Workplace Privacy Counsel : San Francisco Employment Privacy Law Lawyer & Attorney : Littler Mendelson Law Firm : Employment Related Privacy Issues

Effective January 1, 2014, recent amendments to Minnesota law will restrict the timing of pre-employment inquiries by most private employers into a candidate’s criminal past.  Employers who are not exempted from the law may not (1) inquire into or consider or require disclosure of criminal record information until the applicant has been selected for an interview or, if there is not an interview, until a conditional job offer of employment has been extended to the applicant, and (2) use any form of employment application that seeks such criminal record information.

The new law does not outright preclude inquiries into or consideration of an applicant’s criminal past.  Representative Tim Mahoney, who sponsored the legislation, has stated that the law “does not prohibit private employers from eventually conducting background checks and fully investigating the criminal past of potential employees,” but, “is designed to get applicants past the initial application stage, so that if they qualify for the job, they get a chance to explain themselves.”  Further, the statute expressly states that it does not prohibit an employer from notifying applicants that either law or the employer’s policy will disqualify an individual with a particular criminal history background from employment for particular positions.  To learn more about the law, please see Littler's ASAP, Minnesota Enacts “Ban the Box Law" Prohibiting Employment Application Criminal History Checkmark Boxes and Restricting Criminal Record Inquiries Until After Interviews or Conditional Job Offers, by Dale Deitchler, Rod Fliegel, Susan Fitzke and Jennifer Mora.

• Print
• Trackbacks
• Share Link

On April 19, 2013, Colorado Governor John W. Hickenlooper signed into law Senate Bill 13-018 (the "Employment Opportunity Act"), which will significantly restrict the ability of Colorado employers to use “consumer credit information” for hiring and other employment purposes unless use of the information is limited to the narrow category of positions set forth in the statute. With this law, Colorado becomes the ninth state to regulate the use of credit-related information for employment purposes, following laws enacted in California, Connecticut, Hawaii, Illinois, Maryland, Oregon, Vermont and Washington. Colorado’s law goes into effect July 1, 2013. To learn more about the law, please see Littler’s ASAP, Colorado is the Latest and Ninth State to Enact Legislation Restricting the Use of Credit Reports for Employment Purposes, by Rod Fliegel, Philip Gordon, and Jennifer Mora.

• Print
• Trackbacks
• Share Link

In April 2012, the Equal Employment Opportunity Commission (EEOC) issued its updated enforcement guidance concerning how, in its view, Title VII of the Civil Rights Act of 1964 (Title VII) restricts an employer's discretion to consider criminal records relative to employment decisions. The EEOC was scheduled to release at the same time its updated guidance concerning the use of credit history information, but at the last minute decided (without explanation) not to do so. Even before April 2012, however, the EEOC filed lawsuits against a handful of employers, including Kaplan Higher Education Corporation (Kaplan), for allegedly violating Title VII by relying on criminal and credit records.

On January 28, 2013, the district court judge in EEOC v. Kaplan Higher Education Corp. granted Kaplan's motion to dismiss the case without a trial, holding the EEOC failed to meet its threshold burden as the plaintiff to prove that Kaplan's screening practices disproportionately excluded protected class members (i.e., had the requisite "disparate impact"). The opinion is significant for employers because: (1) the subject of background checks remains high on the EEOC's agenda (in fact there is an ongoing case in Maryland); and (2) at least for employers who are not government contractors, the EEOC may face more hurdles than it expected in proving disparate impact. Because the court decided the matter based solely on the threshold question of disparate impact, it unfortunately did not reach other important issues, such as whether the EEOC can challenge an employer's use of credit history information when the Commission itself relies on such information in the hiring process. This uncertainty reinforces the benefit to employers of reviewing their background check and related programs.

To learn more about the decision, please continue reading Littler's ASAP, EEOC Suit Against Employer Screening Applicants Based on Credit History Information Dismissed, by Rod Fliegel, Jennifer Mora, and William Simmons.

• Print
• Trackbacks
• Share Link

By Philip Gordon and Calder Huntington

The Consumer Financial Protection Bureau (“CFPB”) — best known as a financial services regulator and for the Senate’s rejection of the nominee to be its first chief (who, in an ironic twist, won a Senate seat in the 2012 elections) — also exercises some regulatory authority with an impact on employers. More specifically, the CFPB has taken responsibility from the Federal Trade Commission for issuing several model forms required by the Fair Credit Reporting Act (FCRA). These forms include, among others, the following: (a) the “Notice to Users of Consumer Reports: Obligations of Users Under the FCRA,” which background check providers are required to give employers who procure background check reports, and (b) the “Summary of Your Rights Under the Fair Credit Reporting Act,” which employers are required to provide to applicants and employees with the FCRA disclosure and authorization form when the employer procures an investigative consumer report and with any pre-adverse action notice sent when an employer intends to rely in whole or in part on information contained in a background check report to make an employment decision.

Last week, the CFPB acknowledged that the Notice of User Responsibilities and the Summary of Rights (as well as two other forms not pertinent to employers) published by the Bureau in December 2011 contained typographical and other technical errors. The announcement is important for employers because the deadline for using the model forms issued by CFPB is January 1, 2013, and some employers and background check companies already had started to use the model forms published in December 2011.

CFPB’s corrected model forms are available here (www.gpo.gov) and here (Amazon – Federal Register Public Inspection).

