HRMN 408 Week 7: The Law and Ethical Considerations & Considerations for HR Professionals
matador
Capter18-EmployeePrivacy.pdf
Employee Privacy
• Private Places
• Sensitive Records
• Surveillance
• Electronic Monitoring
• Lie Detectors
• Drug and Alcohol Testing
• Marijuana
• Employee Mail
• Social Media Policies
• Criminal Records
• Driving Records
• Identity Theft
CHAPTER 18
C o p y r i g h t 2 0 1 7 . S o c i e t y F o r H u m a n R e s o u r c e M a n a g e m e n t .
A l l r i g h t s r e s e r v e d . M a y n o t b e r e p r o d u c e d i n a n y f o r m w i t h o u t p e r m i s s i o n f r o m t h e p u b l i s h e r , e x c e p t f a i r u s e s p e r m i t t e d u n d e r U . S . o r a p p l i c a b l e c o p y r i g h t l a w .
EBSCO Publishing : eBook Comprehensive Academic Collection (EBSCOhost) - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS AN: 1697333 ; Charles Fleischer.; The SHRM Essential Guide to Employment Law : A Handbook for HR Professionals, Managers, Businesses, and Organizations Account: s4264928.main.eds
Book: The SHRM Essential Guide to Employment Law : A Handbook for HR Professionals, Managers, Businesses, and Organizations Author: Charles Fleischer Date: 2017
Link: https://eds-s-ebscohost-com.ezproxy.umgc.edu/eds/ebookviewer/ebook?sid=06b3498d-2a5f-4e56-b272-e3384fd9dde5% 40redis&ppid=pp_329&vid=0&format=EB
The SHRM Essential Guide to Employment Law330
Privacy is the right to be left alone. When someone’s privacy has been wrongfully invaded, he or she may have a claim for damag- es. The types of invasions that can give rise to a claim for damages include the following:
• unreasonable intrusion upon the seclusion of another person • appropriation of another’s name or likeness • unreasonable publicity given to another’s private life • publicity that places another in a false light.
Invasions of privacy do not usually arise in the employment context. After all, the workplace and the equipment in it belong to the employer. Those assets are there to promote the employ- er’s business, not the employee’s. When an employee is at the workplace using the employer’s equipment, he or she is supposed to be acting for the employer’s exclusive benefit. His or her per- formance is constantly being evaluated, and normally there is no expectation that his or her activities are personal and private.
But there are exceptions.
PRIVATE PLACES Most employees would expect their bodies, pockets, purses, wal- lets, and briefcases to be private and not open to inspection by their employer. If an employer intends to inspect those private places, a compelling business reason must exist, and a clear writ- ten statement of this intention should be established and dis- seminated to all employees. In the diamond mining industry, for example, body cavity searches might be justified. Technicians working with lethal viruses might reasonably be put through decontamination at day’s end. Perhaps retail store workers should expect to have their packages inspected as they leave the store premises.
Less clear are places such as an employee’s desk. An employer’s right to go through an employee’s desk without the employee’s permission depends on the circumstances. If the employer has
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 331
an announced policy of doing so, or if the employee shares the desk with others and could have no reasonable expectation of privacy, then the employer probably has the right. But if there is no announced policy, if the employer does not make it a practice of inspecting desk drawers, and if employees routinely lock their desks without objection from the employer, then the employer probably does not have the right.
Fourth Amendment Among the rights granted by the Constitution’s Bill of Rights is the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” As pointed out in Chapter 4, these rights protect individuals from government abuses, not from employer or other private actions. But the line between government and private action can become blurred, as the following case study shows.
CASE STUDY: EMPLOYER MAY CONSENT TO POLICE SEARCH OF OFFICE The Internet service provider for a Montana company notified the Federal Bureau of Investigations (FBI) that one of the company’s employees had accessed child pornography websites from a company computer. The FBI investigated and, in the process, obtained a copy of the suspect employee’s hard drive. Doing so involved obtaining a key to the employee’s private office, entering the office, and opening the computer’s outer casing to gain access to the hard drive. When later prosecuted for child pornography, the employee tried to exclude the contents of the hard drive as evidence against him. The U.S. Court of Appeals for the 9th Circuit treated the employer as agent of the government, triggering a Fourth Amendment search and seizure issue. The court ruled, however, that the seized hard drive could be admitted in evidence because the employer retained control over the employee’s office and computer and could therefore consent to the search and seizure.
