: Privacy : Employer Law Report

Home > Privacy >

Social Media Privacy Makes Its Way to Capitol Hill

Posted on February 26, 2013 by Colleen Marshall

Editors' Note: Colleen Marshall, a Senior Attorney in Porter Wright's Litigation Department, is also a widely-recognized, award-winning news anchor for Columbus' NBC-affiliate, WCMH – 4. In a detailed interview with Porter Wright's Sara Jodka last week, Colleen reports on the use of social media by employers: "You Can't Delete Your Way Out Of Social Media."

As noted in a recent blog and in the news report mentioned above, 21 states have social media privacy legislation pending. But, social media privacy could soon be governed by an act of Congress.

Representative Elliot Engel (D-N.Y.) just introduced H. R. 537, the "Social Networking Online Protection Act" that he says will protect both employees and job applicants from employer efforts to obtain passwords to private social media accounts. Unlike most laws currently being considered on the state level, Engel's bill would also protect passwords to email accounts. The bill is currently in the House Committee on Education and the Workforce, and makes a critical distinction between private accounts and social networking accounts owned by employers but maintained by employees in the course of employment.

Ohio Senate Bill 45, the Social Media Privacy Protection Act, is the most recent state effort to prohibit employers from gaining access to private electronic accounts, such as Facebook. Ohio 15th District Senator Charleta Tavares (D-Columbus) introduced the bill in an effort to prohibit employers, employment agencies, personnel placement services, and labor organizations from requiring an applicant or existing employee to surrender their personal password to a social media account. Senator Tavares says she views any effort to obtain an employee's passwords as an invasion of privacy. Similar bills were passed in 2012 in six states: California, Delaware, Illinois, Maryland, Michigan and New Jersey.

It is vital to note that none of the proposed legislation, either on the federal or state level, would stop employers from monitoring the electronic profile of employees and applicants by viewing publicly available social media. As we discussed previously, social media is broadly accepted as a legitimate tool to screen job applicants and make judgments about character and personality. Additionally, social media passwords would still be accessible through discovery in instances of litigation or during wage and hour disputes. Social media passwords are proving to be invaluable tools for discovery, especially in the labor and employment context, as explained to me by Porter Wright attorney Sara Jodka in a recent television interview.

Lawmakers are grappling with employers' right to know versus employees' right to privacy. And, as previously noted, you can't always delete your way out of the mess you create on social media. Additionally, some employees use their private electronic accounts as networking tools or to communicate with clients and vendors. Courts are currently being asked to decide whether executives or employers own Linked-in accounts that were created on company-owned computers. Disputes over passwords and twitter accounts are also making their way through the courts.

The outcome of these cases will be noted in future blogs because alerts will be sent to my personal phone, that is linked to professional calendars and email accounts owned by two employers, that are also available on my personal iPad, which is linked to my husband's business account that is connected to his phone and the laptop used for his S-Corporation. Wouldn't that make for interesting discovery?

A list of other states considering legislation to restrict employer access to private social media can be found here.

Tags: Workplace Privacy, Facebook, Privacy, social media

Supreme Court Upholds Constitutionality of Government Background Screens in NASA v. Nelson

Posted on January 19, 2011 by Brian Hall

The U.S. Supreme Court today issued its decision in NASA v. Nelson, a case that we previewed back in October. As you will recall, the respondents in Nelson were a group of California Institute of Technology employees who worked under a contract with NASA at its Jet Propulsion Laboratory. Pursuant to a Presidential directive, the Department of Commerce required all contract employees with long-term access to federal facilities to complete a standard background check by no later than October 2007. NASA modified its contract with Cal Tech to reflect this requirement, but shortly before the deadline, the respondents filed their lawsuit.

Respondents contended that two specific aspects of the background check process violated their constitutional right to “informational privacy.” Specifically, they challenged a question asking them to state whether they had received treatment or counseling in the last year for illegal drug use and a questionnaire that would be sent to the employees’ references asking open-ended questions about their suitability for federal government employment.

