Module 10

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

-A company may require a medical examination after the offer of employment has been made and may condition the offer of employment on the results of such an examination -An examination is permitted only if:

(1) all employees are subjected to such an exam regardless of disability, (2) results of the exam are confidential, and (3) results are used only in accordance with the statutory prohibitions against discrimination

Emerging Technologies Three emerging areas are:

(1)how companies are using social media to monitor prospective and current employees (2)how the IT department copes with what is called Bring Your Own Devise (BYOD) (3)how companies implement Data Loss Prevention (DLP) programs

Stored Communications Exceptions that may apply to the employer are for conduct authorized:

- "by the person or entity providing a wire or electronic communications service" (often the employer) - "by a user of that service with respect to a communication of or intended for that user"

Exceptions to the interception prohibition often apply in the workplace:

- If a person is a party to a call or where one of the parties has given consent - The interception is done in the ordinary course of business NOTE: An employer who provides communication services, such as a company telephone or email service, has the ability to intercept provided the interception occurs in the normal course of the user's business

-The Bankruptcy Act prohibits employment discrimination against

- those who have filed for bankruptcy

-The FCRA also permits employers to obtain an "investigative consumer report" on the applicant if a permissible purpose exists

-An investigative consumer report is one in which some of the information is acquired through interviews with neighbors, friends, associates or acquaintances of the employee, such as reference checks

Social Media Employers should proceed with caution when collecting information from social media accounts

-As of 2017, approximately half of U.S. states have passed laws banning employers from asking applicants or employees for their social network login information and passwords

When alleged employee misconduct occurs, the employer should be aware of issues such as the following:

-Be careful to avoid liability or loss due to failure to take the allegations seriously -Treat the employee with fairness during the investigation to reduce possible employee resentment as well as the risk that later litigation will result in harsher penalties if the employer is seen to have been unfair -Follow laws and other corporate policies during the investigation -Document the alleged misconduct and investigation to minimize risks from subsequent claims by the employee -Consider rights of people other than those being investigated, such as fellow employees

Background Screening

-Before employees are hired—or even brought in for an interview—they are often subject to background screening -The type and extent of screening varies depending on the work environment -Example: Typically anyone who works with the elderly, children or the disabled is required by law to undergo background screening

HR Issues: Communication with former employees after departure

-Care should be used when a company contacts former employees -External communications to the former employee should be crafted with care, especially if the termination resulted from misconduct -Communications with remaining employees, customers and others should meet company goals while refraining from disparaging the former employee

Common reasons for background screening

-Certain professions are subject to background screening by law -Screenings can help determine whether the applicant will fit in the organization's culture and make positive contributions to its growth -Careful background screening can help defeat a later claim for negligent hiring -Negligent hiring can be alleged if a person later causes harm when there was prior evidence the employee was dangerous

-At the state level, there has been extensive litigation over time under the common law of the various states on theories including:

-Defamation (if the test was inaccurate) -Negligent testing -Invasion of privacy -Violation of contract -Violation of collective bargaining agreements

Employee Polygraph Protection Act

-EPPA is an example of federal protection of privacy in the workplace -Under the act and its regulations, issued by the Department of Labor, employers are prohibited from using "lie detectors" on incumbent workers or to screen applicants -Lie detector: polygraphs, voice stress analyzers, psychological stress evaluators, or any similar device

-EPPA and the ADA together place significant national limits on psychological testing in the workplace

-Employers must comply with the rules limiting lie detectors as well as the ADA prohibitions on the use of medical tests, including those designed to test an impairment of mental health

Along with laws protecting privacy, many labor laws in the United States mandate employee data collection and management practices

-Examples -Conduct background checks -Ensure and document a safe workplace environment

Workplace monitoring can intrude on the privacy of employees:

-Excessive video monitoring (such as in changing rooms) -Monitoring of workplace conversations (such as bugs secretly placed by a supervisor to listen to employees) -Email and other computer monitoring (such as when emails that an employee believes are personal are reviewed by the employer)

