Articles Posted in Privacy

Owen H. Laird, Esq.

On July 26, 2016, the New York Times reported on allegations of improper employment practices concerning Bridgewater Associates, an organization commonly considered to be one of the largest hedge funds in the world, if not the single largest. The Times article refers to a complaint filed against Bridgewater by a Bridgewater employee with the Connecticut Commission on Human Rights and Opportunities, a complaint filed against Bridgewater by the National Labor Relations Board, and interviews with former Bridgewater employees.

The article describes a culture of surveillance and control at Bridgewater, with video and audio recordings, security patrols, and even some employees who are required to lock up their phones before heading to their desks. In and of itself, such allegations would not be surprising. Hedge funds are notoriously secretive and controlling over their internal goings-on and strive to protect any advantage they might have over the competition; policies and practices intended to protect internal information are the norm in the financial industry.

Owen H. Laird, Esq.

Over the past week, Apple Inc. and the United States Government have been locked in a dispute over access to information on the iPhone of Syed Rizwan Farook, one of the assailants involved in the mass shooting in San Bernardino, California late last year. The F.B.I. and the U.S. Department of Justice want Apple to enable them to access information on the phone to facilitate the government’s investigation of the shooting, while Apple refuses to do so on the grounds that it would weaken the security and privacy of all other iPhone users.

Our interest in the story is not related to search warrants or the fourth amendment, but rather how the story touches on ever-increasing employer access to employee communications.   The individual in question was an employee of the San Bernardino County Department of Public Health, and the iPhone at the heart of the dispute was owned by the county and provided to Mr. Farook as a county employee. Millions of employees in the United States communicate using employer-provided cell phones, desktop computers, laptops, or tablets, and many more connect to the internet at work on their own personal electronic devices using the employer’s Wi-Fi. While the vast majority of these communications are not made in the furtherance of criminal activity, many may concern disputes between the employer and the employee.

As quoted in a 2003 article by Robin L. Wakefield of the Information Systems Audit and Control Association, “The American Management Association‘s (AMA) 2001 Workplace Monitoring and Surveillance Report indicates that 82 percent of responding managers use some type of electronic monitoring in the workplace…monitoring Internet connections remains the predominant surveillance activity (63 percent), followed by storage and review of e-mail (47 percent) or computer files (36 percent), video recording job performance (15 percent), and the storage and review of voice-mail messages (8 percent). The top three reasons for employee monitoring are legal liability (68 percent), security concerns (60 percent) and legal compliance (50 percent).” Since those data were gathered, all evidence points to a steady and massive increase in the use of various forms of desktop, email, internet, audio and video surveillance by employers.

Many of the reasons that employers give for these practices are difficult to deny. For example, employers are vicariously liable for many actions by their employees and therefore have plenty of reason to monitor and control actions that could end up affecting the company’s bottom line–theft, harassment or other illegal workplace behavior, disclosure of company information, etc. Surveillance can be profitable in other ways: gathering detailed data about employees’ behavior allows companies to take steps to control processes and increase efficiency. Some of the stated reasons for employee surveillance seem downright beneficent. The CEO of “Sociometric Solutions,” a company that provides companies with equipment for monitoring their employees’ communication behavior at work, points to the example of Bank of America, which learned through monitoring that they could increase productivity 10% by giving employees a shared 15-minute coffee break each day.

Of course, the trend toward increasing surveillance of workers has led to concerns about privacy and a fierce debate about how much surveillance should be allowed by law. The statutory and case law in this area are yet to take shape; in practical terms, there are presently few legal restrictions on what companies can do when it comes to monitoring employees.

On February 7, 2014, a class action complaint was filed in the Northern District of California in the case Esayas Gezahegne v. Whole Foods Market California, Inc. In the complaint Plaintiffs allege that the company violated the Fair Credit Reporting Act (FCRA) in its conduct background searches on hundreds of job candidates who filled out online job applications on the company’s website. As part of this first stage in each candidate’s application process, s/he was required to “electronically sign” an online form that reads, in most relevant part:

“I hereby authorize Whole Foods Market to thoroughly investigate my references, work record, education and other matters related to my suitability for employment and, further, authorize the references I have listed to disclose to the company any and all letters, reports, and other information related to my work records, without giving me prior notice of such disclosure. In addition, I hereby release the company, my former employers and all other persons, corporations, partnerships and associations from any and all claims, demands or liabilities arising out of or in any way related to such investigation or disclosure.”

