Employer Law Report : Employment and Labor Relations Lawyer & Attorney : Porter Wright's Employer Law Report : Employment Litigation, Non-Compete, Trade Secrets

I present on the topic of background checks often, and when it comes to Q&A time, I almost always get the question (or some variation of it): "How does Title VII come into play when an employer has state law requirements regarding criminal background checks?" In Waldon v. Cincinnati Public Schools, No. 1:12-CV-00677 (S.D. Ohio Apr. 23, 2013), the Southern District of Ohio shed some light on this particular employer predicament and demonstrates the potential for employment discrimination liability for employers who have overly broad exclusionary hiring policies based on past criminal conduct, even when those policies are required by state law.

In 2007, the Ohio legislature amended a state law to require criminal background checks of all current public school employees, including those not responsible for the care, custody, or control of children. (HB 190, eff. Nov. 14, 2007) According to the law, if an employee had been convicted of any of a number of specified crimes, no matter how far in the past they occurred, nor how little they related to the employee's present qualifications, the law required the employer to terminate the employee.

To comply with the law, in 2008 the Cincinnati Public Schools terminated 10 employees with criminal convictions, nine of which were African American. Two of those nine, Gregory Waldon, who was found guilty of felonious assault in 1979 and incarcerated for two years, and Eartha Britton, who was convicted in 1983 of acting as a go-between in a $5.00 marijuana deal, sued the school district alleging that the state law had a racially discriminatory impact on African Americans contrary to Title VII and comparable Ohio state law.

The Defendant filed a motion to dismiss asking the court to throw out Plaintiffs' suit claiming it simply followed Ohio law when it terminated their employment. The Defendant contended it maintained no particular employment practice that caused a disparate impact, and that it was a business necessity for it to follow Ohio law and that to force it to litigate the suit would force it to defend a criminal records policy it had no role in creating.

The terminated employees argued that Title VII trumps state law, such that their terminations were "unlawful employment practices" based on disparate impact" and that compliance with the state law was no defense because a violation is a violation. In Plaintiffs' view, "whether Defendant was complying in good faith to state law goes to the remedy the Court should ultimately craft, and not to whether the terminations were in violation of Title VII."

The court found that Plaintiff "adequately plead[ed] a case of disparate impact" and that there was "no question that Defendant did not intend to discriminate"; however, the court went on to note that "intent is irrelevant" in a disparate impact case and the practice it "implemented had a greater impact of African-Americans than others."

The biggest issue on briefing was whether Plaintiffs could even attack Defendant's facially-neutral policy based on the state law mandate. The court rejected "Defendant's view that the state law must 'purport' to discrimination in order to be trumped by Title VII. Such a view would gut the purpose of Title VII ...." Quoting Title VII, the court went on to note that an employer may defend against a prima facie showing of disparate impact only by showing that the challenged practice is "job related for the position in question and consistent with business necessity".

• Print
• Trackbacks
• Share Link

We wanted to take a moment to share the redesigned Porter Wright Technology Law Source blog with you.

Technology Law Source is designed for readers to quickly and easily learn about concepts that cut across the traditional lines of intellectual property and extend to evolving technologies, as well as concerns with privacy and data security.

Our authors routinely update the blog to provide the latest news and information about a range of areas relating to the industry, including:

• Copyright
• Data breach
• Data security
• Database management
• Electronic commerce
• Electronic discovery
• Electronic medical records
• Enforcements, disputes, and litigation
• HIPAA and HITECH Act compliance
• International law and regulation
• Internet law
• Legal issues in use of social media
• Online commerce
• Online marketing, advertising, and promotions
• Outsourcing
• Patent filing, prosecution, and enforcement
• Regulatory environment in privacy
• Trade secret protection and enforcement
• Trademark selection, enforcement, and brand protection
• Workplace privacy matters

We invite you to visit the blog, and let us know what you think.
 

• Print
• Trackbacks
• Share Link

There is no doubt you know what YouTube is, but do you know about Vine? Well, Vine is a video app released by Twitter earlier this year that allows users to capture and share short looping six-second videos to Twitter and allows the user to tag people in the post. The app is easy to use and works a lot like Instagram (many call it the Instagram of video). When you tweet from Vine, it embeds your looped video — or what looks like an animated GIF — in your tweet and includes sound. Videos from Vine’s Make-a-Scene app appear in expanded tweets and play automatically. Vine videos can also include different clips stitched together into one video, rather than just allowing one continuous shot. In introducing the app, Twitter said the "brevity of the videos ... inspires creativity."

Sounds fun, right?  Well, Vine already had a porn problem, and when employers hear the words "creativity" and "video" in the same sentence they get scared, and with good reason. It was only a matter of time until workplace videos started to pop up. In a recent article, "The Latest Social Media Concern for Employers", The Wall Street Journal focused on the app and how searching such terms as "bored," "work" or "hatework" brings up some troubling workplace postings. Examples include videos of employee venting about their employers, a uniformed employee smoking from a bong and another of an employee looking through what appeared to be confidential documents. You can take a look for yourself. Here are a few fun ones: #sick #job #work; #wishIWasWorkingForXbox; and #Job #bor3dness #work4it, which contains footage of warehouse employees appearing to attempt sexual relations with a shelving unit, running and screaming through the facility and playing with safety equipment.

Daniel A. Schwartz, an employment law attorney at Pullman & Comley LLC in Hartford, Connecticut and editor of Connecticut Employment Law Blog, has been on top of this issue from the get go and has written a couple of great posts on this subject, which include links to some Vine workplace videos. He also noted the dangers of this App and with smartphones in general in the WSJ article: “Employers who are just concerned about what their employees are just doing on Facebook are missing the bigger picture of how smartphones are infiltrating the workplace.”

Takeaways: New technologies like Vine are popping up (or sprouting if you will) at an ever increasing pace, particularly for mobile devices. As more and more employees are bringing their mobile devices to work, employers must stay on top of these technological developments not only to take advantage of them for their own marketing purposes, but also to ensure that their workplace policies apply as broadly as possible to cover all new technologies, such as Vine, as they develop. This includes implementing proper BYOD policies and training employees to make clear what employees are and are not allowed to share on Vine and other social media platforms. With that, I'll leave it to Mr. Schwartz because I think he summed it up best: “Vine is one of the fastest growing social networks. And people aren’t posting what they had for breakfast anymore.”
 

• Print
• Trackbacks
• Share Link

In today's world of social media, we know that employees live online. With LinkedIn, this includes having a living resume for anyone with a LinkedIn account to see. The up-to-date part, or rather how up-to-date someone's LinkedIn profile (or resume) is, has become somewhat of a concern.  The recent case of Jefferson Audio Video Sys. Inc. v. Light (W.D. Ky. May 8, 2013) demonstrates how the updating of a LinkedIn profile can become a concern for employers, particularly as it pertains to an employer's former employees. 

Here is the situation: An employee leaves a company for whatever reason yet fails to update his or her LinkedIn profile. To anyone who views the individual's profile or searches the company's name, the individual appears to be a current employee.

In Jefferson, the employer Jefferson Audio Video Systems, Inc. ("Jefferson") sued former employee Gunnar Light ("Light") in part because he said some pretty awful things about the company to a customer while employed and, in part, because he would not update his LinkedIn profile. So, how did that turn out for the employer? Not so well.

Jefferson hired Light as a Sales Manager. During a sales meeting with a customer, Light allegedly made some less-than-flattering statements about the company to the customer, including comments that Jefferson was "unorganized," that "they don't know what's going on," "they've made a mess of things," "I unfortunately am stuck with this Company that is very dysfunctional," and suggested that the fact that Jefferson had a business at all was "a miracle." While Light made the sale despite his employer bashing, the sale was for less than Jefferson had anticipated. Not surprisingly, when Jefferson became aware of Light's statements about the company, it fired him.

Jefferson sued Light alleging numerous state law claims including: defamation, tortious interference, breach of fiduciary duty, trade, disparagement, fraudulent misrepresentation, and breach of contract. Light moved to throw out Jefferson's lawsuit, and the court did.

Light’s failure to update his LinkedIn profile provided the basis for Jefferson's claim for fraudulent misrepresentation. Jefferson claimed that for several months following Light's May 9, 2011 termination, he "falsely represented on social media outlets, such as LinkedIn, that he held the position as ... International Managing Director after his date of termination." According to the opinion, Jefferson had contacted Light twice in May 2011 to request that he update his social media to indicate that he was not a current employee of Jefferson. Light responded that "he intended to promptly update his employment profile," but he did not change his information until after he received a third request in June, in which the company said it would file a formal complaint with LinkedIn.

The court found that Jefferson failed to plead the claim with the required particularity because Jefferson failed to "indicate it reasonably relied on Light's misrepresentation" and admitted as much in its response brief that it was "not asserting that it a was defrauded by Light but, instead, is making a claim that Light's fraudulent misrepresentation to the world damaged [Jefferson]." Because Jefferson failed to assert facts that it reasonably relied on Light's misrepresentation itself, a requirement to the claim, the court found the claim lacking and threw it out.

The company also attempted to argue that it was somehow advocating that Light committed fraud on potential third-party customers, but the court did not buy that argument either.

[C]iting no case law in support of its argument, [Jefferson] urges this Court to expand the scope of an actionable fraud claim by permitting it to assert a claim based upon third party rights. [Jefferson] wants to stand in the place of those customers with reference to the issues of intentional misrepresentation and reliance upon the same. While novel in its genesis, Kentucky courts have not recognized such an argument."

As an aside, the court's decision throwing out the employer's defamation claims is also instructive for employers because the court did a nice job of outlining what constitutes defamation in this setting and what does not. Here, the court tossed the employer’s defamation claims because it found Light's statement to be "protected expressions of opinion," which are not actionable as they are expressions that merely voice "subjective thought". So employers a caution: Statements of opinion, rather than fact, typically won’t provide a basis for a defamation claim.

Takeaways: Employers, while it is understandable that you do not want a terminated former employee holding out that he or she still works for you, it may not be worth your time to try to force the former employee to update their social medial through the courts. It might be more worthwhile to contact LinkedIn who may take up the issue with the user based on their user terms and conditions. In any case, if the saying "it's easier to find a job when you already have a job" is true, allowing a former employee to keep a "currently employed" status might allow your former employee to get a new job faster. The upside for you, it will stop unemployment payments to the former employee and, if the employee had a wrongful termination claim against you, it will stop any potential back pay from continuing to accrue. Another thought, you may include in the employee's offer letter and/or separation agreement a provision where the employee agrees to update all social media to reflect that he or she is no longer employed with the company no later than three days (or whatever you deem reasonable) after separation of employment for whatever reason.

• Print
• Trackbacks
• Share Link

Our colleagues over at Technology Law Source advise today of an interesting case in which a New Jersey federal court held that a plaintiff in a personal injury lawsuit failed to preserve relevant evidence when he deactivated his Facebook account and failed to reactivate it within fourteen (14) days – which according to Facebook’s terms and conditions renders the account’s contents irretrievable. As a result, the court found that the defendant was entitled to a jury instruction that permits the jury to infer that “the fact that a document was not produced or destroyed is ‘evidence that the party that has prevented production did so out of the well-founded fear that the contents would harm him.’” In short, the court concluded that the plaintiff’s permanent deactivation of his Facebook account prejudiced the defendant’s ability to refute his claim that he had sustained permanently disabling injuries. Although this is not an employment case, it is easy to see where this issue is likely to come up in workers’ compensation, employment discrimination and other employment law contexts. Because this type of jury instruction can be devastating to a plaintiff’s case, employer’s counsel should be sure to ask for this type of instruction when plaintiffs have deactivated their relevant social media accounts. You can find the full Technology Law Source post and a copy of the court’s decision in Gatto v. United Air Lines, Inc. here.
 

• Print
• Trackbacks
• Share Link

The infamous LinkedIn ownership case, Eagle v. Edcomm, is over, and for the plaintiff, Dr. Linda Eagle, it was a win and a loss. We told you about this case in the post: "In the Social Media Battle Over Who Owns a LinkedIn Account, the Greatest Threat is State Law Claims - How Employers Can Protect Themselves in Light of Eagle v. Morgan as 11 State Law Claims Proceed to Trial." The case did go to trial, and the Eastern District of Pennsylvania decided that while Dr. Eagle proved three claims against her former employer, Edcomm, she was not entitled to any monetary damages because she failed to prove any damages with reasonable certainty.

Get Caught Up to Speed – A Look at the Case Up to Trial

Here is how it all shook out prior to trial. Dr. Eagle founded Edcomm, Inc., and created a LinkedIn page that she used to promote herself and Edcomm. Dr. Eagle's former co-worker, who was named as an individual defendant in the lawsuit, assisted her in maintaining the account and, as a result, knew Dr. Eagle’s LinkedIn password. After Edcomm was later sold and Dr. Eagle terminated, the new owners changed Dr. Eagle’s LinkedIn password, removed her name and picture from the LinkedIn profile page, and represented that Dr. Eagle had resigned from the company. Essentially Edcomm pulled a bait and switch; it took the bulk of Dr. Eagle's LinkedIn profile and replaced it with its interim CEO's information while Dr. Eagle's "honors and awards" section and custom URL remained, i.e., Edcomm's interim CEO's profile was accessible “via linkedin.com/in/lindaeagle.” What would happen for people searching for "Linda Eagle" on LinkedIn is that they would be directed to Dr. Eagle's LinkedIn profile that contained Edcomm's new CEO's information.

Dr. Eagle sued her former employer for illegally taking control of and accessing her LinkedIn account in violation of the Computer Fraud and Abuse Act ("CFAA"); the Lanham Act (which prohibits a number of activities, including trademark infringement, trademark dilution, and false advertising) in connection with the company's unauthorized use of Dr. Eagle's LinkedIn account; unauthorized use of her name in violation of the Pennsylvania Constitution; invasion of privacy and misappropriation of identity; misappropriation of publicity; identity theft; conversion; tortious interference with a contract, i.e., the LinkedIn User Agreement; civil conspiracy; and aiding and abetting.

Edcomm countersued Dr. Eagle arguing that Dr. Eagle's LinkedIn connections belonged to the company and that Dr. Eagle stole the connections. Edcomm also claimed that Dr. Eagle subsequently reaped the benefit of the time and efforts it put into maintaining Dr. Eagle's LinkedIn account.

Early on at the motion to dismiss stage, the court threw out Edcomm's trade secret misappropriation claim because the information sought to be protected was generally known in the wider business community or capable of being easily derived from public information. The court found that LinkedIn connections are not trade secrets because they are generally known in the wider business community or are capable of being easily derived from public information.

At the summary judgment stage, the court threw out Dr. Eagle's CFAA and Lanham Act claims, which left eight of Dr. Eagle's state law claims and Edcomm's counterclaims that proceeded to trial.

The Decision

Dr. Eagle's Claims Against Edcomm

1. Unauthorized Use of Name in Violation of 42 Pa.C.S. § 8316

On Dr. Eagle's unauthorized use of name claim, Dr. Eagle argued that Edcomm violated 42 Pa.C.S. § 8316, which provides, “[a]ny natural person whose name or likeness has commercial value and is used for any commercial or advertising purpose” without written consent may recover damages. The court held that Dr. Eagle's name has commercial value, given her wide acclaim, e.g., she had invested time and effort in developing her reputation and was an authority in the area having authored publications, been quoted in others and presented at conferences. The court found that Edcomm “used” Dr. Eagle's name, derived commercial benefit from using Dr. Eagle's name to promote its business and, therefore, found for Dr. Eagle.