Strong policies both favor and limit monitoring of employees in the workplace. In contrast to privacy:

-Follow workplace safety and other laws -Protect physical security and cybersecurity -Protect trade secrets -Limit liability for unlicensed transmission of confidential company information Improve work quality

The regulation of employment privacy in the U.S. stands in contrast to nations with comprehensive data protection laws

-For example, the European Union (EU) includes employee privacy within its general rules applying to the protection of individuals -Monitoring is permitted only with specific legal justification -Background checks are limited in scope

Private-sector employers often use third parties to investigate employee misconduct

-Formerly, this exposed corporations to liability under the FCRA because the employee was entitled to notice -FACTA amended the FCRA so that an employer is no longer required to notify an employee that it is obtaining an investigative consumer report on the employee from an outside organization in the context of an internal investigation

-A current trend concerning weight in the workplace arises in employee-sponsored wellness programs

-In 2013, CVS Pharmacy gained national attention when employees were required to provide information on weight as part of a wellness program or face a $600 surcharge -Employers should take care to ensure that these attempts to assist their employees do not become avenues for discrimination

Background screening on social media

-In recent years, social media and artificial intelligence has increasingly been used to screen prospective hires -Businesses now exist that are dedicated entirely to tracking an individual's online presence and screening candidates for predesignated elements selected by the employer -CAUTION: Employers should be alert to the possibility that the FCRA applies to nontraditional providers of background check information

An important distinction exists when an employer listens to an employee's purely personal call

-In this instance, the employer risks violation of the wiretap laws PRACTICE POINT: Privacy professionals should be alert to the requirements of relevant state laws on recording phone calls, because some of these laws require one-party consent while others mandate that all parties to the call consent

2 •Common-law torts can be relevant to employee privacy

-Intrusion upon seclusion -Defamation

Privacy professionals need to consider appropriate practices for maintaining the HR records of former employees -There can be many reasons for retaining this information

-Provide references -Respond to inquiries about benefits and pensions -Address health and safety issues that arise -Respond to legal proceedings -Meet legal or regulatory retention requirements for particular types of records

Restrict Access When a person leaves a company or is no longer supposed to have access to specific facilities or information, there should be clear procedures for terminating such access

-Secure the return of badges, keys, smartcards and other methods of physical access -Disable access for computer accounts -Ensure the return of laptops, smartphones, storage drives and other devices that may store company information -Seek, where possible, to have the employee return or delete any company data that is held by the employee outside of the company's systems -Remind employees of their obligations not to use company data for other purposes -Clearly marked personal mail, if any, should be forwarded to the former employee, but work-related mail should be reviewed to ensure that proprietary company information is not leaked Because the departure of employees is a predictable event, IT systems should be designed to minimize the disruption to the company and other employees when a person no longer has authorized access -Access may end not only for an employee, but also for contractors, interns and others who have temporary access to company facilities

-Along with these federal laws, many states have their own antidiscrimination laws

-Some of these have the same protected classes as the federal laws, and some include additional protected classes -Example: Roughly half the states add a prohibition for discrimination based on marital status

Example of State Law - Illinois

-The Illinois law generally prohibits employers from punishing employees who test positive for marijuana, without additional evidence related to impairment at work -The law does permit employers to enforce reasonable employment policies so long as they are applied in a non-discriminatory manner -The Illinois law has an exception for the treatment of employees in sectors regulated by federal law

Privacy professionals need to consider appropriate practices for maintaining the HR records of former employees

-There are countervailing concerns about maintaining the privacy and security of sensitive employment records -In some jurisdictions (such as in the EU), there may need to be a demonstrable business or legal reason to justify retaining certain personal information

-The FCRA regulates how employers perform background checks on job applicants

-This law is not limited to background credit checks -It also covers any other type of background check, such as criminal records or driving records, obtained from a credit reporting agency (CRA)