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law332
SENSITIVE RECORDS Employers frequently acquire highly sensitive, personal information about their employees, such as the following:
• drug test reports • results of medical exams • information about physical or mental disabilities that need to be accommodated under the Americans with Disabilities Act (ADA)
• medical information about the employee or employee’s family in support of leave requests under the Family and Medical Leave Act
• workers’ compensation records • health insurance utilization records • substance abuse treatment records in connection with employee assistance programs
• tax and financial information • information about family problems, divorces, and separations.
The confidentiality of some of this information is guaranteed by law. Even if no specific law applies, employees expect such information to be kept confidential and to be used strictly for its intended purpose. Employers should live up to those expec- tations. Sensitive records should be kept in a secure area, and access should be limited to those with a legitimate need to know. When employers store sensitive information electronically, they should install appropriate computer security systems to prevent unauthorized access.
ADA The ADA generally prohibits pre-employment medical examina- tions (except drug tests) and prohibits inquiries as to disabilities. The ADA permits an employer to conduct post-hiring medical exams so long as certain requirements are met, including the requirement that information obtained regarding medical condition or history be treated as a confidential medical record. (See Chapter 17 for a more detailed discussion of medical examinations under the ADA.)
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 333
Drug and Alcohol Abuse Treatment Substance abuse records may be disclosed only with the patient’s consent, in cases of medical emergency, or when authorized by court order based on a showing of good cause for disclosure. This means that, in the absence of consent by the employee, even a subpoena issued to an employer is insufficient to justify disclosure. Instead, the party desiring the records must obtain a specific court order for disclosure.
HIPAA Extensive regulations implement the privacy requirements of the Health Insurance Portability and Accountability Act. The regula- tions are expressly applicable only to health plans (except for plans with fewer than 50 participants that are self-administered solely by the sponsoring employer), health care clearing houses, and health care providers that electronically transmit health information. How- ever, employers are affected by the regulations in important ways.
Health insurers and health maintenance organizations (HMOs) are prohibited from disclosing protected health information (PHI) to employers that sponsor health plans, except to enable plan spon- sors to carry out plan administration functions that the plan sponsor performs, and then only upon certification that the plan documents have been amended as required by the regulations.
Employers in turn must do the following: • amend their plan documents to set out the permitted and required use of PHI
• require others who gain access, such as agents and subcontractors, to comply with use and disclosure restrictions
• provide for return or destruction of information that is no longer needed
• provide for separation between the group plan itself and the plan sponsor
• describe those employees or classes of employees who have access to the information
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law334
ALERT! Employers are specifically prohibited from using PHI for any employment-related action
or decision.
SURVEILLANCE An employer may install surveillance cameras around the work- place, as long as the cameras are located in places where there is no reasonable expectation of privacy. Having a stated legitimate busi- ness reason for installing cameras—safety in garage areas or to stop employee theft—is a good idea. Cameras installed in private areas, such as restrooms, would be difficult to justify.
ALERT! In a unionized shop, the installation of surveillance cameras is a matter for mandatory
bargaining. Surveillance to determine who is supporting a union organizing effort is an
unfair labor practice. (See Chapter 24 for more on collective bargaining and unfair labor
practices.)
Surveillance outside the workplace is slightly different. Take, for example, an injured employee who is on leave and collecting work- ers’ compensation benefits. If the employer has a reasonable suspi- cion that the employee is malingering and hires an investigator to videotape the employee surreptitiously outside the workplace, there is no invasion; the employer has a legitimate business purpose in conducting the surveillance and does so in an unobtrusive manner. However, if the employer instructs the investigator to interview all the employee’s neighbors, golfing buddies, and bowling team, as well as take the video, the employer may have invaded the employ- ee’s privacy.
Some companies take surveillance to a whole new level by inquir- ing into or investigating an applicant’s or employee’s after-hours, leisure activities, and lifestyle in making employment decisions. Claiming a desire to hold down health insurance costs, absentee- ism, or negligent employment suits, companies have been known to
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 335
inquire about tobacco and alcohol use, participation in dangerous sports like motorcycle racing or sky diving, and even sexual activ- ities. Balancing the invasive nature of these inquiries against the questionable value of the information obtained suggests that such practices are ill conceived. Some states prohibit an employer’s using information about lawful after-hours activities to make employment decisions.
