Ch 12 - Workplace Privacy Flashcards
Basics of Conlaw, state contract,
- Conlaw applies 4th amendment to govt employees.
- Er and Ee relationship is contract based - breach of promise to protect privacy
- collective bargaining agreements have privacy provisions - limits on drug testing
Tort law and Ee privacy
- intrusion upon seclusion - egregious (peephole)
- publicity given to privacy life - egregious and free speech defense available
- defamation - false drug test eg -
- state laws add causes of action - eg. can’t ask about filing work comp, and can’t ask for social media pword.
-
Basic overview of federal employment privacy laws
- Federal:
- Anti-discrimination employment laws limit questions into sensitive areas,
- protect privacy in certain benefits information (HIPAA, ERISA, FMLA, COBRA), r
- regulate data collection and record-keeping (FCRA, FLSA, OSHA, Whistleblower Protection Act, NLRA, Immigration Reform and Control Act,
govern specific monitoring practices by employees - covered later
US regulatory bodies that protect employee privacy
DOL - administers FLSA, OSHA,and ERISA
EEOC - administers T7 of Civil Rights Act, Age Discrimination in Employment Act, and Titles I and V of ADA.
FTC and CFP - regulate unfair and deceptive trad practices and enforce FCRA
NLRB
State DOLs and
Prior to Employment:ADA and Medical Screenings
- Medical exams and inquiries BEFORE OFFER MADE imited to those that are “job-related and consistent with business necessity.”
Medical exam may be required AFTER OFFER MADE and condition employment on results IF:
(1) all entering employees are subjected to such an examination regardless of disability,
(2) confidentiality rules are followed for the results of the examination and
(3) the results are used only in accordance with the statutory prohibitions against discrimination on the basis of disability.
Asking about reasonable accommodation in hiring
- Pre offer, generall not ask whether need a reasonable acommodation, except if employer already knows they have a disability.
- After conditional offer, employer may ask as long as all entering employees in same job category are asked as well.
FCRA restrictions on background checks: basics
- CRA providing CR if there is a permissible purpose, which includes pre-employment and promotion/re-assignment/retention as well.
“investigative CR” includes interviews with neighbors, friends, etc. includes reference checks - these also OK if permissible purpose.
To obtain a CRA, employer must meet these criteria
- Provide written notice to the applicant that it is obtaining a consumer report for employment purposes and indicate if an investigative consumer report will be obtained
- Obtain written consent from the applicant
- Obtain data only from a qualified consumer reporting agency, an entity that has taken steps to assure the accuracy and currency of the data
- Certify to the CRA agency that the employer has a permissible purpose and has obtained consent from the employee
- Before taking an adverse action, such as denial of employment, provide a pre-adverse-action notice to the applicant with a copy of the consumer report, in order to give the applicant an opportunity to dispute the report
- After taking adverse action, provide an adverse action notice
Distinctives of the California’s ICRAA - Investigative Consumer Reporting Agencies Act
- On the notice and authorization form, employers must enable applicants and employees to check a box to receive a copy of their consumer report any time a background check is conducted.
- Disclosure to consumers for consent to get investigative CR
must also include
the web address where the applicant or employee “may find information about the investigative consumer reporting agency’s privacy practices, including whether the consumer’s personal information will be sent outside the United States or its territories - The FCRA allows employers to use the original written consent to get updates to the employee’s credit report as needed. The employer, however, must obtain written consent every time a background check is requested under the ICRAA.
- FCRA requires that an employer get written consent only if the employer obtains data from a consumer reporting agency. If the employer does the background check itself it does not need to obtain written consent under the FCRA, because it is doing so via public records. The ICRAA requires employers to give the employee or applicant any public records resulting from an in-house background check unless the employee waives that right, while FCRA does not have this provision.
- if adverse action, under ICRAA employer must give applicant copy of the public records where employer did the check themselves, WHETHER OR NOT APPLICANT OPTED OUT.
Polygraph Testing and the Employee Polygraph Protection Act of 1988
The act prohibits employers from requiring or requesting that a prospective or current employee take a lie detector test. Employers cannot use, accept, refer to or inquire about lie detector test results. The act also prohibits employers from taking adverse action against an employee who refuses to take a test.
Exceptions for certain occupations: govt employees, certain security servcies, , those engaged in the manufacture of controlled substances, certain defense contractors and those in certain national security functions. And can be used in investigations of economic loss or injury to employer’s business (embezzlement, eg)
Substance Use Testing
- no federal law
- 4th amendment applies to public sector workers.
- ADA excludes current illegal drug use from its protections, and drug test is not an examination.
- Alcoholism is a disability.
- Drug history used in employment only very carefully - biz necc.
- Fed law mandates drug testing for certain positions - customs/border,; regulates it for transportation - RR, trucking, aviation. Pre-empts state law that limits drug testing.
Drug testing settings in the workplace
pre-employment generally allowed if not designed to id legal use or addiction to illegal.
reasonable suspicion - allowed as condition of continued employment if reasonable susp.
routine testing - allowed with notification unless state/local law prohibits,
post-accident testing - generally allowed if reas susp substance involved.
random testing - sometimes required by law; generally applicable in occupations where public safety paramount.
Drug testing law in the states
CT, IA, MN generally prohibit Ee testing unles reas susp.
State law varies on whether can discharge for failing test.
Litigation in states on common law actions - defamation, negligent testing, invasion of privacy and violation of contract and collective bargaining agreements.
Lifestyle Discrimination and privacy
- private, unless negatively affect others or are criminal.
- issues of data disclosures, if required, and how to protect sensitive data
Weight
ADA - if 100 lbs overweight, are protected - but details are murky in lower courts
Wellness programs can be issue.
Smoking
Workplace Monitoring - Reasons for monitoring
- Follow workplace safety and other laws that require or encourage monitoring
- Protect physical security (such as video cameras near entrances) and cybersecurity (such as activity on computer systems)
- Protect trade secrets
- Limit liability for unlicensed transmission of copyrighted material and other confidential company information
- Improve work quality, such as by monitoring service calls with customers
- Try to keep employees on task rather than spending time on personal business, such as surfing the web
Factors that limit monitoring
- Privacy concern
- Ethics may prevent.
- Morale
- Cost
- Legal obligation to detect and report misconduct if catch
- Collective bargaining agreements
The need to establish workplace policies about monitoring
- acceptable use for IT equipment (may be state law required)
include: when, purpose, to whom disclosed, consequences of violation
Legal obligation or incentives to monitor
- OSHA compliance
- quality assurance
- defend against tort claims for negl supervision, or discrim claims, eg. - but high standard in discrim case, so may not be worth the intrusion on privacy if discrim case unlikely to prevail
Video surveillance
- without audio, outside federal wiretap and stored record statutes.
- federal law generally not apply, but state statutes and common law create limits in some settings - forbidding in restrooms, locker rooms, or “private place.”
Common law tort of invasion of privacy.
intercepting communications
unless exception applies, interception of wire(phone or sound from video), oral (hidden bugs/mics) or electronic communications (emai, text) is a criminal offense and is a PROA.
2 exceptions (which often apply in workplace)
1 - if one is party to call or given consent (can be 2 way consent states)
2 - done in ordinary course of business.
(comm services company, eg)
Stored Communications
- Recall Stored Comm. Act creates prohibition ag unauth acquisition, alteration or blocking of e-comms while in storage in facility through which an e-comm service provided - unless by person providing the comm service, or by user if ecomm was from/to them.
Postal mail monitoring
If biz reads personal mail incoming to employee can be liable under state torts sometimes - mitigate by advising against receipt of personal mail at work, maintain confid, or just refusing to read.
Location-based services
- can monitor company vehicles for biz purpose
during work hours and pre-notice - monitoring Ee location themselves is harder legally - CA and CT have laws restricting
CA - can’t use e-tracking device to determin geo-loc
CT - can’t monitor at all without notice
common law invasion of privacy claims
Er using social media to monitor
- As of 2017, 25 states have banned Er’s from asking applicants or Ee’s for social media pwords.
- Er shoudl be careful with “social engineering” - i.e. “the use of manipulation to gain access to otherwise private information.”
- risk of SM monitoring could lead to discrim based on politics, health, etc.
