Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
October 23, 2015Atlanta • Baltimore • Boston • Charlotte • Chicago • Cleveland • Columbia • Columbus • Dallas • Denver • Fort Lauderdale • Gulfport • Houston
Irvine • Kansas City • Las Vegas • Los Angeles • Louisville • Memphis • New Jersey • New Orleans • Orlando • PhiladelphiaPhoenix • Portland • San Antonio • San Diego • San Francisco • Seattle • Tampa • Washington, DC
It’s None of Your Business: Workplace Privacy Issues
Presented by:
Melanie L. Webber, [email protected]
440/838‐8800
Copyright © 2015 Fisher & Phillips LLP
Not to be reproduced in any manner without prior consent.
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Overview
Traditional: Employee Possessions in Employer’s Workplace
Contemporary: Employee Electronic Data in Employer’s Computers and Networks
• Bring Your Own Device
• Social Media
Future:
Employee Right of Privacy
2
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Surveillance and Searches
Invasion of Privacy (Unreasonable Intrusion)
• Was there an intrusion?
• If so, was the intrusion intentional?
• Did the employee have an objectively reasonable expectation of privacy into the matter intruded upon?
• Was the intrusion highly offensive to a reasonable person?
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Boundaries
Constitution for public employers
National Labor
Relations Act
State statutes
e.g. Statutes limiting access or use of
background checks or
credit histories
e.g. Statutes regarding firearms, tobacco, marijuana
Privacy laws
Other federal laws
3
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Traditional Employment Invasion of Privacy Case
Peitsmeyer v. Jackson Twp. Bd. Of Trustees
• Employee alleged invasion of privacy based on:
– The Employer entering the Employee’s locked office,
– Unlocking desk drawers, and
– Searching a storage locker and discarding some personal belongings, including personal and sensitive items related to the Employee’s son’s legal troubles and personal mementos from the employee’s tour of duty in Vietnam.
• Court found: Employee had no reasonable expectation of privacy with respect to his office furniture because he knew the Employer had master keys to the office and the Employee himself often left his office door unlocked.
(Franklin App. 2003‐Ohio 4302)
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Traditional Employment Invasion of Privacy Case
What about the physical person?
18‐year old McDonald’s employee who was strip‐
searched by assistant manager investigating theft was awarded
$6.1 million. (Ogborn v. McDonald’s Corp., No. 04‐CI‐00769 (Ky. Cir. Ct. Bullitt County Octo. 5, 2007)).
But not if they voluntarily disrobe …
4
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Traditional Employment Invasion of Privacy Case
Another example: Turner v. Shahed Enterprises
• After $50 went missing, an employee reported seeing another employee take the money and put it in her pants.
• At employee’s suggestion, assistant manager accompanied her to restroom where she undressed to show she did not have the money. $50 found in a food prep area where accused employee and others worked. Accused employee was terminated next day.
• Court held “nobody asked her to undress. Rather…[she] was instructed that she did not have to undress, and she insisted in an attempt to exonerate herself. The expectation of privacy… [she] now seeks to protect was lost when she undressed on her own volition.”
Ohio Ct. App., No. 10AP‐892 (Sept. 15, 2011)
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
COMPUTERS COMPLICATE INVASION OF PRIVACY CASES
5
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Contemporary Employment Invasion of Privacy Cases
Computers created a unique legal question:
If the Employee performs work on an Employer’s computer, is the data created, accessed, or obtained on that computer part of the Employer’s “Physical Workplace” or the Employee’s “Personal Property”?
In other words: When is there a “Reasonable Expectation of Privacy” for personal computer data accessed on an Employer’s Computer?
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Employee Expectations of Privacy in Electronic Communications
• 75% of employees accept employer computer monitoring
• 16% of employees are “glad” employers monitor computer activities
• 9% of employees were “mad” about being monitored
Survey Conducted by Spectrosoft, May 23, 2013
6
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Employee Expectations of Privacy in Electronic Communications
• 49% of employees said employers monitored their computer activities
• 69% of employers have Internet policies that allow monitoring
• 15% of employers do not have Internet monitoring policiesSurvey Conducted by Spectrosoft, May 23, 2013
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Searching Your Employee’s Workplace Computer
Alamar Ranch, LLC v. County of Boise
“It is unreasonable for any employee in this technological age … to believe her communications via work‐issued equipment and email addresses would be confidential and not subject to monitoring.”
This does not represent a majority rule or consensus, but it is part of the evolving law of workplace privacy and monitoring.