GPS Tracking Smartphones and GPS devices installed on vehicles afford employ- ers yet another way to monitor their employees. The Supreme Court has ruled that use of such devices by government authorities requires a search warrant. But no similar requirement applies to pri- vate employers. Instead the issue is privacy.
Companies that are considering using such tracking devices should establish a clear, written policy before doing so, which might include the following:
• identify and articulate a legitimate business reason for doing so, such as improving delivery routes or tracking work hours
• identify those positions, and only those positions, that will be sub- ject to tracking
• limit monitoring to work hours (unless, for example, the purpose is to investigate violations of company policy regarding personal use of company vehicles)
• inform employees of the policy, so that they have no expectation of privacy while being monitored
• inform employees of the disciplinary consequences of violating any vehicle use policies
• explain to employees how the resultant data will be used • maintain resultant data securely, especially if the data inadvertent- ly contain any personal information, and use the data only for the intended business purpose
• in unionized shops, consider whether monitoring needs to be the subject of collective bargaining
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law336
ELECTRONIC MONITORING Under the federal Electronic Communications Privacy Act (ECPA), it is illegal to intentionally intercept a wire, oral, or electronic com- munication. Intercept means the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device. Telephone con- versations, voice mail messages, face-to-face conversations, and email (while being transmitted) are all protected by the ECPA. Employers are subject to the ECPA just like other interceptors.
The ECPA prohibition does not apply when one of the parties to the conversation has consented to an intercept. So at least under federal law, if two persons are engaged in a telephone or face-to-face conversation, one of them may record the conversation without the consent or even the knowledge of the other.
A provision of the ECPA exempts telephone equipment so long as the equipment is being used in the ordinary course of business. Extension telephones and speaker phones, for example, normally qualify under this exemption, even though they can be used to inter- cept electronic communication.
Many states have enacted laws similar to the ECPA. Be warned, however, that unlike the ECPA, which is a one-party consent statute, some states have two-party consent statutes. In a two-party consent state, both parties to the conversation (or all parties if there are more than two) must consent to the intercept. State two-party consent statutes are not preempted by the ECPA and are fully enforceable.
Some companies find it helpful to record telephone conversations between employees and customers for quality control or verification purposes. If the company is doing business in a two-party consent state, it must obtain the consent of both the employee and the cus- tomer. The employee’s consent will be presumed if the employer notifies the employee of its intentions to record the communication beforehand. (It is a good idea to give the notice in writing and have the employee sign a receipt. A monitoring policy should also be stated in the employee handbook.) As for the customer, the employ-
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 337
er should have a recorded announcement at the beginning of each telephone conversation that the conversation may be monitored. If the customer proceeds with the conversation, his or her consent is also presumed. Even in one-party states, it is a good idea to let both the employee and the customer know in advance that conversations may be monitored.
Stored Communication The ECPA also prohibits unauthorized access to stored communi- cations (as distinguished from real-time, ongoing communications), but it has an exception for the provider of the communications ser- vice. This exception probably allows an employer to access employee emails that are backed up on the employer’s own email server, as well as logs showing an employee’s Internet surfing habits.
ALERT! Posting employee photographs or other personal information about employees on a
company website, if done without their permission, may not only be a privacy violation,
but it may also increase the risk that employees will become victims of identity theft or
violence.
Word-processing and other data files stored on the employer’s network server or on the employee’s workstation hard drive are not covered by the ECPA since they are not communications. However, even as to materials that are exempt from or not covered by the ECPA or comparable state statutes, employers need to be concerned about common-law privacy rights. As with searches of private places, the test is whether the employee had a reasonable expectation of privacy. To dispel any possible expectations of privacy, the employer should make clear in its employee handbook that the entire computer net- work, including individual workstations, belongs to the employer and that the employer may, at any time and without notice, inspect any files stored, processed, or transmitted on company computers. Figure 18.1 is a suggested handbook provision on privacy.
