Digital Workplace Blog

Upcoming Privacy Events

Littler Mendelson P.C. — Tue, 20 Dec 2011 10:28:30 -0800

Philip Gordon will be speaking on a range of privacy and data protection issues at the following upcoming events:

Date: January 11, 2012
Conference: BNA
Location: Webinar
Topic: Phil Gordon and Michael McGuire, Shareholder and Chief Information Security Officer at Littler, will co-present “The Challenges of Bring Your Own Device (BYOD) to Work Policies”
Description: With employees demanding the ability to use their personal smart phones and tablets for business purposes and employers looking for new ways to reduce cost and increase productivity, the trend towards “dual-use devices” in the workplace will undoubtedly continue to pick up stream. This webinar will provide practical recommendations for both areas so that your organization understands the risks of saying “yes” to requests from C-level executives or department chiefs to connect their smartphones or tablets to the corporate network.
For more information and to register, please visit: www.bna.com/own-device-19107/

To learn more about other events at which Mr. Gordon will speak, please continue reading at Littler's Workplace Privacy Counsel.

Telework - The Crisp New Term for "Working from Home"

Littler Mendelson P.C. — Mon, 22 Aug 2011 16:41:03 -0800

The Guide to Telework in the Federal Government informs and provides guidance on the Telework Enhancement Act of 2010, which was signed into law on December 9, 2010. The Act establishes baseline expectations for the federal telework program and is a key factor in the federal government’s ability to achieve greater flexibility in managing its workforce. The Telework Guide is an understandable roadmap for other employers to the future of a remote and plugged-in workforce, while complying with the myriad of laws that govern the traditional workplace. To learn more about the guide, please continue reading at Littler's Workplace Privacy Counsel blog.

Location, Location, Location: Recent Developments in "GeoPrivacy" and the Impact on the Use of GPS in the U.S. Workplace

Littler Mendelson P.C. — Tue, 05 Jul 2011 08:33:20 -0800

By Philip L. Gordon

Ever since revelations in May that smartphones track the location of their users, location privacy has been a red hot issue in virtually every forum — except the U.S. workplace. Just last week, for example, the U.S. Supreme Court agreed to review a federal circuit court decision (covered by our blog when decided last August), holding that the federal government’s warrantless use of 24/7 location tracking for more than a month violated the Fourth Amendment rights of a criminal suspect. The Wall Street Journal dubbed June 15, 2011, “location privacy day on Capitol Hill” after two bills were introduced to limit the use of location data by industry and by law enforcement. And, in the European Union, the Article 29 Working Party, which is responsible for providing guidance on the application of the European Union Data Protection Directive, recently published its “Opinion 13/2011 on Geolocation Services on smart mobile devices.” While none of these developments directly implicate the U.S. workplace, U.S. employers should closely monitor the location privacy debate, particularly given their increasingly common reliance on GPS-enabled smartphones and vehicles to track employees.

Continue reading on Littler's Workplace Privacy Council blog.

Employer Challenges to Developing and Enforcing Social Media/Web 2.0 Policies

Littler Mendelson P.C. — Fri, 10 Jun 2011 08:22:02 -0800

By Philip L. Gordon

I was recently interviewed by Nymity on the dozen top challenges for employers when developing and enforcing social media/Web 2.0 policies. Part I of the interview [pdf] addresses the following questions:

Online Background Checks: What are the risks? What are practices that should be curtailed? How can a company gain the benefits of the tools, and minimize those risks?
Customer‐Facing Company Sites: Such sites and other customer facing tools and techniques can build a brand over night. How does a company avoid the issues and gain the brand lifting benefits?

Continue reading on Littler's Workplace Privacy Council blog.

"Nobody Wants to be Made an Example of" - Crafting Employer Policies to Avoid Liability for Social Media Use

Littler Mendelson P.C. — Tue, 24 May 2011 12:41:04 -0800

By Christopher Leh

In a recent Business Insider article, business reporter Lou Dubois of Inc. magazine observed that few cases based on social media had yet gone to court and wondered why. From lawyer and blogger Bradley Shear, he received an insightful answer, “Nobody wants to be made an example of.” Social media technology and practices change week to week and month. How does an employer avoid becoming an example and popping up in trade magazines, showing up in business school case studies, or getting “flamed” on the Internet?