Bring Your Own Device (BYOD) BYOD raises new privacy concerns

-Though it is generally acceptable for private-sector employers to monitor employees' activities on a work network and work-issued devices, it is less clear how employers should handle monitoring of personal devices -CAUTION: The same surveillance and monitoring activities used for work-issued devices may not be appropriate for personal devices

HR Issues: Providing references for former employees

-When an employer is asked to provide references for the former employee, HR, working with legal counsel, should have basic guidelines but collaborate on an appropriate response in more complex circumstances -Companies balance reasons to provide references with the risk of a suit for defamation -The law can vary significantly state by state

-This information is gathered

-directly from the candidate AND -through searches of public records and private databases -Searches of publicly available information have generally been considered a reasonable practice in the United States

The Pregnancy Discrimination Act bars discrimination

-due to pregnancy and childbirth

Employee Polygraph Protection Act -EPPA has exceptions for certain occupations including:

-government employees -employees in certain security services -those engaged in the manufacture of controlled substances -certain defense contractors -employees in certain national security functions

At the end of the employment relationship, an employer should:

-restrict or terminate the former employee's access to physical and informational assets -follow the correct termination procedures -minimize risks of post-termination claims -help management to transition after the termination -address any privacy claims that arise

Another way of understanding DLP is that it combines:

-the use of information security tools -the utilization of employee training -the implementation of effective standards, policies, and procedures

Lifestyle Discrimination

An employee's lifestyle outside of work has generally been regarded as private unless these actions negatively affect other people or are criminal -For the privacy professional, it is important to understand this is a developing area of the law -In recent years, concerns have been raised about issues such as employees' weight and smoking habits

Interaction of Federal and State Law of Substance Use Testing

Because marijuana is federally prohibited, employees in sectors regulated by federal law - such as the trucking, aviation, and railroading industries - must adhere to federal requirements -PRACTICE NOTE: Privacy practitioners should be prepared to advise management concerning the complexity of crafting drug testing policies that comply with both federal and state laws

private-sector employees in general have limited expectations of privacy at the workplace

Because physical facilities belong to the employer, employers in the private sector have broad legal authority to do monitoring and searches at work -Companies with employees both in the United States and abroad may need to develop different policies and IT systems that conform to the varying laws

-As of 2017, ten states - - limit the use of credit information for employment purposes PRACTICE POINT: Privacy professionals must be alert for variations of law from state to state in this area

California, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington

Lifestyle Discrimination-Weight

In 2009, the ADA was amended to protect a person who is 100 pounds overweight from discrimination based on a disability -In the employment context, the EEOC has obtained settlements on behalf of employees who alleged this type of discrimination, yet at least one court has dismissed this type of claim -This means the details of how the disability will be understood legally are still less than certain at this time

Bring Your Own Device (BYOD)

Individuals are increasingly using their personal devices for work purposes, blurring the line between personal and professional environments -Organizations adopting a BYOD strategy must move beyond traditional device management practices to ensure the security of company data -Organizations should evaluate their policies to ensure they align with the use of personal devices for work purposes

Video Surveillance in the workplace

Many U.S. employers use closed-circuit television (CCTV) or other video surveillance in the workplace -Although federal law generally does not limit the use of either photography or video cameras, state statutes create limits in some settings -In the absence of a statute, employees may be able to bring a common-law tort claim for invasion of privacy, especially if a jury would find the use of the camera to be offensive

Location-Based Services (LBS)

Mobile phones, GPS devices and some tablet computers provide geolocation data, which enables tracking of the user's physical location and movements -This creates a category of personal information that typically did not exist before the prevalence of these mobile devices -Some state laws limit monitoring of employees' geolocation data -Employers interested in monitoring the location of company vehicles equipped with GPS may generally do so without legal hindrance -This monitoring should occur for business purposes during work hours when employees have been informed beforehand -A company wishing to monitor the location of its employees themselves, however, may face greater legal barriers as invasions of privacy

