal emails, texts, photos, personal contacts, etc.

Rajaee sued under the federal Stored Communications (“SCA”) and Computer Fraud and Abuse Acts (“CFAA”) as well as raising various state law claims. Design Tech moved for summary judgment on the federal …

The FCRA is the new FLSA

Posted in Workplace Privacy

Recent multi-million dollar settlements highlight the importance for employers of complying with the Fair Credit Reporting Act (FCRA). They also highlight that, when it comes to class action lawsuits in the employment-law context, the FCRA is the new FLSA!

The FCRA has very specific requirements employers must comply with if they engage a background check service providers (referred to as “Consumer Reporting Agencies” (CRAs) in the FCRA) to compile background reports on applicants or employees. These types of reports include credit reports, criminal background reports, and other reports that have any bearing on someone’s moral character or reputation. We have …

The latest surge in data breaches highlight key takeaways for employers

Posted in Traps for the Unwary, Workforce Strategies, Workplace Privacy

The recent data breaches at Target, Home Depot, and Jimmy John’s have kept data privacy and security in the news lately. But from a legal perspective, there has never been much that the victims of these breaches could do to obtain a remedy in the absence of actual proof of identity or other theft. Indeed, ever since the U.S. Supreme Court decision in Clapper v. Amnesty International, it has been clear that the mere potential for future injury is insufficient to confer standing on a data breach victim to sue. Instead, the plaintiff must prove that injury is “certainly …

Court holds employers not liable for employee defamatory online speech made using employer computers. Plaintiffs can’t take the money and run!

Posted in Social Media, Workplace Privacy

There seems to be a news story every day detailing employee misuse of social media. In fact, in a recent survey released by Proskauer Rose LLP, more than 70 percent of the 110 businesses surveyed reported they had to take disciplinary action against employees for misusing the technology.

Living in the U.S.A., we have grown accustomed to seeing corporate mis-tweets, where an employee accidently posts a personal tweet from a corporate account, and rogue employee cases, where an employee purposefully posts something inappropriate to a corporate social media account.

But now, introducing a new type of corporate social media …

Employers can learn from recent cases involving the Federal Trade Commission

Posted in Other Articles, Workplace Privacy

Two recent decisions – one from the federal district court in New Jersey and one from a federal Administrative Law Judge – potentially will have significant impact on the Federal Trade Commission’s (“FTC”) enforcement of business’s data security obligations.

FTC v. Wyndam Worldwide

In FTC v. Wyndham Worldwide Corporation, the New Jersey federal district court upheld the FTC’s authority to find that a business that has sustained a data breach has committed an “unfair trade practice” in violation of Section 5(a) of the Federal Trade Commission Act, 15 U.S.C. §45(a) when its privacy controls are found to be inadequate.  …

Sixth Circuit summarily rejects EEOC expert in Title VII challenge to credit history checks

Posted in EEO, Workplace Privacy

In a harsh rebuke of the EEOC’s method of attempting to prove that Kaplan Higher Education Corp.’s consideration of credit history for hiring in select positions was discriminatory, the Sixth Circuit, only three weeks after oral argument, issued a decision upholding the federal district court’s order excluding the EEOC’s expert opinion from evidence and dismissing the EEOC’s case.  The first sentence of the court’s opinion pretty much tells the EEOC all it needs to know: “In this case the EEOC sued the defendants for using the same type of background check that the EEOC itself uses.” Indeed, the EEOC alleged …

Availability of alzheimer’s blood test underscores employer need to maintain confidentiality of protected health information

Posted in Workplace Privacy

Recent media accounts (e.g. this report  — Blood Test Predicts Alzheimer’s Disease – by CNN ) suggest that medical researchers have discovered a blood test that will help identify whether people are likely to develop Alzheimer’s Disease in their lifetime with 90% accuracy. So far, the test only has been conducted on individuals who are over 70 years old, but researchers will begin seeing whether these promising results can be obtained on people in their 40’s and 50’s. These research findings are obviously welcome news, but raise many questions assuming the test becomes more universally available. Not the …

