pli workplace privacy in the year 2013 2013-6-13
DESCRIPTION
Addresses privacy issues associated with hiring in a social media world, privacy issues associated with BYOD programs; employee privacy rights associated with off-duty activity including Facebook postings and activity protected by lifestyle laws.TRANSCRIPT
![Page 1: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/1.jpg)
Workplace Privacy In the Year 2013
June 18, 2013
Margaret A. KeaneLittler Mendelson, P.C., San Francisco Office
[email protected]/in/makeane/
Presented to Practicing Law Institute by:
1
![Page 2: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/2.jpg)
2
Today’s program
• Workplace Privacy Issues– The New World
– Hiring Practices, circa 2013• Overview of Social Media in the Hiring Process• Social Media Checks• Password Protection Statutes• FCRA• EEOC Guidance on Criminal Background Checks• Foreign data protection laws
– Employee Monitoring, Whistleblower Hotlines
– Yours, Mine or Ours: BYOD and Other Challenges of Mobile Devices
– Geo-location – GPS, RFID and more
– The NLRA, Drafting Social Media Policies, and Confidentiality
– Ownership and Control of Social Media Accounts
– Genetic Information Non-Discrimination Act
![Page 3: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/3.jpg)
3
No Expectation of Privacy?
Despite diminished expectations of privacy, numerous laws address aspects of workplace privacy. • Federal privacy laws include HIPPA, Gramm-Leach-Bliley (“GLB”),
Children’s On-Line Privacy Protection Act (“COPPA”), Electronic Communications Protection Act (“ECPA”), Stored Communications Act (“SCA”), Fair Credit Reporting Act (“FCRA”), Genetic Information Non-Discrimination Act (“GINA”), Americans with Disabilities Act (“ADA”)
• State privacy and “lifestyle” laws and new state Password Protection laws (ex. CA AB 1844)
• Related Laws– Record Retention Requirements, particularly for government contractors,
medical and financial services sectors
– Security Breach Notification Statutes
– FINRA, FDA and other sector-specific regulations
![Page 4: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/4.jpg)
4
No Expectation of Privacy?
In Europe, employees have privacy expectations, because legal protections do not depend on a “reasonable expectation of privacy”- data protection laws- wiretap, telecommunications secrets- labor & employment laws
![Page 5: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/5.jpg)
5
New Hiring Paradigms
• In many sectors, work no longer needs to be performed in a designated place or at a designated time.– Cloud-based applications can be reached anywhere/anytime
• New work models are prevalent for providing IT and other task or project-based services– Ex. – Elance, oDesk, Collabworks
• On-demand sourcing models are becoming mainstream in legal community – scope goes well beyond e-discovery
• New models challenge legal system of employment laws tied to physical location and fixed hours
![Page 6: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/6.jpg)
6
Today’s Mobile Worker: A World of Sharing
![Page 7: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/7.jpg)
We Love Our Smartphones. . .
7
Source: http://www.slideshare.net/kleinerperkins/kpcb-internet-trends-2013?utm_source=slideshow03&utm_medium=ssemail&utm_campaign=share_slideshow_loggedout
7
![Page 8: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/8.jpg)
8
Are Smartphones An Extension of Our Brains?
Source: http://www.slideshare.net/kleinerperkins/kpcb-internet-trends-2013?utm_source=slideshow03&utm_medium=ssemail&utm_campaign=share_slideshow_loggedout
![Page 9: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/9.jpg)
9
Social Media Use and Channels Continue to Grow
Source: http://www.slideshare.net/kleinerperkins/kpcb-internet-trends-2013?utm_source=slideshow03&utm_medium=ssemail&utm_campaign=share_slideshow_loggedout
![Page 10: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/10.jpg)
What Do You Do When You First Wake Up?