It is generally legal for employers to obtain credit reports and criminal records for the purpose of conducting background checks on potential employees, so long as they obtain consent and properly notify candidates of any adverse action taken by the employer on the basis of these data. The key legal claim in the complaint, the cornerstone of the plaintiffs’ argument in the case, is that the inclusion of a liability waiver with the initial consent form made that form facially invalid. The consent form therefore did not actually entitle Whole Foods to undertake its investigation of Gezahegne or other Class members, defined as “all individuals who executed online authorization forms permitting Defendant to obtain a consumer report as part of an employment applicationat any time from February 7, 2009 until the present…” Thus, Plaintiffs argue, these investigations violated their rights under the FCRA. Plaintiffs further claim that the company committed a willful violation of the FCRA by treating these invalid forms as authorizing them to collect credit and other records, since the law clearly states that an employer must disclose its intention to procure a consumer report for purposes of researching a job candidate “in a document that consists solely of the disclosure.” This is perhaps a fine legal point, but Plaintiffs cite several cases to support their argument that “an employer violates the FCRA by including a liability release in a disclosure document.”

Recent court decisions suggest that not all employee speech is protected under the First Amendment or labor laws. While “liking” photos and comments on Facebook qualifies as protected speech under the First Amendment, comments that raise a reasonable possibility of disruption of the employer’s activities and legitimate interests are unprotected. The National Labor Relations Board recently confirmed this limit to employees’ freedom of speech under labor laws by holding that certain concerted activity is unprotected by the National Labor Relations Act.

In September of this year, the Fourth Circuit Court of Appeals held that a sheriff could not be terminated for simply “liking” the Facebook page of an opponent of the current sheriff. See Bland v. Roberts. However, substantive communications privately sent on social networks may be unprotected speech. In Gresham v. City of Atlanta et al., for example, the Atlanta Police Department was not held liable when it denied a promotion to a police officer after she criticized a colleague’s performance on Facebook through private messages. In this case, the Eleventh Circuit Court of Appeals held that the post was not protected under the First Amendment because it concerned pubic accusations of unethical conduct, which could jeopardize the good working relationship among officers as well as the department’s esprit de corps.

Shepherd v. McGee, presents another example of unprotected speech. In this case, the U.S. District Court for the District of Oregon determined that a state employer was justified in terminating an employee based on derogatory comments privately posted on her Facebook account, which made her employer and colleagues doubt her ability to perform her job. The plaintiff, who was a child protective services worker for the Oregon Department of Health Services, made derogatory comments about individuals receiving public assistance and had suggested the sterilization of individuals who had their parental custody rights revoked. The court agreed with the defendant’s argument that the employee’s posts irreparably impaired her ability to fulfill her job responsibilities since part of her job duty was to testify in court on child protective services matters and her posts made her impeachable by a defense attorney. Furthermore, because the employee’s speech was not directed to a wide audience and it was not considered to be at the core of the First Amendment, it was unlikely to be protected.

The Nevada Office of the Labor Commissioner recently passed Assembly Bill 181, which limits employer access to social media information of employees and applicants. Effective October 1st, 2013, Nevada employees will be prohibited from directly or indirectly requesting, suggesting or causing an employee or applicant to disclose his or her social media account information, including user names and passwords. Employers will not be able to threaten, discharge, discipline, discriminate, or deny employment or promotion to an employee or candidate who refuses or fails to provide information to allow access to his or her personal social media.

This legislation protects the social media privacy of all private employers or any person acting in the interest of an employer in relation to an employee or an application candidate. The law does not include provisions for enforcement or remedies, and it may not be interpreted to allow an employer to act contrary to other state or federal laws. Also, Nevada’s provision does not prohibit employees from requesting social media information so long as it is reasonably believed to be necessary for an investigation related to employee misconduct. The law will be included in the employment practices chapter of the Nevada Revised Statutes (Chapter 613).