As Dubois points out, one part of the answer lies in creating, implementing and enforcing a strong social media policy. Such a policy can help inoculate the employer against litigation by others based on a wide variety of legal theories, a sampling of which includes:

Equal Employment Law, including Title VII, the Americans with Disabilities Act, the Age Discrimination in Employment Act, and the Genetic Information Nondiscrimination Act, as well as similar state laws, which protect against unlawful employment practices. For example, an employer that knows its employees are being sexually harassed through the use of social media, but takes no action, violates the law.
The Fair Credit Reporting Act, which prohibits an employer’s obtaining from a third party and using some types of background information without first obtaining authorization from the employee or prospective employee. As we previously posted, a company supervisor who uses a mobile phone application to check an applicant’s credit record and then refuses to hire him based on what he learns may subject the company to liability if authorization has not been provided or if the proper notices have not been given.
The National Labor Relations Act, which protects employees engaged in certain concerted activities concerning terms and conditions of employment. As we have said (here and here), the National Labor Relations Board, which enforces the NLRA, has been active in pursuing charges against employers arising out of the use of social media or their response to employees’ use of it.
The Health Insurance Portability and Accountability Act, which protects against the unauthorized disclosure of personal health information. For example, hospital employees who post details of their patients’ medical care could subject their employer to HIPAA liability.
Copyright Law, which protects “original works of authorship fixed in a tangible medium of expression.” One of the most common copyright violations in social media is the reposting of photographs, videos or news stories without the owners’ permission.
Trademark Law, which, among other things, protects a company against another person’s use of a symbol that is “likely . . . to deceive as to the affiliation” of the user as to the “sponsorship or approval” of that person’s goods, services or commercial activities. An example of this would be the use of a trademark to suggest that a blog is approved by the company that owns the trademark.
The Uniform Trade Secrets Act, which has been adopted in some form by the vast majority of the states and protects against the disclosure, misappropriation and use of a company’s information, where the economic value derives from the fact that is not generally known to and not readily ascertainable by proper means and the owner takes reasonable steps to protect its secrecy. An employee who discloses his former employer’s trade secrets on his new employer’s website or in its blog could subject the new employer to liability.
The Federal Trade Commission Act, which protects against certain kinds of deceptive trade practices. Recently, the Federal Trade Commission refined its guidance concerning testimonials and endorsements. As we have discussed elsewhere, the FTC is likely to consider it unlawful to tout an employer’s products or services on Twitter without disclosing the relationship between the person tweeting and her employer.

Of course, this list is only a partial one and does not include various state common law theories of liability such as defamation.

Dubois’ article correctly points to the importance of a company creating, implementing, and enforcing a social media policy as a way to help reduce the chances of being sued. A strong social media policy should:

Integrate with the strategic vision of how the employer uses electronic media in its business;
Dovetail with the employer's policies on: discrimination, harassment, retaliation, ethical practices, intellectual property, trade secrets, information technology, and technology/electronic resources use policies;
Clarify to whom the policy applies and enumerate the media to which it refers, including social networks, blogs, YouTube, Twitter, text messages, bulletin boards and chat rooms;
Contain clear statements about limitations on expectations of privacy, including the employer’s ownership of the computer, the employer’s right to monitor and access social media during and after employment, and the existence of an “audit trail” as to activity conducted on a company computer;
With respect to employer-sponsored social media:
- Require employees to: take responsibility for what they post, create excitement and add value; be respectful and use good judgment; complain to human resources about any misuse of social media;
- Prohibit employees from: disclosing company confidential and trade secret information; posting personal and privileged information like attorney-client and doctor-patient communications; soliciting for non-company activities; slacking; “friending” subordinates on Facebook or similar sites; posting anonymously or pseudonymously; and violating other company policies through the use of social media;
With respect to non-employer-sponsored social media:
- Require employees to: comply with all company policies; post a disclaimer for any comments relating to the company; be truthful and respectful; resolve human resources complaints internally; contact HR or a manager for needed clarification;
- Prohibit employees from: disparaging the company, its employees, and the competition; using the company’s graphics or photos of the company; posting anonymously or pseudonymously about the company; violating company-mandated blackouts (e.g., for securities purposes;
Establish clear consequences for violations of the policy

Dubois correctly encourages employers to craft social media policies. But those policies will be dead letters unless managers, information technology staff, and other employees are trained to understand and follow them. Further, the employer will have to monitor, enforce and re-evaluate the policy as necessary. Taken together, these steps can help an employer from becoming the litigation example no one wants to be.

The Latest from the NLRB on Social Media

Littler Mendelson P.C. — Mon, 02 May 2011 08:09:27 -0800

By Philip Gordon

The National Labor Relations Board created a stir in late 2010 by filing an unfair labor practice charge against ambulance company, AMR, for firing an employee who, among other things, called her supervisor a “mental patient” in a Facebook post read by many co-workers. As it turns out, the “Facebook case” was just the beginning of what appears to be a trend by the Board, subsequently joined by unions, to restrict employers’ ability to promulgate and enforce social media policies that, in the Board’s view, impinge on employees’ rights under the National Labor Relations Act. Several recent developments provide a window into the Board’s intentions.

Continue reading on Littler's Workplace Privacy Council blog.