In a unanimous decision (with Justice Kagan not participating), the Supreme Court assumed, without actually finding, that a constitutional right to informational privacy exists. The Court then upheld the background checks as a reasonable exercise of the government’s right to “reasonably investigate applicants and employees to aid in ensuring the security of its facilities and in employing a competent, reliable work force.” Not only were the disputed background check inquiries reasonable, but the Court also found that the respondents’ rights were substantially protected against public disclosure by the federal Privacy Act.

Not surprisingly, the Court was swayed by the fact that the inquiries at issue are “similar to those (that) became mandatory for all candidates for the federal civil service in 1953” and are “part of a standard employment background check of the sort used by millions of private employers.” With respect to the inquiry regarding treatment or counseling for the use of illegal drugs, the Court noted that it was a reasonable follow-up to the prior question about using, possessing, supplying or manufacturing drugs during the previous year and, importantly, that the government used the response to the “treatment or counseling” question as a mitigating factor. Similarly, the Court held that the open-ended inquiries made to the employees’ references were “reasonably aimed at identifying capable employees who will faithfully conduct the Government’s business.”

Furthermore, the Court stated:

Asking an applicant’s designated references broad, open-ended questions about job suitability is an appropriate tool for separating strong candidates from weak ones. It would be a truly daunting task to catalog all the reasons why a person might not be suitable for a particular job, and references do not have all day to answer a laundry list of specific questions.

So, what lessons can we take from the Court’s decision? One is that it is clear that the Court – particularly, Justices Scalia and Thomas who concurred in the Court’s opinion -- has no interest presently in addressing whether a constitutional right to informational privacy exists. Nevertheless, the Court felt it significant that the government was obligated to maintain the privacy of the information obtained through the background inquiries. As a result, employers, even private employers to whom no constitutional obligations attach, should strive to ensure that any applicant or employee background inquiries are reasonably related to the job position at issue and to protect the privacy of the information obtained through such inquiries.

Finally, employers should also recognize that the ADA plays a role here as well. Employers may not ask applicants for employment about treatment or counseling for illegal drug use until after a conditional job offer is made and may not ask employees unless the inquiry is job-related and consistent with business necessity.

Tags: Workplace Privacy, Court, NASA v. Nelson, Privacy, Supreme

Will GINA Impact Ohio Employers' Ability to Conduct Medical Investigations In Workers' Compensation Claims?

Posted on November 11, 2010 by Brian Hall

In the day-to-day administration of their Ohio workers’ compensation programs, self-insured employers (or a TPA or law firm on their behalf) often will obtain a medical authorization from the injured worker and then obtain medical records as part of the employers’ medical investigation. Though the authorization is often limited to specific injuries or body parts, they are just as likely not to be so limited. In addition, despite HIPAA requirements, healthcare providers often produce records in excess of what has been authorized (presumably because they don’t want to take the time or effort to cull through the records and produce only what has been asked for.) As a result, the records obtained frequently will include medical information wholly unrelated to the alleged workers’ compensation injuries and sometimes that information reveals genetic information, such as whether an individual had a test done to determine whether she is at greater risk for breast cancer. Hospital records are notorious for including family history information that may reflect, for instance, that a parent died of cancer or a heart attack at a relatively young age, even when the individual went to the hospital only to have an injured knee looked at.

As a result, in the workers’ compensation context, employers are frequently obtaining genetic information even though they really haven’t asked for it. Should the EEOC’s final rule on Title II of GINA then have any impact on employers’ approaches to their medical investigations conducted in the defense of workers’ compensation claims? Though the rule states that GINA is not intended to “limit or expand the protections, rights, or obligations of employees or employers under applicable workers’ compensation laws,” does that language provide clearance to employers to obtain through its workers’ compensation administration what otherwise would be protected genetic information? According to the EEOC, “genetic information” does not include the fact that an individual has a diagnosed disease, disorder, or pathological condition, so it is difficult (at least for me) to come up with examples of situations when an employer would need genetic information on an employee to assist in the defense of a workers’ compensation claim. Therefore, one could argue that application of GINA to an employer’s medical inquiries and examinations for workers’ compensation purposes does not limit an employer’s rights or expand an employee’s protections under the workers’ compensation laws.