Lifestyle Discrimination -Smoking

No federal law protects smokers from discrimination -Many employers ban smoking tobacco or vaping during work hours or on work property -When designing a policy regarding smoking, employers should be aware that more than half of states have laws that permit smoking bans to apply only in the workplace

Monitoring in the Workplace : Social Media

Social media sites such as Facebook, Twitter and LinkedIn facilitate easy and immediate sharing, collaboration and interaction -Social media monitoring is used to keep track of current employees to mitigate brand or reputation damage PRACTICE POINT: Employers should consider what policies should exist to avoid taking actions that violate antidiscrimination laws or privacy laws

Statutory Law

Statutes vary enormously state by state, leading to a complex patchwork of restrictions and gaps in prohibitions -Examples of various state protections -Prohibition on marital status discrimination -Prohibition on asking if a worker has filed a claim for worker's compensation benefits -Prohibitions on employers from requiring employees to disclose passwords of social network accounts

Antidiscrimination Laws

The United States has a number of federal laws that prohibit discrimination in employment and have sometimes been used to limit background checks:

-In 2003 the Fair and Accurate Credit Transactions Act (FACTA) amended FCRA -

The amendments preempt a wide range of state laws on credit reporting, identity theft and other areas within the FCRA -But the FCRA does not preempt states from creating stronger legislation in the area of employment credit history checks

Postal Mail Monitoring

U.S. federal law generally prohibits interference with mail delivery -The opening of business letters and packages by a representative of the business does not violate that statute, even if that representative is not the intended recipient -There is always some risk involved with monitoring postal mail under state common law

Tort Law

U.S. law generally requires a fairly egregious fact pattern before imposing liability on the employer. Employees can sometimes win for the tort of "intrusion on seclusion": -Examples: -Employer puts a camera in an employee bathroom -Secret wiretaps or other intrusive surveillance of employees

-State contract and tort law in some instances provides protections for employees -

Usually the employee must show fairly egregious practices to succeed

Testing for Marijuana

With approximately two-thirds of the states in the U.S. recently enacting laws legalizing the use of marijuana for medical or recreational purposes, the issue of drug testing employees has become more complicated -Fewer than half of these states that allow individuals to legally use marijuana afford any protections for employees who test positive for the drug -A minority of the state laws that permit legal marijuana use include explicit employee protections

-HR-related privacy presents

a risk for virtually all organizations, including organizations in traditional industries that are not focused on data or data privacy

-The Age Discrimination Act bars discrimination

against those over 40

-One strategy to reduce risk of Antidiscrimination is to

avoid asking questions that elicit information about membership in a protected class

-The Genetic Information Nondiscrimination Act of 2008 bars discrimination

based on individuals' genetic information

A contract

can alter the rules between employer and employee -Negotiation of a contract can create binding obligations on the employer

Collective bargaining agreements

can be an additional limiting factor on an employer's ability to monitor the workplace -Many such agreements contain provisions designed to limit workplace monitoring or require that a union representative be informed of an employer's monitoring activities

-A second strategy of Antidiscrimination is to be

consistent and ask the same questions of all candidates

U.S. law looks at the relationship between the employer and the employee as fundamentally a matter of

contract law

-The Americans with Disabilities Act of 1990 (ADA)

created important restrictions on medical screening of candidates before employment - The law forbids employers with 15 or more employees from discriminating against a "qualified individual with a disability because of the disability of such individual," and specifically covers "medical examinations and inquiries" as grounds for discrimination

The Stored Communications Act (SCA)

creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications while in electronic storage in a facility through which an electronic communications service is provided -Violations for interceptions can lead to criminal penalties or a civil lawsuit

Antidiscrimination Laws -The primary purpose of these laws is to prohibit

discrimination in hiring and other employment decisions -A secondary effect is that they often affect how interviews and other background screen activities are conducted -Examples: An employer risks possible discrimination claims for interview questions about national origin or race, about current or intended pregnancy, about age, or about disability