Employers who were using CFPB’s earlier-issued and erroneous forms in advance of the January 1, 2013 deadline can breathe a sigh of relief. The CFPB has stated that it will regard the use of the error-filled forms published in December 2011 to be compliant “until further notice” so as to “mitigate the impact of these changes on the users of the model forms.” Nonetheless, employers should consider transitioning to the corrected model forms promptly. The CFPB did not state how much advance notice the Bureau will provide before ending the grace period. Transitioning to the corrected forms now will help to avoid a rushed transition later.

Additional information about the new forms can be found at our prior blog post discussing them.

• Print
• Trackbacks
• Share Link

Effective November 18, 2012, most employers that operate in Newark, New Jersey must comply with a new ordinance broadly restricting their discretion to rely on criminal background records for employment purposes. The ordinance prohibits a covered employer from, among other things, conducting a criminal history inquiry unless and until the employer has determined in good faith that such an inquiry is warranted based on the "sensitivity" of the position, has provided the requisite notices to the candidate, and has extended to the candidate a conditional offer of employment. The ordinance does not include a private right of action, but instead provides for the enforcement of fines of up to $1,000 for each violation by an office or agency of the City that will be designated by the Mayor of Newark. It remains to be seen whether the plaintiffs' employment bar will attempt to bring Pierce-type public policy actions, claiming that individuals whose rights have been violated under the ordinance necessarily have a right to vindication by suing directly in court.

To learn more about the ordinance, please continue reading Littler’s ASAP, Employers in Newark, New Jersey Must Comply with a New Ordinance Broadly Restricting Their Discretion to Rely on Criminal Records for Employment Purposes, by Rod Fliegel, Jedd Mendelson, and Jennifer Mora.

• Print
• Trackbacks
• Share Link

In a live BNA webinar taking place on October 30, 2012, a panel of leading experts in the areas of workplace privacy, background checking, and the EEOC’s new enforcement guidance on the use of criminal history for employment decisions will describe critical new developments and their implications for employers. The panel, consisting of Littler shareholders and practice group leads Philip Gordon, Rod Fliegel and Barry Hartstein, also will provide practical recommendations on conducting effective background checks in compliance with the web of new laws regulating the area.

Study after study demonstrates that an organization’s own people pose the most significant threat to information security and the privacy of customer, patient, and employee data. Privacy and human resources professionals have responded by implementing increasingly rigorous screening programs and by subjecting vendors’ employees to similarly stringent background checks. While mitigating privacy and information security risk, these screening programs can unwittingly create substantial legal exposure for the organization.

New federal and state laws are imposing increasingly complex restrictions on criminal history, credit and social media checks. At the same time, regulators such as the EEOC are flexing their enforcement muscle in an area that previously had seen limited enforcement action. These enforcement actions have caught the attention of plaintiffs’ class action counsel who challenge screening in practices in lawsuits alleging violations of federal Fair Credit Reporting Act and other state and federal laws. For these reasons and more, it is critical that employers understand how to apply background check laws in a correct and consistent manner.

Educational Objectives:

• Understand privacy pitfalls and how to avoid them
• Learn to advise your clients to conduct effective pre-employment screening in compliance with the many state and federal laws regulating the area
• Find out how to reduce the risk of government enforcement actions
• Learn to advise your clients how they may gain thorough knowledge of their vendors and who is working for same

Who would benefit from attending the program?

Privacy professionals, human resource professionals, and in-house employment and privacy counsel

Program Level: Intermediate

Credit Available: CLE credit is available

Register

• Print
• Trackbacks
• Share Link

Under a new California law, employers cannot request or require that applicants or employees:

• Disclose social media log-in credentials;
• Access personal social media in the employer’s presence; or
• Divulge any personal social media content.

However, an exception permits employers to ask an employee to divulge personal social media content that the employer “reasonably believe[s] to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations.”

To learn more about the law and its potential implications for employers, please continue reading Littler's ASAP, California’s New Social Media “Password Protection” Law Takes a More Balanced Approach by Accounting for Employers’ Legitimate Business Interests, by Philip Gordon and Lauren Woon.

• Print
• Trackbacks
• Share Link

High-profile enforcement actions by the Federal Trade Commission (FTC) have increased overall employer awareness of the employer-specific requirements of the Fair Credit Reporting Act (FCRA) and corresponding state laws. Before January 1, 2013, employers should use the new FCRA notices for their background check programs, which reflect modest changes to the mandatory agency-drafted FCRA summary of rights form (the "FCRA Summary of Rights"). The FCRA Summary of Rights form must be included: (1) as an enclosure with the first of the two "adverse action" notices – the "pre-adverse action" notice; and (2) with the disclosures for "investigative consumer reports" (i.e., consumer reports based on personal interviews conducted by a consumer reporting agency (CRA), such as in-depth reference checks). The updates reflect the transfer of much of the responsibility for interpreting the FCRA from the FTC to the newly created Consumer Financial Protection Bureau (CFPB). To learn more about the new FCRA notice and its potential implications for employers, please continue reading Littler's ASAP, Employers Must Update FCRA Notices for Their Background Check Programs Before January 1, 2013, by Rod Fliegel and Jennifer Mora.