Happy Birthday to the FACTA! The Often Forgotten Law that Imposes Obligations and Provides Helpful Exceptions for Employer Background Checks and Workplace Investigations

Posted in Other Articles, Traps for the Unwary, Workforce Strategies, Workplace Privacy

It should be old hat by now: Employers who use a third party to conduct a background check on an applicant or employee for employment purposes must comply with the Fair Credit Reporting Act (FCRA). But what many employers do not know, or may have forgotten, is that the Fair and Accurate Credit Transactions Act (FACTA) also imposes upon them some obligations when conducting a background investigation. (A background of the FCRA’s general requirements for employers is necessary to understand the FACTA’s implications, which we have outlined for you here.)

So what is the FACTA? As of December 4, …

Court Holds That Employer Did Not Have “Possession, Custody or Control” of Text Messages Sent or Received on its Employees’ Personal Cell Phones

Posted in Workplace Privacy

In an employment race discrimination case, a federal court recently held that the defendant-employer did not have “possession, custody, or control” over text messages sent or received by its employees on their personal cell phones. The court denied the plaintiff’s motion to compel the production of these text messages because there was no evidence that:

  • the employer issued the cell phones to the employees;
  • the employees used the cell phones for any work-related purpose; or
  • the employer otherwise had any legal right to obtain employee text messages on demand.

Cotton v. Costco Wholesale Corp., Case No. 12-2731, slip op. …

Ohio Federal Court Permits Case Alleging Employer’s Accessing Of Former Employee’s Personal Emails To Proceed

Posted in Workplace Privacy

When we think about the issues that employers have been struggling with relating to employee use of personal mobile devices for work, thoughts of data security, trade secret protection, record retention, and even FLSA compliance immediately come to mind – or at least my mind. But, I bet you wouldn’t anticipate what allegedly happened in Lazette v. Kulmatycki, a case decided by the federal court in the Northern District of Ohio on June 5, 2013. In Lazette, the plaintiff alleged that, after plaintiff left her employment, she returned her company-issued blackberry (which she used and refers to in her …

Pick Your Poison – Violate State or Federal Law? Court Finds That Complying with State Law On Employee Criminal Background Checks Is Not a Defense to a Title VII Disparate Impact Claim

Posted in EEO, Workplace Privacy

I present on the topic of background checks often, and when it comes to Q&A time, I almost always get the question (or some variation of it): "How does Title VII come into play when an employer has state law requirements regarding criminal background checks?" In Waldon v. Cincinnati Public Schools, No. 1:12-CV-00677 (S.D. Ohio Apr. 23, 2013), the Southern District of Ohio shed some light on this particular employer predicament and demonstrates the potential for employment discrimination liability for employers who have overly broad exclusionary hiring policies based on past criminal conduct, even when those policies are required …

Technology Law Source 2.0

Posted in Porter Wright News, Workplace Privacy

We wanted to take a moment to share the redesigned Porter Wright Technology Law Source blog with you.

Technology Law Source is designed for readers to quickly and easily learn about concepts that cut across the traditional lines of intellectual property and extend to evolving technologies, as well as concerns with privacy and data security.

Our authors routinely update the blog to provide the latest news and information about a range of areas relating to the industry, including:

  • Copyright
  • Data breach
  • Data security
  • Database management
  • Electronic commerce
  • Electronic discovery
  • Electronic medical records
  • Enforcements, disputes, and litigation
  • HIPAA and HITECH Act

Twitter’s Vine Video App Is the Latest App to Sprout Social Media Risks for Employers

Posted in Workplace Privacy

There is no doubt you know what YouTube is, but do you know about Vine? Well, Vine is a video app released by Twitter earlier this year that allows users to capture and share short looping six-second videos to Twitter and allows the user to tag people in the post. The app is easy to use and works a lot like Instagram (many call it the Instagram of video). When you tweet from Vine, it embeds your looped video — or what looks like an animated GIF — in your tweet and includes sound. Videos from Vine’s Make-a-Scene app appear …

Court Rules Employer Cannot Force a Former Employee to Update LinkedIn Profile

Posted in Workplace Privacy

In today’s world of social media, we know that employees live online. With LinkedIn, this includes having a living resume for anyone with a LinkedIn account to see. The up-to-date part, or rather how up-to-date someone’s LinkedIn profile (or resume) is, has become somewhat of a concern.  The recent case of Jefferson Audio Video Sys. Inc. v. Light (W.D. Ky. May 8, 2013) demonstrates how the updating of a LinkedIn profile can become a concern for employers, particularly as it pertains to an employer’s former employees. 