Always Connected, IDC Study,Sponsored by Facebook, March 2013
1010
![Page 11: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/11.jpg)
Blurring The Lines: Work vs. Personal
90% of full-time employees use a personal smartphone for work purposes
– 62% of those use it every day
– 39% don’t use password protection
– 52% access unsecured wifi networks
– 69% believe they are expected to access work emails after hours
1 in 10 workers receive a stipend for their smartphone
(Cisco, BYOD Insights in 2013: A Cisco Partner Network Survey, March 2013)
1111
![Page 12: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/12.jpg)
12
Social Media, Privacy and the Hiring Process
![Page 13: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/13.jpg)
Social Networking in Talent Sourcing and Promotion
• 91% of employers had hired a staff member based on their social networking profile
• 69% decided not to make job offer to candidate after seeing profile (photos of drugs/drinking or inappropriate behavior were the most popular reasons for eliminating candidate)
• 47% of companies check candidates' profiles on social networking sites after they receive an application and 27% review after a screening interview.
Source: Job Screening With Social Networks: How Are Employers Screening Job Applicants, Reppler, October 2011
Source: The Use of Social Networking Websites and Online Search Engines in Screening Job Candidates, Society for Human Resource Management, August 25, 2011
13
![Page 14: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/14.jpg)
Getting to Know You: Risks of Using Social Media in the Hiring Process
• Risk of making employment decisions based on inaccurate, irrelevant or false info
• Online social networking profiles often present personal information not properly subject to inquiry during the hiring process
• Potential to eliminate applicants based on protected class status in violation of federal and state anti-discrimination laws
• Need to balance applicant’s rights with employer’s need to screen candidates thoroughly
• Decisions made based on lawful, off-duty conduct may violate state “lifestyle” laws
14
![Page 15: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/15.jpg)
15
Source: www.facebook.com/blaise.dipersia (Facebook Page Designer -- Sample Page)
![Page 16: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/16.jpg)
Passwords
• At last count, thirteen states have enacted legislation to prohibit employers from asking applicants or employees for social media passwords or other log-in credentials, including CA, CT, CO, HI, IL, MD, MI, NV, NM, OR, UT, VT and VI. Others have pending legislation and federal legislation has also been introduced.
• California’s statute provides an exception that permits employers to “request an employee to divulge personal social media reasonable believed to be relevant to an investigation” of allegations of misconduct.
• California also has an exception for usernames and passwords used to access employer-issued devices.
• Be aware of tensions between State laws and FINRA obligations to supervise and retain records.
16
![Page 17: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/17.jpg)
Passwords
Service providers usually prohibit password sharing in their terms of use; consequently, access by a third party constitutes ‘unauthorized access to’ or ‘interference with’ a computer under trespass laws, such as a the U.S. Computer Fraud and Abuse Act
17
![Page 18: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/18.jpg)
• Build a process for lawful use of social media data– Determine when on-line searches will be used in hiring and
promotion process (ex. after initial screening interviews)– Determine scope of review: what sources will be
checked and what information will be collected?– Decide whether to inform applicants
about on-line searches and whether to ask for email addresses, user names and blog posts
– Give notice and obtain consent where needed and comply with FCRA if using third parties to conduct search
– Do not engage in unauthorized access to password protected sites, “shoulder surf” or require users to disclose passwords unlawfully
– Isolate protected class information from the decision-maker– Update forms for recording information, maintain contemporaneous
documentation and comply with applicable retention requirements
Responsible Use of Social Media in Recruiting, Hiring and Promotions
18
![Page 19: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/19.jpg)
Fair Credit Reporting Act(“FCRA”) Concerns
19
![Page 20: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/20.jpg)
Fair Credit Reporting Act Overview
• Applies to reports prepared by a third party that regularly assembles or evaluates credit or other information on a consumer (“consumer reporting agency” or “CRA”) and includes background screening companies
• Covers any inquiry for employment purposes bearing on an individual’s “credit, general reputation, personal characteristics, or mode of living”
– Criminal history checks, credit checks, sex offender registry, motor vehicle record checks, employment and education verification
• Regulates public records, including criminal records, and is not limited to traditional credit reports
• Does not regulate purely in-house investigations, such as reference checks made by internal human resources personnel
20
![Page 21: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/21.jpg)
FCRA Compliance
1. Obtain informed consent from job applicants
2. Issue "adverse action" letters if the background check will result in disqualification
3. Secure destruction of consumer information
21
![Page 22: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/22.jpg)
FCRA Remedies
• Cases can be based on failure to use FCRA disclosure and authorization forms; failure to give adverse action notices