Arkansas, California, Colorado, Illinois, Maryland, Michigan, New Jersey, New Mexico, Oregon, Utah, Vermont and Washington are among the thirty-six states that have adopted social medial privacy laws differing in scope and available remedies. Some of these states only prohibit employers from requesting social media information for employees, and do not place such restrictions for the hiring process. For example, the New Jersey employee social media privacy law, signed by Governor Chris Christie on August 29, 2013, allows affected employees to report employer violations to the Commissioner of Labor and Workforce Development, and imposes employer fines of $1,000. However, the New Jersey law does not apply to state and county corrections departments, the state parole board, and state and local law enforcement agencies.

Retailers are cracking down on employees who allegedly steal from them, but their methods are alarming for anyone concerned with the right to privacy.

According to the National Retail Foundation, employees are responsible for 44 percent of “missing merchandise.” Such swindles are occasionally jaw-dropping; in late 2009, a Saks clerk stole $130,000 by running fake returns onto a gift card.

Restaurants face the same issue. The National Restaurant Association claims that fast food restaurants “lose up to seven percent of sales to employee theft,” according to The Atlantic.

Although the evidence on whether the programs work is at best mixed, companies are “increasingly trying to lower health care costs by using incentives to persuade workers to make better lifestyle choices,” according to the New York Times. In practice, this means that less-healthy employees are charged more for health care—which, as the article points out, may worsen the problem that such incentives purport to address: “Programs that reward people for good behavior may be singling out those who were already practicing healthy habits, while those that penalize workers for bad behavior may be unfairly singling out the very people who need lower health care costs.”

CVS’s employee health care incentive program is currently getting the most attention, but they are far from alone. Clearly, better health is a worthy goal, but that must be balanced against employee privacy.

The Times mentions that litigation against the programs has “so far failed to gain traction.” NBC News expands on legal issues at hand:

Among the complications is a possible conflict between the American Disabilities Act and the Health Insurance Portability and Accountability Act. While HIPAA specifically allows companies to offer financial incentives to employees who take part in wellness programs, the ADA states that any questions about an employee’s health must be voluntary (and not coerced with an incentive of anything more valuable than a T-shirt or hat.)

In December, the New York Times ran an unsettling article about the increasing use of credit scores to vet potential romantic partners in the aftermath of the recession.

On Sunday, the paper returned to the subject with an editorial decrying credit history discrimination against job candidates. The Times called for the federal government to fight the practice, including intervention by the EEOC. As they point out, a poor credit score can be more a result of circumstances than character:

Advocates of screening say that it provides insight into an applicant’s character. But those who seek bankruptcy often do so because of unmanageable medical debt. A new study of nearly 1,000 low- and middle-income families by Demos, a research and policy group, suggests that most of those who suffered degraded credit ratings during the recession either lost their job, lacked medical insurance or incurred debt when they were injured or got sick.

Moreover, credit history discrimination has a disparate impact on black and Hispanic Americans, many of whom were targeted by predatory mortgage lenders during the housing bubble.

Checking the creditworthiness of a job candidate or employee can be compared to drug testing: the question in both cases is, when is it warranted to invade a worker’s privacy? In New York, drug testing is legal when it pertains to job function; for truck drivers, for example, safe driving is a necessary job function. Discrimination via credit-check is objectionable in any case, but especially when it is used for jobs that have nothing to do with managing money.

The American Civil Liberties Union (“ACLU”) brought suit against the Chesterfield School District on behalf of one of its students for unconstitutionally promoting religion. Specifically, the District held a prayer rally at a school assembly and prayers at official events.

The ACLU acted on behalf of a middle-school atheist student who did not agree with the Christian activities, such as the evangelical assembly, at school. Moreover, this student was pressured into attending religious events – for instance he was given the choice of attending a religious concert or being sent to the suspension-room. Such treatment hinders students’ freedom of religion and may even be considered religious discrimination.

The ACLU and the Chesterfield School District finally agreed to settle the suit. In the consent decree and order, the Chesterfield County schools admitted they had violated the First Amendment of the U.S. Constitution which mandates separation of church and state. The official outcome of the case prohibits school officials from promoting religion and encouraging prayers at events and was made final on Thursday, January 26, 2012, by a federal judge.