Hunton Employment & Labor Perspectives

The New Year usually means new laws for California employers.  This year, a new privacy law goes into effect with new mandates for employers to ensure that workers have more control over the collection and use of their personal information.

Come January 1, 2023, companies that employ California residents need to make sure they have taken the required steps to comply with the California Privacy Rights Act (“CPRA”), which amends the landmark California Consumer Privacy Act (“CCPA”) by expanding its protections to employees, job applicants, and independent contractors.

Assembly Bill 1651 or the Workplace Technology Accountability Act, a new bill proposed by California Assembly Member Ash Kalra, would regulate employers, and their vendors, regarding the use of employee data.  Under the bill, data is defined as “any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular worker, regardless of how the information is collected, inferred, or obtained.”   Examples of data include personal identity information; biometric information; health, medical, lifestyle, and wellness information; any data related to workplace activities; and online information.  The bill confers certain data rights on employees, including the right to access and correct their data.

Use of employee biometric data – including fingerprints, eye scans, voiceprints, and facial scans – continues to be a popular, yet legally risky, proposition for employers. Several states and municipalities have laws that specifically govern the use of biometric data, the highest profile of which is the Illinois Biometric Information Privacy Act (BIPA).

In recent years, there has been a growing trend amongst litigants of protecting documents filed as part of the judicial record from public view by sealing them by agreement under a protective order.  However, a recent opinion out of the U.S. Court of Appeals for the Fifth Circuit criticizes this now-common practice.  Binh Hoa Le v. Exeter Fin. Corp., No. 20-10377, ––– F.3d –––, 2021 WL 838266 (5th Cir. March 5, 2021).

Last August, we reported on OSHA’s proposed rulemaking regarding electronic submissions of workplace injuries and illnesses in our blog entitled, “OSHA Issues Proposed Rule Regarding Electronic Submission Requirements.” OSHA has since issued a final rule which became effective on February 25, 2019.

The new rule rescinds the requirement that employers with 250 or more employees, or employers in certain high-hazard industries, electronically submit information from OSHA Form 300 (Log of Work-Related Injuries or Illnesses) and OSHA Form 301 (Injury and Illness Incident Report).  Affected employers must still maintain Forms 300 and 301 on-site and make them available for OSHA inspection, if requested.  Employers covered by the rule now only are obligated to submit Form 300A (Summary of Work-Related Injuries and Illnesses) annually.

In a new class action filed recently against a hospital housekeeping company, employees allege their employer’s fingerprint scanning time-tracking system runs afoul of privacy laws.  The Pennsylvania-based company Xanitos Inc. now faces the lawsuit in federal court in Illinois, claiming the company violated the state’s Biometric Information Privacy Act (BIPA).

A magistrate judge in the U.S. District Court for the District of Oregon recently made findings and recommendations to dismiss a purported class action against Kroger subsidiary Fred Meyer.  The suit alleges that the retailer’s background check process for prospective employees violates the Fair Credit Reporting Act by both failing to properly disclose that a report will be run, and failing to comply with the statute’s procedural requirements before taking adverse action against an applicant.

In a time when workplace violence seems to be on the rise, many companies have adopted a strict no tolerance policy even for conduct outside the workplace.  In California, however, employers need to be cognizant of the protections afforded individuals that may make such terminations riskier than the company may expect.  One employer got just such a reminder last week when a California jury returned an $18M verdict against it for terminating an employee after he was arrested for threatening his girlfriend outside of the workplace.

In EEOC v. McLane Co., Inc., the Ninth Circuit recently held that the EEOC has broad subpoena powers to obtain nationwide private personnel information, including social security numbers (“SSNs”), in connection with its investigation of a sex discrimination charge.

Damiana Ochoa, a former employee of a McLane subsidiary in Arizona, filed a charge with the EEOC alleging sex discrimination (based on pregnancy), claiming that when she tried to return to work after taking maternity leave, the company informed her that she could not return to work until she passed a physical capability strength test. Ochoa alleged that the company requires all new employees and all employees returning from medical leave to take the test and acknowledged that she failed this test three times. Based on her failure to pass the test, the company terminated Ochoa’s employment.

State legislation concerning employee privacy in social media continues to grow with six states passing such legislation in 2014, including Tennessee, Louisiana, New Hampshire, Oklahoma, Rhode Island, and Wisconsin. As discussed here, these laws focus on an employee’s right not to disclose personal social media passwords to an employer, as well as prevent employers from requiring access to content not available to the general public.

In Purple Communications, Inc., a divided National Labor Relations Board held that employees have the right to use their employers’ email systems for statutorily protected communications, including self-organization and other terms and conditions of employment, during non-working time.  In making this determination, the Board reversed its divided 2007 decision in Register Guard, which held that employees have no statutory right to use their employer’s email systems for Section 7 purposes.

The U.S. District Court for the District of New Jersey recently ruled that non-public Facebook wall posts are protected under the Federal Stored Communications Act (the “SCA”) in Ehling v. Monmouth-Ocean Hospital Service Corp., No. 2:11-CV-3305 (WMJ) (D.N.J. Aug. 20, 2013).  The plaintiff was a registered nurse and paramedic at Monmouth-Ocean Hospital Service Corp. (“MONOC”).  She maintained a personal Facebook profile and was “Facebook friends” with many of her coworkers but none of the MONOC managers.  She adjusted her privacy preferences so only her “Facebook friends” could view the messages she posted onto her Facebook wall.  Unbeknownst to the plaintiff, a coworker who was also a “Facebook friend” took screenshots of the plaintiff’s wall posts and sent them to a MONOC manager.  When the manager learned of a wall post in which the plaintiff criticized Washington, D.C. paramedics in their response to a museum shooting, MONOC temporarily suspended the plaintiff with pay and delivered a memo warning her that the wall post reflected a “deliberate disregard for patient safety.”  The plaintiff subsequently filed suit alleging violations of the SCA, among other claims.