• Minimum statutory damages of $100 to $1,000 for willful violations– Class action-friendly remedy where CRA’s and employer follow standard
procedures– Low damages add up when multiplied against large applicant pools
• Actual damages for negligent violations• Attorney fees to a successful plaintiff• No statutory cap on defendant’s exposure
22
![Page 23: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/23.jpg)
Class Litigation and FCRA
• Spike in class action filings against employers– FCRA disclosure and authorization forms
– FCRA adverse action notices
– State equivalents
• Several multi-million dollar settlements in nationwide class actions
23
![Page 24: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/24.jpg)
SOCIAL MEDIA AND CRIMINAL BACKGROUND CHECKS
24
![Page 25: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/25.jpg)
25
![Page 26: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/26.jpg)
Updated EEOC Enforcement Guidance
Updated Enforcement Guidance ─ Approved 4-1 on April 25, 2012:
– “EEOC Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964”
– Accompanying “Questions and Answers About EEOC’s Enforcement Guidance”
See http://www.eeoc.gov/laws/guidance/arrest_conviction.cfm and http://www.eeoc.gov/laws/guidance/qa_arrest_conviction.cfm
2626
![Page 27: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/27.jpg)
EEOC Recommended “Best Practices”
EEOC’s View of “Employer Best Practices”
• Eliminate blanket exclusions “based on any criminal record”• Develop narrowly tailored written policy/procedures excluding individuals from particular
jobs based on a criminal history record
(1) Identify essential job requirements
(2) Identify specific offenses tied to “unfitness” for job
(3) Identify time limits applicable to exclusion
(4) Document research/consultations to support policy/procedures
(5) Provide for individualized assessment before final hiring decision
• When asking questions about criminal records, limit inquiries to records job related/consistent with business necessity
• Make inquiries of criminal record – post application (e.g. “ban the box” approach)• Train managers, hiring officials, and decision-makers on how to implement the policy and
procedures consistent with Title VII. • Maintain confidentiality of criminal records
2727
![Page 28: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/28.jpg)
State EEO Laws
• State counterparts to Title VII• Specific ex-offender protections
– Workplace posting and notice obligations
– Sequencing restrictions (when an employer can ask questions)
– Inquiry restrictions (what employer cannot ask about)
– Source restrictions (what employer cannot access)
– “Job-relatedness” requirements (what discretion employer has to screen out applicants)
28
![Page 29: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/29.jpg)
Employee monitoring and Whistleblower hotlines
29
![Page 30: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/30.jpg)
Employee monitoring, hotlines
• USA: employers can destroy privacy expectations in notices– hardly any limits
– but: notices must be updated regularly
• Rest of the World (ROW)– many jurisdicitons require voluntary employee consent
– EEA+ countries require limitations to monitoring programs and reportable topics for hotlines, notice to employees, consultations with works council and data protection officers, notifications to data protection authorities or applications for prior authorization, labor courts, labor inspectorate, etc.
30
![Page 31: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/31.jpg)
Bring Your Own Device (“BYOD”) and Beyond
31
![Page 32: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/32.jpg)
Lingo: Dual Use Mobile Devices and BYOD
• Dual Use Mobile Device: Mobile device used to create, store and transmit both personal and work-related data
• BYOD: Bring Your Own Device– A BYOD program includes:
• Policies that govern use of personal devices to access corporate services
• Policies attempt to manage risk associated with storage and transmittal of data using devices that may be outside of the employers control
• Policies to address impact of mobile devices on existing workplace behavior
• COPE: Corporate Owned, Personally Enabled
32
![Page 33: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/33.jpg)
33
What is MDM – Mobile Device Management?
Mobile Device Management: • Software that allows corporate IT to manage use of mobile devices.
Component of BYOD programs. Features may allow an employer to:
– Require users to register devices as condition of network access
– Enable remote locking or wipe of device
– Implement anti-spam solutions, block specific apps, and prevent users from disabling or altering security settings on devices
– Monitor employee use and location of user and device
![Page 34: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/34.jpg)
34
Policies Affected by BYOD:Mobile devices have impact on policies throughout your
business
• Data Privacy & Security
• Harassment, Discrimination & EEO
• Workplace Safety
• Time Recording and Overtime
• Acceptable Use of Technology
• Compliance and Ethics
• Records Management
• Litigation Holds
• Confidentiality & Trade Secret Protection
![Page 35: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/35.jpg)
35
Setting Up a BYOD Program:A Master Plan for mobile device use in your
organization• Need to address challenges of dual use devices, REGARDLESS of whether
you adopt a BYOD program• If you implement BYOD, your policy should be part of an integrated
Information Governance Plan• Determine goals and objectives• Privacy Considerations
– Remote wipes– Containers– Backups
![Page 36: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/36.jpg)
36
Setting Up a BYOD Program
• Who Participates?