2. Invasion of Privacy by Misappropriation of Identity

Dr. Eagle's second claim was for invasion of privacy by misappropriation by identity. To be liable Dr. Eagle had to prove that Edcomm "appropriated to [its] own use or benefit the reputation, prestige, social or commercial standing, public interest or other values of plaintiff's name or likeness." Edcomm argued that it did not attempt to use Dr. Eagle’s likeness and credentials during the two-week period it had control of Dr. Eagle's LinkedIn account. The court found this argument disregarded Edcomm's actions in using Dr. Eagle's name to initially direct users to the page. In finding in Dr. Eagle's favor, the court found that Dr. Eagle had a privacy interest in her picture, resume, and name, and while the page contained Edcomm's interim CEO's information, the URL clearly contained Dr. Eagle's.

3. Misappropriation of Publicity

Dr. Eagle also charged Edcomm with misappropriation of publicity, another common law cause of action Pennsylvania recognizes. “A defendant violates a plaintiff’s right of publicity by ‘appropriating its valuable name or likeness, without authorization, [and using] it to defendant’s commercial advantage.’” This right grants a person an exclusive entitlement to control the commercial value of her name or likeness and to prevent others from exploiting it without permission. The court noted the difference between this tort and the tort of invasion of privacy by appropriation of name or likeness: “[T]he right of publicity protects against commercial loss caused by appropriation of a name or likeness. In other words, the invasion of privacy by appropriation of name or likeness is a personal right created to protect one’s privacy, while the right of publicity more closely resembles a property right created to protect commercial value.”

The court used the facts supporting its conclusion in favor of Dr. Eagle on her first two claims to also find that Edcomm misappropriated publicity. In other words, by using Dr. Eagle's password to enter the LinkedIn account, changing the password to keep Dr. Eagle out and altering the content on the account to reflect Edcomm's interim CEO's information, Edcomm deprived Dr. Eagle of the commercial benefit of her name.

4. Identify Theft

Dr. Eagle was not successful on her claim for identity theft against Edcomm. Dr. Eagle alleged that Edcomm committed the crime of identity theft, and was entitled to civil damages under 42 Pa.C.S. § 8315. Under Pennsylvania law: “A person commits the offense of identity theft of another person if he possesses or uses, through any means, identifying information of another person without the consent of that other person to further any unlawful purpose.” 18 Pa. Cons. Stat. § 4120(a).

In refusing to find for Dr. Eagle on this claim, the court noted that unlike her previous causes of action, identity theft requires some unlawful possession of a person’s identifying information. It found there was no such "identifying information." Here, Dr. Eagle’s name was publicly available and not unlawfully possessed. The LinkedIn account contained Edcomm's interim CEO's name, photograph, profile summary, experience, and education and only Dr. Eagle's “honors and awards," which the court found did not constitute “identifying information” to establish Dr. Eagle’s identity because no reasonable individual would doubt that the page belonged to the interim CEO and was describing her, even with Dr. Eagle's “honors and awards" noted.

5. Conversion

Dr. Eagle next argued that Edcomm hijacked her LinkedIn account and committed conversion. Under Pennsylvania law, “Conversion is a tort by which the defendant deprives the plaintiff of his right to a chattel or interferes with the plaintiff’s use or possession of a chattel without the plaintiff's consent and without lawful justification." The court noted that conversion is more limited when it comes to intangible property and will be extended to intangibles that are “customarily merged in, or identified with, a particular document (for example, a deed or a stock certificate).” Since the only item allegedly converted was a LinkedIn account, which is an intangible right to access a specific page on a computer, it was not a convertible intangible under Pennsylvania law and the court found for Edcomm.

6. Tortious Interference with Contract

On Dr. Eagle's next claim for tortious interference with her contract with LinkedIn, the court found for Dr. Eagle on the first three elements. The tort requires a plaintiff to prove (1) the existence of a contractual relation; (2) the defendant’s purpose or intent to harm the plaintiff by preventing the relation from occurring; (3) the absence of any privilege or justification on the part of the defendant; and (4) damages resulting from the defendant’s conduct. The court found that by entering Dr. Eagle's account and changing her password, Edcomm acted with purpose or intent to harm Dr. Eagle by preventing her contractual relationship with LinkedIn. Edcomm argued it had a privilege to enter Dr. Eagle’s account under its policy that it “owned” its employees’ LinkedIn accounts and could “mine” them for information upon departure of those employees. One problem for Edcomm on this argument ... it did not have any such policy. The next problem, the court noted that the LinkedIn User Agreement provides that it is the individual user who owns the account. It is notable that this finding misconstrues the relevant language in the User Agreement, which actually seeks to provide additional liability on an individual who uses LinkedIn on behalf of a company rather than provide a clear designation of ownership as the court's opinion suggests: “If you are using LinkedIn on behalf of a company or other legal entity, you are nevertheless individually bound by this Agreement even if your company has a separate agreement with us.” Nevertheless, Dr. Eagle's critical problem on this claim was that she failed prove the forth element of damages, though the court held its discussion on the issue.

7. Civil Conspiracy

In her seventh claim, Dr. Eagle alleged that the defendants conspired to gain unauthorized access to and misappropriate her LinkedIn account. To prove civil conspiracy, Dr. Eagle had to demonstrate: "(1) a combination of two or more persons acting with a common purpose to do an unlawful act or to do an lawful act by unlawful means or for an unlawful purpose; (2) an overt act done in pursuance of the common purpose; and (3) actual legal damage." The court found that Dr. Eagle did not succeed on this claim because she had failed to put forth any evidence regarding any of the individual Defendants. Since employees/directors/shareholders cannot legally conspire under the intra-corporate conspiracy doctrine, under Pennsylvania law, Dr. Eagle's claim failed.

8. Civil Aiding and Abetting

To prevail on her eighth claim for civil aiding and abetting, Dr. Eagle had to prove "(1) that an independent wrong exist; (2) that the aider or abettor know of that wrong’s existence and (3) that substantial assistance be given in effecting that wrong." The court denied her claim finding that while she established the existence of an independent wrong—i.e., misappropriation of publicity, invasion of privacy, and unauthorized use of name—she failed to put forth as to any of the individual defendants.

Edcomm's Counterclaims Against Dr. Eagle for Misappropriation of an Idea and Unfair Competition Fail

To counter, Edcomm argued that Dr. Eagle committed misappropriation when she continued to use her account. The tort of misappropriation of an idea has two elements: (1) the plaintiff had an idea that was novel and concrete and (2) the idea was misappropriated by the defendant. Edcomm argued that it decided to use LinkedIn as an indispensable sales and marketing tool and initiated a process by which its management would approve the content of Edcomm employee’s LinkedIn account and thus, invested substantial time and effort into its employees’ LinkedIn account and their development of contacts on those accounts. Edcomm argued that Dr. Eagle's act of taking back her account constituted misappropriation of an idea. The court disagreed because Edcomm never had a policy of requiring its employees to use LinkedIn, did not dictate the precise contents of an employee’s LinkedIn account, and did not pay for its employees’ LinkedIn accounts. The court cited again to the LinkedIn User Agreement, which provides that LinkedIn accounts are between LinkedIn and the individual user. Lastly, the court noted that Edcomm failed prove that Dr. Eagle’s contacts list was developed and built through the investment of Edcomm time and money as opposed to Dr. Eagle’s own time, money, and extensive past experience.

The court also denied Edcomm's unfair competition claim in which Edcomm claims that Dr. Eagle improperly misappropriated the content and connections of the LinkedIn account and improperly used the content to compete with Edcomm. Because Edcomm rested its unfair competition claim on its failed misappropriation claim, the court found in favor of Dr. Eagle.

Now For the Blow. Dr. Eagle Succeeded On Three Claims Against Edcomm! Announcer, Tell Her What She's Won!

In prefacing the damages issue, the federal court described its ruling as a “mixed bag,” and here is why. While it held that Dr. Eagle successfully proved three claims against Edcomm for unauthorized use of name, invasion of privacy by misappropriation of identity, and misappropriation of identity when it took over her LinkedIn account for two weeks, changed Dr. Eagle's password locking her out of her account, and posted her successor's information in place of hers, it also found that Dr. Eagle failed to put forth sufficient evidence of compensatory damages.

Earlier in the case, Dr. Eagle had claimed she lost $100,000 in lost business opportunities because she was unable to access her LinkedIn messages, spent money to regain access to her account, suffered damage to her reputation, and that the account lost value due to the disruption.

At trial, Dr. Eagle attempted to prove her damages through the testimony of Edcomm's former CEO and her current business partner and he tried calculate the damages caused Dr. Eagle's loss of access to her messages through her LinkedIn account, which amounted to two-weeks of complete loss and three-month partial loss. According to his testimony, Dr. Eagle had 4,000 LinkedIn contacts, which she had sold business. Using information from Dr. Eagle's lowest sales year, he valued each contact for the two-week period at $62, which equated with a total loss of $248,000, at a minimum. Using an average sales year calculation, he testified that Dr. Eagle's loss was $500,000.

The court found this evidence legally insufficient to establish damages to a reasonable certainty. First, the only evidence she produced was her own self-serving testimony that she regularly maintained business through LinkedIn, and Dr. Eagle did not point to a single contract, client, prospect or deal she lost because of her lack of access. The court went on to note that even if she had showed a "fair probability" of damage, she did not provide a reasonable fair basis for calculating her damages as her evidence was limited to non-expert testimony of Edcomm's former CEO, who testified without referring to any documentation. So, while the court found Edcomm liable on three claims, it awarded $0 in compensatory damages, and went on to award $0 in punitive damages because there was insufficient evidence that Edcomm acted with malice or reckless indifference.

Takeaways

The hard part about coming up with takeways from this case is paring them down.

• First and foremost, if you proceed with personality and publicity right lawsuit be able to demonstrate you have suffered an actual, compensable, monetary loss, or while you may win the "principle" portion of the lawsuit, you will lose the "show me the money" part.
• Second, while social media cases are interesting and a new frontier in law, it seems difficult to fit them into federal law claims (remember how Dr. Eagle's CFAA and Lanham Act claims did not survive summary judgment), trade secret claims (the information is on social media and publicly available after all), and be better suited for state court lawsuits. Employers beware, these personality and publicity right lawsuits appear to be the type of viable claims plaintiffs can assert in this area. Be sure to review the law in the states you operate to make sure that you are aware of these types of claims so you can take proper action to guard against any lawsuits.
• Third, before you make an argument, ensure you can back it up. Here, Edcomm argued its social media policy provided that Edcomm owned its employees' LinkedIn accounts, but there was never such a policy. Had Edcomm actually had such a policy, the results on those claims where it came into play may have come out differently, and also its counterclaims. Speaking of policies, if you are a company that has employees market your company through social media, have the relationship set forth in a contract that clearly provides that the company owns the account, that the employee agrees to relinquish the account upon separation of employment, and that the employee agrees that the company shall have all access information at all times.

• Print
• Trackbacks
• Share Link

Describing it as a “rather novel issue,” a federal court recently held that a former employee’s public posts on his personal Facebook page did not constitute solicitation of his former co-workers under the terms of his non-solicitation agreement with his former employer. [See Pre-Paid Legal Services, Inc. v. Cahill, No. 12-CV-346, Doc. 31 (Jan. 22, 2013), Report and Recommendation affirmed and adopted, Doc. 32 (Feb. 12, 2013)] The court further noted that invitations sent to former co-workers to join Twitter were not solicitations under the agreement because the invitations did not request the co-workers to “follow” the former employee, they did not contain any information about the new employer, and they were sent by Twitter instead of as targeted email blasts by the former employee.

Though the court found that the former employee’s social networking activities did not constitute solicitation under his agreement, it did enter a preliminary injunction against the former employee based on his direct solicitation of one of his former co-workers through a private in-person meeting and follow up text messages sent to the co-worker. The court entered the injunction until the issues could be presented to an arbitrator pursuant to the parties’ arbitration agreement.

• Print
• Trackbacks
• Share Link

Editors' Note: Colleen Marshall, a Senior Attorney in Porter Wright's Litigation Department, is also a widely-recognized, award-winning news anchor for Columbus' NBC-affiliate, WCMH – 4. In a detailed interview with Porter Wright's Sara Jodka last week, Colleen reports on the use of social media by employers: "You Can't Delete Your Way Out Of Social Media."

As noted in a recent blog and in the news report mentioned above, 21 states have social media privacy legislation pending. But, social media privacy could soon be governed by an act of Congress.

Representative Elliot Engel (D-N.Y.) just introduced H. R. 537, the "Social Networking Online Protection Act" that he says will protect both employees and job applicants from employer efforts to obtain passwords to private social media accounts. Unlike most laws currently being considered on the state level, Engel's bill would also protect passwords to email accounts. The bill is currently in the House Committee on Education and the Workforce, and makes a critical distinction between private accounts and social networking accounts owned by employers but maintained by employees in the course of employment.

Ohio Senate Bill 45, the Social Media Privacy Protection Act, is the most recent state effort to prohibit employers from gaining access to private electronic accounts, such as Facebook. Ohio 15th District Senator Charleta Tavares (D-Columbus) introduced the bill in an effort to prohibit employers, employment agencies, personnel placement services, and labor organizations from requiring an applicant or existing employee to surrender their personal password to a social media account. Senator Tavares says she views any effort to obtain an employee's passwords as an invasion of privacy. Similar bills were passed in 2012 in six states: California, Delaware, Illinois, Maryland, Michigan and New Jersey.

It is vital to note that none of the proposed legislation, either on the federal or state level, would stop employers from monitoring the electronic profile of employees and applicants by viewing publicly available social media. As we discussed previously, social media is broadly accepted as a legitimate tool to screen job applicants and make judgments about character and personality. Additionally, social media passwords would still be accessible through discovery in instances of litigation or during wage and hour disputes. Social media passwords are proving to be invaluable tools for discovery, especially in the labor and employment context, as explained to me by Porter Wright attorney Sara Jodka in a recent television interview.

Lawmakers are grappling with employers' right to know versus employees' right to privacy. And, as previously noted, you can't always delete your way out of the mess you create on social media. Additionally, some employees use their private electronic accounts as networking tools or to communicate with clients and vendors. Courts are currently being asked to decide whether executives or employers own Linked-in accounts that were created on company-owned computers. Disputes over passwords and twitter accounts are also making their way through the courts.

The outcome of these cases will be noted in future blogs because alerts will be sent to my personal phone, that is linked to professional calendars and email accounts owned by two employers, that are also available on my personal iPad, which is linked to my husband's business account that is connected to his phone and the laptop used for his S-Corporation. Wouldn't that make for interesting discovery?

A list of other states considering legislation to restrict employer access to private social media can be found here. 

• Print
• Trackbacks
• Share Link

Naked pictures? Drunken celebrations? Sexist comments? A click of a button and all evidence of your "Weekend at Bernie's" can disappear. Job seekers know to scrub clean their Facebook pages before they connect with potential employers, to remove all trace of their off-color on-line life. But here in Ohio you can't delete your way out of the mess you created through social media. Employers can legally ask employees and recruits to surrender their social media passwords, and thanks to Facebook's newly expanded access program, the result is a stunningly deep portal into private messages, deleted posts, photographs and everything you ever posted on your Facebook wall.