-The Equal Pay Act of 1963 bars wage

disparity based on sex

The Wiretap Act and the Electronic Communications Privacy Act (ECPA) are

generally strict in prohibiting the interception of wire communications, such as telephone calls or sound recordings from video cameras; oral communications, such as hidden bugs or microphones; and electronic communications, such as emails

Workplace privacy issues exist

in all stages of the employment lifecycle—before, during and after employment -This video focuses on issues before employment -Employers should consider rules and best practices about background screening, including rules for accessing employee information under the FCRA

-Title VII of the Civil Rights Act of 1964 bars discrimination

in employment due to race, color, religion, sex and national origin

tort of defamation is

is a false statement that harms a person's reputation Examples -A false drug testing report that prevents a person from getting a job -A former employer provides a factually incorrect reference to a possible future employer

Data Loss Prevention (DLP)

is a strategy used by businesses to ensure that sensitive data is not accessed, misused or lost by unauthorized users -This goal is accomplished by DLP software and tools by monitoring and controlling endpoint activities as well as protecting data as it moves

In the United States -The FCRA and antidiscrimination laws create

national rules that structure how information is gathered and used preemployment -As in other areas of workplace privacy, states often have additional laws, and egregious practices can create tort suits under the common law -Collective bargaining agreements may also apply

-Unions have

often negotiated provisions that protect employee privacy -Examples -Limits on drug testing -Limits on monitoring of the workplace by the employer

-The ADA prohibits discrimination based

on disability, but the application of the ADA varies for illegal drugs and alcohol, for current and past use -The ADA excludes current illegal drug use from its protections -A test for drug use is not considered a medical examination -By contrast, an alcoholic is a person with a disability protected by the ADA if she or he is qualified to perform the essential functions of the job

-HR records are often n

physically segregated from other organization records or handled within IT systems with strict access controls -HR records apply to every person in an organization, including the most senior management -HR professionals have a special responsibility to respect the confidentiality of employee information

The federal Constitution and most state constitutions do not protect

privacy in non-government workplaces

-The Americans with Disabilities Act of 1990 bars discrimination against

qualified individuals with disabilities

-Denying employment based on criminal convictions may be problematic unless

such a check is required by law (based on the type of job) or is related to business necessity

Stored Communications Generally, employers are permitted to look at workers' electronic communications if

the employer's reason for doing so is reasonable AND work-related -ECPA does not generally preempt stricter state privacy protections -Some state laws may protect e-mail communications

-If the employer makes promises in a contract to honor employee privacy,

then violations of those promises can constitute an enforceable breach of contract -Employee manuals can create this sort of binding promise

DLP is designed

to ensure that privacy protection is an integral part of the methodology -Organizations considering instituting a DLP program should thus consider the likely privacy risks as well as the likely benefits of the program -This technology can establish a kind of "mass surveillance" in the workplace

Employers test for substance use for varied reasons:

to reduce costs resulting from lowered productivity, accidents and absenteeism caused by drug use to reduce medical care costs related to drug use to reduce theft or other illegal activity in the workplace associated with drug trafficking to bolster corporate image to comply with external legal rules related to a drug testing policy

-The consumerization of information technology (COIT) trend refers

to the use of personal computing devices in the workplace, as well as to online services, such as webmail, cloud storage and social networking

Plaintiffs sometimes win under the

tort of defamation,

-The Fourth Amendment prohibits

unreasonable searches and seizures by state actors -Courts have interpreted this amendment to place limits on the ability of government employers to search employees' private spaces, such as lockers and desks


Ensembles d'études connexes

MGMT 371 Iowa State: Quiz 3 Ch 7,8

View Set

Saunder's Comprehensive Review Ethical and Legal Issues

View Set

FW 343 Application Activity Part 1

View Set

Chapter 15: Limited Liability Companies, Limited Liability Partnerships, and Special Forms of Business

View Set

COMM 1300 - Public Speaking Final Study Guide

View Set

Mental Health: Chapter 2 Theories and Therapies

View Set