No. CV‐09‐004‐S‐BLW, 2009 U.S. Dist. LEXIS 101866 (D. Idaho, Nov. 2, 2009)
7
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Searching Your Employee’s Workplace Computer – One View
Stengart v. Loving Care Agency
• On the Employer’s computer, the Employer found .html files of Yahoo! account emails exchanged between former Employee and her attorney regarding former Employee’s lawsuit against Employer.
• Employee sent emails using Employer’s computers and Internet access but through Employee’s personal, password‐protected email account.
• Employer’s Policy: All data residing on the workplace computers is the property of the Employer.
• Emphasizing importance of privacy concerns inherent in attorney‐client communications, the New Jersey Supreme Court held that such communications were privileged – even though on Employer’s computer.
201 N.J. 300, 990 A.2d 650 (2010)
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Searching Your Employee’s Workplace Computer – Another View
Holmes v. Petrovich Dev’t. Co., LLC
• Employer found emails exchanged between Employee and her attorney regarding suit against Employer.
• Employee sent emails using the Employer’s email and computer systems.
• California appellate court held that such communications were not protected by the attorney‐client privilege.
191 Cal. App. 4th 1047, 119 Cal Rptr. 3d 878 (Cal. App. 2011)
8
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Searching Your Employee’s Workplace Computer
Stored Communications Act
Federal statute prohibiting intentional, unauthorized access to private electronic communications (i.e., Facebook or Hotmail).
Creates privacy expectation in private electronic communications.
Computer Fraud and Abuse Act
Criminal statute that provides a civil cause of action for anyone whose computer system or network has been damaged or accessed without authorization, provided certain requirements are met.
Traditionally thought of as a form of relief for those who fall victim to "hackers," the Act has seen increased use in the employer‐employee context.
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Searching YourEmployee’s Workplace Computer
Pietrylo, et al. v. Hillstone Rest. Group
• Password‐protected chat forum and blog for employees
• Management requested access to the blog
• Employees terminated based on content found on blog
• Jury found in favor of employees and a violation of the Stored Communications Act
No. 06‐5754, 2009 U.S. Dist. LEXIS 88702 (D. N.J., Sept. 25, 2009)
9
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Searching YourEmployee’s Workplace Computer
Pure Power Bootcamp, Inc., et. al. v. Warrior Fitness Boot Camp, LLC
• Employer logged into employee’s Hotmail account Employee had used during work hours and on work computer
• Employee left username and password on the workplace computer
• Court found violation of the Stored Communications Act
759 F. Supp. 2d417 (S.D.N.Y. 2010)
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Asking for Employee and Applicant Passwords
• Best Advice: Do Not Do It!
– Arguably illegal under federal law.
– At least 22 states have passed laws prohibiting it.
• Example: Virginia law passed in 2015. Virginia Employers:
– Cannot require current or prospective employee to share login credentials or add a supervisor as a contact on their personal account.
– Cannot retaliate against employees or refuse to hire applicants for exercising their social media privacy rights.
– Law contains exceptions permitting employers to comply with federal, state or local laws, rules and regulations.
10
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Best Practices for Computer Usage Policies
Make clear employees have no expectation of privacy when it comes to using employer equipment.
State reason for policy so employees do not feel their right to privacy is being needlessly infringed.
Describe what constitutes improper use of employer‐owned equipment
• Harassment
• Accessing explicit conduct
• Removing employer’s software programs and data
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Best Practices for Computer Usage Policies
Include description of proper employee computer use.
• Business purposes during working time
Prohibit unauthorized encryption of company
information such as email.
Make it possible to enforce your policy by stating that violating the policy can
lead to disciplinary action. Be specific.
11
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
BYOD: LOL!
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future Employment Invasion of Privacy Cases
• Bring‐Your‐Own Device:
– “BYOD” – term of art used to describe the practice of allowing employees to use personal handheld devices to access employer networks and create business information
– According to 2014 Cisco survey, up to 78% of white‐collar employees use a personal, non‐employer provided mobile device for work purposes
12
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future Employment Invasion of Privacy Cases
Turnover rate in hospitality is estimated anywhere between 60‐300%
HR policy makers: consider policies that serve best interests of organization while engaging employees
Next generation of hospitality workers has grown up with technology (in school and at home) and expect to be connected
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future Employment Invasion of Privacy Cases
• 52% said Anti‐BYOD policies are outdated
• 57.3% said they would have more positive impression of employer if allowed access to mobile devices
• 92.1% agreed that ignoring a guest due to a mobile device would be inappropriate
In a study of undergraduate hospitality college students:
The Impact of Anti‐BYOD Policies on Generation Z Hospitality Employee’s Engagement,
Danny Crinson, University of Nevada, Las Vegas, 2013
13
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future Employment Invasion of Privacy Cases
• Cost Savings
• Employee demand – employees do not want to carry two devices
• Ability to instantly communicate with employees anywhere on the property
• Real‐time notice of customer complaints
• Cost Savings
• Employee demand – employees do not want to carry two devices
• Ability to instantly communicate with employees anywhere on the property
• Real‐time notice of customer complaints
Why Allow BYOD:
But You Need to Understand and Mitigate the Risks
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future EmploymentInvasion of Privacy Cases
• A typical handheld device (smartphone, tablet, phablet) has multiple mechanisms for communication (text, instant message, e‐mail, phone, social media).