Where does an employer's right to screen applicants and monitor employee behavior end and personal privacy begin? It's a murky line drawn so far by only six states — and Ohio isn't one of them. After failing to win support for Senate Bill 351 in 2012, Ohio Senator Charleta Tavares will this month reintroduce her proposal to make it illegal for an employer to require an employee or potential employee to surrender their social media passwords. Tavares argues that employers should not be able to access personal thoughts and messages that employees never intended to be broadly distributed.

Tavares' legislation would not restrict employers from inspecting the social media that is readily available to an applicant's network of friends, and can legitimately help employers determine if a prospective employee would be a good organizational fit. Employers, for example, could still inspect your Facebook page, but they would do so without the personal password that gives them expanded access to your history and hidden files.

As we have noted in the past, whether such legislation really is necessary, however, is subject to debate. Few employers need — think law enforcement, finance and child care industries that require more in-depth screening — or want to delve deeply into their applicants’ or employees' personal lives, but employers and recruiters rightfully argue that social media is a valid screening method that can reveal both negatives and positives about potential hires. A recruit who is not on LinkedIn and has no professional social media presence can appear to be not relevant. Your social media profile can paint a flattering picture of your volunteer efforts, your professional affiliations and your networking capabilities. Conversely it can expose your poor grammar and your lack of judgment. What exactly were you thinking when you posted that picture of yourself, half-naked, with a beer bottle in one hand, a joint in the other, wearing a ball-cap that says "Female Body Inspector?" We've all seen such pictures.

Beyond the hiring process, however, employers should know that a wealth of information is available to them if they obtain that magic password for other purposes, particularly during discovery in matters involving disputes with current or former employees. Employers can use social media to great advantage in such cases. It is difficult to sustain a claim for disabling injuries, for example, when the employer displays recent photographs of your weight-lifting workout at the gym. One manager who denied a personal relationship with a subordinate happily posted romantic pictures and glowing descriptions of their encounters.

By obtaining the personal password of a volunteer, a recent test of the new Facebook access program provided an astounding amount of personal information, hidden files, private conversations, and remarkably every item ever posted on the user's Facebook wall dating back to her original sign-on date in 2008. In a printed format (with small font) the wall posts were nearly one thousand pages long. Surprisingly, even the private conversations the volunteer typed into pop-up message boxes, directed at individuals, were recorded and stored and resulted in 200 printed pages of "private" conversations. Every photograph the volunteer ever posted, every person the volunteer had deleted from her friend list, and all files the volunteer thought to be "hidden" were readily available. Specific devices used by the volunteer to log-on, the time spent on Facebook, and a list of every ad viewed by the volunteer over the past five years were also accessible. It is a stunning amount of information that can provide undisputable evidence, particularly in the labor and employment context.

A recent survey by Jobvite, a company that provides applicant tracking software, shows that 92% of employers are using or planning to use social networks as a recruiting tool this year.  Careerbuilder.com reports roughly 40% of employers are using social media as a screening tool, but there are no statistics that show how many employers require social media passwords to be surrendered.

Employers can establish a clear process that allows for legitimate inspection of a prospective employee's social media profile — without asking for personal passwords. A successful social media review process is one that minimizes the employer's chance for a charge of discrimination while allowing the employer to determine whether an applicant posesses reviewable, legal characteristics that make the applicant a good or bad fit for the company. You might wonder why the concern for a charge of discrimination comes in to play. Well, by just scanning an applicant's social medial profile, an employer can uncover a lot of information, and some of it is unlawful information for an employer to use or consider in the hiring process. This information includes an applicant's race, age, religious affiliation, national origin, gender, veteran status, pregnancy status, genetic information, sexual orientation (in some states and localities), and gender identify (some states and localities).

Successful policies usually include the following:

1. Layout Search Criteria: A standard written search policy that defines for the employer and the applicant what social medial sites will be searched and what information reviewed; e.g., engaging in hate speech, discriminatory conduct, criminal activity.
2. Put a Wall Between Reviewer and Ultimate Decision Maker: A two-tiered approach that provides for an initial screening of the social media before information is presented to the person who will make the actual hiring decisions. In turn, the reviewer will forward on to the ultimate decision maker only the information about the applicant that hit the employer's defined search criteria. This ensures that the person who makes the ultimate employment decision has never actually viewed the applicant's social media profile. This eliminates even the appearance that the applicant was hired or rejected on the basis of inadvertent access to legally protected information.
3. Document, Document, Document: You have a strict policy in place. Now prove it. Keep uniform records about what disqualifying information was obtained through the social media sites for use in the event a lawsuit ensues.
4. Stay True To Your Policy: Again, you have a strict policy in place — abide by it. Do not attempt to circumvent an applicant's privacy settings to collect more information about the applicant. This includes creating a false profile to gain access to the applicant's information or impersonating a "friend" for the same reason.

With proper guidance your social media policies can reflect the culture of your company, and will enhance — not ensnare — your workforce.

• Print
• Trackbacks
• Share Link

According to a news release issued by the university, a Kansas State University study to be published in the journal Computers in Human Behavior concludes that between 60 and 80% of the time spent by people on the internet at work has "nothing to do with work." The study, which was profiled this morning on The Today Show, suggests that "cyberloafers" come in all ages. According to one of the researchers, "Older people are doing things like managing their finances, while young people found it much more acceptable to spend time on social networking sites like Facebook."

Certainly, while the estimated percentage might be unexpectedly high to some, there is no doubt that workers are spending more time on the internet for personal reasons. The study goes on to note that employer electronic monitoring policies do little to change behaviors unless the policies are enforced. According to the news release announcing the study, "Researchers discovered that the only way to change people's attitudes is to provide them with information about other employees who were reprimanded."

The question I have is whether enforcement of these policies really discourages employees from surfing the web or whether it merely drives the behavior underground. My bet is that many – I won't say most – employees who fear discipline as a result of electronic monitoring at work will simply resort to using their personal electronic devices, which the employer will not be able to monitor. In my mind, the best way for an employer to ensure that workers are actually working is to monitor their actual work performance, both quantity and quality, and in the process it will catch most, if not all of its cyberloafers.

I'm not suggesting that electronic monitoring policies are bad or even ineffective; just don't ask them to cure more problems than they are capable of doing. Indeed, such policies are invaluable in making sure that employees are not accessing pornography or other material at work that may subject an employer to liability. These policies also can help prevent trade secret leakage or outright misappropriation. But to think that enforcing these policies, without more, will deter most employees from shopping on Amazon.com or checking Espn.com for the latest trade rumor in my opinion is a bit naïve and maybe even somewhat counterproductive.

Even the researchers noted that the strategy can have negative consequences in the workplace and can lower morale. Indeed, in many work environments where employees are one dinner time cell phone call away from being back on the clock, it is not entirely unreasonable to think that some employees will conduct some personal business while at work. In addition, some studies have suggested that occasional personal use of the internet while at work might help recharge employees' batteries and keep them more focused on their jobs.

I'm all for enforcing electronic monitoring policies at work; let's just not ask them to do too much. Now, if you don't mind, there is this set of golf clubs that I saw on the internet last night….

• Print
• Trackbacks
• Share Link

The Internet is burning up this morning with the story of an Applebee's waitress who was fired for posting on Reddit, a social news and entertainment site, the receipt from a customer who gave her no tip on a $35.00 check, writing "I give God 10% why do you get 18?" Unfortunately, the waitress did not obscure the customer's signature when she posted a picture of the receipt, which naturally set off a firestorm of Reddit users and others on the Internet attempting to identify the customer. The customer apparently then contacted Applebee's and demanded the waitress's termination.

While there is plenty of reason to sympathize with the waitress, particularly if the facts are as represented here and here, it is hard to fault Applebee's for its decision at least to discipline the waitress. As I see it, this was an individual gripe by the waitress, so no concerted protected activity for the NLRB to get riled up about and, regardless of whether he deserved it or not, she created at least one really unhappy customer.

• Print
• Trackbacks
• Share Link

The summary judgment decision issued on October 31st by Ohio federal district court judge David Dowd in Barnett v. Aultman Hospital contains important reminders for both private employers and their employees. For employers, there is the reminder that they are not bound by the First Amendment's protections for free speech. And for employees: Always remember to confirm that your supervisor actually has been fired before going to Facebook to celebrate.

In January 2011, after receiving the erroneous information that her supervisor had been fired, the plaintiff, Wendy Barnett, a registered nurse at Aultman Hospital sent an email through Facebook to nine current and former hospital employees (and others) that according to the court, read as follows:

Lisa got officially ax (sic) today! I am singing DING DONG THE WITCH IS DEAD THE WICKED WITCH, DING DONG THE WICKED WITCH IS DEAD.

How poetic this comes the same day Sexton died, I would much rather get f..cked up the ass with hot pepper than endured what that souless (sic) bitch put me through for 4 years...including turning me into the board...God does grind a fine mill when revenge is taken on by him...back when I was off due to drug accusations and praying, and praying, never would I have imagined she lose (sic) her job, marriage, and family, friends all at the same time! Karma Now I should tell you how I really feel!

Love and fuzzies, Wendy

As inevitably happens in this kind of situation, the email was given to the supervisor who sent it on further and eventually an investigation was initiated. When confronted with the email, Ms. Barnett denied that she had typed it and intimated that someone had hacked into her Facebook account. Ms. Barnett was suspended pending the results of the investigation. While Ms. Barnett continued to push her hacking theory, the investigation worked its way back to the employee who originally gave the email to the supervisor. She confirmed that Ms. Barnett had admitted to sending the "celebratory" email. Another employee came forward and offered to show the investigator text messages she had received from Ms. Barnett. Although she was unable to retrieve the text messages, she confirmed that they said something along the lines of, "The witch is dead… Lisa got fired."

As the investigation proceeded, Ms. Barnett contacted the hospital's employee responsible for processing leaves of absences for FMLA paperwork. Meanwhile, apparently unaware of the FMLA request, the investigator and the hospital's vice president of human resources decided to terminate Ms. Barnett for dishonesty pursuant to its employee handbook. Plaintiff was specifically told she was not being terminated because of the content of the email, but rather because she had repeatedly lied about sending it. Ms. Barnett was given the opportunity to resign, which she accepted, but still had the audacity to maintain the lie about sending the email. (She later came clean at her deposition.)

Ms. Barnett's subsequent lawsuit against the hospital claimed that she was terminated in violation of Ohio's public policy protecting freedom of speech, and for FMLA interference and retaliation. The court had no trouble dispensing with each of these claims. First, the court noted that there is no clear public policy forbidding private actors from restricting free speech. Instead, the First Amendment guarantee of freedom of speech is a restraint on governmental actors only. Therefore, the court concluded that the guarantees of freedom of speech under the federal and state constitutions cannot provide the basis for a public policy exception in a wrongful discharge claim in the absence of state action.

Moving on to the FMLA claims, the court noted that Ms. Barnett's only claimed interference was that the hospital failed to provide her with notice as to whether the leave requested would be counted as FMLA. Of course, as the court also commented, the period of time had not expired as of the date that Ms. Barnett offered her resignation. Furthermore, the court noted that Ms. Barnett was not harmed by any failure to provide her the requisite notice because she had already been terminated.

Finally, the court also disposed of Ms. Barnett's retaliation claim based on the evidence presented that demonstrated that the decision to terminate her was made without any knowledge that she was attempting to pursue an FMLA claim. In addition, relying on a Sixth Circuit decision in Gipson v. Vought Aircraft Industries, Inc., the court held that an employee may not insulate herself from termination by "opportunistically invoking the FMLA."

Though the result of this case was rather predictable to everyone other than apparently Ms. Barnett and her counsel, it probably does bear emphasizing that:

1. An employee of a private employer has no automatic right to freedom of speech.
2. In this case, the hospital was best served by terminating Ms. Barnett based on her dishonesty. This decision probably helped avoid disputes over whether other similarly situated employees had not been terminated over similar comments about their supervisor. (No, I don't think that the email would have been protected by Section 7 of the NLRA, had Ms. Barnett filed an unfair labor practice charge.)
3. Offering an employee the opportunity to resign rather than accept being terminated does not always avoid a lawsuit, which can be based on a constructive discharge theory.
4. There is nothing that is beyond the capabilities of some employees.

• Print
• Trackbacks
• Share Link

As we reminded you last month here, the Consumer Financial Protection Bureau ("CFPB"), the agency that has enforcement responsibility over the Fair Credit Report Act ("Act"), revised the forms which employers must use to comply with the FCRA, effective January 1, 2013. There was only one little problem with the forms the CFPB provided for use: They contained various typos and technical errors that the CFPB now has recognized in its Supplementary Information in the November 14, Federal Register Notice.

The forms at issue:

• The Summary of Consumer Identity Theft Rights;
• Summary of Your Rights Under the Fair Credit Reporting Act, which employers are required to provide to applicants and employees with the FCRA disclosure and authorization form when the employer procures an investigative consumer report and with any pre-adverse action notice sent when an employer intends to rely in whole or in part on information contained in a background check report to make an employment decision;
• Notice of Furnisher Responsibilities, which background check providers must provide to certain furnishers of information; and
• Notice to Users of Consumer Reports: Obligations of Users Under the FCRA, which background check providers must give employers who procure background check reports.

These forms appear, respectively, in Appendices I, K, M and N of Regulation V, and the new corrected forms are available here.

The good news for those employers who have already transitioned to the forms that were published in December 2011, the CFPB says it will regard the use of the originally-published model forms, typos and technical errors notwithstanding, “to constitute compliance with the FCRA provisions requiring such forms and will regard those forms to be substantially similar to the corrected forms” until it directs otherwise. The CFPB further states that it plans to so advise, and to provide sufficient time to allow for orderly discontinuation of the December forms, when it issues a final rule to restate Regulation V in 2013.

Takeaways. For employers that have not yet started using the new FCRA forms, make sure you use the newly-corrected ones available above. For employers that already transitioned to the originally-published model forms, consider transitioning to the correct model forms as it is unclear how must advance notice the CFPB will give before ending its grace period.
 

• Print
• Trackbacks
• Share Link

By now, you should know that the Equal Employment Opportunity Commission ("EEOC") has issued “Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions”, which is designed to restrict criminal background checks by employers, but you may not know that enforcement responsibility for the Fair Credit Reporting Act ("FCRA") has been transferred from the Federal Trade Commission to the recently created Consumer Financial Protection Bureau ("CFPB").

The FCRA, of course, is the federal law that imposes requirements on employers who use third party Consumer Reporting Agencies ("CRA's") to obtain “consumer reports" (i.e., background check, reference check, credit check) and "investigative consumer reports" (i.e., a consumer report where information regarding character, general reputation, personal characteristics, etc is obtained through personal interviews) on prospective or current employees.

What this means for employers is that they should expect heightened scrutiny on their FCRA compliance. The FCRA requires employers who use CRA's to do their background checks to go through a four-step process, using federally-mandated forms. One of the CFPB's first steps in its role as chief enforcer of the FCRA, was to revise that forms which employers must use, effective January 1, 2013.

The three notices the CFPB revised, which are available in Appendices K, M and N to 12 C.F.R. part 1022, are summarized as follows:

• A Summary of Your Rights Under the FCRA: CRAs must provide this form to employers and employers must provide this form to prospective employees and current employees when either will be subject to an investigative consumer report or when a pre-adverse action notice is sent.
• Notice to Users of Consumer Reports: Obligations of Users Under the FCRA: CRAs must provide this form to their employer-clients.
• Notice to Furnishers of Information: Obligations of Furnishers Under the FCRA: CRAs must provide this notice to certain furnishers of information.

The forms CRAs and employers are to continue to use until January 1, 2013 are available in Appendices F, G and H to 16 C.F.R. part 698.

Below is a summary of the four steps and, more helpful, how the CFPB's changes to the FCRA impact each step and when the new notices are required:

Step 1: Certification to the Consumer Reporting Agency

A CRA may furnish a consumer report for employment purposes only if the employer certifies to the CRA, among other things, that:

• It notified the prospective employee or current employee clearly and conspicuously and in writing that a consumer report is being requested for employment purposes;
• It obtained writing authorization from the prospective employee or current employee allowing the employer to obtain a copy of the report;
• It will use the information for a "permissible purpose" only, this includes employment purposes;
• It will comply with the conditions for adverse action should adverse action be taken against the applicant; and
• Information from the consumer report will not be used in violation of any applicable Federal or State equal protection laws or regulations.

Once a CRA is engaged to conduct a consumer report, it must provide their employer clients with a copy of the Notice to Users of Consumer Reports: Obligations of Users Under the FCRA.

Step 2: Notice and Authorization from the Applicant

Next, an employer must inform the prospective employee or current employee that it might use information in his or her consumer report for decisions related to employment. The employer must also obtain written permission from the prospective employee or current employee and this must be in a clear and conspicuous manner.

In addition to the obligations above, if the employer wants an "investigative consumer report," as defined above, it must also inform the applicant that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the prospective employee or current employee not later than three days after the date on which the report is first requested. The notice must clearly and accurately disclose to the applicant in writing that an investigative consumer report may be made. This disclosure must include a statement informing the prospective employee or current employee of his or her right to request additional disclosures of the nature and scope of the investigation, and must include the A Summary of Your Rights Under the FCRA and that, upon the written request of the applicant made within a reasonable period of time after the disclosures required above the user must make a complete disclosure of the nature and scope of the investigation that was requested. Should an prospective employee or current employee contact the employer in writing, and request information about the nature and scope of the investigative consumer report, the employer must supply this information within five days of the date on which the employer received the prospective employee or current employee's request or the date on which the report was requested, whichever is later.

Step 3: Pre-Adverse Action Protocol

If an employer might use information from a consumer report, in whole or in part, to take an “adverse action” — it must give the prospective employee or current employee (1) a copy of the report; and (2) a copy of A Summary of Your Rights Under the FCRA before taking the adverse action.

If, however, the consumer report does not influence the employer's adverse action in whole or in part, the employer has no duty to forward a copy of the report of a summary of consumer rights to the applicant at the pre-adverse action stage.

The rights as explained in A Summary of Your Rights Under the FCRA include giving the prospective applicant or current employee the opportunity to contact the employer and the CRA to dispute or explain information in the report that the prospective applicant or current employee believes is inaccurate or incomplete to give the prospective applicant or current employee the opportunity to see the report that contains the information that is being used against them. If the report is inaccurate or incomplete, the prospective applicant or current employee then has the opportunity to contact the CRA to dispute or explain what is in the report.

Step 4: Adverse Action Protocol

If, after waiting the requisite amount of time, the employer decides to take an adverse action (i.e., deny the applicant's application for employment or terminate an employee) it must inform the prospective employee or current employee orally (though this is highly discouraged) or in writing, which can be electronically, of the adverse action and of the following, statutorily required information, that includes:

• The name, address, and phone number of the CRA that supplied the consumer report;
• A statement that the CRA that supplied the information did not make the decision to take the adverse action and cannot give any specific reasons for it; and
• A notice of the employee's right to dispute the accuracy or completeness of any information in the applicant's report and to get an additional free report from the company that supplied the credit or other background information if the applicant requests it within 60 days.

Takeaways

• Get Ready to Change Your Forms. Before January 1, 2013, when conducting criminal screens of applicants and employees, employers should start using the new FCRA Summary of Rights when they: (1) provide the form with required disclosures for investigative consumer reports; and (2) enclose it when they give the applicant or employee a "pre-adverse action" notice.
• Do not forget your state laws. Many states have their own laws governing this issue. Some are in line with the FCRA, however, some are not and have additional requirements for employers seeking to obtain background reports (e.g., California, Connecticut, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, New Jersey, New York, Oklahoma, Oregon, Washington, and Vermont).
• Lastly, keep an eye on your state's laws on this issue, including "ban the box" laws that prohibit asking about criminal arrests on applications. New laws on this issue are popping up all the time. Take Vermont, for example, that passed Vermont Act No. 154, effective July 1, 2012, which added a new section to Vermont’s Fair Employment Practices statute prohibiting employers in Vermont from failing or refusing to hire or recruit; discharge; or for otherwise discriminating against an individual with respect to employment, compensation, or a term, condition, or privilege of employment because of the individual’s credit report or credit history or even inquire about an applicant’s credit report or history unless the position of employment involves access to confidential financial information and/or if the position of employment involves access to an employer’s payroll information. Or Indiana, whose House Bill 1033, also effective July 1, 2012, restricts the types of criminal history information employers and CRAs can obtain from Indiana state court clerks and the types of criminal history information that CRAs can report to employers in background reports.

• Print
• Trackbacks
• Share Link

Who owns a social media account that an employee sets up for the purpose of promoting her employer's business? In Eagle v. Morgan, the federal district court for the Eastern District of Pennsylvania became one of the first courts to address the issue of ownership of employer social media accounts. Now, 11 state-law claims related to this issue are slated for trial next month. Here's what employers need to know about what claims didn't make it, which ones did, and how they can protect their online presence.

The Factual Background. In Eagle, the employee, Dr. Linda Eagle, founded Edcomm, Inc. and then created a LinkedIn page that she used to promote herself and Edcomm. Dr. Eagle's former co-worker, who was named as an individual defendant in the lawsuit, assisted her in maintaining the account and as a result, knew Dr. Eagle’s LinkedIn password. After Edcomm was subsequently sold and Dr. Eagle terminated, the new owners changed Dr. Eagle’s LinkedIn password, removed her name and picture from the LinkedIn profile page, and represented that Dr. Eagle had resigned from the company. All other information was left unchanged. Edcomm claimed that Dr. Eagle's LinkedIn connections belonged to the company and that Dr. Eagle stole the connections. Edcomm also claimed that Dr. Eagle subsequently reaped the benefit of the time and efforts it put into maintaining her LinkedIn account.

Dr. Eagle sued her former employer for illegally accessing her LinkedIn account in violation of the Computer Fraud and Abuse Act ("CFAA"); the Lanham Act (which prohibits a number of activities, including trademark infringement, trademark dilution, and false advertising) in connection with the company's unauthorized use of Dr. Eagle's LinkedIn account; unauthorized use of her name in violation of the Pennsylvania Constitution; invasion of privacy and misappropriation of identity; misappropriation of publicity; identify theft; conversion; tortious interference with a contract, i.e., the LinkedIn User Agreement; civil conspiracy; and aiding and abetting.

In terms of damages, Dr. Eagle claimed she lost $100,000 in lost business opportunities because she was unable to access her LinkedIn messages – she went approximately 22 weeks without access; that she spent money to regain access to her account; suffered damage to her reputation; and that the account lost value due to the disruption.

Faced with Dr. Eagle's lawsuit, the company filed a counterclaim and claimed, in relevant part, that Dr. Eagle misappropriated trade secrets, i.e., the LinkedIn account it claimed belonged to the company; violated the CFAA; engaged in unfair competition; and misappropriated an idea under Pennsylvania common law.

• Print
• Trackbacks
• Share Link

In a case that vividly demonstrates how employers are vulnerable to insider cyber attacks, a recent federal court decision out of the Southern District of Ohio addressed the scope of federal statutes designed to address such activity. In Freedom Banc Mortgage Services, Inc. v. O'Harra, the plaintiff's complaint alleged that an employee began remotely downloading software programs on 27 of the employer's computers and five servers. Through these programs, O'Harra, with the assistance of others, allegedly was able to access the employer's employees' email accounts, deleted hundreds of email from these accounts, uninstalled the employer's security camera, deleted pictures that the camera had recorded, and monitored employee Blackberry usage, among other activities. As a result of these unauthorized intrusions into the plaintiff's computer system, the plaintiff's computers began to operate slowly and eventually, 22 computers and three servers became inoperable. The plaintiff alleged that it lost business, productivity, and revenue as a result of the damages to its computers and, in December 2010, ceased business operations.

Freedom Banc filed its complaint against O'Harra and her alleged accomplices alleging violations of the federal Computer Fraud and Abuse Act ("CFAA"), the Stored Communications Act ("SCA") and state law tort claims of trespass to chattels, conversion and conspiracy. In response, the defendants moved for dismissal. With respect to the CFAA count of the Complaint, the court rejected each of O'Harra's arguments that attacked the statute's applicability. First, O'Harra argued that the computers at issue were not "protected computers" within the meaning of the CFAA, but the Court concluded, as have virtually all courts that have addressed this issue, that any computer that is connected to the Internet is "protected" for purposes of invoking the CFAA. Next, O'Harra argued that for the CFAA to apply, the plaintiff must allege damages of at least $5,000 caused by a single unauthorized intrusion into a protected computer. Again, the Court had little difficulty rejecting this argument and found that the plaintiff's alleged damages of at least $5000 in the aggregate was sufficient to invoke the CFAA's protection.

The Court also permitted the plaintiff's state law tort claims to proceed. The Court concluded that the plaintiff's complaint sufficiently pleaded a trespass to chattels claim by alleging that O'Harra deprived plaintiff of the use of its computers and impaired those computers as to their condition and value. Similarly, plaintiff's complaint also alleged a cause of action for conversion by alleging that O'Harra downloaded software programs onto plaintiff's computers that gave them "complete access to and control over” plaintiff's email accounts and security camera, among other things, and by alleging that the defendants deleted hundreds of email messages from plaintiff's email accounts, deleted photographs from plaintiff's security camera, and continued to access and initiate contact with plaintiff's computers until they were ultimately rendered inoperable. Finally, the Court upheld the conspiracy count of the complaint based on the allegations that O'Harra conspired with her co-defendants in a "malicious combination" to gain unauthorized access to the plaintiff's computer systems.

• Print
• Trackbacks
• Share Link

On Thursday May 24, 2012, State Senator Charleta Tavares of Columbus introduced a bill that would prohibit employers from asking applicants or employees for their social media password. The bill follows a trend started in Maryland and followed by at least 11 other states (plus Congress) that would prohibit this employer practice.

Is this legislation necessary? Well, I was asked this question on 10TV in Columbus last Thursday night and my answer was an emphatic "No!" Though this type of legislation seems to be "trending" nationwide, the examples of employers that actually require their applicants or employees to turn over their passwords are actually few and far between. Indeed, the two employers that were outed by the press in recent years for this requirement -- the City of Bozeman, Montana, and the Maryland Department of Corrections (both public employers, incidentally) -- were deluged by so much negative press and public outcry that they stopped the practice.

This is not to say that employers don't have valid reasons for reviewing applicant and employee social media activity. They most certainly do. But in most industries, they don't have any real need or obligation to look through anything other than what the individual makes public through their chosen privacy settings. In those limited instances where an employer may have a legitimate need to inquire further -- think law enforcement, financial sector and daycare settings, for instance -- they should be able to ask applicants for access to their Facebook pages. It's up to the applicant to decide whether to provide it.

In addition to the court of public opinion, there are other reasons for employers not to ask for social media passwords. Identifying, recruiting and retaining qualified employees is difficult enough for employers without creating a "Big Brother" environment that inevitably will turn off applicants and employees who don't want to work in that kind of environment for fear that petty indiscretions on their Facebook pages will hamper their employment opportunities.

• Print
• Trackbacks
• Share Link

Here is one more potential advantage of using independent contractors rather than employers that so far has flown below the radar screen.  According to a federal district court in Wisconsin, the Fair Credit Reporting Act's disclosure obligations do not apply to independent contractor relationships.

When EMS Energy Marketing Service, Inc., terminated Phillip Lamson based on the results of a background check, it failed to provide him with a copy of the report or the written description of his rights under the FCRA as required by the Federal Trade Commission.  Lamson sued, alleging that his termination violated FCRA.  The Court concluded, however, that FCRA did not apply because Lamson was hired as an independent contractor.  In reaching this conclusion, the court stated that the unambiguous language of the authorization and disclosure sections of FCRA applies to use of a consumer report for the purpose of “evaluating a consumer for employment, promotion, reassignment or retention as an employee.” (emphasis added).

Because EMS did not obtain the consumer report to evaluate Lamson for a position as an employee of EMS, the court granted EMS's summary judgment motion-- but not before evaluating whether Lamson's relationship with EMS actually met the criteria for independent contractor status. The court evaluated the applicability of three different tests before settling on a common law test that the court concluded was met by EMS.

So where does this decision leave businesses? Among the many reasons why a business may choose to use independent contractors, avoiding FCRA liability is probably way down the list. Nevertheless, the court's decision in Lamson vs. EMS Energy Marketing Service, Inc., adds an interesting new wrinkle to the analysis.

• Print
• Trackbacks
• Share Link

Many employers may be surprised to learn that the ADA's prohibition of medical examinations treat alcohol tests differently from tests for illegal drugs.

Under the ADA, employers may not require employees to undergo medical examinations or inquiries unless they are job-related and consistent with business necessity. Unlike tests for illegal drug use, the EEOCs' enforcement guidance considers "blood, urine, and breath analyses to check for alcohol use" to be a medical examination under the ADA. Case law is sparse, but courts have generally followed the EEOC guidance.

So, if employers want to ensure their workers aren't under the influence of alcohol, what should they do? 

• The ADA allows employers to administer alcohol tests or other medical examinations where required by another federal law or regulation. An often-cited example is Department of Transportation (DOT) regulations that require safety-sensitive transportation employees undergo regular drug and alcohol testing.
• Even if their employees don't fall within an exception like the DOT regs, employers may still implement and enforce policies that prohibit employees from working under the influence of alcohol. They may administer alcohol tests to enforce such a policy when "job related and consistent with business necessity."
• Medical examinations like alcohol tests are job related and consistent with business necessity when the employer has objective medical evidence or reasonable suspicion that the employee's ability to perform his essential job functions is impaired, or the employee is a direct threat to himself or others.
• When conducting an investigation into an employee's use of alcohol on the job, an employer may always ask the employee if he has been drinking. If an employee admits to drinking in violation of the employer's policy, it may not be necessary to administer an alcohol test.

To stay within the strictures of the ADA when testing for alcohol use, employers are best-served by treating each situation case-by-case and avoiding blanket "one-size-fits-all" testing policies. Consideration should be given to the signs of the employee's impairment, any observed impact on their essential job functions or performance, and what else may explain his behavior beyond alcohol use. Internal guidance and training on the signs of alcohol impairment may also be appropriate.
 

• Print
• Comments
• Trackbacks
• Share Link

It seems like everyone is tweeting these days, including employees and often as a part of their jobs. For employers whose employees are using Twitter, Facebook, blogs, or other social media as a part of their jobs, they may want to examine who owns the accounts.

A mobile phone review website, PhoneDog, is suing a former employee over his Twitter account. While employed at PhoneDog Noah Kravitz created a Twitter account, which he named "@Phonedog_Noah" and from which he tweeted on a variety of professional and personal topics. According to media reports, Kravitz apparently was not hired to do tweeting on behalf of his employer, which did not even know his password. When he left Phonedog for new employment, he took his Twitter account with him when he left the Company and changed the name to “@noahkravitz,” retaining all of his followers. The Company claims that taking the Twitter account, which he previously used as a part of his job at PhoneDog was the equivalent of taking its property and trade secrets. This month, a judge held that the case presents an issue for trial.