As reported on Hunton & Williams’ Privacy and Information Security Law Blog, on June 5, 2013, the United States District Court for the Northern District of Ohio denied an employer’s motion to dismiss, holding that the Stored Communications Act (“SCA”) can apply when an employer reads a former employee’s personal emails on a company-issued mobile device that was returned when the employment relationship terminated. The defendants, Verizon Wireless (“Verizon”) and the manager who allegedly read the plaintiff’s emails, argued that the SCA applies only to ...

As reported on Hunton & Williams’ Privacy and Information Security Law Blog, on January 25, 2013, Kmart Corporation (“Kmart”) agreed to a $3 million settlement stemming from allegations that it violated the Fair Credit Reporting Act (“FCRA”) when using background checks to make employment decisions. The FCRA addresses adverse actions taken against consumers based on information in consumer reports and includes numerous requirements relating to the use of such reports in the employment context.

Continue Reading...

Beginning January 1, 2013, employers must issue an updated notice form to applicants and employees when using criminal background information under the federal Fair Credit Reporting Act.

As reported on Hunton and Williams LLP’s Privacy and Information Security Law Blog, on August 8, 2012, the Federal Trade Commission announced a settlement agreement with employment screening company HireRight Solutions, Inc. (“HireRight”). In its first enforcement action against an employment background screening company for Fair Credit Reporting Act (“FCRA”) violations, the FTC alleged that HireRight functioned as a consumer reporting agency, but failed to comply with certain FCRA requirements. The proposed consent order imposes a $2.6 million penalty on ...

The U.S. Department of Justice has moved to intervene to defend the constitutionality of the Fair Credit Reporting Act (“Act”) against a consumer reporting agency accused of violating § 605 of the Act.

On November 23, 2010, Shamara T. King filed suit against General Information Services, Inc. (“GIS”) in Pennsylvania federal court claiming violations of the Act.  (See, King v. General Information Services., No. 2:10-CV-06850 (E.D. Pa. Nov. 23, 2010).  Specifically, King claims that when she applied for a job with the United States Postal Service, GIS performed a background check that included details about a car theft arrest that occurred more than seven years prior to the requested background check.  According to § 605(a)(5) of the Act, consumer reporting agencies cannot provide adverse information, except for criminal convictions, “which antedates the report by more than seven years.”

California Governor Jerry Brown recently signed into law Senate Bill No. 559 (SB 559), which prohibits discrimination based on an individual’s genetic information.  While SB 559 significantly expands the protections from genetic discrimination provided under the federal Genetic Information Nondiscrimination Act of 2008 (GINA), at this time, its impact on most California employers is thought to be limited to the potential for greater damages to be awarded under it than under its federal counterpart.

In March, we reported on the increasing attention that federal and state legislatures, as well as the EEOC, were paying to employers’ use of employee credit checks in employment decisions. At the time of posting, four states had laws regulating employer use of credit history data and fourteen additional states were considering similar measures. Earlier this month, Connecticut passed Public Act No. 11-223 regulating employer use of credit reports.

In October 2010, the National Labor Relations Board (“NLRB”) raised the eyebrows of employers and observers when its Hartford, Connecticut Regional Office issued an unfair labor practice complaint against an employer after it allegedly terminated an employee for posting unflattering statements about her supervisor on Facebook.  The NLRB and the company settled the complaint in February 2011, on condition that the company revise its rules so they do not improperly restrict employees from discussing their wages, hours and working conditions with coworkers and others while not at work.  The employer also agreed that it would not discipline or discharge employees for engaging in such discussions.

On January 19, 2011, the United States Supreme Court issued a unanimous ruling in National Aeronautics and Space Administration v. Nelson, finding that questions contained in background checks NASA conducted on independent contractors are reasonable, employment-related inquiries that further the government’s interests in managing its internal operations.  Stating that “[t]he challenged portions of the forms consist of reasonable inquiries in an employment background check,” the Court reversed a Ninth Circuit decision that the questions NASA asked of the ...

As reported on Hunton and Williams LLP’s Privacy and Information Security Law Blog, on August 10, 2010, Illinois Governor Pat Quinn signed the Employee Credit Privacy Act, which prohibits most Illinois employers from inquiring about an applicant’s or employee’s credit history or using an individual’s credit history as a basis for an employment decision. The definition of “employer” under the Act exempts banks, insurance companies, law enforcement agencies, debt collectors and state and local government agencies that require the use of credit history.

On July 20, 2010, Hunton & Williams LLP announced the release of the first edition treatise Privacy and Data Security Law Deskbook (Aspen Publishers).  The deskbook provides a detailed overview of the workplace issues affected by information privacy and data security law and is a practical one-stop loose-leaf guide for privacy professionals, compliance officers and lawyers responsible for privacy or data security.

For an employer preparing to defend against a legal action by a disgruntled employee, few moments are as intoxicating as digging into the employee's electronic files on the company-owned computer.  The golden dirt often emerges in the form of a gossipy e-mail or an internet search for something racier than the sports scores.