• Print
• Trackbacks
• Share Link

On August 1, 2012, Illinois Governor Pat Quinn signed into law a bill modifying Illinois' Right to Privacy in the Workplace Act to limit employers' access to applicants' and employees' restricted social media accounts. The Illinois bill applies to both public sector and private sector employers.  The law makes Illinois the second state in recent months (after Maryland) to forbid employers from requesting or requiring log-in credentials for an applicant's or employee's social networking sites.

Specifically, Illinois' new law makes it unlawful for an employer to:

• "request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's account or profile on a social networking website[;]" or
• "demand access in any manner to an employee's or prospective employee's account or profile on a social networking website."

To learn more about the law and its potential implications for employers, please continue reading Littler's ASAP, Illinois' New Social Media Password Protection Law Handicaps Employers' Legitimate Business Activities, by Philip Gordon and Kathryn Siegel.

• Print
• Trackbacks
• Share Link

It has been over one month since we discussed Illinois’s proposed social media password law. On May 22, 2012, both state legislative houses passed HB 3782, a bill that would amend the state’s Right to Privacy in the Workplace Act to prohibit employers from requesting applicant and employee social media login credentials. At that point it looked like Illinois would become the second state to enact such a law – on May 2, 2012, Maryland became the first state to prohibit such conduct. However, the bill was not sent to the governor until June 20, 2012. Moreover, the waiting game may continue because the governor has 60 days to sign, veto, or take no action on the bill. If no action is taken during the 60-day period, the bill becomes law. From a compliance readiness standpoint, because of the bill’s slow movement, if the governor signs the bill (or takes no action), employers will have more time to review and revise relevant policies because the law will not become effective until June 1, 2013; compared to January 1, 2013, had the law been signed before June 1, 2012.

• Print
• Trackbacks
• Share Link

On May 17, 2012, Vermont Governor Peter Shumlin signed Vermont Act No. 154 (S. 95), which prohibits employers, subject to certain exceptions, from using or inquiring into an applicant or employee's credit report or "credit history" for employment purposes. Relying on a variety of statistics regarding the purported reason that families "go into debt" and the alleged increased use of credit reports for employment purposes, the legislature stated that the new law was necessary because "information contained in a credit report has no correlation to job performance" and "credit reports do not provide meaningful insight into a candidate's character, responsibility, or prospective job performance." To learn about the new law and its potential implications for employers, please continue reading Littler's ASAP, Vermont Becomes the Eighth State to Restrict the Use of Credit Reports for Employment Purposes, by Rod Fliegel and Jennifer Mora.

• Print
• Trackbacks
• Share Link

On April 25, 2012, the Equal Employment Opportunity Commission (EEOC) issued its "Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964" (hereinafter "Updated Guidance") concerning the use of criminal records by employers. The EEOC issued the Updated Guidance "on the heels" of its January 2012 announcement of a $3.1 million settlement with an employer following the EEOC's finding that the employer allegedly screened out more than 300 African American job applicants due to their criminal records. Based on the EEOC's systemic initiative, the EEOC also has been intensively scrutinizing the criminal records screening policies used by employers in many different industries, including motor carriers, retailers and manufacturers. A flurry of new EEOC charges and similarly broad investigations by the Commission is virtually certain in the next 12 to 24 months. These developments set the stage for employers to closely review their hiring policies involving the consideration of criminal records in order to assess potential Title VII risk and opportunities to meaningfully reduce that risk without compromising other legitimate and even compelling business interests. A new Littler Report provides information and practical guidance for employers as well has an evolutionary perspective on the development of this latest EEOC Guidance. To learn more about the Updated Gudiance and its implications for employers, please click here.

• Print
• Trackbacks
• Share Link

On Wednesday the Equal Employment Opportunity Commission (EEOC) approved in a 4-1 vote updated enforcement guidance governing the legality of considering a job applicant’s or employee’s criminal history when making hiring or other employment decisions. Commissioner Victoria Lipnic (R) joined the Democrat Commissioners in support of the guidance, while Constance Barker (R) was the lone member to vote against the new guidance. Although the use of credit history for employment screening had been a topic of discussion during an earlier Commission meeting, the Commission has not issued guidance on this topic. Given Commissioner Stuart Ishimaru’s (D) impending resignation, it is likely that any new guidance on credit history would need to be a bipartisan effort with only four Commissioners if such guidance is issued at all anytime soon. To learn more about the revised guidance and its implications for employers, please continue reading at Littler's D.C. Employment Law Update.

• Print
• Trackbacks
• Share Link

Employers continue to wrestle with the issue of whether to require employees and prospective employees to divulge their social media passwords. A recent spike in interest by the media, by advocacy groups, legislators and the general public has refocused attention on the issue. Although it may not be unlawful to seek the information to conduct background checks, deter and investigate harassment of coworkers, and discourage employees from posting online content that disparages the employer's products or services, in most situations, it is inadvisable. To learn more about the pitfalls of social media information requests, proposed federal and state bills prohibiting such requests and their potential implications for employers, please continue reading Littler's ASAP, Though Not Yet Banned, Requiring Social Media Information Is a Bad Idea by Chris Leh.

