Philip Gordon, Chair of Littler Mendelson's Privacy and Data Protection Practice Group Chair and a frequent contributor to this blog, was recently interviewed by The Lexblog Network about Maryland's recently-enacted Facebook password law and what it accomplishes.
Video courtesy of The Lexblog Network
On Wednesday the Equal Employment Opportunity Commission (EEOC) approved in a 4-1 vote updated enforcement guidance governing the legality of considering a job applicant’s or employee’s criminal history when making hiring or other employment decisions. Commissioner Victoria Lipnic (R) joined the Democrat Commissioners in support of the guidance, while Constance Barker (R) was the lone member to vote against the new guidance. Although the use of credit history for employment screening had been a topic of discussion during an earlier Commission meeting, the Commission has not issued guidance on this topic. Given Commissioner Stuart Ishimaru’s (D) impending resignation, it is likely that any new guidance on credit history would need to be a bipartisan effort with only four Commissioners if such guidance is issued at all anytime soon. To learn more about the revised guidance and its implications for employers, please continue reading at Littler's D.C. Employment Law Update.
The momentum in the media made it almost inevitable: the first state law to expressly restrict employers from asking applicants and employees for social media account log-in credentials has been passed. Not surprisingly, Maryland, where the issue first burst onto the scene in April 2011, wins the “honor.” However, Maryland likely has opened the floodgates. Bills currently are pending in California, Illinois, Minnesota, New Jersey, and Washington. Employers seeking to understand the implications of the Maryland law must look beyond the blaring headlines to the details of the statute.
To begin with, the law’s general prohibition is both broad and narrow. Effective October 1, 2012 (assuming the Governor signs the law), employers are prohibited from requiring, or even asking, that applicants or employees disclose “any means for accessing,” such as a user name or password, for “any personal account or service” accessed through “computers, telephones, personal digital assistants, and other similar devices.” In other words, the prohibition extends far beyond Facebook and other social media sites to include personal e-mail accounts, personal online banking accounts, and any other online communications or service account.
Continue Reading...Employers continue to wrestle with the issue of whether to require employees and prospective employees to divulge their social media passwords. A recent spike in interest by the media, by advocacy groups, legislators and the general public has refocused attention on the issue. Although it may not be unlawful to seek the information to conduct background checks, deter and investigate harassment of coworkers, and discourage employees from posting online content that disparages the employer's products or services, in most situations, it is inadvisable. To learn more about the pitfalls of social media information requests, proposed federal and state bills prohibiting such requests and their potential implications for employers, please continue reading Littler's ASAP, Though Not Yet Banned, Requiring Social Media Information Is a Bad Idea by Chris Leh.
Yesterday’s $1.5M “Resolution Agreement” between Blue Cross Blue Shield of Tennessee (“BCBST”) and the U.S. Department of Health and Human Services (“HHS”), the agency responsible for enforcing HIPAA, is the fourth major settlement announced by HHS in the past 15 months and the third to exceed seven figures. This settlement has several important messages for employers.
Before turning to those messages, here are the key facts as set forth in the Resolution Agreement. BCBST stored, in a network data closet, computer equipment which included servers and 57 hard drives. The hard drives were part of a system that recorded customer service calls and contained the protected health information (PHI) of more than one million participants, including member names, member ID numbers, diagnosis codes, dates of birth, and Social Security numbers. The network data closet “was secured by biometric and keycard scan security with a magnetic lock and an additional door with a keyed lock.” The property management company for the leased spaced where the network data closet was located provided security services.
After BCBST vacated most of its office space, but while it still leased the space containing the network data closet, thieves stole the 57 hard drives from the closet. The hard drives were not encrypted. BCBST notified HHS of a security breach in accordance with the HITECH Act’s requirements.
Continue Reading...Effective May 4, 2012, the Massachusetts Criminal Offender Record Information ("CORI") Reform Act (the Act), which was enacted in August 2010 with the controversial "ban the box" legislation, will significantly change the way employers access, use and maintain information obtained through the Commonwealth's CORI system. The Act will allow all employers access to a new online records system, but also imposes obligations on employers that acquire criminal history information from private sources, such as consumer reporting agencies (background report vendors). Employers should review their hiring and background check policies now to determine whether any updates are necessary. To learn about the Act and its potential implications for employers, please continue reading Littler's ASAP, Massachusetts Employers Face New Obligations When Conducting Background Checks Involving Criminal History Records, by Christopher Kaczmarek, Carie Torrence, and Joseph Lazazzero.