Businesses are beginning to see value in the followers and fans of individual employee social media accounts that are used for professional purposes. As this case demonstrates, merely including the company name in the Twitter account name may not be enough to designate the account as company property. With worker mobility being what it is today, this issue is bound to come up frequently in the future, not only with Twitter, but other social media sites such as LinkedIn. It seems that employers are far better off establishing who owns these accounts from the outset through company policies or agreements and drawing clear lines about what is an “official” company social media account and what is an employee’s personal social media account, especially in a world where those lines are increasingly blurred.
 

• Print
• Trackbacks
• Share Link

More and more these days it seems like the obligations of being a lawyer, husband, father, son, sports fan, etc, get in the way of blogging. As a result, I end up accumulating a number of worthwhile topics for blog posts that end up in the discard pile. Twitter helps keep the backlog to a minimum, but I really don't know how many of you actually follow me @briandhallesq (hint, hint). So, while I am by no means committing to make this a regular feature of Employer Law Report, I will now clear – in no particular order -- my backlog for the month:

According to a Wall Street Journal article, a recent lawsuit seeks a declaration from the New York Department of Labor that putting a GPS tracker on an employee's family car to uncover time sheet violations was a violation of the state constitution's guarantee against unreasonable searches and seizures. According to the lawsuit, the monitoring continued during evenings, weekends and a family vacation. This won't turn out well for the employer.

An Ohio appellate court has upheld a physician's non-compete agreement that prohibited him from engaging in a hematology or oncology practice in his former employer's "primary service area." This decision continues the Ohio trend of upholding physician non-competes and Ohio courts have repeatedly rejected the argument that covenants are not enforceable against physicians solely because they impair patients’ choice.

• Print
• Trackbacks
• Share Link

As you have probably noticed, the interaction between social media and federal labor law has been one of this blog's favorite topics, which we have addressed on multiple occasions. On August 18, 2011, the National Labor Relations Board's Acting General Counsel ("AGC") issued a report that summarizes the General Counsel's Office's view on a variety of cases in which Regional Directors sought advice on social media issues and therefore provides excellent guidance to employers. With one exception, the topics addressed in the Report fall into two broad categories:

1. First, the Report addresses when an employee's social media activity is protected concerted activity under the National Labor Relations Act ("NLRA"), which may not be restricted by the employer.
    
2. Second, the Report addresses the extent to which employers' social media policies in general are so overly broad that they could be reasonably construed to prohibit employee rights to engage in concerted activity. The one exception addressed the question of union coercion of employees of a non-union employer. In that case, the union attempted to coerce the employees by making them believe that they were in danger of being deported for immigration violations. The union videotaped these interrogations and then posted edited versions on Youtube and Facebook. The AGC concluded that the threats and videotaping themselves violated the employees rights to refrain from union activity and that the postings on Youtube and Facebook unlawfully conveyed the same coercive message to any employees who may have viewed them.

• Print
• Comments
• Trackbacks
• Share Link

Beginning in late 2008, Verizon New England, Inc. (VNE) began requiring its field technicians to carry company-issued cell phones, containing a global positioning system (GPS) during work. Prior to adopting this policy, VNE issued its technicians pagers so that their supervisors could communicate with them. The technician would then have to locate a phone to return the call. Obviously, in emergency situations, this was a less than optimum arrangement. As a result, VNE, relying on the management rights provision in the collective bargaining agreement between it and the technicians unit, adopted the disputed policy.

• Print
• Trackbacks
• Share Link

On July 7 and 19, 2011, the NLRB's Office of the General Counsel issued a series of three advice memoranda recommending the dismissal of unfair labor practice charges filed by employees who were disciplined for comments made on Facebook. In each of these charges, the employee alleged that their discipline violated Section 8(a)(1) of the National Labor Relations Act, but in each the NLRB's General Counsel's Office concluded that there was insufficient evidence that the employee engaged in concerted activity.

• Print
• Trackbacks
• Share Link

Several days ago, I read the New York Times article reporting that the NLRB's Manhattan Regional Director was threatening to file a complaint against Thomson-Reuters for allegedly reprimanding an employee who had criticized management on Twitter. At the time, I flagged the article because I wanted to use it to highlight my -- emphasis on the word, MY -- views on the NLRB's recent assault on social media policies: When it comes to social media, it is time for cooler heads to prevail, both at the NLRB and within the employer community.

So, what happened at Thomson-Reuters? According to the article in the Times, the company on one of its Twitter outlets had invited employees to post suggestions on Twitter about how to make Reuters the best place to work. In response, an employee, who was also the head of the Newspaper Guild at Reuters, tweeted: "One way to make this the best place to work is to deal honestly with Guild members." The next day, her supervisor contacted her at home to advise her about Reuters policy of not saying things that would damage the company's reputation. Though Reuters denies that it disciplined the employee, she complained that she felt threatened and intimidated. A source at the NLRB apparently confirmed to the Times that it would be filing a complaint against Thomson-Reuters accusing the company of violating the employee's right to engage in concerted, protected activity with co-workers to improve working conditions.

• Print
• Trackbacks
• Share Link

Earlier this week, the National Labor Relations Board issued a press release announcing the settlement of the NLRB’s Complaint against American Medical Response of Connecticut, Inc. (AMR) in what has become known as the Facebook Firing case.

In that complaint, the Board alleged that that AMR maintained an overly broad handbook policy regarding blogging, Internet posting and communications between employees and had unlawfully terminated an employee pursuant to that policy after she had posted critical comments about her supervisor and responded to further comments from her co-workers. The press release notes that, among other things, AMR has agreed to revise its policy to ensure that it does not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work and that it would not discipline or discharge employees for engaging in such discussions. The exact details of the required policy revisions are not clear as of this date; nor is it certain that the NLRB will be issuing any further press releases regarding this case. The text of the press release is reprinted below.

PRESS RELEASE

Contact:
Office of Public Affairs
202-273-1991
publicinfo@nlrb.gov
www.nlrb.gov

A settlement has been reached in a case involving the discharge of a Connecticut ambulance service employee for posting negative comments about a supervisor on her Facebook page.
The NLRB’s Hartford regional office issued a complaint against American Medical Response of Connecticut, Inc., on October 27, 2010, alleging that the discharge violated federal labor law because the employee was engaged in protected activity when she posted the comments about her supervisor, and responded to further comments from her co-workers. Under the National Labor Relations Act, employees may discuss the terms and conditions of their employment with co-workers and others.

The NLRB complaint also alleged that the company maintained overly-broad rules in its employee handbook regarding blogging, Internet posting, and communications between employees, and that it had illegally denied union representation to the employee during an investigatory interview shortly before the employee posted the negative comments on her Facebook page.

Under the terms of the settlement approved today by Hartford Regional Director Jonathan Kreisberg, the company agreed to revise its overly-broad rules to ensure that they do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions.

The company also promised that employee requests for union representation will not be denied in the future and that employees will not be threatened with discipline for requesting union representation. The allegations involving the employee’s discharge were resolved through a separate, private agreement between the employee and the company.

The National Labor Relations Board is an independent federal agency vested with the authority to safeguard employees’ rights to organize and to determine whether to have a union as their collective bargaining representative, and to prevent and remedy unfair labor practices committed by private sector employers and unions.
 

• Print
• Comments
• Trackbacks
• Share Link

Wednesday, February 16, 2011
11:30 a.m. - 1:30 p.m. Lunch will be provided.
Capital Club – 41 South High Street, 7th Floor
Columbus, Ohio

An employer’s human resources department can provide one-stop shopping for identity thieves, where they can find personnel records, benefits data, and payroll and tax records all in the same place. What would you do if you learned that this data had been compromised? Don’t get caught short  – learn what you can do to respond effectively to data breach intrusions, whether as a result of a lost laptop, criminal hacking, or other unauthorized access or use of this highly private and sensitive information about your employees.

Featuring:
Robert J. Morgan, Esq., Porter Wright Morris & Arthur LLP
Jeremy A. Logsdon, Esq., Porter Wright Morris & Arthur LLP
Donna M. Ruscitti, Esq., Chair, Porter Wright's Information Privacy and Data Security Practice Group

This is a complimentary seminar, however seating is limited. To reserve your spot at this program, please e-mail Deb Ballard at dballard@porterwright.com before February 14.
 

• Print
• Comments
• Trackbacks
• Share Link

The U.S. Department of Transportation's Federal Motor Carrier Safety Administration (FMCSA) has issued a proposed rule that would require interstate commercial truck and bus companies to install electronic on-board recorders (EOBRs) to monitor their drivers' compliance with hours-of-service (HOS) requirements. EOBRs are devices attached to commercial vehicles that automatically record the number of hours drivers spend operating the vehicle. The proposed rule also would relieve interstate motor carriers from retaining certain HOS supporting documents, such as delivery and toll receipts, which are currently used to verify the total number of hours drivers spend operating the vehicle. Obviously, however, the EOBRs cannot record time spent by drivers doing non-driving activity such as loading and unloading a vehicle, which also factors into the drivers' HOS.

Under the proposal, interstate carriers currently using Records of Duty (RODS) logbooks to document drivers' HOS would be required to begin using EOBRs within three years following the effective date of the rule. Short-haul interstate carriers using timecards to document HOS would not be required to use EOBRs. Violations of the proposed rule would bring with them penalties of up to $11,000 for each offense.

Comments to the proposed rule may be submitted at http://www.regulations.gov, by fax to (202) 493-2251, or by mail or hand delivery to:

Docket Management Facility
U.S. Department of Transportation
1200 New Jersey Avenue, S.E.
West Building, Ground Floor Room W12-140
Washington, D.C. 20590.

All comments should include Docket Number FMCSA-2010-0167.
 

• Print
• Comments
• Trackbacks
• Share Link

The U.S. Supreme Court today issued its decision in NASA v. Nelson, a case that we previewed back in October.   As you will recall, the respondents in Nelson were a group of California Institute of Technology employees who worked under a contract with NASA at its Jet Propulsion Laboratory.  Pursuant to a Presidential directive, the Department of Commerce required all contract employees with long-term access to federal facilities to complete a standard background check by no later than October 2007.  NASA modified its contract with Cal Tech to reflect this requirement, but shortly before the deadline, the respondents filed their lawsuit.  

Respondents contended that two specific aspects of the background check process violated their constitutional right to “informational privacy.”  Specifically, they challenged a question asking them to state whether they had received treatment or counseling in the last year for illegal drug use and a questionnaire that would be sent to the employees’ references asking open-ended questions about their suitability for federal government employment.

In a unanimous decision (with Justice Kagan not participating), the Supreme Court assumed, without actually finding, that a constitutional right to informational privacy exists.  The Court then upheld the background checks as a reasonable exercise of  the government’s right to “reasonably investigate applicants and employees to aid in ensuring the security of its facilities and in employing a competent, reliable work force.”  Not only were the disputed background check inquiries reasonable, but the Court also found that the respondents’ rights were substantially protected against public disclosure by the federal Privacy Act.

Not surprisingly, the Court was swayed by the fact that the inquiries at issue are “similar to those (that) became mandatory for all candidates for the federal civil service in 1953” and are “part of a standard employment background check of the sort used by millions of private employers.”  With respect to the inquiry regarding treatment or counseling for the use of illegal drugs, the Court noted that it was a reasonable follow-up to the prior question about using, possessing, supplying or manufacturing drugs during the previous year and, importantly, that the government used the response to the “treatment or counseling” question as a mitigating factor.  Similarly, the Court held that the open-ended inquiries made to the employees’ references were “reasonably aimed at identifying capable employees who will faithfully conduct the Government’s business.” 

• Print
• Comments
• Trackbacks
• Share Link

There has been a lot of discussion lately about the EEOC's decision to sue Kaplan Higher Education Corporation on the grounds that its policy of using credit histories as part of its applicant screening process had a discriminatory impact on minorities. Also, as noted at the end of last year in the Delaware Employment Law Blog, Illinois just became the fourth state to prohibit employers from disqualifying candidates based on credit history and, as of last summer, 15 other states had similar legislation pending. Ohio's bill, which was introduced in 2009, never gained any traction. Though I continue to believe that an outright ban on employer credit history checks is overbroad, the Federal Trade Commission's Interim Report to Congress issued earlier this week provides another reason why employers should exercise considerable caution in doing such checks. 

The FTC's Interim Report demonstrates that the accuracy of credit history reports remains an open question. The FTC is in the process of a study that will have 1,000 random consumers review their credit reports with an "expert who will help identify potential errors on their reports. Participants will be encouraged to dispute errors that could affect their credit standing, and credit reports with alleged errors will be sent to Fair Isaac Corporation (FICO) for rescoring. The study will estimate the proportion of consumers who would find one or more material errors in their credit reports, and it will reveal the main types of errors, their frequency, and their impact on a consumer’s credit standing. Overall, the study will categorize errors by type and seriousness in terms of potential consumer harm."

It looks like we have quite a wait ahead of us before any conclusions are reached on the general accuracy of credit reports. According to the FTC, the data collection phase of the study will not be finished until October 2011, and the Commission’s next interim report to Congress, which is intended to provide a full analysis of the collected data, is not due until December 2012. In the meantime, both the EEOC's new aggressive approach to credit history checks and the rise of legislation outside of Ohio suggests that employers consider whether there is a business necessity for seeking credit history on employment candidates.

• Print
• Comments
• Trackbacks
• Share Link

In the day-to-day administration of their Ohio workers’ compensation programs, self-insured employers (or a TPA or law firm on their behalf) often will obtain a medical authorization from the injured worker and then obtain medical records as part of the employers’ medical investigation. Though the authorization is often limited to specific injuries or body parts, they are just as likely not to be so limited. In addition, despite HIPAA requirements, healthcare providers often produce records in excess of what has been authorized (presumably because they don’t want to take the time or effort to cull through the records and produce only what has been asked for.)  As a result, the records obtained frequently will include medical information wholly unrelated to the alleged workers’ compensation injuries and sometimes that information reveals genetic information, such as whether an individual had a test done to determine whether she is at greater risk for breast cancer.  Hospital records are notorious for including family history information that may reflect, for instance, that a parent died of cancer or a heart attack at a relatively young age, even when the individual went to the hospital only to have an injured knee looked at.

As a result, in the workers’ compensation context, employers are frequently obtaining genetic information even though they really haven’t asked for it.  Should the EEOC’s final rule on Title II of GINA then have any impact on employers’ approaches to their medical investigations conducted in the defense of workers’ compensation claims?  Though the rule states that GINA is not intended to “limit or expand the protections, rights, or obligations of employees or employers under applicable workers’ compensation laws,” does that language provide clearance to employers to obtain through its workers’ compensation administration what otherwise would be protected genetic information?  According to the EEOC, “genetic information” does not include the fact that an individual has a diagnosed disease, disorder, or pathological condition, so it is difficult (at least for me) to come up with examples of situations when an employer would need genetic information on an employee to assist in the defense of a workers’ compensation claim.  Therefore, one could argue that application of GINA to an employer’s medical inquiries and examinations for workers’ compensation purposes does not limit an employer’s rights or expand an employee’s protections under the workers’ compensation laws.

• Print
• Comments
• Trackbacks
• Share Link

Earlier this week, we reported on a New York Times article about employer efforts to address the impact of prescription drugs in the workplace. The article profiled workers at the Dura Automotive Systems Inc. plant in Lawrenceburg, Tennessee who were terminated for testing positive for prescription drugs that Dura considered to raise safety issues. Yesterday, the Sixth Circuit handed down a decision in a case that challenged the company's drug testing policy. 