• Print
• Trackbacks
• Share Link

Effective May 4, 2012, the Massachusetts Criminal Offender Record Information ("CORI") Reform Act (the Act), which was enacted in August 2010 with the controversial "ban the box" legislation, will significantly change the way employers access, use and maintain information obtained through the Commonwealth's CORI system. The Act will allow all employers access to a new online records system, but also imposes obligations on employers that acquire criminal history information from private sources, such as consumer reporting agencies (background report vendors). Employers should review their hiring and background check policies now to determine whether any updates are necessary. To learn about the Act and its potential implications for employers, please continue reading Littler's ASAP, Massachusetts Employers Face New Obligations When Conducting Background Checks Involving Criminal History Records, by Christopher Kaczmarek, Carie Torrence, and Joseph Lazazzero.

• Print
• Trackbacks
• Share Link

Philip Gordon will be speaking on a range of privacy and data protection issues at the following upcoming events:

Date: January 11, 2012
Conference: BNA
Location: Webinar
Topic: Phil Gordon and Michael McGuire, Shareholder and Chief Information Security Officer at Littler, will co-present “The Challenges of Bring Your Own Device (BYOD) to Work Policies”
Description: With employees demanding the ability to use their personal smart phones and tablets for business purposes and employers looking for new ways to reduce cost and increase productivity, the trend towards “dual-use devices” in the workplace will undoubtedly continue to pick up stream. This webinar will provide practical recommendations for both areas so that your organization understands the risks of saying “yes” to requests from C-level executives or department chiefs to connect their smartphones or tablets to the corporate network.
For more information and to register, please visit: www.bna.com/own-device-19107/.

• Print
• Trackbacks
• Share Link

The Equal Employment Opportunity Commission's Office of Legal Counsel released an advisory opinion on employer use of arrest and conviction records during the hiring process. The non-binding letter provides some insight into the Commission's current enforcement position and suggests the Commission: (1) will continue to differentiate between arrest and conviction records; (2) may not be prepared to adopt a presumption of disparate impact in this context; and (3) will in the event of a finding of disparate impact, closely scrutinize the employer's policy with regard to both how long convictions are disqualifying and whether the underlying criminal conduct is related to the job duties for the position in question. To learn more about the EEOC's advisory opinion and its potential impact on employers, please continue reading Littler's Insight, EEOC Advisory Guidance Offers Insight on the Use of Arrest and Conviction Records, by Rod Fliegel and Jennifer Mora.

• Print
• Trackbacks
• Share Link

On October 10, 2011, the Office of California Governor Jerry Brown announced that Governor Brown had signed AB 22, legislation that adds a new provision to the California Labor Code and amends the state's Consumer Credit Reporting Agencies Act to restrict the discretion that private and public sector employers have to use "consumer credit reports" for hiring and personnel decisions. Together, the new laws, which take effect on January 1, 2012, limit when employers lawfully can use consumer credit reports and impose notice and disclosure obligations on employers who intend to do so. To learn more about the laws and their implications for employers, please continue reading Littler's ASAP, California Joins States Restricting Use of Credit Reports for Employment Purposes, by Rod Fliegel and Jennifer Mora.

• Print
• Trackbacks
• Share Link

On Tuesday, July 26, 2011, the Equal Employment Opportunity Commission (EEOC) held its latest meeting on the topic of protections for job applicants with arrest and conviction records under Title VII of the Civil Rights Act of 1964. The full Commission heard remarks from the panelists related to three areas: "Best Practices From Employers," "An Overview of Local, State and Federal Programs and Policies" and "Legal Standards Governing Employers' Consideration of Criminal Arrest and Conviction Records."

Although for the past few years the EEOC has renewed its focus on the hiring process, including Title VII protections for ex-offenders, the current Commissioners (Jaqueline Berrien, Stuart Ishimaru, Constance Barker, Chai Feldblum and Victoria Lipnic) have not indicated whether the EEOC will update its 1987 Policy Statement on the Issue of Conviction Records under Title VII, and did not do so at the July 26 meeting. As a result, it remains important for employers who may be the target of disparate impact claims or charges challenging their conviction-based screening policies to: (1) understand the current state of the case law; and (2) continue to closely monitor developments at the federal, state and local levels in this dynamic area of the law.

To learn more about the EEOC's meeting on employers' use of criminal arrest and conviction records during the hiring process, and the potential implications for employers, please continue reading Littler's ASAP, The EEOC's Priorities Still Include Regulating the Use of Criminal Records by Employers, by Rod Fliegel and Barry Hartstein.

• Print
• Trackbacks
• Share Link

Effective October 1, 2011, employers in Connecticut will face new restrictions on the use of credit reports regarding current or prospective employees as a result of the recent enactment this month of Connecticut Public Act 11-223. In enacting the new law, Connecticut becomes the sixth state limiting employers' use of credit reports, following Hawaii, Washington, Oregon, Illinois, and Maryland. Similar laws are pending in several other states and at the federal level. The Equal Employment Opportunity Commission (EEOC) is also conducting related investigations and pursuing at least one disparate impact claim based on the use of credit reports. Thus, employers who use credit history information to inform hiring or personnel decisions in states that have enacted credit check laws should review their policies for compliance, and employers everywhere should continue to monitor developments in this evolving area of the law. To learn more about the Connecticut law and its implications for employers, please continue reading Littler's ASAP, Use of Credit Reports by Employers Will Soon Be Restricted in Connecticut, by Rod Fliegel and William Simmons.