Here is the situation: An employee leaves a company for whatever reason yet fails to update …

Facebook Account Deactivation Leads To “Spoliation Instruction”

Posted in Traps for the Unwary, Workforce Strategies, Workplace Privacy

Our colleagues over at Technology Law Source advise today of an interesting case in which a New Jersey federal court held that a plaintiff in a personal injury lawsuit failed to preserve relevant evidence when he deactivated his Facebook account and failed to reactivate it within fourteen (14) days – which according to Facebook’s terms and conditions renders the account’s contents irretrievable. As a result, the court found that the defendant was entitled to a jury instruction that permits the jury to infer that “the fact that a document was not produced or destroyed is ‘evidence that the party that …

Court Decides LinkedIn Ownership Case and Finds for Plaintiff But Refuses to Show Her the Money

Posted in Workplace Privacy

The infamous LinkedIn ownership case, Eagle v. Edcomm, is over, and for the plaintiff, Dr. Linda Eagle, it was a win and a loss. We told you about this case in the post: "In the Social Media Battle Over Who Owns a LinkedIn Account, the Greatest Threat is State Law Claims – How Employers Can Protect Themselves in Light of Eagle v. Morgan as 11 State Law Claims Proceed to Trial." The case did go to trial, and the Eastern District of Pennsylvania decided that while Dr. Eagle proved three claims against her former employer, Edcomm, she was …

Facebook Posts Not “Solicitation” Under Former Employee’s Restrictive Covenant Agreement

Posted in Business Competition, Workplace Privacy

Describing it as a “rather novel issue,” a federal court recently held that a former employee’s public posts on his personal Facebook page did not constitute solicitation of his former co-workers under the terms of his non-solicitation agreement with his former employer. [See Pre-Paid Legal Services, Inc. v. Cahill, No. 12-CV-346, Doc. 31 (Jan. 22, 2013), Report and Recommendation affirmed and adopted, Doc. 32 (Feb. 12, 2013)] The court further noted that invitations sent to former co-workers to join Twitter were not solicitations under the agreement because the invitations did not request the co-workers to “follow” the former employee, …

Social Media Privacy Makes Its Way to Capitol Hill

Posted in Workplace Privacy

Editors’ Note: Colleen Marshall, a Senior Attorney in Porter Wright’s Litigation Department, is also a widely-recognized, award-winning news anchor for Columbus’ NBC-affiliate, WCMH – 4. In a detailed interview with Porter Wright’s Sara Jodka last week, Colleen reports on the use of social media by employers: "You Can’t Delete Your Way Out Of Social Media."

As noted in a recent blog and in the news report mentioned above, 21 states have social media privacy legislation pending. But, social media privacy could soon be governed by an act of Congress.

Representative Elliot Engel (D-N.Y.) just introduced H. R. 537, the "Social Networking

Why You Can’t Delete Your Way Out of Your Social Media Mess

Posted in Traps for the Unwary, Workforce Strategies, Workplace Privacy

Naked pictures? Drunken celebrations? Sexist comments? A click of a button and all evidence of your "Weekend at Bernie’s" can disappear. Job seekers know to scrub clean their Facebook pages before they connect with potential employers, to remove all trace of their off-color on-line life. But here in Ohio you can’t delete your way out of the mess you created through social media. Employers can legally ask employees and recruits to surrender their social media passwords, and thanks to Facebook’s newly expanded access program, the result is a stunningly deep portal into private messages, deleted posts, photographs and everything you …