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law338
FIGURE 18.1: HANDBOOK PROVISION ON PRIVACY
All communications sent or received via the company’s communications facilities, including communications using a personal email account, or created by or stored in the company’s communications facilities or computer equipment, belong to the company and are subject to interception, monitoring, and inspection. Employees should have no expectation of privacy while at any company facility, while on company business, while using or accessing the company’s computer equipment or communications facilities, or while using a company vehicle.
Personal Use of Equipment Some companies go so far as to prohibit any personal use of com- munications equipment, such as telephones and email. While such a policy may be perfectly legal, it is difficult to enforce. Failure to enforce a policy consistently can give rise to employee expectations that the policy is one in name only. It makes more sense to recog- nize that some personal use will inevitably take place and to adopt a policy limiting personal use to no more than a few minutes a day. The policy should also prohibit any improper or illegal use.
ALERT! Prohibiting employees from using the company email system for concerted activity relat-
ing to union organizing or conditions of employment could constitute an unfair labor
practice. (See Chapter 24 for more on union activity.)
If an employer discovers a computer file on the company’s server that appears to be personal and in violation of company policy, the employer should normally not study its contents except to deter- mine that the file is in fact personal. Studying the file’s contents beyond that point serves no legitimate business purpose, since the employer’s interests are normally sufficiently served by instructing the employee to remove the file and imposing appropriate disci- pline. If the employer reasonably suspects that the employee is using office computers to engage in illegal activity, such as gambling, theft of trade secrets, or distribution of pornography, further inspection of the file’s contents may be justified.
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 339
BYOD Should employees be allowed to use their own devices—such as smartphones, tablet, laptops—for company business? Employees like the opportunity because they are comfortable with their devices and because the company may subsidize a portion of the cost. But it raises a number of legal concerns that employers need to con- sider when adopting a bring your own device (BYOD) policy. For example:
• Who owns the device if its cost is subsidized by the employer? • Will security features be installed on the device, such as passwords, to protect confidential company data?
• How will confidential data be protected if the device is lost or when employment terminates?
• If the employee receives emails or other company communica- tions during nonworking hours, should those hours be counted for wage and hour purposes?
• Will company access to the device amount to an invasion of the employee’s privacy with respect to personal data stored on the device?
• What restrictions will be imposed on downloads of personal apps to prevent corruption or infection of company data or copyright violations?
BYOD policies are particularly troublesome when it comes to tex- ting. If employees are texting each other or with customers or ven- dors using company equipment, then the company at least has the means of capturing and preserving the messages. But if employees are using their own devices for business texts, message capture and preservation may be difficult or impossible.
LIE DETECTORS With very limited exceptions, a federal law known as the Employ- ee Polygraph Protection Act (EPPA) prohibits use of lie detectors in employment situations. The term lie detector as used in the feder-
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law340
al statute includes not only polygraph equipment (which measures pulse, respiration, and perspiration) but also any other device, such as a voice stress analyzer. The EPPA goes so far as to prohibit an employer’s even requesting or suggesting that an employee submit to a lie detector test. Discharging an employee for refusing to submit to a test is abusive and subjects the employer to civil damages.
Exceptions Exceptions to the EPPA include tests administered by federal, state, and local government employers and tests administered by the fed- eral government to employees of government contractors in con- nection with security, counterintelligence, and law enforcement functions.
Exceptions for private employers include the following: • Ongoing investigation. An employer may request its employees to submit to a polygraph test in connection with an ongoing inves- tigation involving economic loss or injury to the employer’s busi- ness such as theft, embezzlement, misappropriation, or an act of unlawful industrial espionage or sabotage. The employees must have had access to the property or information that is the subject of the investigation, and the employer must have a reasonable sus- picion that the employee was involved in the incident or activity under investigation.
• Security personnel. Prospective employees may be required to undergo polygraph tests in connection with employment as armored car personnel; personnel engaged in the design, installa- tion, and maintenance of security alarm systems; and security per- sonnel whose functions include protection of facilities that have a significant impact on public health or safety (for example, nuclear power plants and public water supply).
• Controlled substances. Prospective employees who will be involved in the manufacture or distribution of controlled substances may be required to undergo polygraph tests. In addition, an existing employee may be required to undergo a polygraph test in connec-
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 341
tion with an ongoing investigation involving loss of a controlled substance if the employee had access to the substance.