In that decision, the Court held that several of the workers could not challenge their terminations under that policy because they were not "qualified individuals with a disability" under the ADA. The employees had claimed that under Section 12112(b)(6), the drug testing policy constituted a “qualification standard, employment test, or other selection criteria” that “screen out or tend to screen out” persons with disabilities. But, the court held that “a straightforward reading of this statute compels the conclusion that only a ‘qualified individual with a disability' is protected from the prohibited form of discrimination described in subsection (b)(6)—the use of qualification standards and other tests that tend to screen out disabled individuals.” The Court distinguished Section (b)(6) the ADA from Section (d)(4), which provides that employers may not require a medical examination and shall not make inquiries of an employee as to whether such employee is an individual with a disability or as to the nature or severity of the disability, unless such examination or inquiry is shown to be job-related and consistent with business necessity. Many courts have held that an employee does not need to have an ADA-protected disability to pursue a lawsuit under Section (d)(4). 

The Sixth Circuit's decision is certainly good news for employers, particularly for those in Ohio, which lies within the Sixth Circuit. But in order to avoid lawsuits challenging the testing itself, employers must still be able to demonstrate that any drug testing for prescription drugs is not only job-related but also required by business necessity. In separate litigation brought by the EEOC against Dura, Dura apparently is attempting to defend its testing program based on evidence that suggests that the Lawrenceburg facility has a higher accident rate than other comparable facilities. In addition, the New York Times article suggests that there was evidence of drug use and sales going on at the plant.   It will be interesting to see how the Sixth Circuit addresses that issue if the EEOC case gets that far.

• Print
• Comments
• Trackbacks
• Share Link

On November 2, 2010, the NLRB issued a press release reporting that its Hartford, Connecticut, regional office had issued a Complaint alleging that American Medical Response of Connecticut, Inc., (“AMR”) had published an overly broad blogging and Internet posting policy that violated employee Section 7 rights, and then illegally fired an employee for negative posts about a supervisor.

As described in the Complaint, the AMR policy prohibited employees from making disparaging remarks when discussing the company or supervisors and from depicting the company “in any way” over the Internet without company permission. Such provisions, according to the NLRB’s Complaint, constitute a violation of 8(a)(1) of the National Labor Relations Act because they interfere with employees' right to engage in protected concerted activity under Section 7 of the NLRA. (The NLRB and courts typically interpret Section 7 as protecting employees’ right to discuss the terms and conditions of their employment with other employees or even non-employees.)  The NLRB also alleged that the employer illegally fired an employee pursuant to that policy for posting negative remarks about a supervisor on Facebook, which the NLRB said drew supportive remarks from her co-workers.

• Print
• Comments
• Trackbacks
• Share Link

Over the last week or so, two stories about drugs in the workplace caught my eye. First was the NY Times article on employer efforts to respond to the increasing use of prescription drugs in the workplace. The article appropriately addressed the conflict between employer needs to ensure a safe workplace and employee rights to privacy and the protections afforded by the ADA. As a result, some employers have begun testing employees for prescription painkillers and other prescription drugs and terminating employees that test positive. 

The second issue in the media this past week involved the disclosure that officials from the Houston Texans last month conducted a search of the team's locker room for evidence of performance enhancing drugs. Earlier this season, two Houston players had been suspended under the NFL's substance abuse policy. Surprisingly, neither the Texan players nor the NFLPA seem to have (at least publicly) complained about the search.  (You can read more about this story here.)

These two stories show the lengths to which employers are going to combat drugs in their workplaces. Before taking any drastic approaches towards addressing a drug problem in their workplace, employers would be wise to consult their labor and employment counsel to ensure that their approach is lawful.

• Print
• Comments
• Trackbacks
• Share Link

While most employment lawyers, myself included, have been focusing lately on the opportunities and risks associated with monitoring new technologies such as social media and GPS devices, the Seventh Circuit reminds us that employers also need to remember that "low-tech" monitoring of employees can result in unexpected liability as well. 

In McCann v. Iroquois Memorial Hospital, which was issued on September 13, 2010, a doctor and a former employee at an Illinois hospital had a closed-door conversation in which they criticized the hospital administration. Without their knowledge, their conversation was recorded by a dictation machine, transcribed, and handed by a third hospital employee to the hospital's CEO. As a result, the hospital revoked the doctor's hospital privileges and banned the former employee from coming on hospital premises for any reason other than to obtain her own or a loved one's healthcare. Both individuals sued the third employee, the hospital, the CEO and the Board of Trustees, alleging that the hospital's use of the tape recorded conversation without either of their knowledge violated the federal Wiretap Act. The plaintiffs contended that the third employee had entered the office during the conversation and, while they were talking, she surreptitiously and deliberately turned on the dictation machine to record their conversation. The defendant employee responded that she interrupted a conversation of theirs once but not on the date of the taped conversation, and suggested that the dictation machine simply was left on by mistake by the doctor who had earlier been dictating medical reports.

• Print
• Comments
• Trackbacks
• Share Link

No, this is not – for those of you old enough to remember I Dream Of Jeannie ­– Major Anthony Nelson suing NASA after all these years.  Instead, a group of Caltech employees assigned to work at NASA’s Jet Propulsion Lab (“JPL”) in California sued NASA when the federal agency insisted that they submit to background checks after, in many cases, having worked there for 20+ years or resign their employment.  The Supreme Court will address the question whether NASA violated the plaintiffs’ constitutional right to informational privacy by (1) requiring the contract employee to answer whether he or she had received counseling or treatment for illegal drug use in the prior year and/or (2) asking the contract employees’ designated references for any adverse information bearing on their suitability to work at a federal facility. 

The case is before the Supreme Court on NASA’s petition for review of the Ninth Circuit’s decision granting a preliminary injunction barring the government from implementing its background checks at JPL.  Oral argument is scheduled for October 5, 2010.

• Print
• Comments
• Trackbacks
• Share Link

We are starting to see an increase in the number of news articles reporting on health care facilities terminating employees for violating patient privacy on their facebook pages or other social media. 

Last December, one such incident made a fair number of headlines when a Mississippi hospital worker responded to a tweet from the Governor of Mississippi, Haley Barbour, regarding the state’s “dire fiscal situation” and soliciting ideas to trim expenses.  The employee responded with a tweet that said the Governor should “schedule regular medical exams like everyone else instead of paying UMC employees over time to do it when clinics are usually closed.”  The hospital terminated the employee on the ground that her tweet violated HIPAA because it disclosed that the Governor had been a patient at the hospital.

More recent reports suggest that health care employers have become even more aggressive in terminating employees who have compromised patient privacy on their social media pages.  For instance, in June, it was reported that a hospital in Oceanside, California had terminated five employees and disciplined a sixth for using social media to discuss hospital patients.  The hospital’s CEO is quoted as saying that its investigation had not yet uncovered any evidence that patient names, photographs, or similar identifying information was posted by these employees, but the investigation had yielded sufficient information to warrant disciplinary action. 

• Print
• Comments
• Trackbacks
• Share Link

In June, the United States Supreme Court issued its opinion in City of Ontario v. Quon, siding with the City and its officials in a workplace electronic monitoring case closely followed by employers and their counsel. The Court reversed the Ninth Circuit Court of Appeals’ opinion, holding the government employer’s search of a police officer’s personal and work-related text messages on an employer-issued pager was reasonable, and therefore the officer’s Fourth Amendment rights were not violated. (See our previous blog posting.)

Facts

The City of Ontario issued pagers to city employees, including police officers, for use in their jobs. The City, like most employers, had a written electronics communications policy that expressly prohibited personal use of its computers and notified employees that they had no expectation of privacy with respect to any communications using the City’s computer systems. The City’s policy, however, did not make clear that this policy applied to its pagers or to text messaging. Its contract with its service provider included a monthly limit on the number of characters each pager could send or receive, and specified that usage exceeding that number would result in an additional fee. 

• Print
• Comments
• Trackbacks
• Share Link

It may be that it's Monday morning as I write this but I have to admit I got a kick out of the news articles circulating late last week that reported that Goldman Sachs has revised its electronic communications policy to prohibit the use of any profanity in emails. The edict apparently results from emails that became public during Senate hearings investigating allegations that Goldman Sachs had misled its clients by selling risky mortgage securities while at the same time betting on a housing market crash. One email apparently referred to a particular investment the company had just sold to a client as a "s----y deal." I'm guessing that email wouldn't have looked any better if it had simply referred to the deal as "bad." Presumably, Goldman Sachs is also reminding its employees not to put anything into their emails that is likely to result in a government investigation.

• Print
• Comments
• Trackbacks
• Share Link

While many human resources managers spend sleepless nights worrying about the negative things employees may be posting on the Internet about them, this post from our sister blog technologylawsource.com reminds us that the nice things they have to say can get employers into trouble as well. Lesson for employers: Make sure your social media policy makes clear that employees who endorse their employer's products or services on-line must disclose their employment relationship so that consumers are not misled into believing that the endorsement is free from bias.

• Print
• Comments
• Trackbacks
• Share Link

Employers may not realize that the recently signed health care reform law includes a provision which amends the Fair Labor Standards Act to require reasonable unpaid breaks for nursing employees. In addition to the unpaid break time, the amendment to the FLSA (29 U.S.C. § 207(r)(1)) provides that employers must furnish a private location, other than a restroom, which may be used by the employee to express breast milk. Employers with fewer than 50 employees are not subject to these requirements if such requirements would cause an undue hardship on the employer.

This amendment creates some confusion with existing federal law on the issue of employee breaks. While the FLSA does not require that employees be given breaks, there are federal regulations which indicate that rest periods of short duration (usually lasting 5 to 20 minutes) are considered compensable work hours. The proposed amendment, however, specifically states that employers are not required to compensate nursing mothers for reasonable break times.

In addition, although many states have passed laws requiring employers to provide nursing mothers with reasonable break time, Ohio’s law addresses only the right to breastfeed in a place of public accommodation. Although Ohio’s breastfeeding law governs the relationship between a place of public accommodation and individuals who are attempting to use the accommodations, employers with places of public accommodation on their premises (i.e., store, restaurant, bank) should be mindful of this law. Also, based on the Ohio Supreme Court decision in Allen v. Totes/Isotoner, it appears that there are at least a few justices who may be prepared to extend pregnancy discrimination laws to nursing mothers.  For a further discussion of the Allen case, please see our previous blog from August 31, 2009.

• Print
• Comments
• Trackbacks
• Share Link

According to various news sources out of New York, including the New York Daily News, the New York City Taxi and Limousine Commission has determined that more than 36,000 taxi drivers overcharged passengers a total of more than $8.3 million over a 26-month period. According to the investigation, the cabbies set the rate for these passengers at a higher rate established for fares outside the city limits even though the destination did not call for the higher fare. How did the Commission reach this conclusion? By checking the electronic trip data from GPS systems installed in the taxis. Without this technology, it is doubtful that the Commission would have uncovered the alleged consumer fraud or its apparent scope.

Over recent years, private employers have begun using location monitoring devices to improve efficiency and monitor employee deviations from their assigned work areas. Federal law does not regulate these practices and only a handful of states (not Ohio) have enacted relevant legislation. In order to protect employee privacy when monitoring their location, employers should issue a clearly defined policy that advises employees they are using GPS or other location monitoring technology and that delineates the manner in which they are using it. Employers should also ensure that they are using location monitoring for legitimate business reasons and that they discontinue all location monitoring during non-work hours in the absence of legitimate investigatory purposes, such as when there is substantial evidence that a company delivery vehicle is being used by an employee for personal use.

• Print
• Comments
• Trackbacks
• Share Link

While attending a Mixed Martial Arts event in Miami, New York Jets head coach, Rex Ryan, apparently made an obscene gesture at some Miami Dolphin fans who were taunting him. Yesterday, the Jets fined Ryan $50,000. Ryan was attending the event, which was neither team nor NFL-sponsored, on his own time, but the team obviously felt that as head coach, Ryan is their representative even when he is "off duty" and that he must conduct himself accordingly.

In the real world, most employees are not celebrities that the general public will try to egg on until they do or say something stupid. Nevertheless, it is important for all of us to remember that the world is now filled with opportunists with camera phones and easy access to YouTube and other media outlets. Though we should not be expecting to see a rash of employers firing factory workers for flipping off a bunch of bar patrons after work, there are real world lessons to be learned from this episode. First, employees need to recognize when they are out in public that there is a significant risk that anything that they do or say that either embarrasses or otherwise reflects poorly on their employer ultimately may get back to the employer. On the other hand, employers should exercise restraint before taking disciplinary action against employees for their off duty conduct to make sure that the conduct truly does negatively impact the company's business or reputation.

• Print
• Comments
• Trackbacks
• Share Link

On Monday, December 14, 2009, the United States Supreme Court agreed to hear a case that will permit it to provide guidance to employers about their right to monitor its employees' electronic communications. Specifically, the Court has accepted for review the City of Ontario's appeal of the Ninth Circuit's decision in Quon v. Arch Wireless Operating Co. finding that a city police officer had a reasonable expectation of privacy in personal text messages that were sent from his city-issued pager.

Like most employers, the City of Ontario had a written electronics communications policy that expressly prohibited personal use of its computers and notified employees that they had no expectation of privacy with respect to any communications using the city's computer systems. The City's policy, however, did not make clear that this policy applied to its police officers' pagers or to text messaging. Instead, because the city's pager service contract with Arch Wireless charged the city additionally for each pager that exceeded 25,000 characters per month, the city informally permitted employees who exceed their monthly character limit to simply pay the overage charge. Despite this informal practice, the city contacted Arch Wireless to determine whether the pagers were being used primarily for personal reasons and Arch Wireless provided transcripts to enable the city to do so.  After receiving these transcripts, the city learned that many of Sergeant Quon's texts were personal and even sexually explicit in nature. Upon learning that their texts had been reviewed, Sergeant Quon and others sued the city and the police department under the Fourth Amendment for an illegal search and seizure and the Stored Communications Act "SCA" and Arch Wireless for violating the SCA by turning the transcripts over to the city.

It is somewhat surprising that the Supreme Court accepted this case for further decision. Many initially were concerned when the Ninth Circuit's Quon decision was announced because it seemed contrary to the general trend permitting employers to monitor and review employee's emails on employer computers once they put employees on such notice. To me, Quon does not present a radical departure at all. First, the City's electronics communications policy did not explicitly address text messages. Then, the City complicated matters by permitting an informal practice to develop that strongly suggested to employees that their text messages would not be reviewed so long as they paid the overage charges from Arch Wireless. Simply put, by not updating its electronics communications policy and by permitting informal practices to develop, the City created a problem for itself that did not need to exist. As a result, the Supreme Court easily can decide Quon based on current judicial philosophy without breaking new ground.

• Print
• Comments
• Trackbacks
• Share Link

Facebook has announced that it is implementing new privacy controls beginning today that will give its more than 350 million users more control over the privacy of what they post to their Facebook pages. As reported, Facebook will now give its users the ability to set up lists that, for instance, can place their "friends" into separate groups such as family, high school buddies, and work friends and to choose who to share content with each time they post something. As a result, people easily should be able to choose to share family photos with only family and close friends and other less wholesome postings with whomever they choose. Of course, Facebook also will give users the option of choosing to share a post with "Everyone."