Photo credit: Pawel Gaul

• Print
• Trackbacks
• Share Link

By Philip Gordon

Last month, the Federal Trade Commission (FTC) published a letter closing its investigation into whether an “Internet and social media background screening service used by employers in pre-employment background screening” complied with the Fair Credit Reporting Act (FCRA). At first blush, the letter appears to be a non-event. The FTC did not impose a penalty but also admonished that its “action is not to be construed as a determination that a violation may not have occurred.” While not much can be drawn from this equivocal result, the FTC’s letter does contain the following important conclusion: the “social check” service in question, known as Social Intelligence, “is a consumer reporting agency because it assembles or evaluates consumer report information that is furnished to third parties that use such information as a factor in establishing a consumer’s eligibility for employment.” Put into plain English, employers that rely on a social check service, like Social Intelligence, to search social media for information about job candidates must comply with the FCRA.

• Print
• Trackbacks
• Share Link

By Philip L. Gordon

I was recently interviewed by Nymity on the dozen top challenges for employers when developing and enforcing social media/Web 2.0 policies. Part I of the interview [pdf] addresses the following questions: 

• Online Background Checks: What are the risks? What are practices that should be curtailed? How can a company gain the benefits of the tools, and minimize those risks?
• Customer‐Facing Company Sites: Such sites and other customer facing tools and techniques can build a brand over night. How does a company avoid the issues and gain the brand lifting benefits?
• Individual Employee Sites for Business Purposes: Who “owns” these sites, such as LinkedIn contacts and Facebook fan pages? Must an employee establish a new account for their work with a company? What are the best practices in these situations?
• Internal Company‐Sponsored Sites: What is special about these that require policy statements or recommendations? Can these sites really be a problem?
• Employees Off‐Duty Social Media Activity: We’ve discussed social media activity for work purposes, what about employees’ off‐duty social media conduct. What are the risks there and how should employers address them?
• Disciplining Employees Based On Off‐Duty Social Media Activity: There seems to be much confusion over when employers can discipline employees for their off‐duty social media activity. What are the key risks to avoid? What are the best practices that can be adopted to avoid what types of risks?

I will post Part II when it becomes available. 

Photo credit: CrackerClips

• Print
• Trackbacks
• Share Link

by Philip L. Gordon

When Maryland enacted its law (pdf) restricting the use of credit history for employment purposes on April 12, 2011, it became the fifth state – joining Hawaii, Illinois, Oregon, and Washington – to enact a credit privacy law. Maryland’s law transforms what was a mildly complicated compliance challenge for multi-state employers into an expanding morass. With credit privacy bills currently pending in more than twenty states, multi-state employers should expect that it will become increasingly difficult to establish company-wide policies on the use of credit history for employment purposes.

The core issue for employers who use credit checks for employment purposes (other than financial institutions which are carved out from each of the laws) is the scope of the exception to the general prohibition against using credit checks for employment purposes. At first blush, there appears to be uniformity because all five states permit employers to use credit checks for employment purposes when the check is “substantially related” to the applicant’s or employee’s job responsibilities.

The crux of the problem is the near total discordance over how “substantially related” should be defined. To begin with, the laws in Washington and Oregon provide no definition at all of “substantially related.” Oregon’s Bureau of Labor and Industry (BOLI), by regulation, defines “substantially related” to mean that an essential function of the job require access to financial information, but the regulations do not define the term “financial information.” Illinois’ law also permits credit checks for positions that “involve access to . . . financial information.” However, it is not clear whether the access must be an essential job function (as is the case in Oregon). Furthermore, Illinois narrowly defines “financial information” to mean “non-public information on the overall financial direction of an organization, including, but not limited to, company taxes or profit and loss reports.” At least as of now, employers have no way of knowing whether Oregon’s BOLI intended to define “financial information” more broadly than Illinois’ legislature.

• Print
• Share Link

By Philip Gordon.

Recently, the American Civil Liberties Union of Maryland tried to publicly embarrass the Maryland Department of Public Safety and Correctional Services (the “Maryland Corrections Department”) into suspending its practice of asking job applicants to disclose their Facebook password so that the Department could check whether the applicant’s wall or stored e-mail revealed any connection to criminal activity. According to a letter dated January 25, 2011 (pdf), sent by the ACLU to the Maryland Corrections Department, this practice “is illegal under the federal Stored Communications Act (SCA), 18 U.S.C. §§2701-11 and its state analog, Md. Courts & Jud. Proc. Art., §10-4A-01, et seq.” The ACLU’s contention is inaccurate.

Both of the cited statutes prohibit unauthorized access to electronic communications stored at an electronic communications service provider. Even assuming that these statutes apply to content stored on Facebook’s servers (and that point is far from settled), the Maryland Corrections Department did not gain “unauthorized” access to applicants’ Facebook page. Rather, the Department would access information on Facebook only after the applicant authorized such access by providing the Department with the applicant’s password.

The true core of the ACLU's position is the following assertion contained in its January 25, 2011 letter: “[T]here can be little question but that forced ‘authorization,’ such as that demanded of [the applicant by the Maryland Corrections Department], is not proper authorization under the SCA, given the disparate bargaining power of the employer and employee or applicant.” While rhetorically appealing at first blush, this argument assumes too much, especially with respect to applicants.