.jpg)
In its most recent effort to draw lines on the self-described “hot topic” of the “lawfulness of employers’ social media policies and rules,” the National Labor Relations Board’s (NLRB) Office of General Counsel has taken the position that many policy provisions commonly seen in employers’ social media policies violate the National Labor Relations Act (NLRA). This most recent shot across the bow came on January 24, 2012, in the form of a report, issued to senior regional staff, on 14 cases which, according to the General Counsel, “present emerging issues in the context of social media.” This report follows a previous General Counsel report, dated August 18, 2011, which discussed 14 prior NLRB cases involving social media issues.
The cases treated in the report also contain the General Counsel’s opinion on whether the employer in each case violated the NLRA by imposing discipline based on social media conduct. We will cover this aspect of the report in a separate and forthcoming blog post. Here, we will focus on the thicket that the NLRB has created for employers who are trying to gain some reasonable control over what employees publish in social media, often to the world, about co-workers, supervisors, the workplace, and the employer’s products and services.
Continue Reading...
The Supreme Court ruled unanimously yesterday that law enforcement must obtain a search warrant before placing a Global Positioning System (GPS) device on a suspect’s vehicle for purposes of tracking the vehicle’s location. The decision effectively overturned Antoine Jones’s life sentence for drug trafficking which was obtained, in part, through the use of location tracking information generated by a GPS device secretly placed by the FBI, without a search warrant, on Jones’s wife’s Jeep Grand Cherokee. Although the Court’s analysis focuses exclusively on the Fourth Amendment to the U.S. Constitution, which applies only to government actors, the decision has potentially important implications for private employers who are turning increasingly to location-tracking capabilities in vehicles, smartphones, and even laptops to track employees for management and investigative purposes.
To begin with, the Court’s decision highlights the dearth of legislation in the area. None of the Court’s three opinions — the lead opinion by Justice Scalia, a concurrence in that opinion by Justice Sotomayor, and an opinion by Justice Alito concurring in the result but not with Justice Scalia’s reasoning — cited a single federal or state law which regulates location tracking. California’s statute prohibiting the installation of a tracking device on a vehicle without the consent of the vehicle’s owner or lessor appears to be only one of two laws (the other is Texas) on the subject with a significant impact on private employers. In the wake of the Supreme Court’s decision, employers should expect legislative activity in the area.
Continue Reading...
A recent decision by a New York appellate court is one of the first cases to address the surreptitious use of location tracking for employment purposes. The 3-2 split decision highlights the on-going disagreement among judges over the lawful use of Global Positioning Systems (GPS). The New York case is particularly noteworthy because the U.S. Supreme Court in U.S. v. Jones (argued November 7, 2011) (Note: the lower court case is U.S. v. Maynard, on cert to the U.S. Supreme Court the case is U.S. v. Jones, referring to respondent Antoine Jones) is currently considering virtually the same issue addressed by the New York court, but in the criminal context. Given the increasing use of GPS in the workplace, employers need to understand the legal risks associated with this highly effective management and investigative tool.
The subject of the New York case was a 30-year employee of New York’s Department of Labor, serving most of that time as the Department’s Director of Staff and Organizational Development. Despite his high-level position, he had been a “problem employee” for nearly a decade, having been disciplined on several occasions. The dispute that ultimately led to the appellate court decision had its inception in the Labor Department’s investigation of the employee for falsifying time records. The Department initially tried to track him the “old-fashioned way,” i.e., by tailing him, but the employee spotted and evaded the tail. The state’s Inspector General, to whom the Labor Department referred the investigation, then secretly planted a GPS device on the employee’s personal vehicle and collected location data 24/7 for a one-month period. Based, in part, on the location data collected, a Labor Department hearing officer recommended the employee’s termination for, among other things, falsifying time records.
Continue Reading....jpg)
Philip Gordon will be speaking on a range of privacy and data protection issues at the following upcoming events:
Date: January 11, 2012
Conference: BNA
Location: Webinar
Topic: Phil Gordon and Michael McGuire, Shareholder and Chief Information Security Officer at Littler, will co-present “The Challenges of Bring Your Own Device (BYOD) to Work Policies”
Description: With employees demanding the ability to use their personal smart phones and tablets for business purposes and employers looking for new ways to reduce cost and increase productivity, the trend towards “dual-use devices” in the workplace will undoubtedly continue to pick up stream. This webinar will provide practical recommendations for both areas so that your organization understands the risks of saying “yes” to requests from C-level executives or department chiefs to connect their smartphones or tablets to the corporate network.
For more information and to register, please visit: www.bna.com/own-device-19107/.
Add this blog to your feeds or put your e-mail in the box below and hit GO to subscribe by e-mail.
Enter keywords: