Workplace Privacy

Question 1

Workplace Privacy Concepts

Answer 1

Governed by a patchwork of federal, state, and local laws and regulations

Question 2

What role does Human Resource Management play in workplace privacy?

Answer 2

Must balance the needs of the business with employee privacy obligations.

1. Before employment – interviews and employee background screening
2. During employment – employee monitoring and working with labor unions
3. After employment – employee misconduct investigations and terminations

Question 3

FTC Role in Workplace Privacy

Answer 3

Regulates unfair and deceptive trade practices. CFPB regulate unfair and deceptive practices and the use of credit reports.

Question 4

DoL role in Workplace Privacy?

Answer 4

Most directly responsible for employment matters. Oversees the welfare of job seekers, wage earners, and retirees of the US by improving their working conditions, advancing their opportunities for profitable employment, protecting their retirement and healthcare benefit, helping employers find workers, strengthening free collective bargaining, and tracking changes in employment, prices, and other national economic measurements

Question 5

What workplace privacy laws are overseen by the DoL?

Answer 5

o	FLSA
o	OSHA
o	ERISA
o	EPPA
o	FMLA

Question 6

Equal Employment Opportunity Commission (EEOC)

Answer 6

Prevents discrimination in the workplace. Enforces prohibitions on employment discrimination.

Question 7

National Labor Relations Board (NLRB)

Answer 7

Conducts elections and investigates and remedies unfair labor practices. Regulates the rights of workers to organize in labor unions.

Question 8

Securities and Exchange Commission (SEC)

Answer 8

Requires reporting of HR information by publicly traded companies.

Question 9

U.S. Anti-Discrimination Laws

Answer 9

1. Title VII Civil Rights Act of 1964
2. Americans with Disabilities Act
3. Genetic Information Discrimination Act
4. Other federal laws protect against discrimination based upon age, pregnancy, bankruptcy, and other characteristics

Question 10

Title VII Civil Rights Act of 1964

Answer 10

Outlawed discrimination based on race, color, religion, sex, or national origin

Question 11

Americans with Disabilities Act (ADA)

Answer 11

Bars discrimination against qualified individuals with disabilities.

Question 12

Genetic Information Nondiscrimination Act (GINA)

Answer 12

Prohibits the use of genetic information in employment decisions

Question 13

FCRA Employee Background Screening Requirements

Answer 13

Created a national rule for how information is gathered and used pre-employment. FCRA prohibits obtaining a consumer report unless a “permissible purpose” exists. However, permissible purposes include “employment purposes” which in turn include (1) preemployment screening for the purpose of evaluating the candidate for employment and (2) determining if an existing employee qualifies for promotion, reassignment, or retention. FCRA also permits employers to obtain an “investigative consumer report” on the applicant if a permissible purpose exists.

Question 14

To obtain any consumer report under FCRA, an employee must meet the following standards:

Answer 14

o Provide written notice to the applicant that is obtaining a consumer report for employment purposes and indicate if an investigative consumer report will be obtained
o Obtain written consent from the applicant
o Obtain data only from a qualified consumer reporting agency, an entity that has taken steps to assure the accuracy and currency of the data
o Certify to the consumer reporting agency that the employer has a permissible purpose and has obtained consent from the employee
o Before taking an adverse action, such as denial of employment - provide a pre-adverse action notice to the applicant with a copy of the consumer report, in order to give the applicant an opportunity to dispute the report with a summary of their rights
o After taking adverse action, provide an adverse action notice
2. Retain records for one year under most circumstances. FTC requires secure disposal of records when they are no longer needed.

Question 15

Adverse Action Notices

Answer 15

1. Adverse action was taken based on background information
2. Contact information for company providing the report
3. Disclosure that the company providing the report did not take the adverse action
4. Notice of the right to dispute the report

Question 16

Personality and psychological evaluations

Answer 16

Personality screening must be done in a way that avoids violating the ADA. Employee Polygraph Protection Act (EPPA) prohibits the use of lie detectors in most employment settings. EPPA and ADA put significant restrictions of psychological examinations in the workplace. Employers must comply with rules limiting lie detectors as well as the ADA prohibitions on the use of medical tests, including those designed to test an impairment of mental health. Employers continue to use psychological tests measuring personality traits such as honesty, preferences and habits in hiring and employments, although one expert report that such tests may be concentrated in specific positions such as management and sales.

Question 17

Polygraph testing

Answer 17

Employee Polygraph Protection Act of 1988 (EPPA) issued by the DOL, employers are prohibited from using “lie detectors” on incumbent workers or to screen applicants. A “lie detector” is defined to include polygraphs, voice stress analyzers, psychological stress evaluators, or any similar device used for the purpose of rendering a diagnostic opinion regarding an individual’s honesty. The law prohibits employers to use these tests, utilize results of these tests, or take adverse action due to knowledge of these tests.

Question 18

Drug & Alcohol Testing

Answer 18

There are no federal statute that directly governs employer testing of employees for substances such as illegal drugs or alcohol or tobacco. Drug testing may be used in a variety of settings:
o Preemployment – generally allowed if not designed to identify legal use of drugs or addiction to illegal drugs (ADA restrictions)
o Reasonable suspicion – generally allowed as a condition of continued employment if there is “reasonable suspicion” of drug or alcohol use based on specific facts as well as rational inferences from those facts (e.g., appearance, behavior, speech, odors)
o Routine testing – generally allowed if the employees are notified at the time of hire unless state or local law prohibits it
o Post-accident testing – generally allowed to test as a condition of continued employment if there is “reasonable suspicion” that the employee involved in the accident was under the influence of drugs or alcohol
o Random testing – sometimes required by law, prohibited in certain jurisdictions, but acceptance where used on existing employees in specific, narrowly defined jobs, such as those in highly regulated industries where the employee has a severely diminished expectation of privacy, or where testing is critical to public safety or national security.

Question 19

Social Media

Answer 19

Use information obtained from social media accounts carefully to avoid taking discriminatory action. Employers are generally legally permitted to use social media in informing their decisions, they must not violate existing anti-discrimination and privacy laws. Invasive monitoring practices may provide the basis for discrimination lawsuits if the employer accesses and appears to use information that is legally protected.

Question 20

Employee Monitoring Technologies

Answer 20

Employees in the private sector do not have privacy expectations within the workplace (except for restrooms and private areas)

Question 21

Employee Monitoring - Computer usage (including social media)

Answer 21

Monitoring employee computer use is generally permissible.

Question 22

Employee monitoring - biometrics

Answer 22

The use of biometric information is regulated in Illinois, Texas, and Washington have laws requiring different levels of notice, consent, and security regarding biometric information

Question 23

Employee monitoring - location-based services (LBS)

Answer 23

Social media may be used to an employer’s advantage for brand awareness but monitoring employees. Monitoring using location-based services may be regulated by state law

Question 24

Employee monitoring - social media

Answer 24

Employers may monitor employee social media accounts but should not request passwords to personal accounts.

Question 25

Employee monitoring - e-ail and postal mail

Answer 25

Business may open mail sent to a business address. US federal law generally prohibits interference with mail delivery. Employers can mitigate this risk by advising employees not to receive personal mail at work, declining to read mail once it is clear that it is personal in nature, and maintaining confidentiality for any personal information obtained in the course of monitoring

Question 26

Requirements under the Electronic Communications Privacy Act of 1986 (ECPA)

Answer 26

prohibits the “interception of electronic communications.” Most of the activities an employee engages in while connected to a network (e.g., web traffic, e-mail and instant messenger sessions) qualify as electronic communications for these purposes. Interception means acquiring the contents of such communication during transmission, and “contents,” in turn, is defined to include “any information concerning the substance, purpose, or meaning of that communication.” This means that the ECPA does not prohibit the mere collection of information about the activities engaged in by an employee online (e.g., the time spent online, or the volume of data transferred). Rather, it protects the secrecy of the actual data transmitted to and from an employee’s workstation (e.g., the actual appearance of Web sites visited, form data submitted, subject lines and bodies of e-mails sent and received and transcripts of chat sessions, etc.)