Applicants are not “forced” to provide authorization. The Maryland Corrections Department emphasized that applicants could refuse to provide their password and may still be eligible for a position. But, even if the Department’s practice were to require disclosure of the password, an applicant who does not want a prospective employer to view his “friends-only” Facebook page would have the choice to refuse the request and hope to get the position or seek employment elsewhere. Indeed, if the ACLU’s contention were correct, then the millions of authorizations for pre-employment background checks and drug screens that have been executed by applicants since those forms of pre-employment investigations became routine also would be invalid.

• Print
• Share Link

By Philip Gordon and Katherine Dix

Earlier this week, the United States Supreme Court in NASA v. Nelson (pdf) upheld the National Aeronautics and Space Administration’s (NASA) right to conduct reasonable background checks on the employees of government contractors. While the case focused on the scope of background checks conducted by the federal government, the Court’s ruling provides some useful guidance for private employers as well.

The case arises from NASA’s decision to unilaterally amend its contract with the California Institute of Technology (“Caltech”) — which operates the Jet Propulsion Laboratory (JPL) for NASA — to require that all JPL employees working at JPL undergo broad background checks. In addition to requesting relatively basic background information, the background check asks whether the employee has “used, possessed, supplied, or manufactured illegal drugs” in the last year. If the answer is “yes,” the employee must provide information about “any treatment or counseling received,” which, according to NASA, would be used only as a mitigating factor.

As part of the background check, the government also sends form questionnaires to the employee’s former employers, schools, landlords, and references. The form questionnaire asks whether the reference has “any reason to question” the employee’s “honesty or trustworthiness.” It further seeks “adverse information” about the employee’s “violations of the law,” “financial integrity,” “abuse of alcohol and/or drugs,” “mental or emotional stability,” and “general behavior or conduct.” The questionnaire then provides the reference the ability to provide “additional information” — derogatory or favorable — that may bear on “suitability for government employment or security clearance.”

• Print
• Share Link

In Rea v. Federated Investors, No. 10-1440 (3d Cir. Dec. 15, 2010), the U.S. Court of Appeals for the Third Circuit weighed in on a timely issue for private sector employers: whether Section 525 of the Bankruptcy Code prohibits a private employer from rejecting job applicants based on a bankruptcy filing. The Third Circuit held that the statute's reach does not extend to the hiring process, and it affirmed the district court's order dismissing the case on the pleadings. The court's decision is plainly favorable to private sector employers with operations in the Third Circuit, but employers still should be mindful of several related legal considerations. To learn more about the decision and its implication for employers, please continue reading Littler's ASAP, Third Circuit Clarifies that Bankruptcy Code Does Not Prohibit Employers from Considering Previous Bankruptcies in Hiring Decisions by Rod Fliegel and William Simmons. 

Photo credit: contour99

• Print
• Trackbacks
• Share Link

Close on the heels of the EEOC’s October 20, 2010, public meeting on the use of credit checks by employers, Loudy Appolon filed a putative class action against the University of Miami and the Leonard M. Miller School of Medicine alleging that the schools utilized credit checks in a manner that discriminates against African American and Latino applicants.

The complaint alleges that in 2009, Appolon, an African American, applied for a senior medical collector position with the University of Miami, Miller School of Medicine. She received a conditional offer of employment, contingent on a background check. Prior to beginning her employment — but after she quit her employment with North Shore Medical Center — the University withdrew its offer of employment as a result of her credit report. The credit report on which the University relied contained errors. Appolon corrected the errors with the credit reporting agencies. She also attempted to notify the University of the errors to no avail. According to Appolon, the corrected report showed she had no active credit problems or other problems relevant to the senior medical collector position.

• Print
• Share Link

The EEOC’s decision to dedicate its first public meeting in more than a year, held on October 20, 2010, to employers’ use of credit history as an employment screening tool magnified the recent focus of legislators and regulators on that topic. As discussed in several recent posts, four states — Hawaii, Illinois, Oregon, and Washington — have recently imposed significant restrictions on employers’ use of credit history for employment purposes. Similar legislation is pending in more than fifteen states, and federal legislation, which would impose restrictions even broader than existing state laws, is pending in Congress. In light of these legislative developments, the EEOC meeting was particularly significant for two reasons.

First, none of the participants, comprising representatives of consumer and business interests as well as two academics, were able to cite a single study that proved or disproved the existence of a specific link between any particular credit profile and poor job performance or a propensity to engage in dishonest or criminal conduct. In fact, the two academics’ prepared statements emphasized the dearth of empirical data in this area.

For employers, the absence of reliable studies highlights the need to tread cautiously when using credit history to make employment decisions. Jumping to conclusions not supported by empirical data could, for example, result in the rejection of an applicant whose financial difficulties might actually have motivated the applicant to exceed expectations. In addition, the employer could open itself to allegations that its purported reliance on credit history was a subterfuge for discrimination against the rejected applicant.

• Print
• Share Link

Background checks seem to be a hot topic in state legislatures these days. In the past six months, for example, several states — including Illinois, Massachusetts, Oregon, and most recently California — have enacted laws bearing upon the process of checking the backgrounds of job applicants and employees. Under the new California law (pdf), effective January 1, 2012, background check authorizations must include the “Internet Web site address . . . where the consumer may find information about the investigative reporting agency’s privacy practices.” This seemingly trivial change is endemic to the challenges that employers confront in the area of background check compliance.

