San Francisco Employment Privacy Law Lawyer & Attorney : Littler Mendelson Law Firm : Employment Related Privacy Issues

Even though people surfing the Internet often leave a trail of data on the web sites they visit, the New Jersey Supreme Court has found a constitutionally protected privacy interest in their anonymity. Rejecting uniform federal court precedent holding that Internet users do not have a reasonable expectation of privacy under the U.S. Constitution in subscriber information stored by their Internet Service Provider (ISP), the state Supreme Court held on April 21 that New Jersey’s Constitution does protect this information against unreasonable searches by law enforcement authorities. While focused on criminal enforcement, the decision most likely will make it even more difficult for employers to identify employees and former employees who anonymously use the Internet to damage companies.

The case arises out of a run-of-the-mill employee vendetta. After defendant Shirley Reid had an argument with the owner of Jersey Diesel, where she was employed, Reid allegedly tried to sabotage the company’s operations. Using her home computer and the unique user ID and password that she had established as part of her job, Reid accessed the web sites of Jersey Diesel’s suppliers and changed the company’s shipping address to a non-existent address. One of Jersey Diesel’s suppliers reported the change to Jersey Diesel and gave the company’s owner the Internet Protocol (IP) address assigned to the computer used to access the supplier’s web site. Jersey Diesel, apparently using an IP Address Locator web site (which is similar to a reverse telephone directory), determined that the IP address was registered to Comcast. Comcast, however, refused to disclose the identity of the subscriber to Jersey Diesel’s owner. The owner then reported the activity to local police. In response to a municipal subpoena served by the local police, Comcast disclosed that Reid was the subscriber associated with the IP address. The local prosecutor indicted Reid on charges of criminal theft.

Continue Reading...

• Print
• Trackbacks

Our last blog entry discussed the First Amendment shield that covers current and former employees who use anonymous or pseudonymous Internet postings to trash their employers. Today’s cautionary tale highlights the practical challenges employers face in court even when a current or former employee posts confidential records on the Web in violation of confidentiality agreements and laws.

Bank Julius Baer & Co., a Cayman Island subsidiary of a Swiss bank, fired a disgruntled vice president. On her way out, she took confidential documents she believed show that her former employer engaged in unlawful conduct. The next day, she posted those documents on a public website devoted to leaking confidential documents.

Instead of pursuing the disgruntled vice president, the Bank filed a lawsuit seeking to enjoin the leaking website, Wikileaks.org, and its domain name registrar, Dynadot. The Wikileaks website enables users to anonymously publish submissions, including alleged confidential corporate and government documents. The site aims to be an “untraceable version of Wikipedia for untraceable mass document leaking and analysis.” The site runs on modified MediaWiki software, similar to the software that runs Wikipedia.

Continue Reading...

• Print
• Trackbacks

The balance of power has shifted. In the “old days” -- before the Internet explosion -- a disgruntled current or former employee did not have many outlets. She might complain to a spouse, a cadre of sympathetic co-workers or a union representative. But her employer had little fear that her scalding criticism of her direct report, the company’s business strategy or senior management would be front-page news or fodder for radio talk shows.

In today’s world of blogs, personal Web pages, chat rooms, and message boards, that dynamic has been flipped. Employees — and particularly terminated, former employees — are venomously trashing their employers in cyberspace, where anyone who wants to “tell all” can speak freely. Employers have been left desperately searching for the answer to one simple question: “How can I shut that guy up?”

A decision published by the California Court of Appeal earlier this month, Krinsky v. Doe 6, highlights one of the major obstacles to squelching these silicon diatribes, often referred to as “cybersmear.” Who do you shut down? Most current and former employees venting on the Web are cagey enough to hide behind anonymity or veiled identity. In Krinsky, for example, the offending poster dubbed the plaintiff, a departing senior executive, “boobs” and said that he would “reciprocate felatoin [sic] with [her] even though she has fat thighs, a fake medical degree, 'queefs' and ... poor feminine hygiene” but, for obvious reasons, did not take personal responsibility for this juvenile comment.

The Krinsky plaintiff, like other business people on the receiving end of an anonymous or pseudonymous diatribe, are left knocking on the typically sealed door of the Internet Service Provider (ISP) that hosts the server where the post resides. The ISPs, fulfilling assurances of confidentiality in their subscriber agreement or complying with obligations imposed by the Stored Communications Act, typically will disclose the identity of an anonymous or pseudonymous user posting content only in response to a subpoena or court order. The ISP also typically will put its subscriber on notice that a subpoena has been served to give the subscriber an opportunity to ask the issuing court to quash the subpoena.

No matter how obnoxious their posting, current and former employees who speak anonymously or pseudonymously on the Web arrive in court with the upper hand; they are cloaked in the protective garb of the First Amendment. The First Amendment does not protect cybersmearing employees from being terminated (albeit anti-retaliation statutes and other statutes might, depending upon the content of the post). Rather, the First Amendment restricts the power of the judiciary to issue a speech-squelching injunction.

Continue Reading...

• Print
• Trackbacks

The recent death of Major League Baseball pitcher Joe Kennedy is a tragic reminder that employees die.  However, in many ways, the employment relationship lives on, albeit under different terms.  Estates may need to be administered.  Law enforcement may need to investigate the cause of death.  Children may need to know if their deceased parent was diagnosed with a genetically transmitted disease.  How are employers supposed to respond to these requests?  More pointedly, do deceased employees have any privacy rights in their health information?  The short answer is “yes”.

Continue Reading...