The EPPA goes on to specify requirements and procedures that must be complied with for the exemptions to apply.
Some states also prohibit or restrict the use of lie detectors. Mary- land, for example, requires all written employment applications to contain a notice, in bold-faced, uppercase type, to the effect that employers may not require or demand polygraph examinations as a condition of employment.
As a practical matter, most private employers simply rule out lie detectors as a workplace tool.
DRUG AND ALCOHOL TESTING Employers and employees have sharply competing interests over drug and alcohol testing. On the one hand, an employer has a strong, sometimes compelling interest in maintaining a drug- and alcohol-free workplace: The employer is legitimately concerned with the safety of employees, customers, and the public generally, and with the effect of drug and alcohol abuse on job performance, acci- dent rates, and absenteeism. Some employers, such as those regu- lated by the U.S. Department of Transportation (DOT), discussed below, are even required to test for drugs and alcohol under certain circumstances.
In contrast, employees have privacy rights. They object to employer scrutiny of their off-hours conduct. They question the accuracy of testing procedures. And they worry about the confi- dentiality of unrelated medical information obtained in the testing process.
The ADA generally prohibits discrimination against, and requires reasonable accommodation of, people with disabilities—includ- ing addictions. While people with drug and alcohol addictions fall within these general ADA provisions, an employer, consistent with the ADA may do the following:
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law342
• test for illegal drugs, such tests being excluded from the definition of a medical exam
• discriminate against current users of illegal drugs • discipline employees for use or possession of drugs or alcohol at the workplace in violation of company policy, even if the use or possession is the result of addiction
Employers need not tolerate poor work performance or behavior- al issues, even if they are the result of addiction.
ALERT! While testing for illegal drugs is excluded from the definition of a medical exam, test-
ing for alcohol is a medical exam and is subject to ADA restrictions regarding medical
exams.
Department of Transportation Employers in the various transportation industries regulated by the DOT (aviation, mass transit, interstate pipelines, railroads, shipping, and trucking) are required to establish drug and alco- hol policies for employees performing safety-sensitive jobs. Under these requirements, covered employees are prohibited from using, possessing, being under the influence of, or being impaired by alcohol or controlled substances while performing their jobs.
Covered employees are subject to drug and alcohol tests in the following situations:
• as part of their employment application process (drug testing required; alcohol testing permitted)
• when there is a reasonable basis to suspect drug or alcohol abuse • on a random basis • following an accident, if (a) the accident involved loss of life, or (b) the driver received a citation and the accident involved bodily injury requiring medical treatment, or the accident disabled a motor vehicle
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 343
DOT regulations have come under constitutional attack as a violation of the employees’ Fourth Amendment right to be free from unreasonable searches and seizures. The Supreme Court has ruled, however, that while the Fourth Amendment applies to drug and alcohol testing conducted pursuant to government regulation, such testing is not unreasonable, even in the absence of a search warrant and even absent any basis to suspect the individual being tested.
In contrast to DOT’s mandatory post-accident drug- and alco- hol-testing requirement for transportation employees, the Occu- pational Safety and Health Administration (OSHA) recommends a more limited use of post-accident testing. OSHA says that
drug testing policies should limit post-incident test- ing to situations in which employee drug use is likely to have contributed to the incident, and for which the drug test can accurately identify impairment caused by drug use… . Employers need not specifically suspect drug use before testing, but there should be a reason- able possibility that drug use by the reporting employ- ee was a contributing factor to the reported injury or illness in order for an employer to require drug test- ing. In addition, drug testing that is designed in a way that may be perceived as punitive or embarrass- ing to the employee is likely to deter injury reporting.
Employers that decide to have a drug-testing program should engage an outside consultant to set up the program and perhaps even administer it on an ongoing basis. This will help ensure that the program is run professionally and in accordance with any applicable law, that drug screens are accurate and reliable, and that medical information obtained in the process is handled appropriately. Using an outside consultant may also help insulate the employer from lia- bility should a breach of confidentiality occur or should an employee be falsely reported as an illegal drug user.