No case of which we are aware addresses the question whether an employer’s background check procedures must comply with only the law of the state(s) in which the employer is located, only the law of the state where the applicant or employee resides, or both. The question is far from academic. Even employers located in a single state routinely advertise positions on a company-sponsored web site, or through third-party web sites, accessible to applicants in all fifty states. Further, given the high unemployment rate and the general mobility of the U.S. workforce, job applicants for virtually any position could reside in any state.

In light of these factors, the most conservative employer — even if located in a single state — would conduct background screening in a manner that complies with the laws of all fifty states. However, as noted above, state legislatures are enacting new restrictions on, or requirements for, pre-employment background checks at an accelerated rate. In addition to the challenge of remaining up to date with this surge of legislation, employers face the difficulty of generating compliance forms that are not encyclopedic and that applicants of all educational levels can easily comprehend.

• Print
• Share Link

Yesterday, the U.S. Supreme Court heard oral argument in a case challenging NASA’s background checks of “low risk” private contractors working at the agency’s Jet Propulsion Laboratory (JPL). At first blush, the case does not appear to be particularly relevant to private employers given that NASA is a public employer and, as the oral argument revealed, the appeal will turn principally on the Supreme Court’s interpretation of the federal constitutional right to information privacy applicable only to public employers. Deeper consideration suggests, however, that the Court’s decision could have significant implications for private sector employers.

The case arises from NASA’s decision to unilaterally amend its contract with the California Institute of Technology (“Caltech”) — which operates JPL for NASA — to require that all JPL employees working at JPL undergo broad background checks. After NASA rejected Caltech’s objections to the background check policy, Caltech adopted a policy — not required by NASA — that all JPL employees who did not successfully complete the background check process and receive a federal identification badge would be deemed to have voluntarily resigned their Caltech employment. JPL employees who work at JPL sought to enjoin implementation of NASA’s background check policy.

• Print
• Trackbacks
• Share Link

Recently enacted legislation in Massachusetts will significantly affect employers’ use of criminal history information for employment purposes. While most provisions of the new law (pdf) do not go into effect until May 2012, one provision, effective on November 4, 2010, requires the immediate attention of multi-state employers.

This provision generally prohibits employers from inquiring in an “initial written application form” about an applicant’s criminal history. Two narrow exceptions permit questions about criminal history if a federal or state regulation (1) disqualifies the applicant from employment in the open position based on a criminal conviction; or (2) bars the employer from hiring for one or more positions an individual with a criminal conviction. The second exception, as written in the statute, is ambiguous. It is unclear whether an employer who is barred from hiring a convicted criminal for certain positions may inquire into an applicants’ criminal history on the initial employment application used for a variety of positions, including those that can be filled by a convicted criminal. This issue is particularly important for multi-state employers who use a standard job application form for all jurisdictions.

Before the new law’s November effective date, all multi-state employers should carefully reviewany job application form that is completed by Massachusetts applicants. If the employer has no position for which federal or state law prohibits the hiring of a convicted criminal, the employer should add an instruction to Massachusetts applicants, immediately below any question seeking information about criminal history, directing Massachusetts applicants not to respond. If the employer has one or more positions for which federal or state law prohibits the hiring of a convicted criminal, the employer should consider an instruction which directs Massachusetts applicants not to answer the question unless they are applying for one or more of a list of specified positions. The list would include those positions for which state or federal law prohibits the hiring of a convicted criminal.

• Print
• Share Link

An article that I recently published in BNA’s Privacy & Security Law Report examined the incipient trend towards state law restrictions on the use of credit history in employment decisions. Illinois has now become the fourth state — following Hawaii, Oregon, and Washington — to impose such restrictions, and similar bills are pending in nearly one dozen other states.

The Illinois law, enacted on August 10 and effective on January 1, 2011, generally prohibits employers from making any employment decision based upon an individual’s credit report or credit history. While the term “credit report” is limited to credit information provided by a consumer reporting agency (e.g., a background check vendor), the statute broadly defines “credit history” to include “an individual’s past borrowing and repaying behavior, including paying bills on time and managing debt and other financial obligations.” The new law also generally prohibits employers from obtaining a credit report on an applicant or employee and from asking an applicant or employee about his credit history.

• Print
• Share Link

The Oregon Bureau of Labor and Industries (BOLI) issued final rules to implement restrictions on an employer's use of information contained in an applicant's or an employee's credit history. BOLI's final rules effectuate Oregon's new law, "The Job Applicant Fairness Act," which will go into effect July 1, 2010. To learn more about the regulations and their implications for employers, continue reading Littler's ASAP, Oregon’s Job Applicant Fairness Act Update - BOLI Issues Final Rules, by Howard Rubin and Janice Kim.

• Print
• Trackbacks
• Share Link

Last week, Oregon joined a growing national trend, apparently in response to the recession and the foreclosure crisis, that restricts the ability of employers to use credit history in employment decisions. Under the Oregon law, it is an unlawful employment practice, except in limited circumstances, for an Oregon employer to use credit history in making hiring decisions or any decision affecting current employees. The law confers on Oregon employees the right to file an administrative complaint or a private lawsuit claiming that the law has been violated. Employees who prevail may recover lost wages and attorney fees. The law becomes effective July 1, 2010.

• Print
• Trackbacks
• Share Link

“BeenVerified” is a new mobile Web application that allows users to conduct background checks on any individual by merely entering the name or email address of the individual. Users get three free background checks monthly and unlimited checks for a monthly fee of only $8. BeenVerified has been a smashing success, with more than one million checks run to date.