• What conditions will be imposed on participants?
• Who pays?
• Program may include limits on acceptable applications, passwords, encryption, employer monitoring, reporting obligations and remote wipes
• Address tradeoffs
– Participation in program is a privilege, not a right
– May have privacy tradeoff for convenience of remote access and device
![Page 37: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/37.jpg)
37
Privacy in a BYOD WorldWill your program distinguish between personal and business use?
Privacy Parameters• Distinguish between data and device
• Device– May require return upon demand or inspection as part of investigation
– May require return, with data intact, upon separation from employment
• Data– Determine whether employer will retain right to review all contents of device or will
exclude categories such as music and photos
– Require employee to provide access to cloud backups or home server?
– Monitor/limit employee’s use of web-based applications? Example: Siri, Dropbox, iCloud, etc.
– Set parameters for timing, terms and extent of remotewipes
![Page 38: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/38.jpg)
Privacy in a BYOD World
1. Remote wipes of lost devices – can be viewed as either pro-privacy or an intrusion. Participation in BYOD program may be conditioned upon consent to remote wipes.
2. Litigation issues:– Identification of BYOD devices/information
– Practical challenges of data collection
– Does the employee “control” data on the devices?
– Will employees be required to produce mobile devices to employer for inspection, preservation and production?
38
![Page 39: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/39.jpg)
Privacy in a BYOD World:What is a Reasonable Expectation of Privacy?
3. Even if your policy gives you access to the device , employees may have privacy expectations in personal data stored with online services. Be careful.
– Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F. Supp. 2d 548 (S.D.N.Y. 2008) (employee had reasonable expectation of privacy in password protected emails stored on hotmail and gmail servers, regardless of fact that she accessed them on a work computer)
– Steingart v. Loving Care Agency, Inc., 201 N.J. 300 (NJ 2010) (employee had reasonable expectation of privacy in personal password protected web-based email sent through employer’s computer)
– Pietrylo v. Hillstone Restaurant Group, No. 06-5754, 2008 U.S. Dist. LEXIS 108834, at *20 (D.N.J. July 24, 2008) (question of whether employee had a reasonable expectation of privacy in My Space page is a question of fact)
– Ehling v. Monmouth-Ocean Hospital Service Corp., Civ. No. 2:11-CV 033305 (WJM) (D.N.J. May 30, 2012)(plaintiff may have reasonable expectation of privacy in Facebook posting where she restricted access to her Facebook page)
– Doe v. City of San Francisco, No. C10-04700 THE (N.D. Cal. June 12, 2012)(employee had reasonable expectation of privacy in web-based emails viewed from a shared workplace computer designated for personal use by employees) 39
![Page 40: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/40.jpg)
40
Geolocation Tracking and Telematics
• FTC: Geographic location is sensitive information
• CA Penal Code 637.7. No person or entity in this state shall use an electronic tracking device to determine the location or movement of a person
• Tread carefullySource: CTIA – The Wireless Association, Best Industry Practices and Guidelines for
providers of location based services
![Page 41: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/41.jpg)
41
Social Media, the NLRBand Protected Activity
![Page 42: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/42.jpg)
What is Protected Concerted Activity?
• The NLRA prohibits discipline against employees who engage in “protected concerted activity”
Protected = related to the terms or conditions of employment, unionization, or an on-going labor dispute
Concerted = “with, or on the authority of, other employees and not solely by and on behalf of the employee himself.”
Meyers Industries, 268 NLRB 493, 497 (1984)
Note: Employees in a non-unionized workplace can engage in protected, concerted activity 42
![Page 43: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/43.jpg)
What is Protected Activity?