• Print
• Trackbacks

Gary Ross, the military veteran who urged his employer to accommodate his medical use of marijuana, has failed to convince the Supreme Court of California to revive his case.  On January 24, 2008, the Court affirmed (5 - 2) the trial and appellate court decisions that RagingWire Telecommunications was not required to employ Ross, who tested positive for marijuana, even though his use of the drug has been decriminalized under California’s Compassionate Use Act.

As discussed in an earlier posting, Ross argued that his former employer, RagingWire, had discriminated against him under the California Fair Employment and Housing Act by terminating him because of his positive drug test which resulted form his use of marijuana for his disability.  He also alleged that he had been wrongfully discharged as a matter of public policy.  Yesterday’s decision rejects Ross’s disability discrimination claim for one simple reason:  The Compassionate Use Act provides only that individuals who use marijuana pursuant to a recommendation from a health care provider have a defense to criminal prosecution.  Noting that California voters cannot obscure federal laws which state that the drug poses a risk of abuse, the Court concluded that the Compassionate Use Act simply fails to address the rights of employers and employees.  The Court further observed that any effort to enact such a law would likely generate significant controversy, and it declined to read such a requirement into the limited protections of the statute.

Continue Reading...

• Print
• Trackbacks

In a highly anticipated decision, the National Labor Relations Board has emphatically landed on the side of employers whose policies bar employees from using corporate e-mail resources for union activities.

In The Guard Publishing Co. d/b/a The Register Guard, the Board, in a 3-2 decision, held that “employees have no statutory right to use an employer’s equipment or media for Section 7 communications.”  Section 7 of the National Labor Relations Act  encompasses communications about virtually all union activities by employees, including solicitation, organizing, grievances, picketing, strikes, and discussions about the terms and conditions of employment.  In light of this ruling, an employer may, in the words of the Board, “lawfully bar employees’ nonwork-related use of its e-mail systems,” including use for union activities.

There is a caveat, but as defined by the Board, the caveat is a narrow one:  Employers can not act “in a manner that discriminates against Section 7 activity.” (emphasis supplied).  Significantly, the Guard Publishing decision substantially narrows the prior definition of “discrimination” for purposes of analyzing whether an e-mail policy (or any other policy restricting Section 7 activities) on its face, or as enforced by the employer, interferes with Section 7 rights.

Continue Reading...

• Print
• Trackbacks

It will soon be easier to conduct business on airline flights, and a lot riskier from a privacy perspective.  The New York Times ran a story the other day – “Some Airlines to Offer In-Flight Internet Service” – describing Jet Blue’s plans to begin offering free in-flight e-mail and instant messaging service.  Several other airlines also have announced plans to offer Internet service on their planes.  While the convenience may be welcome news to busy executives who criss-cross the country on non-stop business trips, employers should be concerned about the security of private workplace communications and confidential business information in the cramped confines of an airline cabin.  

Consider the number and proximity of work-related travelers —especially in business class.  Now imagine linking the traveler’s laptop or Blackberry to seat-back entertainment systems (Virgin America has plans to implement a system that allows passengers to send messages during a flight).  And now envision your company’s strategic business plan, or non-public profit figures, on display, like an in-flight movie.  Add to this the passenger’s oblivion to his surroundings and the scrutiny of other bored and seemingly harmless passengers.  Without determined efforts, inadvertent in-flight disclosure of confidential business information could become as commonplace as data breaches caused by stolen laptops.

Continue Reading...

• Print
• Trackbacks

The rumors are flying: The TV news ran a story last night on the evacuation and de-contamination of the local public school after one of the football players missed Saturday’s game because of infection with the MRSA Superbug.  One of your employees happens to have a son on the football team, and she called in sick on the Monday after the game.  Employees who work in the area of her cubicle have “petitioned” HR not to let the mother return to work until she has submitted written documentation from her physician that she is not infected or contagious.  Where does HR even start to unravel the privacy concerns of the mother and her child, and how should those concerns be weighed against the health interests of the mother’s co-workers? 

The legal analyses related to this issue are among the most complex in the area of workplace privacy, involving the interplay of the Americans with Disabilities Act (ADA); the Family and Medical Leave Act (FMLA); the Health Insurance Portability and Accountability Act of 1996 (HIPAA); state privacy statutes, such as California’s Confidentiality of Medical Information Act; state common law; and, at least in California, state constitutional law. 

Before wading into this quagmire, HR professionals should consider the following guidelines for balancing the privacy interests of potentially infected workers and the health interests of co-workers.

Continue Reading...

• Print
• Trackbacks

On November 6, 2007, the California Supreme Court heard long-awaited arguments in the closely watched "medical marijuana" case of Ross v. RagingWire Telecommunications, Inc.  Gary Ross, a network administrator, was terminated eight days into his employment after testing positive for marijuana.  Ross challenged the termination because he had a doctor's recommendation that he use marijuana to relieve chronic back pain.  Ross has alleged that because his use of marijuana was lawful under California's Compassionate Use law, his employer was obligated under state law to accommodate his disability by permitting him to use marijuana as recommended by his physician.  Ross’s attorneys also argued that his discharge violated California's public policy, including California’s constitutionally created right to privacy.

Marijuana use is illegal under federal law.  California has effectively “decriminalized” marijuana use by adopting the Compassionate Use Act of 1996.  The Act allows individuals to purchase, possess, cultivate, and use small quantities of marijuana for medicinal purposes without fear of prosecution by state officials.  Federal officials may prosecute those who use marijuana pursuant to the state law, but as a practical matter, enforcement efforts are much more likely to be focused on cultivation and distribution networks.  The statutory language makes it clear that employees may not possess or use marijuana at work – leading Ross’s attorneys to argue that by implication, the law intended that employees be permitted to use the drug outside of work.

Continue Reading...

• Print
• Trackbacks (1)