Even if GINA ultimately is interpreted as applying to medical inquiries and examinations in the workers’ compensation context, employers can protect themselves. GINA provides an exception for the “inadvertent” acquisition of genetic information through a lawful request for medical information, but only if the employer directed the individual and/or health care provider from whom it requested medical information not to provide genetic information. The EEOC suggests the following model language for requests for medical information:

"The Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits employers and other entities covered by GINA Title II from requesting or requiring genetic information of an individual or family member of the individual, except as specifically allowed by this law. To comply with this law, we are asking that you not provide any genetic information when responding to this request for medical information. ‘Genetic information’ as defined by GINA, includes an individual’s family medical history, the results of an individual’s or family member’s genetic tests, the fact that an individual or an individual’s family member sought or received genetic services, and genetic information of a fetus carried by an individual or an individual’s family member or an embryo lawfully held by an individual or family member receiving assistive reproductive services."

That is certainly a mouthful, but in many cases, employers can avoid providing this notice by narrowly tailoring a request for medical information failure such that it is not ‘‘likely to result in a covered entity obtaining genetic information’’ Why, however, leave the appropriate scope of the request open to interpretation? The safer approach is probably to include the model language. With respect to employer requested medical examinations, however, there will be no escaping GINA if it applies in a workers’ compensation context. According to the EEOC, employers must tell health care providers not to collect genetic information, including family medical history, as part of a medical examination intended to determine the ability to perform a job, and must take additional reasonable measures within its control if it learns that genetic information is being requested or required. Such reasonable measures may depend on the facts and circumstances under which a request for genetic information was made, and may include no longer using the services of a health care professional who continues to request or require genetic information during medical examinations after being informed not to do so.

Again, it is not clear from the regulatory language that this provision is directed towards independent medical examinations under workers’ compensation laws, but it may be better to be safe than sorry. Remedies available under Title II of GINA are the same as those available under Title VII of the Civil Rights Act, which include compensatory and punitive damages up to the maximum caps. In addition, employers should recognize that the unlawful acquisition of genetic information may also be used by the employee down the line as evidence to support a claim for discrimination or retaliation in violation of GINA. The EEOC’s Rule goes into effect on January 10, 2011.

Tags: EEO, Workplace Privacy, Workers' Compensation, GINA, Genetic Information Nondiscrimination Act, Privacy, workers' compensation

Low-Tech Monitoring of Employees Can Result In Employer Liability

Posted on October 8, 2010 by Brian Hall

While most employment lawyers, myself included, have been focusing lately on the opportunities and risks associated with monitoring new technologies such as social media and GPS devices, the Seventh Circuit reminds us that employers also need to remember that "low-tech" monitoring of employees can result in unexpected liability as well.

In McCann v. Iroquois Memorial Hospital, which was issued on September 13, 2010, a doctor and a former employee at an Illinois hospital had a closed-door conversation in which they criticized the hospital administration. Without their knowledge, their conversation was recorded by a dictation machine, transcribed, and handed by a third hospital employee to the hospital's CEO. As a result, the hospital revoked the doctor's hospital privileges and banned the former employee from coming on hospital premises for any reason other than to obtain her own or a loved one's healthcare. Both individuals sued the third employee, the hospital, the CEO and the Board of Trustees, alleging that the hospital's use of the tape recorded conversation without either of their knowledge violated the federal Wiretap Act. The plaintiffs contended that the third employee had entered the office during the conversation and, while they were talking, she surreptitiously and deliberately turned on the dictation machine to record their conversation. The defendant employee responded that she interrupted a conversation of theirs once but not on the date of the taped conversation, and suggested that the dictation machine simply was left on by mistake by the doctor who had earlier been dictating medical reports.