1. What is the subject matter of the post?– Union organizing or exercise of rights under CBA or labor law– Work hours, wages, tax administration– Job performance or meetings with management
2. Who is participating in the discussion?– Only personal friends/relatives or co-workers included?
3. Is the employee expressing only an individual gripe?
4. Are employees acting collectively?– Preparing for discussion with management or otherwise acting on
behalf of group
5. Are the social media posts a direct outgrowth of prior group discussions? 43
![Page 44: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/44.jpg)
44
Drafting and Enforcing Your Social Media Policy
![Page 45: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/45.jpg)
NLRB: Unlawful Policy Provisions
1. Inappropriate Discussions2. Defamation3. Disparagement4. Privacy5. Confidentiality6. Contact Information7. Logo Restrictions8. Photographs
45
![Page 46: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/46.jpg)
Social Media Policies:
General Rule:
An employer’s social media policy may run afoul of the NLRA if it infringes on an employee’s ability to engage in protected activity.
Employers should be careful not to make their policies too broad, and should also include specific language that they do not mean for the policy to prohibit or restrict any lawfully protected activity.
46
![Page 47: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/47.jpg)
Disclaimer Options
Board’s repeated comment: “[T]he rules contained no limiting language to inform employees that [the rules] did not apply to Section 7 activity.”
Use a disclaimer: This policy will not be construed or applied in a way that improperly interferes with (A) employees’ exercise of their rights under the NLRA or any other law, or (B) employees’ legally protected social media discussions regarding wages, hours, or working conditions.
47
![Page 48: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/48.jpg)
Unlawful Lawful
No posting of confidential information
No posting trade secrets and private and confidential information with examples
No “inappropriate conduct” or “be respectful”
Examples prohibiting discriminatory remarks, harassment and threats of violence or similar inappropriate conduct
“Be respectful”
No malicious, obscene, threatening or intimidating conduct, harassing or bullying, posting intentionally meant to harm a co-workers’ reputation or could contribute to hostile work environment
Use of employer name or logoEnsuring postings are consistent with the code of ethics or conduct
48
![Page 49: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/49.jpg)
Affirmative Guidelines
1. Require compliance with all Company policies (e.g. confidentiality, harassment)
2. Include: “Do not claim to be acting on the Company’s behalf without prior authorization;”
3. Require that employees disclose affiliation with the Company whenever endorsing its products or services;
49
![Page 50: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/50.jpg)
Affirmative Guidelines
4. Remember:
Blanket policy that requires employee confidentiality during an HR investigation is deemed to violate the National Labor Relations Act and employees’ rights to engage in concerted activity – must be case-by-case determination.
5. If a Policy explicitly restricts activities protected by NLRA, NLRB will find it unlawful...and will also find unlawful if:
--employees would reasonably construe language to prohibit protected activity; Policy issued in response to Union activity; or Policy has been
applied to restrict protected rights....AND, FINALLY: 50
![Page 51: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/51.jpg)
51
Breaking Up is Hard to Do:Clarify your right to wipe devices and ownership of social
media assets before the breakup
• Clarify ownership of social media assets. Maintain access to, and right to change, passwords to corporate accounts.
![Page 52: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/52.jpg)
52
Genetic Information Nondiscrimination Act of 2008 (GINA)
• Illegal to discriminate against employees or applicants because of genetic information
• Employers may not use genetic information in making employment decisions and may not request, require or purchase genetic information
• Any employer that possesses genetic information about an employee must maintain such information in separate files; and must treat it as a confidential medical record and may disclose it only under very limited circumstances
• Prohibition on requesting information defines “request” to include “conducting an internet search on an individual in a way that is likely to result in a covered entity obtaining genetic information.” 29 C.F.R. §1635
• Safe harbor for inadvertent acquisition applies where employer “inadvertently learns genetic information from a social media platform where he or she was given permission to access by the creator of the profile at issue (e.g., a supervisor and employee are connected on a social networking site and the employee provides family medical history on his page).” 29 C.F.R. §1634
![Page 53: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/53.jpg)
53
Questions?
![Page 54: Pli workplace privacy in the year 2013 2013-6-13](https://reader033.vdocument.in/reader033/viewer/2022052900/5560f7aad8b42a91388b4bbc/html5/thumbnails/54.jpg)
54
Margaret A. KeaneShareholder
Littler Mendelson, P.C.San Francisco Office
415.288.6303 [email protected]