• Unlike standard office computer and email account, it is uncommon for an employer to routinely (if ever) retain its employees’ non‐email handheld communications.
• The handheld device, although linked to an employer’s network or Intranet, it is often the private property of the employees.
Handheld devices are unique from standard office computer and email account.
14
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future EmploymentInvasion of Privacy Cases
As of 2014, recent study shows 120 emails are received/sent per “white‐collar” employee per day.Same study projects there will be 1.2 billion email addresses with wireless access by end of 2015. (The Radicati Group, Email Statistics Report, 2011‐2015)
2011 Pew Research Center report found persons aged 18‐24 send/receive approx. 3,000 texts per month; 25‐34 years send/receive approx. 2,240 texts per month; 35‐44 years send/receive approx. 1,557 text per month; 45‐54 years send/receive approx. 998 texts per month; and 55+ send/receive approx. 491 texts per month.
Deloitte estimated that by end of 2014 approx. 50 billion daily instant messages via mobile applications.
Emails
TextMessages
InstantMessaging
Today’s professional (and personal) communications revolve around technology
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future EmploymentInvasion of Privacy Cases
Traditional and contemporary IOP cases concern the
inclusion of private employee information within the confines of employer’s
workplace – whether physical or electronic.
Traditional and contemporary IOP cases concern the
inclusion of private employee information within the confines of employer’s
workplace – whether physical or electronic.
BYOD concerns the inclusion of private employer information within the confines of an
employee’s personal electronic device.
BYOD concerns the inclusion of private employer information within the confines of an
employee’s personal electronic device.
15
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Future EmploymentInvasion of Privacy Cases
• By authorizing employees to use their own devices for work, and subjecting such devices to monitoring and investigation, employers risk violating employee privacy rights related to such devices
• Hidden Costs to Employers:
– Violation of privacy claims by employees
– Stengart v. Loving Care communications on devices
– Federal Stored Communications Act claims
– Federal Computer Fraud and Abuse Act claims
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
BYOD Additional Considerations
→Wage and hour claims (non‐exempt use outside work hours)
→ Confidential information/trade secrets loss
→ Third‐party data breach
→ Electronic discovery / litigation hold burdens
→ Employee distractions, which could be an issue for guest‐facing employees
→ Safety issues, particularly for employees who are working in kitchens or operating vehicles
16
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
BYOD Policy
• BYOD Policy should be a separate document to account for difference in privacy expectations between employer‐owned equipment and employee‐owned equipment
• Include specific monitoring and no expectation of privacy provisions in your BYOD policy
• Address remote wiping of personal devices
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
BYOD Policy
• Include provisions in your BYOD policy that notify employees of litigation hold/preservation duties in personal devices
• Require compliance with employer security software
• Address personal device usage during non‐working time
• Require reporting of lost devices
• Require written acknowledgement and consent to BYOD Policy
17
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
DAWN OF A NEW AGE…
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Careful With That Facebook Account
The Ehling Case:
• An Employee‐nurse sued for wrongful termination
• The Employee’s Facebook page was set for “Friends” only, which included some co‐workers but no managers
• One “Friend” captured screen shots of the plaintiff’s wall and emailed them to managers
• The managers never asked for the screen shots
18
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Careful With That Facebook Account
The Ehling Case:
• The Employee’s argument: the Stored Communications Act applies to non‐public Facebook settings and there was an improper access here because of the “Friends” only setting
• The Court held that the Facebook wall posts were covered by the Stored Communications Act BUT the SCA’sauthorized‐user exception applied because a “Friend” voluntarily emailed the screen shot to a manager without any request or coercion
• Motion for summary judgment was granted
Ehling v. Monmouth‐Ocean Hospital Service Corp.,
No. 2:11 CV 03305 (D.N.J. Aug. 20, 2013)
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Social Media & The National Labor Relations Act (NLRA)
Employees’ statutory rights have not changed since 1935
• §7‐ “Employees shall have the right … to engage in other concerted activities for the purpose of collective bargaining or for mutual aid or protection.”
• §8(a)(1) – “It shall be an unfair labor practice for an employer to interfere with, refrain, or coerce employees in the exercise of rights guaranteed in §7 of this Act.”