Managing Employees' Use of Personal SmartPhones and Tablets for Work

Littler Mendelson P.C. — Tue, 26 Apr 2011 13:00:17 -0800

By Philip L. Gordon

A recent article in the Wall Street Journal aptly identified several challenges that employers face when they allow employees to use their personal smartphones and tablets for work. The article, entitled “So You Want To Use Your iPhone For Work? Uh-Oh. How The Smartest Companies Are Letting Employees Use Their Personal Gadgets To Do Their Jobs,” notes several steps employers are taking to reduce privacy and information security risks. These steps include the following: (a) requiring that employees enable passwords, (b) sending a “kill command” to wipe business information from a lost or stolen device, and (c) walling off sensitive data into an “encrypted container.” While these steps are all useful, they comprise only a partial list of critical issues employers should consider before permitting employees to use a personal device for work.

Continue reading on Littler's Workplace Privacy Counsel blog.

Is it Really Illegal to Require an Applicant or Employee to Disclose her Password to a "Friends-Only" Facebook Page?

Littler Mendelson P.C. — Tue, 08 Mar 2011 18:54:17 -0800

Recently, the American Civil Liberties Union of Maryland tried to publicly embarrass the Maryland Department of Public Safety and Correctional Services (the “Maryland Corrections Department”) into suspending its practice of asking job applicants to disclose their Facebook password so that the Department could check whether the applicant’s wall or stored e-mail revealed any connection to criminal activity. According to a letter dated January 25, 2011 (pdf), sent by the ACLU to the Maryland Corrections Department, this practice “is illegal under the federal Stored Communications Act (SCA), 18 U.S.C. §§2701-11 and its state analog, Md. Courts & Jud. Proc. Art., §10-4A-01, et seq.” The ACLU’s contention is inaccurate.

Continue reading on Littler's Workplace Privacy Council blog.

Posting Patient Photos - The Newest Example of Social Media Implications for the Workplace

Littler Mendelson P.C. — Tue, 08 Feb 2011 14:17:52 -0800

A former nurse is seeking more than $15 million from a Texas hospital, alleging she was fired for complaining that hospital employees, including doctors, took photos of sedated patients and posted the pictures on Facebook. Although this case may seem unique, such voyeuristic use of social media in healthcare settings is likely to be the source of a ballooning area of retaliation claims and wrongful dismissal suits.

In a similar Texas case, Westlake Surgical, L.P. v. Turner, a registered nurse brought suit against the hospital that terminated her employment, alleging that she was retaliated against for reporting HIPAA violations. As evidence in support of her claims, the nurse imaged hospital documents onto a media device. The court found for the nurse and ignored the employer’s contention that her use of social media to gather evidence was a HIPAA violation. In deciding the case, the court reminded the employer that a covered entity does not violate HIPAA when an employee in good faith discloses PHI (protected health information) for purposes of reporting allegedly unlawful conduct in connection with the delivery of health care.

Another example of how social media uniquely affects health care settings is a California case in which, instead of treating a 60-year-old stabbing victim after his arrival at an emergency room, nurses and other staff took photos of the dying man and posted them on Facebook. The breach of patient privacy led to the firing of four staff members; another three were disciplined. Nurses and staff posted a photograph of the dying man on their public Facebook accounts for approximately two days before coworkers reported the breach of privacy to hospital officials. An employee who saw the photo and Facebook posts reported that hospital staff also circulated the photo attached to text messages.

While the Video Voyeurism Prevention Act of 2004 applies only on federal property, several states, including Florida, Iowa and South Dakota, have adopted, or are in the process of adopting, similar legislation. This legislation generally seeks to protect individuals who are unable to defend their own reasonable expectations of privacy during their weakest moments. In addition, the legislation may serve to protect hospital staff willing to report the posting of patient photos and videos on social media sites in order to assist their employers in self-monitoring for HIPAA violations.

Even if the federal government and each state were to enact legislation to restrict social media use in hospital settings, an employer’s ethics policies and code of conduct need to address the underlying behavior. The issue is clearly a difficult one for the courts to tackle.

In a recent case, five female nursing students posed for cell-phone pictures with a placenta while they were in a clinical course and posted the photos on Facebook. They were dismissed from nursing school the next day for unprofessional behavior. A U.S. District Court Judge held that they were improperly dismissed from school. In reaching this conclusion, the judge held that photos are taken to be viewed and if the students were given permission to photograph the placenta, it was irrelevant what they did with the pictures. There was no violation of any patient’s privacy because there was nothing in the photos to identify whose placenta it was. The judge acknowledged that the Facebook element of the case mystified him, but he said: “today’s generation of students is today’s generation of students and I don’t know that what they did was disruptive. I think the college’s reaction was disruptive.”