From an employment standpoint, these privacy control changes could make it more difficult for those employers who like to use Facebook as a surveillance tool. For instance, the employee who requested bereavement leave while he actually was on a hunting trip should be able to choose to post comments or photos without sharing them with the boss or co-workers who happen to be Facebook "friends." On the other hand, someone who posts a comment that is disparaging of or detrimental to his employer will have a hard time arguing that the comment was not intended to be widely distributed if he chose to share it with "Everyone" when he posted it.

As with all things social media, only time will tell what impact these changes will have on what we post and what is available for us to see on Facebook.

• Print
• Comments
• Trackbacks
• Share Link

CBC News in Canada is reporting that a Canadian long-term disability insurance carrier recently terminated the long-term disability benefits a Quebec woman was receiving for "major depression" after photos she posted on her Facebook page showed her "having a good time at a Chippendales bar show, at her birthday party and on a sun holiday." According to the CBC, the woman, 29-year-old Nathalie Blanchard, contends that her doctor recommended that she try "to have fun, including nights out at her local bar with friends and short getaways to sun destinations, as a way to forget her problems." Nevertheless, Manulife, the insurance carrier, which acknowledges that it uses Facebook for investigation purposes, terminated her long-term disability benefits.

Though anecdotal news flashes like this one may embolden employers to use Facebook and other social media to investigate employee activity while they are on a medical leave of absence or workers' compensation leave, caution is still necessary. For instance, Manulife confirmed that ít "would not deny or terminate a valid claim solely based on information published on websites such as Facebook." Presumably, Manulife forwarded Ms. Blanchard's Facebook photos and perhaps other evidence to a medical professional for an opinion as to whether the photos evidenced Ms. Blanchard's ability to return to work. Similarly, employers should resist the urge to make their own medical judgments as to an employee's ability to work when they obtain this kind of photographic or video evidence.

In addition, Ms. Blanchard apparently contends that she kept her Facebook photos private and does not understand how the insurance carrier obtained them. As I have preached before on this blog, employers should not circumvent an employee's Facebook privacy settings in order to investigate alleged misconduct. In this instance, a co-worker or other Facebook "friend" of Ms. Blanchard likely dropped the dime on her. When faced with this kind of evidence, employers and their insurance carriers would be wise to consider the motivations of the person providing the evidence and to conduct its own investigation. If employers avoid the temptation to immediately jump to conclusions, they will find that Facebook can be their "friend" when conducting investigations of workers' compensation or medical leave fraud.

• Print
• Comments
• Trackbacks
• Share Link

On October 7, 2009, the DOL, IRS, and HHS issued interim final regulations implementing Sections 101 to 103 of the Genetic Information Nondiscrimination Act of 2008 (GINA). For group health plans, these regulations become effective on the first day of the plan year beginning on or after December 7, 2009. For the individual market, the regulations are effective December 7, 2009. The new regulations broaden GINA’s general prohibition on requesting or requiring an individual or their family member to undergo genetic testing. Of note is the new rule that health plans may not provide incentives to induce participants to fill out health risk assessments that ask for family medical history. Under the regulations’ expanded definition of "underwriting purposes", providing an incentive under these circumstances violates GINA’s prohibition against requesting genetic information for underwriting purposes. The regulations also clarify that sponsors and administrator may obtain and use the results of genetic tests to aid in payment determinations so long as they only request the minimum amount of information necessary to make the determination. In nearly all other cases, sponsors and administrators may not request or require that an individual or their family member undergo genetic testing.

To ensure compliance with these new regulations, sponsors and administrators must familiarize themselves with the new regulations and update their policies and procedures. They must also examine their health risk assessments and wellness programs to ensure they do not violate the new rules. A copy of Porter Wright's Employee Benefits Practice Group's Law Alert, which addresses some of the major changes included in the regulations, can be found here.

In addition, keep in mind that Title II of GINA, which prohibits employers from discriminating on the basis of genetic information goes into effect on November 21, 2009. Generally, Title II prohibits employers from discharging, refusing to hire, or otherwise taking adverse employment action against applicants or employees based on their genetic information. It also prohibits employers from intentionally acquiring or disclosing genetic information about applicants and employees. Finally, Title II requires employers to maintain any genetic information in its possession separate from employee personnel files in accordance with the medical confidentiality provisions of the ADA.

• Print
• Comments
• Trackbacks
• Share Link

In a case that has been widely followed by employment lawyers in the hope of gaining some clarity as to employees' privacy rights on personal social media sites, the federal district court in New Jersey recently upheld the jury's verdict finding Hillstone Restaurant Group liable for violations of the Stored Communications Act and New Jersey's parallel electronic surveillance statute.

In Pietrylo v. Hillstone Restaurant Group, two employees created a MySpace page that they used to air their grievances against their employer in a password protected environment and invited other employees -- but not managers -- to join. At some point along the way, one of the managers learned of the site and its sometimes profane content when one of the invited employees showed him a posting from it. That manager told another and then the two of them twice requested the employee's log-in ID and password to the site. Eventually the employee gave them the information and the managers logged into the site a few times before firing the site's creators for damaging employee morale and for violating the restaurant's "core values."

The central issue at trial was whether the employee was coerced into giving the managers her log-in ID and password information to permit them to enter the site. The employee testified that she felt pressure to give the manager her password and that she felt she would have gotten into trouble had she not done so. There, of course, was no documentary evidence that she willingly authorized the managers to enter the site and, in any event, it would have been just as easy to claim that her signature on any documentation had been coerced. In light of the employee's testimony, the court found that the jury had reasonably concluded that the managers had not been authorized to enter the site and refused to toss out their verdict.

• Print
• Comments
• Trackbacks
• Share Link

As we previously have noted, the Department of Health and Human Services recently issued an interim final rule under the HITECH Act requiring HIPAA-covered entities to notify each individual whose unsecured PHI has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used, or disclosed as a result of a breach of unsecured protected health information.  Employers who sponsor self-insured group health plans need to take immediate action to ensure compliance with the new rule. Among other things, employers should be modifying written HIPAA privacy policies and procedures, training plan sponsor workforce members who are authorized to have access to protected health information, and modifying business associate agreements. A copy of Porter Wright's Employee Benefits Practice Group's Law Alert, which addresses the interim final rule from the perspective of the self-insured group health plan, can be found here.

• Print
• Comments
• Trackbacks
• Share Link

Earlier this week, The Columbus Dispatch reported that the Ohio State Highway Patrol has enacted a policy that will prevent state troopers from "posting pictures of themselves or others in uniform and from using the patrol's 'flying wheel' insignia on social-networking sites without approval."  Ironically, the policy appears to have been prompted by a trooper who apparently posted "inappropriate" photos of herself with another trooper which the Dispatch described in a manner that suggests she was not wearing her uniform.   Nevertheless, the trooper apparently identified herself as a trooper on her MySpace page.  The Dispatch reports, however, that the trooper did not realize that the photos could be viewed by the public. 

As the article points out, the policy's requirement that any social networking references to the patrol be pre-screened to ensure that they do not cause a loss of public confidence in or respect for the agency may raise some First Amendment free speech issues.  The concern is understandable, however, in light of reports from CNN that the city of Philadelphia has been sued for alleged racial discrimination and harassment stemming from a social networking site operated by some of its police officers. 

Though private sector employers do not face the same First Amendment issues that public employers like the Highway Patrol do, the prospect of previewing employees' personal social networking sites for employer references is daunting in and of itself. Rather than prescreening, which is largely impractical, there are services that will permit businesses to monitor what is being said about them on social media. 

Regardless, it is important that employees understand that when they reference their employer on their various social networks sites, what they say will reflect not only on themselves but on their employer. 

A copy of the Dispatch article can be found here.

• Print
• Comments
• Trackbacks
• Share Link

On August 24, 2009, the U.S. Department of Health and Human Services ("HHS") published its interim final rule in the Federal Register, thereby implementing the HITECH Act. The Act's breach notification rules will become effective on September 23, 2009 -- fewer than 30 days away. 

Therefore, as the Act relates to employer-sponsored group health plans and health care providers, any breaches of protected health information (PHI) that occur on or after September 23rd must be reported to the affected individuals and, when the breach impacts 500 or more individuals, to HHS and the media. Covered entities must make annual reports of breaches of PHI impacting fewer than 500 individuals. Beginning on September 23rd, business associates also will be required to notify the group health plan or health care provider for which they are providing services of any breaches occurring at or caused by the business associate.

Porter Wright has issued two Client Alerts on the HITECH Act, one at the time the statute was enacted and one earlier this week when the interim final rule was published. Those Alerts, which more fully discuss the impact of the HITECH Act, can be found here and here.

• Print
• Comments
• Trackbacks
• Share Link

Concerns about H1N1 Influenza are beginning to creep back into everyone's consciousness as summer is drawing to a close. The U.S. Department of Health and Human Services has issued updated guidance for businesses and employers, which can be found at:

CDC Guidance for Businesses, Employers, and Workplaces to Plan and Respond to 2009 H1N1 Influenza

Preparing for the Flu: A Communication Toolkit for Businesses and Employers

Employers should be ready to implement strategies to protect their workforces while ensuring continuity of operations. Most of the recommendations boil down to simple common sense:

1. Encourage workers who are sick to stay home (or go home if they've reported to work);
    
2. Encourage good hygiene in the workplace;
    
3. Prepare for increased numbers of employee absences due to illness in employees and their family members, and plan ways for essential business functions to continue;
    
4. Prepare for the possibility of school and daycare dismissal and closure; and
    
5. Encourage workers to get vaccinated.

• Print
• Comments
• Trackbacks
• Share Link

Concerned that someone had been using a computer in the plaintiffs’ office to access pornography after work hours, a California employer set up a hidden surveillance camera in an effort to catch the perpetrator. The camera was never used during business hours while the plaintiffs were in their office and, as a result, their activities were not viewed or recorded via the surveillance system. Nevertheless, after discovering the hidden camera, the plaintiffs -- two female clerical workers -- filed suit, alleging among other things an invasion of their privacy. 

The California Supreme Court in Hernandez v. Hillsides Children Center concluded that the trial court improperly failed to grant the employer's summary judgment motion. In reaching this conclusion, the court held that the surveillance was done in a manner that was "drastically limited in nature and scope" to avoid any surveillance of the plaintiffs themselves and that the employer, a private nonprofit residential facility for neglected and abused children, including the victims of sexual abuse, had strong countervailing concerns for the safety of children under its responsibility that justified the employer's actions.

• Print
• Comments
• Trackbacks
• Share Link

On July 30, 2009, the Department of Transportation issued a final rule reinstating the direct observation drug testing procedures recently approved by the U.S. Court of Appeals for the District of Columbia. The final rule, which goes into effect on August 31, 2009, requires that all return-to-duty and follow-up tests be conducted in a manner that permits the direct observation of specimen collection to prevent the use of prosthetic or other cheating devices.

• Print
• Comments
• Trackbacks
• Share Link

Back in December 2007, we wrote about the NLRB's decision in The Guard Publishing Company, d/b/a The Register-Guard, 351 NLRB No. 70, which held that employees do not have a protected right to use employer email systems for solicitations or communications regarding union-related topics. In addition, the Board applied a new standard for determining when employers discriminatorily enforce email policies and, thus, violate Section 8(a)(3) of the NLRA. Specifically, as to the 8(a)(3) standard, the Board held that, in determining whether a policy had been discriminatorily enforced against the union, it looked to whether there had been "unequal treatment of equals."  Then, the Board upheld Register-Guard's enforcement of its email policy against an employee who was soliciting support for the union because there was no evidence that the company had permitted solicitation on behalf of other non-union groups (even though it had permitted various other personal uses of the email system, including personal solicitations for sports tickets and the like.) 

On July 7, 2009, however, the Court of Appeals for the D.C. Circuit refused to uphold the Board's conclusion as to whether the employer discriminatorily enforced its email policy but did not explicitly overrule the standard announced by the Board in December.   (On appeal, the union did not challenge the lawfulness of the email policy itself).   In short, the court held that the the company's discipline of an employee for using the email system to solicit employees to wear green in support of the union and to seek volunteers to help with the union's entry in a city parade violated 8(a)(3). Calling the distinction between organizational and personal solicitation a "post-hoc invention" that did not actually exist in the company's email policy, the court found that the company policy prohibiting non-work-related solicitations "made no distinction between solicitations for groups and for individuals."  Equally significant, the court noted that the company’s disciplinary warning" did not invoke the organization-versus-individual line drawn by the Board. To the contrary, the company told the employee in question to “refrain from using the Company’s systems for union/personal business.”

Because it is so fact-specific, the court's decision should not cause employers much concern.   In fact, the email policy at issue, which prohibited use of the company's communications systems “to solicit or proselytize for commercial ventures, religious or political causes, outside organizations, or other non-job-related solicitations,” would seem to be equally applicable to personal solicitations of a non-work nature as it is to organizational solicitations.   The good news here is that the court's decision does not disturb the underlying premise that employers may prohibit union access to its email system so long as it does so in a nondiscriminatory manner.  

• Print
• Trackbacks
• Share Link

May an employer access an employee's emails sent using a company-issued laptop via a personal, password-protected, web-based email account? And, if those emails were sent to the employee's attorney for the purpose of obtaining legal advice, does the employee's use of the company laptop waive the attorney-client privilege? Those questions recently were addressed by a New Jersey appellate court in Stengart v. Loving Care Agency, Inc.

The plaintiff in Stengart sent the emails to her attorney regarding her intent to sue her employer for discrimination . After the lawsuit was filed, the company created a forensic image of the laptop's hard drive and discovered the emails. When plaintiff's counsel first learned that these emails were in the possession of the company's counsel, plaintiff's counsel requested that the original emails and all copies be turned over based on the attorney-client privilege, but the company's counsel refused.

• Print
• Trackbacks
• Share Link

It's hard to believe that fewer than 10 years ago, there was widespread concern that our computers were all going to blow up and there would be anarchy in the streets. Since the clock struck midnight on January 1, 2000, we have seen an unprecedented technology boom that has had a widespread impact on the workplace. Remember the anxiety caused by cameras on our cell phones due to their impact on protecting trade secrets and our privacy in the locker rooms? Since then, we have grown comfortable with workers using laptops offsite though we still need to concentrate better on keeping track of them and what is on them!

Now, the social media craze -- Facebook, Linked-In, Twitter, etc. -- seems to be causing employers the most recent concern. As editor of employerlawreport.com, I have come to achieve a certain comfort level with social media, but I think that what primarily is keeping many employers up at night is fear of the unknown. That is why I'm going to summer camp! Starting this past Tuesday and running through the second Tuesday in August, I will be attending Social Media Summer Camp, a Columbus Business First initiative. The first session, "Social Media 101," provided a nice overview of everything that is out there and how businesses have been and could be using social media to market their services and products. The attractiveness of social media from a marketing perspective is often easy to see and hopefully we will be able to use some of what we learn at camp to improve our blog and to otherwise better communicate with our clients and friends.

In addition, I'm keeping my employment lawyer hat on to identify potential issues for employers that are encouraging their employees to "friend" others or to "tweet" or are attempting to regulate how and when they do it. This past Tuesday's session left me with one particular impression: Whether or not companies choose to use social media to foster their business, they would be wise to monitor the various social media outlets to make sure that others, including disgruntled and former employees, are not messing with their messages or creating unwanted ones.

So that's why I'm going to summer camp. I'm taking my laptop with me, but fortunately for all involved, I'm leaving my bathing suit at home.

• Print
• Trackbacks
• Share Link

In a decision released May 15, 2009, the U.S. Court of Appeals for the District of Columbia upheld a Department of Transportation (DOT) regulation that requires employees who are returning to safety-sensitive duties after having completed a drug treatment program due to failing or refusing to take a drug test, to submit to return to duty and follow up testing under "direct observation" conditions. This decision and the regulation it upholds applies to employers in the aviation, rail, motor carrier, mass transit, maritime and pipeline industries that are subject to the DOT drug-testing regime. Under the regulation’s "direct observation" procedures, the employer must require a same-gender observer to “watch the urine go from the employee’s body into the collection container.” To comply, employees must raise their shirts above the waist and lower their clothing so as to expose their genitals and allow the observers to verify the absence of any devices that would permit the employee to cheat the test. 

Previously, the employer had the option to require direct observation, but this was not mandatory under the former regulation. Concerned that employers were reticent to require direct observation and in light of the rise in commercially available devices, such as the "Whizzinator," that enable people to cheat on their drug tests, the DOT promulgated this new regulation requiring direct observation for all return to work and follow up tests conducted under the DOT's auspices as of November 1, 2008.

• Print
• Trackbacks
• Share Link

Perhaps it's the economy. Perhaps it's the lure of trying to catch someone in the act. Perhaps it's something else entirely, but we’re starting to see more instances of employers getting themselves in trouble because they’re monitoring employee use of employer technological resources to investigate possible employee misconduct without first seeking legal advice. Two fairly recent examples: Hay v. Burns Cascade Co., Inc. out of the Northern District of New York and Van Alstyne v. Electronic Scriptorium, Ltd. out of the Fourth Circuit.

In Hay, the employer, concerned that the plaintiff, one its customer service employees, was bad-mouthing it to customers, began monitoring her telephone calls. While listening to one telephone call, the president of the company determined that the conversation was between plaintiff and a male customer and overheard her saying that she "can't believe these guys are managers" and that she had "lost all respect" for the company's CEO. The president testified that he knew it was a customer because it was during work hours, and “there was nothing to indicate that it was anything other than a business call.”  The president did not ascertain, however, which company the customer was affiliated with or whether the company was an existing or prospective customer. According to the court's decision, the president listened to the conversation for 30-40 seconds before he stopped monitoring. Based apparently on this one telephone call, the company decided to terminate the plaintiff's employment due to "poor performance."

• Print
• Trackbacks
• Share Link

Resolving a split among the circuit courts, the U.S. Supreme Court yesterday in Flores-Figueroa v. United States significantly limited a tactic used by U.S. Immigrations and Customs Enforcement (ICE) to address the issue of undocumented workers. 
 

In particular, ICE has used the Identity Theft Penalty Enhancement Act as a way to pressure undocumented workers.  That Act created the crime of “aggravated identity theft,” which occurs when a person “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person” in connection with the commission of certain enumerated felonies, including immigration violations. Because violation of the Act carries a mandatory two-year jail sentence, ICE had been using the threat of prosecution for aggravated identity theft to convince undocumented workers to plead guilty to other lesser immigration offenses such as the misuse of social security numbers. 
 

Under the Court’s decision, however, the Act requires the Government to prove that the defendant-worker knew that the means of identification at issue actually belonged to another person, not merely that the worker knew that the means of identification used to obtain employment were fraudulent. This holding makes the threat of prosecution under the Act much less realistic because ICE will have to prove that the individual using the false identification information also knew that the information belonged to a specific individual – as opposed to information relating to an entirely fictitious identity.
 

• Print
• Trackbacks
• Share Link

More and more federal non-employment statutes, regulations and programs are coming with strings attached for human resources professionals to grapple with. For instance, who would have expected that the federal plan for rescuing troubled financial institutions would have anything to do with immigration, that the federal stimulus statute would include whistleblower provisions and changes to COBRA benefits laws, or that consumer protection laws would contain whistleblower provisions? Now comes the Customs and Border Protection's (CBP's) Customs Trade Partnership Against Terrorism (CTPAT) program, which grew out of September 11 to help improve supply-chain security, and its employment-related provisions. CTPAT is a voluntary partnership program between the private sector and CBP to secure the supply chain for products entering commerce in the United States. Many view CTPAT certification as the equivalent of an ISO certification, and it can be a significant marketing tool. Companies that want to obtain CTPAT certification, in addition to implementing various security measures, must meet certain minimum criteria for personnel security including background checks, reference checks, exit interviews, procedures for providing employee ID, keys and fobs etc. If you are a human resources professional in the transportation and logistics industry, you should check with the business or operations side of your organization to find out whether your company is planning to participate in the CTPAT program so that you can get a jump on aligning your employee security procedures with the program's requirements.

• Print
• Trackbacks
• Share Link

The Ruiz v. Gap, Inc. et al. decision, rendered earlier this week by a federal court in California, is another in a long series of cases that dismisses lawsuits brought by data-breach victims when those victims cannot establish that they were actual identity theft victims with actual damages. In this case, the plaintiff was an applicant for employment at The Gap whose personal information was compromised when two laptops belonging to Vantage, Inc, the company that processed job applications for The Gap, were stolen.

Going along with the vast majority of courts to date, the Ruiz court held that, although the plaintiff faced an increased risk of future identity theft, that risk did not rise to the level of appreciable harm necessary to assert a negligence claim. In addition, the court held that the lack of proof of actual damages was fatal to the plaintiff's claim that he was a third party beneficiary to the agreement between The Gap and Vantage.

• Print
• Trackbacks
• Share Link

Ohio State Senator Ray Miller (D), 15th District, has introduced Senate Bill 91, which would prohibit discrimination by an employer against any person because of that person's credit history. In short, the bill would amend Ohio's discrimination laws to include the use of "a person's credit rating or score or consumer credit history as a factor in making decisions regarding that person's employment, including hiring, tenure, terms, conditions, or privileges of employment, or any matter directly or indirectly related to employment."

Though the bill may be well intended, it creates in its current form bad policy for the State of Ohio. There certainly are many jobs out there where an individual's creditworthiness should have no impact on their ability to successfully perform the functions of their job. On the other hand, certain jobs, such as those that require handling or accounting for the employer's or the public's money, do appear to require at least some consideration of the individual's ability to manage money. The individual's own personal credit history may be an appropriate indicator of the person's ability to do those kinds of jobs. The EEOC, which enforces Title VII and other federal discrimination laws, as well as the federal courts, have recognized that employer credit checks can have an unlawful disparate impact against racial and ethnic minorities, but they permit employers to defend the practice by establishing that the individual's creditworthiness is job related for the position in question and consistent with business necessity. S.B. 91, however, contains no similar exception based on job-relatedness and instead absolutely prohibits employment decisions based on an individual's credit information. As a result, S.B. 91, in its current form, is another unnecessary and unrestrained limitation on Ohio businesses' ability to manage their workforce and to compete in our currently dismal economy.

• Print
• Trackbacks
• Share Link

On Wednesday, February 4, 2009, Google launched a new feature called Latitude. Latitude apparently will enable users of smartphones, including most Blackberries, most phones using Microsoft Windows Mobile and, eventually, iPhones, to transmit their locations to another smartphone or desktop computer.

Much like most social networking conventions, Latitude operates on an opt-in basis, which enables smartphone users to share their locations with only certain chosen recipients. Teenagers will undoubtedly find this application "cool" as will the parents of many of those teenagers who may use Latitude to keep tabs on their kids. In addition, many smaller businesses may use the feature to efficiently dispatch delivery and repair crews.

And therein lies the potential privacy problem. Although Latitude is designed to be used only by those who choose to do so, some employers may seek to require their workers to use Latitude so that work activities can be monitored and directed. Requiring employees to put Latitude on their personal cell phones is rife with potential invasions of privacy during nonworking hours. Therefore, employers that choose to use Latitude should plan on issuing company phones to monitored employees and should obtain written employee acknowledgment of and consent to the use of this technology. Furthermore, although Latitude requires an affirmative opt-in, smartphone users must disable the service when they do not wish to be monitored, such as when employees are off the clock. As a result, employers will need to create policies to ensure that appropriate worker privacy is maintained during non-work hours.

Employers should also understand the limitations of location-monitoring services. For instance, Latitude's accuracy is dependent on multiple factors such as whether Google is able to rely on smartphone GPS capabilities or whether Google must rely on cell phone tower triangulation to place the user. Employers must also understand that Latitude and other location-monitoring technology is capable only of identifying a person's location, not what that person is doing. Therefore, employers should be careful about coming to any rush to judgment based on the results of location monitoring.

• Print
• Comments
• Trackbacks (1)
• Share Link

Many thanks to our associate Justin Root for referring this article which again highlights the risks to a company's computer system posed by disgruntled employees. (Previously, we reported on the vulnerability from disgruntled employees of personal information contained in human resources records.)

Last week, a contractor at Fannie Mae was indicted under the Computer Fraud and Abuse Act for burying a malicious code in an otherwise legitimate computer script after having been fired earlier in the day. Unfortunately, according to the FBI's affidavit in support of the indictment, Fannie Mae did not require the contractor to turn in his badge or his laptop or terminate his network access until more than two hours after his termination. The FBI's affidavit goes on to allege that "had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week."

While employers certainly want to be sure to treat terminated employees with dignity on their way out the door, this incident underscores the need also to be sure, once the termination decision has been made and communicated, to immediately take all necessary action to eliminate the employee's computer and other systems or premises access that might give the terminated employee the ability to cause widespread damage before he or she is gone.

• Print
• Comments
• Trackbacks
• Share Link

Back in October, the FTC announced with great fanfare a delay until May 1, 2009 for enforcing the FACTA Red Flag rules. Those rules require financial institutions and creditors to establish written programs for identifying, detecting, and responding to patterns, practices, or specific activities that are warning signs of identity theft. In contrast, the infrequently discussed Address Discrepancy rules that were issued at the same time as the Red Flag rules quietly went into effect as originally scheduled on November 1, 2008. The Address Discrepancy rules, found at 16 C.F.R. §681.1, apply not only to financial institutions and creditors but, potentially, to all employers that use consumer reporting agencies to conduct background checks on applicants and employees.

• Print
• Comments
• Trackbacks
• Share Link

On December 1, 2008, we blogged about the risks of insiders improperly accessing personal data belonging to customers and the general public. Last Thursday's Washington Post highlighted the vulnerability of human resources files to misuse by insiders. The Post reported that a human resources worker at the Library of Congress was charged with, and likely entered into a plea arrangement regarding, conspiracy to commit wire fraud. The worker allegedly accessed a Library of Congress database and obtained personal information, including Social Security numbers, of at least 10 Library employees. The information was then passed on to a third person who opened retail charge accounts in the names of the victims. In a separate matter, the Post also reported the sentencing of a former D.C. public schools employee for stealing the identities of 65 job applicants and co-workers to make retail purchases. According to the article, prosecutors stated that the employee's job gave her access to documents containing the names, birthdates and Social Security numbers of employees and job applicants.

These types of incidents are not isolated events. What are you doing to protect the personal information belonging to your applicants and employees?

• Print
• Comments
• Trackbacks
• Share Link

This past week's national and local news have both included accounts of employees being disciplined for allowing their curiosity to get the best of them. According to CNN.com, Verizon Wireless has fired an undisclosed number of its employees for accessing cell phone records of President-Elect Obama without authorization. In addition, on November 22nd, the Columbus Dispatch reported that four senior managers at the Ohio Department of Job and Family Services have been disciplined for improperly mining state computers for confidential information on "Joe the Plumber." Previously, Governor Strickland had suspended the OJFS director for her role in the incident.

These incidents demonstrate the privacy and confidentiality risks posed by a company’s own employees. Coincidentally, this week Cisco Systems, Inc. released the third in a series of white papers arising out of its global study of data leakage. Cisco's findings suggest that data losses caused by employee behavior -- whether malicious or inadvertent -- have the potential to cause greater financial losses than attacks that originate outside the company. Employee behaviors not only put customer (e.g. Obama) and general public ("Joe the Plumber") data at risk but also corporate trade secret information. The Cisco data suggests that, although it remains important to plug any holes in computer systems to protect against outside intrusions, employers should be spending more time addressing employee behaviors that are putting data at risk. For those who are interested, the Cisco papers can be found at http://cisco.com/en/US/netsol/ns895/index.html.

• Print
• Comments
• Trackbacks
• Share Link

Starting in 2002, in an effort to organize employees at a Cintas Corporation facility in Pennsylvania, UNITE union organizers began recording the license plate numbers of vehicles located in the Cintas parking lot.  The organizers then accessed, either directly or through information brokers, state motor vehicle records to identify the employees’ names and home addresses. Ultimately, through this process, which is known as “tagging”, the union obtained the addresses for approximately 2000 workers (or their relatives or friends) and began visiting their homes with an eye toward convincing them to sign authorization cards. 

Unhappy with these tactics, several employees (together with family and friends whose cars also had been “tagged”) filed a class action lawsuit against UNITE under the federal Driver’s Privacy Protection Act.  That Act provides that a “person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter shall beliable to the individual to whom the information pertains, who may bring a civil action. . . .”

The federal district court found UNITE liable under the DPPA back in 2005, awarded most of the named plaintiffs the statutory $2,500 in damages but deferred consideration of classwide relief.   Finding that the union’s organizing efforts did not constitute a “permissible use” under the DPPA, the Third Circuit, on September 10, 2008, upheld the finding of liability in a decision that can be read here. In addition, the court remanded the case back to the district court to consider whether any of the plaintiffs were entitled to multiple damage awards for multiple DPPA violations and to determine whether to hold a jury trial on punitive damages. 

• Print
• Comments
• Trackbacks
• Share Link

A recent Sixth Circuit decision addressed the issue of whether the disclosure of confidential, proprietary documents by an employee to her attorneys constitutes a protected activity for which the employee cannot be terminated or otherwise disciplined. In 2000, numerous individuals filed a class action against the Cincinnati Insurance Company (CIC), alleging that CIC had discriminated against women in violation of the Equal Pay Act (EPA). Kathy Niswander, a claims manager at CIC, was one of the plaintiffs in the class action. 

In order to respond to CIC’s discovery requests, the plaintiffs’ attorneys asked each of the plaintiffs, including Ms. Niswander, to send them any documents in their possession that related to the case or that might support their discrimination claims. In response, Ms. Niswander sent the attorneys any documents she had that could potentially be relevant, but she also submitted confidential claim-file documents that did not contain any information relevant to the alleged discrimination.

• Print
• Comments
• Trackbacks
• Share Link

Does your company have a policy for disposing of human resources records that contain employee social security numbers and other personal information? A recent Fair Trade Commission (FTC) enforcement action may make such policies a priority for companies in 2008. 

The FTC just agreed to a settlement with American United Mortgage Company of Northbrook, Illinois.  The FTC accused American United of violating the FTC’s Disposal Rule (http://www.ftc.gov/os/2004/11/041118disposalfrn.pdf), which requires companies to dispose of credit reports and credit report information in a safe and appropriate manner. According to the FTC’s Complaint, American United repeatedly disposed of intact consumer credit reports, which contained consumers’ personal information, in an unsecured dumpster near its office. The settlement, which was announced by the FTC on December 18, 2007, requires, among other things, that American Mortgage pay a $50,000 civil penalty for violations of the Disposal Rule and obtain, every two years for the next 10 years, an audit from a qualified, independent, third-party professional to ensure that its security program meets the standards of the settlement order.

• Print
• Trackbacks
• Share Link