BYOD - as part of consumerization of IT (COIT_
- Extra security measures
- Less clear about Er monitoring of own device used for work - expectation of privacy question - company info on the device, but so is personal info, so minimization is key.
- Discovery can cause trouble as well if data on personal devices.
Data Loss Prevention (DLP)
= a strategy to ensure sensitive data is not accessed, misused or lost.
- combines use of IT security tools, utilization of training, and impl of standards and policies
- Can go too far in other direction - record every keystroke, “mass surveillance” eg. - so weigh costs and bens
Investigation of Ee misconduct - VAIL letter and FACTA
- Vail letter ruled conduct investigations by outside orgs as CRs (outside org = CRA) , so had to get consent which meant no undercover allowed.
FACTA addressed this problem. If conditions met, Er not need consent or even notice
Conditions/reqs are 3:
1. communication made to employer in conx with investigation of i) suspected misconduct or ii) compliance with law, pre-existing policy, self-regulatory body
- comm not made for purposes of credit and does not include that type of info.
- comm not provided to anyone other than employer or employer’s agent, governmental person, self regulatory body with authority over, otherwise required by law.
FACTA requires disclosure of the outside ICR summary to Ee, but after concluded.
HR/privacy issues, post employment
- Privacy professionals may also need to consider appropriate practices for maintaining the HR records of former employees.
When an employer is asked to provide references for the former employee, HR, working with legal counsel, should have basic guidelines but collaborate on an appropriate response in more complex circumstances.
Threat of defamation for bad reference, and want to stay on Ee good side in many cases, but on the other hand, state legislatures have responded by passing laws that are designed to encourage accurate reports about former employees
What are the three relevant torts to employee privacy?
- Intrusion upon seclusion
- Publicity given to private life
- Defamation
What is intrusion upon seclusion?
One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.
What is publicity given to private life?
One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person and (b) is not of legitimate concern to the public.
What is defamation?
A communication tending “so to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him.
What federal laws with employment privacy implications regulate benefits related information?
- HIPAA
- COBRA
- ERISA
- FMLA
What federal laws with employment privacy implications regulate data collection and record keeping?
- FCRA
- FLSA
- OSHA
- Whistleblower Protection Act
- NLRA
- IRCA
- Securities Exchange Act of 1934
What federal laws with employment privacy implications regulate monitoring practices?
- Employee Polygraph Protection Act of 1988
2. Wiretap Act, Electronic Communications Privacy Act, and SCA
Which federal agencies protect employee privacy?
- DOL
- EEOC
- FTC
- CFPB
- NLRB
The DOL oversees…
The welfare of the job seekers, wage earners, and retirees of the United States by improving their working conditions, advancing their opportunities for profitable employment, protecting their retirement and health care benefits, helping employers find workers, strengthening free collective bargaining, and tracking changes in employment, prices, and other national economic measurements.
The EEOC prevents…
discrimination in the workplace.
The FTC and CFPB regulate…
unfair and deceptive trade practices.
The NLRB conducts…
elections and investigates and remedies unfair labor practices.
What is the ADA?
The Americans with Disabilities Act of 1990
What does the ADA do?
It created important restrictions on medical screening of candidates before employment. The law forbids employers with 15 or more employees from discriminating against a “qualified individual with a disability because of the disability of such individual,” and specifically covers “medical examinations and inquiries” as grounds for discrimination. Before an offer of employment is made, the ADA permits such examinations and inquiries only where “job related and consistent with business necessity.”
When may a company require a medical examination after an offer of employment, and condition the offer on the results of the examination?
If
- All entering employees are subjected to such an examination regardless of disability,
- Confidentiality rules are followed for the results of the examination, and
- The results are used only in accordance with the statutory prohibitions against discrimination on the basis of disability.
The ADA requires an employer to provide what?
Reasonable accommodations to qualified individuals who are employees or applicants for employment, unless to do so would cause undue hardship.
Under the FCRA, when can an employer obtain a consumer report or an investigative consumer report?
When there is a permissible purpose.
What is a permissible purpose?
- Preemployment screening for the purpose of evaluating the candidate for employment, and
- Determining if an existing employee qualifies for promotion, reassignment or retention.
What is a investigative consumer report?
Is a report in which some of the information is acquired through interviews with neighbors, friends, associates or acquaintances of the employee, such as reference checks.