The Seventh Circuit held that the dispute between the parties as to how the dictating machine got turned on precluded the hospital and the defendant employee from obtaining summary judgment because, under the Wiretap Act, the plaintiffs have to prove that the interception of the conversation was intentional. On the other hand, the Seventh Circuit held that there was no evidence that either the CEO or the Board knew that the tape recording had been obtained illegally -- in fact, the defendant employee suggested that the doctor had accidentally left the dictating machine on -- and therefore upheld summary judgment in their favor.

Though this fact pattern is certainly an unusual one which might only arise in a healthcare setting, employers must understand the boundaries of the federal Wiretap Act. Under the federal act, it is illegal (and there are potential criminal penalties) to use a device to intentionally intercept an oral communication. It also is illegal to intentionally disclose or use the contents of such a conversation while having reason to know that it was unlawfully intercepted.

Under federal law and most state laws, an exception exists if one of the parties to the conversation (including the party that intercepts it) consents to the tape recording. In many states, however, all parties to the conversation must consent to the recording for the exception to apply (but Ohio is not one of them).

Therefore, in Ohio and under federal law, it would be illegal to walk into a room in which a conversation were taking place and leave a tape recorder running in the room. On the other hand, except in those states requiring two-party consent, it would not violate wiretap laws for a disgruntled employee to secretly tape record conversations in order to prove some kind of mistreatment or misconduct. Some states, however, may permit invasion of privacy claims to be brought depending on the circumstances.

At the same time, employers must be careful that managers and supervisors do not violate wiretap laws while seeking to uncover employee misconduct. In addition, employers also should not act upon tape recordings made by rank and file employees before satisfying themselves that the tape recording was legally obtained. Finally, terminating an employee for secret taping of conversations may prompt a retaliation claim by the employee if the taping was being done in an effort to prove unlawful discrimination.

Employers can avoid these most of these messy situations by implementing policies that prohibit secret tape recording and by notifying employees about those situations in which their communications will be recorded.

Tags: Workplace Privacy, McCann v. Iroquois Memorial Hospital, Privacy, wiretap

Endorsement Guides Create Concerns for Employers

Posted on May 14, 2010 by Brian Hall

While many human resources managers spend sleepless nights worrying about the negative things employees may be posting on the Internet about them, this post from our sister blog technologylawsource.com reminds us that the nice things they have to say can get employers into trouble as well. Lesson for employers: Make sure your social media policy makes clear that employees who endorse their employer's products or services on-line must disclose their employment relationship so that consumers are not misled into believing that the endorsement is free from bias.

Tags: Workplace Privacy, Privacy, endorsement, workplace privacy

Facebook Announces New Privacy Controls

Posted on December 9, 2009 by Brian Hall

Facebook has announced that it is implementing new privacy controls beginning today that will give its more than 350 million users more control over the privacy of what they post to their Facebook pages. As reported, Facebook will now give its users the ability to set up lists that, for instance, can place their "friends" into separate groups such as family, high school buddies, and work friends and to choose who to share content with each time they post something. As a result, people easily should be able to choose to share family photos with only family and close friends and other less wholesome postings with whomever they choose. Of course, Facebook also will give users the option of choosing to share a post with "Everyone."

From an employment standpoint, these privacy control changes could make it more difficult for those employers who like to use Facebook as a surveillance tool. For instance, the employee who requested bereavement leave while he actually was on a hunting trip should be able to choose to post comments or photos without sharing them with the boss or co-workers who happen to be Facebook "friends." On the other hand, someone who posts a comment that is disparaging of or detrimental to his employer will have a hard time arguing that the comment was not intended to be widely distributed if he chose to share it with "Everyone" when he posted it.

As with all things social media, only time will tell what impact these changes will have on what we post and what is available for us to see on Facebook.