HR professionals, recruiters, managers, and co-workers may find BeenVerified hard to resist. According to the application, users can check an individual’s “Criminal History, Property Records, Current Contact Info, Relatives, Neighbors, and more,” merely by entering an individual’s name. By entering an email address, the user can find out about the individual’s social networking activities and view “their online photos, websites, blog posts, and entire online presence.” All of the data is compiled into a concise report.

Despite its ease of use and apparent low cost, the BeenVerified app may expose employers to liability under the federal Fair Credit Reporting Act (FCRA) and analogous state laws. These laws prohibit background checks for employment purposes without providing notice and obtaining the subject’s prior, written authorization. The FCRA permits recovery of compensatory damages, including statutory damages for willful violations, and a fee award.

Although BeenVerified states that information obtained “should not be used for employment, tenant screening, or any FCRA related purposes,” the potential for abuse exists. HR professionals, recruiters, managers, and co-workers now have the ability to review financial, criminal, and other personal information about subordinates, co-workers, and applicants without any safeguards to protect against violations of federal and state background check laws. As a result, employers should consider implementing a policy that prohibits employees from using the application to obtain information about any other employee unless the user has complied with the FCRA’s notice and authorization requirements.

This entry was written by Philip L. Gordon and Jennifer L. Mora.

Photo credit: HelleM 

• Print
• Trackbacks
• Share Link

Workplace privacy obligations continue to grow more burdensome for employers. As more information about workers becomes readily available, employers are often caught between a sense that failing to use that information may lead to negligent hiring and retention claims, and a fear that using or disseminating information that is private or protected will lead to litigation in its own right.

Littler Mendelson is a member of the International Association of Privacy Professionals, and a Gold Sponsor of the IAPP's "Practical Privacy Series Human Resources 2008" conference. The conference, which will take place in New York City on June 17, will cover a range of topics, including:

• "What to Do When a Human Resources Security Breach Inevitably Occurs":  A security breach involving human resources data is high-stakes for organizations. This presentation focuses on the most common causes of HR security breaches and explains from the trenches how to respond in compliance with applicable notice laws, and without a disgruntled workforce when the dust clears;
• "It's 10:00 A.M. -- Do You Know Where Your Employees Are and What They Are Doing?": New technology offers employers ever more sophisticated tools to keep tabs on their employees, but to what extent does this monitoring expose them to liability? This session examines the evolving U.S. law on these issues and discusses the challenges for global employers confronting data protection regimes modeled on the EU Data Protection Directive;
• "H.R. Risk Assessments": Safeguarding HR information often plays second fiddle to seemingly more imperative privacy data, such as patient or customer information. Yet it can be among the most sensitive at an organization. This presentation highlights key lessons learned from HR privacy risk assessments across industries, and from helping organizations remediate weaknesses in their control environments. This session looks into the logistics of operationalizing a response program and handling specific recurring incidents; 
• Littler's own Phil Gordon will speak on "Sex Offenders, Terrorists, And Video Resumes: How Far Can You Go To Get Information About Prospective, Current, And Former Employees?": With ready access to sensitive personal information, employers are under increasing scrutiny to maintain a workforce that is beyond reproach. Social networking sites, blogs and other resources offer a wealth of information on candidates and employees. How deeply should employers tap these new information sources? This presentation will help frame the debate for your own organization; and
• I'll be talking about how--and when--an employer can use sensitive medical information in the employment context in a presentation called "How To Handle Employee Health Information And Drug And Alcohol Testing In Compliance With The Alphabet Soup Of State And Federal Confidentiality Requirements": Managing employees’ health is a critical business imperative. Employers confront a maze of laws and regulations governing the confidentiality of employee health information, and dire consequences for mishandling such information. This session addresses questions on collecting, using, storing, documenting and disclosing employee health information, among other concerns.

If you are interested in these topics, or know someone who is, go to International Association of Privacy Professionals and click on the box titled "Practical Privacy Series." We'd love to see you there!

• Print
• Trackbacks
• Share Link

More and more businesses — especially those in highly regulated industries such as banking, telecommunications, and health care — are engaging in “vendor management” as they implement increasingly rigorous information security programs.  Confirming the trustworthiness of vendors’ employees who are permitted on premises or who are authorized access to sensitive information is a cornerstone of such programs.  Consequently, these businesses are starting to make a variety of demands in contract negotiations and requests for proposals (RFPs) for background checks and drug-testing of vendor employees.

The demands vary based upon the industry and the company.  At a minimum, these businesses require their vendors to certify that employees who will be working on the customer’s account have successfully completed a background check and a drug screen.  At the other end of the spectrum, businesses specify the contents of background and drug screens and demand the right to audit the results or even conduct their own background checks and drug tests of the vendor’s employees.

These demands put vendors “between a rock and a hard place.”  On the one hand, vendors want to maintain strong relationships with valued customers and win contracts with new customers.  On the other hand, turning over background checks and drug test results to a customer can raise red flags with the vendor’s workforce regarding their privacy.  And, if not properly handled, the issue can mushroom into an employee relations nightmare and expose the vendor to privacy-based claims.  The problem is particularly acute for vendors who have not previously required current employees, or even job applicants, to submit to background checks or drug tests.

Here are three of the steps vendors might consider to avoid this catch 22:

• Print
• Trackbacks
• Share Link