A missed lesson in ethics perhaps; however, the greater lesson is that employers need to review their social media policies and adjust them to their cultures and regulatory environments and enhance their training on the acceptable use of social media. A few considerations include:

Should all camera-enabled and/or media storage devices be banned from health care facilities to prevent HIPAA violations, or are they useful when used to show HIPAA violations by the facility itself?
Should training on social media policies also include an ethics component?
Should employers engage peer focus groups to discuss what potential social media uses may arise that the employer may not have even considered?

This entry was written by Ellen M. Giblin.

Pew Research Center Study Finds Older Americans are Becoming More Active on the Internet Through Social Networking and Blogging

Littler Mendelson P.C. — Fri, 21 Jan 2011 11:56:18 -0800

A study conducted by the Pew Research Center Internet & American Life Project reveals some surprising and some not-so-surprising differences between younger and older Americans in their use the Internet. Based on survey data from mid-2010 and released in December, the study is similar to one conducted by the Center last year. It may come as no surprise that Internet use continues to grow, that Americans under 34 continue to be the majority of Internet users, or that the percentage of those users exceeds their proportion of the adult population. What may be surprising however, is that the percentage increases in activities like social networking and blogging are greater with older Americans than younger ones. These changes in Internet use will undoubtedly help shape the American workplace.

The study compared the activities of six cohorts of Americans. Those cohorts, their birth years and their proportion of the adult population are:

Cohort	Birth Year	% of Adult Population	% of Internet Using-Population	% of cohort using The Internet for Any Purpose
Millennials a/k/a Gen Y	1977-92	30	35	95
Gen X	1965-76	19	21	86
Younger Boomers	1955-64	20	20	81
Older Boomers	1946-54	14	13	76
Silent Generation	1937-45	7	5	58
G.I. Generation	< 1937	9	3	30

A growing number of adult Americans are going online. In 2009, 74% did so, but that figure rose 6% in 2010. Of those under 64, no fewer than 76% now use the Internet, and usage among Millenials rises to 95%.

Social Networking. As Pew reports, “younger adults are by far the mostly likely group to use social networking sites like Facebook, MySpace or LinkedIn – 83% of adults 33 and younger use them.” But social networking by older generations has increased dramatically. Younger Boomers’ use increased 150% in the past two years. Use among Older Boomers jumped 370%, and among adults 74 and older, it rose a whopping 400%.

Blogging. Of the 79% of adult Americans who go on line, roughly 1 out of every 7 blog, up from 1 in 9 just two years ago. A substantially higher percentage of Millenials (18%) and GenXers (16%) write blogs than do Younger Boomers (11%), Older Boomers (11%), Silent Generation (8%), and the GI generation (5%). However, while blogging has generally decreased by 10% during the past years, it has been increasing 60% for GenX, 83% for Younger Boomers, and 57% for Older Boomers.

With all generations blogging, is anyone reading those blog entries? The answer is yes. Although, a substantially higher percentage of Millenials (43%) and GenXers (34%) read blogs, roughly 1 of 4 of Younger Boomers, Older Boomers, and the Silent Generation do so also.

Broadband & Wireless. Nearly 2 of every 3 Americans now have a broadband Internet connection at home. For Millennials, that figure increases to 81%, which is somewhat higher than Gen X (73%) and Younger Boomers (68%).

But broadband is not the only way American adults connect to the Internet. Nearly 60% go online wirelessly. But 82% of Millennials and 71% of Gen Xers do, as compared to only 9% of the GI Generation.

Implications for the Workplace. There are several takeaway lessons of the Pew study for employers:

For Millennials, now in the early years of their careers, social networking is nearly universal. Millenials, and all others whose social networking is on the rise, are likely accessing their networks during the working day, underscoring the importance of implementing appropriate policies governing social networking and other online activities.
Younger workers are much more likely to be blogging and reading blogs than older workers. But that is changing, as the number of older bloggers increases. Some workers already are providing, acquiring and exchanging work-related information through that medium. If these trends continue, more workers – and more older workers – will increase their blogging activity in the future. This makes it imperative for employers to recognize that blogs are likely to be communications media that provide opportunities and create dangers for employers as:
- Tools for teaching workers and being taught by them;
- Barometers of morale;
- Vehicles of disparagement of the company and its products and services; and
- Vehicles of defamation and harassment of, and discrimination and retaliation against, employees by current or former employees;
- Broadcasters of company trade secrets and other confidential information.
The younger the worker, the more likely he or she is to be bypassing an employer’s computer system to go online wirelessly. As a result, policies concerning the use of social media in the workplace need to be broad enough to cover wireless devices, including those that belong solely to employees.
The time-worn stereotypes about the lack of familiarity, facility and interest in technology among older workers are becoming even more outdated and should be discouraged even more strongly by employers.

This entry was written by Christopher M. Leh.