Tags: Workplace Privacy, Facebook, Privacy

Union's "Tagging" Tactics Violate Employee Privacy Rights

Posted on September 12, 2008 by Brian Hall

Starting in 2002, in an effort to organize employees at a Cintas Corporation facility in Pennsylvania, UNITE union organizers began recording the license plate numbers of vehicles located in the Cintas parking lot. The organizers then accessed, either directly or through information brokers, state motor vehicle records to identify the employees’ names and home addresses. Ultimately, through this process, which is known as “tagging”, the union obtained the addresses for approximately 2000 workers (or their relatives or friends) and began visiting their homes with an eye toward convincing them to sign authorization cards.

Unhappy with these tactics, several employees (together with family and friends whose cars also had been “tagged”) filed a class action lawsuit against UNITE under the federal Driver’s Privacy Protection Act. That Act provides that a “person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter shall beliable to the individual to whom the information pertains, who may bring a civil action. . . .”

The federal district court found UNITE liable under the DPPA back in 2005, awarded most of the named plaintiffs the statutory $2,500 in damages but deferred consideration of classwide relief. Finding that the union’s organizing efforts did not constitute a “permissible use” under the DPPA, the Third Circuit, on September 10, 2008, upheld the finding of liability in a decision that can be read here. In addition, the court remanded the case back to the district court to consider whether any of the plaintiffs were entitled to multiple damage awards for multiple DPPA violations and to determine whether to hold a jury trial on punitive damages.

Tags: Labor Relations, Workplace Privacy, Act', DPPA, Drivers, Privacy, Protection, UNITE

Employer Law Report
Porter Wright Morris & Arthur LLP

Cincinnati 250 East Fifth Street
Suite 2200
Cincinnati, OH 45202-5118
Phone: 513-381-4700
Toll Free: 800-582-5813
Fax: 513-421-0991

Cleveland 925 Euclid Avenue
Suite 1700
Cleveland, OH 44115-1483
Phone: 216-443-9000
Toll Free: 800-824-1980
Fax: 216-443-9011

Columbus Huntington Center
41 South High Street
Columbus, OH 43215-6194
Phone: 614-227-2000
Toll Free: 800-533-2794
Fax: 614-227-2100

Dayton One Dayton Centre
Suite 1600
One South Main Street
Dayton, OH 45402-2028
Phone: 937-449-6810
Toll Free: 800-533-4434
Fax: 937-449-6820

Naples 9132 Strada Place
Third Floor
Naples, FL 34108-2683
Phone: 239-593-2900
Toll Free: 800-876-7962
Fax: 239-593-2990

Washington, D.C. 1919 Pennsylvania Avenue
NW, Suite 500
Washington, DC 20006-3434
Phone: 202-778-3000
Toll Free: 800-456-7962
Fax: 202-778-3063

Porter Wright Morris & Arthur LLP offers this blog for general informational purposes only. The content of this blog is not intended as legal advice for any purpose, and you should not consider it as such advice or as a legal opinion on any matters. The information provided herein is subject to change without notice, and you may not rely upon any such information with regard to a particular matter or set of facts. Further, the use of the blog does not create, and is not intended to create, any attorney-client relationship between you and Porter Wright Morris & Arthur LLP or any individual lawyer in the firm. No such relationship will be considered to have been formed until we have had an opportunity to resolve any conflict of interest issues and have advised you, in writing, of the nature and scope of the legal services to be provided. Unless we establish an attorney-client relationship with you with regard to the particular matter, we will not treat any information that you may send to us, or submit as a comment to a blog article or entry, as confidential or privileged, and any unsolicited communications may be disclosed to other persons without regard to confidentiality considerations. Use of the blog is at your own risk, and the site is provided without warranty of any kind. We make no warranties of any kind regarding the accuracy or completeness of any information on this blog, and we make no representations regarding whether such information is reliable, up-to-date, or applicable to any particular situation. Porter Wright Morris & Arthur LLP expressly disclaims all liability for actions taken or not taken based on any or all of the contents of this blog, or for any damages resulting from your viewing and use of this blog.

Employer Law Report : Employment and Labor Relations Lawyer & Attorney : Porter Wright's Employer Law Report : Employment Litigation, Non-Compete, Trade Secrets

Published By
Porter Wright

Reporting on recent legal developments and trends affecting employers