Question 27

Stored Communications Act

Answer 27

Most employers choose to obtain explicit consent for employee monitoring

Question 28

Unionized worker issues concerning monitoring in the US workplace

Answer 28

Video surveillance in the workplace must be addressed in union collective bargaining agreements.
1. Employers may not interfere with union organizing activities. Prohibited practices:
o Spying on union activities
o Creating the impression of spying on union activities
o Photographing or videotaping employees engaged in union activities

Question 29

Data handling in misconduct investigations

Answer 29

Employers should be aware of various issues when investigating an employee’s misconduct.

1. Avoid jeopardizing the integrity of the investigation
2. Protect information about individuals who are not the target
3. Avoid unwarranted reputational damage
4. Abide by union collective bargaining agreements

Question 30

Use of third parties in investigations

Answer 30

When employers use third parties, they may expose themselves to liability under FCRA. FCRA generally requires notice and employee consent when the employer obtains a consumer report. According to an opinion letter issued to the FTC known as the “Vail Letter” if an employer hired an outside organization such as a PI or background research firm to conduct these investigations, the outside organization constituted a “consumer reporting agency” under FCRA.

Question 31

FACTA changes to FCRA

Answer 31

FACTA changed the definition of “consumer report” under FCRA to exclude communications relating to employee investigations from the definition if three requirements are met:
o The communication is made to an employer in connection with the investigation of: (i) suspected misconduct related to employment, or (ii) compliance with federal state, or local laws and/or regulations, the rules of self-regulatory organization, or any pre-existing written employment policies;
o The communication is not made for the purpose of investigating a consumer’s creditworthiness, credit standing, or credit capacity and does not include information pertaining to those facts; and,
o The communication is not provided to any person except: (i) the employer or agent of the employer, (ii) a federal or state officer, agency, or department, or an officer agency, or department of a unit of general local government, (iii) a self-regulating organization with authority over the activities of the employer or employee, (iv) as otherwise required by law, or (v) pursuant to 15 U.S.C. 1681f, which addresses disclosures to government agencies

Question 32

Documenting performance problems

Answer 32

1. Must be provided to the recipient of adverse action
2. Must include the nature and substance of the report
3. May exclude witness names
4. Must only be shared within the organization or otherwise required by law

Question 33

Termination of the employment relationship

Answer 33

Departure of employees is a predictable event; IT systems should be designed to minimize the disruption to the company and other employees when a person no longer as authorized access.

Question 34

Exit Interviews

Answer 34

Provide a chance to debrief departing employees. Use exit interview to remind employees of their NDA.

Question 35

Transition Management

Answer 35

Basic steps to transition when an employee leaves includes:

1. Secure the return of badges, keys, smartcards and other methods of physical access
2. Disable access for computer accounts
3. Ensure the return of laptops, smartphones, storage drives, and other devices that may store company information
4. Seek, where possible, to have the employee return any company data that is held by the employee outside of the company’s systems
5. Remind employees of their obligations not to use company data for other purposes
6. Clearly marked personal mail, if any, should be forwarded to the former employee, but work-related mail should be reviewed to ensure that proprietary company is not leaked.

Question 36

Records retention

Answer 36

retain employee records in accordance with records retention policies.

Question 37

References

Answer 37

Common law poses no duty on a former employer to supply a reference for a former employee, but some modern state statutes do require references for specific occupations. The common law provides what is known as a “qualified privilege” for employers to report their experience with and impressions of the employee, to help in defense against defamation suits. Adopt standard practices for handling reference requests (should be consistent and comply with legal and regulatory requirements)