What standards must an employer meet in order to obtain a consumer report?
- Provide written notice to the applicant that it is obtaining a consumer report for employment purposes and indicate if an investigative consumer report will be obtained
- Obtain written consent from the applicant
- Obtain data only from a qualified consumer reporting agency, an entity that has taken steps to assure the accuracy and currency of the data
- Certify to the CRA agency that the employer has a permissible purpose and has obtained consent from the employee
- Before taking an adverse action, such as denial of employment, provide a pre-adverse-action notice to the applicant with a copy of the consumer report, in order to give the applicant an opportunity to dispute the report
- After taking adverse action, provide an adverse action notice.
What is the ICRAA?
California Investigative Consumer Reporting Agencies Act
What must employers do under the ICRAA?
- Notify applicants and employees of their intention to obtain and use a consumer report.
- Once disclosure is made, the employer must obtain the applicant or employee’s written authorization prior to requesting the report.
- On the notice and authorization form, employers must enable applicants and employees to check a box to receive a copy of their consumer report any time a background check is conducted.
- If employers wish to take adverse employment action, they must provide the employee with a copy of the report, regardless of whether the employee waived the right to receive a copy.
Does the FCRA preempt states from creating laws in the area of employment credit history checks?
No
What does the EPPA do?
Prohibits employers from using lie detectors on employees or to screen applicants.
What exceptions are there to the EPPA?
The EPPA has exceptions for certain occupations such as government employees, etc.
What are some reasons for monitoring employees in the workplace?
- Follow workplace safety and other laws that require or encourage monitoring
- Protect physical security (such as video cameras near entrances) and cybersecurity (such as activity on computer systems)
- Protect trade secrets
- Limit liability for unlicensed transmission of copyrighted material and other confidential company information
Improve work quality, such as by monitoring service calls with customers - Try to keep employees on task rather than spending time on personal business, such as surfing the web
Under the TCPA when is interception of employee communications permitted?
- If a person is a party to a call or where one of the parties has given consent.
- The interception is done in the ordinary course of business.
What is DLP?
Data Loss Prevention
Under FACTA, communications related to an employee investigation that are not considered a Consumer Report are:
- The communication is made to an employer in connection with the investigation of: (1) suspected misconduct related to employment, or (2) compliance with federal, state, or local laws and/or regulations, the rules of a self-regulatory organization, or any preexisting written employment policies
- The communication is not made for the purpose of investigating a consumer’s creditworthiness, credit standing or credit capacity and does not include information pertaining to those factors, and
- The communication is not provided to any person except: (1) the employer or agent of the employer; (2) a federal or state officer, agency, or department, or an officer, agency, or department of a unit of general local government; (3) a self-regulating organization with authority over the activities of the employer or employee; (4) as otherwise required by law; or (5) pursuant to 15 U.S.C. § 1681f, which addresses disclosures to government agencies.
Under the Fair and Accurate Credit Transactions Act (FACTA), communications related to an employee investigation that are not considered a consumer report are:
- The communication is made to an employers in connection with the investigation of (a) suspected misconduct related to employment, or (b) compliance with federal, state, or local laws and/ or regulations the rule of a self-regulatory organization, or any preexisting written employment policies
- The communication is not made for the purpose of investigating a consumer’s creditworthiness, credit standing or credit capacity and does not include information pertaining to those factors
- The communication is not provided to any person except: (a) the employer or agent of the employer; (b) a federal or state officer, agency, or department of a unit of general local government; (c) a self-regulating organization with authority over the activities of the employer or employee; (d) as otherwise required by law; (e) pursuant to 15 USC Sec 168
Under the FCRA, when can an employer obtain a consumer report or an investigative consumer report?
When there is a permissible purpose
Permissible purpose:
- reemployment screening for the purpose of evaluating the candidate for employment, and
- Determining if an existing employee qualifies for promotion, reassignment, or retention
What federal laws with employment privacy implications regulate benefits related information?
- HIPAA
- COBRA
- ERISA
- FMLA (Family Medical Leave Act)
What is an investigative consumer report?
A report in which some of the information is acquired through the interviews with neighbors, friends, associates or acquaintances of the employee, such as reference checks