19
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Social Media & The NLRA
• Policy Provision No. 1: Employees are prohibited from disclosing or communicating information of a confidential or sensitive nature, or non‐public information concerning the company, on or through company property to anyone outside of the company without the prior approval of senior management or the law department.
Lawful or unlawful under the NLRA?
Unlawful
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Social Media & The NLRA
• Policy Provision No. 2: Employees are prohibited from using the company’s name or service mark outside the course of business without prior approval of the law department.
Lawful or unlawful under the NLRA?
Unlawful
20
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Social Media & The NLRA
• Policy Provision No. 3: Employees are prohibited from publishing any representation about the company without prior approval by senior management and the law department. This prohibition includes statements to the media, media advertisements, electronic bulletin boards, weblogs, and voicemail.
Lawful or unlawful under the NLRA?
Unlawful
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Social Media & The NLRA
• Policy Provision No. 4: Social networking communications must be made in an honest, professional, and appropriate manner, without defamatory or inflammatory comments regarding the employer, its subsidiaries, their shareholders, officers, employees, customers, contractors, and patients.
Lawful or unlawful under NLRA?
Unlawful
21
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Social Media & The NLRA
• Policy Provision No. 5: Employees should not make comments or otherwise communicate about customers, coworkers, supervisors, the company, or the company’s vendors or suppliers in a manner that is vulgar, obscene, threatening, intimidating, harassing, libelous, or discriminatory on the basis of age, race, religion, sex, sexual orientation, gender identity or expression, genetic information, disability, national origin, ethnicity, citizenship, marital status, or any other legally recognized protected basis under federal, state or law laws, regulations, or ordinances. Those communications are disrespectful and unprofessional and will not be tolerated by the company.
Lawful or unlawful under the NLRA?
Unlawful
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Elements of a NLRA Compliant Social Media Policy
Not overly broad so that policy could be interpreted as restricting protected activity;
Includes limiting language clarifying that policy does not restrict protected activity; and,
Clarifies and restricts policy’s scope by including examples of improper conduct.
22
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Today’s Use of Technology – An Example
• Two days before union election:
– Perez is working as a server at a fundraising event
– Assistant Director of Banquets approaches Perez and two other servers and addresses their “chitchatting”
– Perez complains to Gonzalez, who is head of the employees’ union organizing effort
– Gonzalez encourages Perez to take a break
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Today’s Use of Technology – An Example (Con’t)
• Perez took a break proceeding to the bathroom and then outside of the Employer’s facility.
• Using his iPhone, Perez posted a message on his personal Facebook page, stating: “Bob is such a NASTY MOTHER F*** don’t know how to talk to people!!!!!! F*** his mother and his entire f*ing family!!! What a LOSER!!!! Vote YES for the UNION!!!!!!!”
• Perez was discharged because his Facebook comments allegedly violated Employer’s policy. However, the managers declined to provide the policy of explain the basis for the termination.
23
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Today’s Use of Technology – An Example (Con’t)
• NLRB: Discharge constituted an unfair labor practice.
– Perez engaged in protected, concerted activity.
– Comments were not “so egregious” that they exceeded the protection of the NLRA.
• NLRB considered activity in light of the totality of the circumstances.
• NLRB noted that the Employer tolerated widespread profanity in the workplace.
Pier Sixty, LLC, 362 NLRB 59 (2015)
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Practical Guidance – Whether Online Activity is Concerted Activity
• What is the subject matter of the employee’s online post – does the post address terms and conditions of employment, such as wages or working conditions;
• Who made the post (employee or supervisor);
• Whether the online post suggests collective action by employees;
• Whether the online post references earlier discussions among employees;
• Did other employee respond to posting; and,
• What was the content of the responses from other employees – did the responses indicate agreement or were they expressions of sympathy.
24
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Virtual Workplace Policies Checklist
• Acceptable Use Guidelines for information, equipment and network
• No Privacy Expectations
• Information Security and Privacy Protection Policy
• Compliant Social Media Policy
• Bring Your Own Device Policy
• Use of Electronic Devices at Work and While Driving Policy
• Record Retention Policy
• Exit Policy
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Exit Interview Checklist
• Employee reaffirm in writing ongoing contractual and legal obligations (i.e., confidentiality)
• Conduct audit of Employer information on Employee devices
• Return Employer‐provided equipment
• Employee acknowledge that all Employer information has been returned or destroyed in accordance with Employer instructions and Employee has not retained any copies.
• Review litigation holds to determine whether information and/or devices need to be preserved
• Notify information services to terminate Employee access
25
www.laborlawyers.comFISHER & PHILLIPS LLP 440-838-8800
Thank you…
Presented by:
Melanie L. Webber