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law344
MARIJUANA Marijuana remains a Schedule I controlled substance (that is, a drug having no medical use and a high potential for abuse), and its manufacture, possession, use, or distribution remains illegal under federal law. Yet more than half the states have decriminalized pos- session and use at the state level for medical purposes, and a hand- ful of states—Alaska, California, Colorado, Massachusetts, Maine, Nevada, Oregon, and Washington state at this writing—have gone further and legalized possession of limited quantities for recreational purposes.
Faced with these liberalizing state laws, the Obama administra- tion’s Department of Justice (DOJ) sent a memorandum to the U.S. Attorneys in states with medical marijuana laws, encouraging them not to focus federal resources on individuals who are in clear and unambiguous compliance with existing state laws providing for the medical use of marijuana. In other words, do not bother pros- ecuting under federal law if the possession or use is consistent with state law.
In addition, in 2016, Congress enacted the following rider to an omnibus appropriations bill:
None of the funds made available in this Act to the Depart- ment of Justice may be used, with respect to the states of Ala- bama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Hawaii, Illinois, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michi- gan, Minnesota, Mississippi, Missouri, Montana, Nevada, New Hampshire, New Jersey, New Mexico, Oregon, Rhode Island, South Carolina, Tennessee, Utah, Vermont, Washington, and Wisconsin, to prevent such states from implementing their own state laws that authorize the use, distribution, possession, or cultivation of medical marijuana.
That rider has been included in subsequent appropriations acts and continuing resolutions. A 2016 decision by the U.S. Court of
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 345
Appeals for the 9th Circuit ruled that the rider even prohibits the DOJ from prosecuting violations of federal marijuana laws in the listed states so long as the conduct involved is permitted under state law. (According to news reports, the Trump Justice Department has asked Congressional leaders to eliminate the rider in future appro- priations legislation.)
So how should employers respond when an employee uses mari- juana for medical or recreational purposes in violation of federal law but in compliance with state law?
It seems clear that an employer may still prohibit manufacture, possession, use, or distribution of marijuana in the workplace. Sim- ilarly, being under the influence of marijuana at work may be pro- hibited, but determining whether an employee is in fact under the influence is problematic. Behavior may suggest recent marijuana use, but it is far from definitive. And while chemical testing will disclose the presence of marijuana or its metabolites, there is no generally accepted quantitative benchmark (as there is with alcohol) to deter- mine impairment. Further, a positive urine test does not establish current impairment, since it may take a month or more from last use before a chronic user will have a negative urine test.
How about a blanket policy of testing for marijuana and other illegal drugs and rejecting any candidate or firing any employee who turns up positive, regardless of whether the use was at work or off duty? Such a policy would generally be consistent with federal law. Remember that illegal drug use is not protected under the ADA, and testing for such drugs is not a prohibited medical exam under the ADA. In addition, most U.S. government contractors and feder- al grant recipients are required to have a drug-free workplace policy, and employees in safety-sensitive jobs regulated by the DOT are subject to drug and alcohol testing.
A case from Washington state, decided when only medical marijuana use was legal there, ruled that an employer may have a zero-tolerance policy and reject a candidate who tests positive for marijuana. But it is far from clear that other courts would agree. At
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law346
least one state—Maine—prohibits employers from discriminating against applicants and employees solely because they use marijuana recreationally during nonwork hours. (As of this writing the Maine legislature has delayed implementation of the nondiscrimination provision until February 2018.)
Rhode Island prohibits employers from denying a job to someone “solely for his or her status as a [medical marijuana] cardholder.” And a 2017 decision from Massachusetts’s highest court ruled that an employer had a duty under that state’s disability discrimination law to accommodate an employee who used medically-prescribed marijuana to alleviate symptoms of a disabling bowel condition. The Massachusetts court rejected the employer’s claim that any accom- modation would be per se unreasonable because of marijuana’s status as a Schedule I drug under federal law. A federal district court in Connecticut also reached a similar decision under that state’s medical marijuana law. Other states do not explicitly address mari- juana use, but they prohibit adverse employment actions based on off-duty conduct generally. Finally, a number of states permit, but regulate, drug and alcohol testing.
So, despite marijuana’s illegality under federal law, employers need to carefully consider the law of the state or states in which they operate to determine just what their policy regarding marijuana should be.
EMPLOYEE MAIL Federal law prohibits obstruction of mail correspondence. If a letter arrives addressed to a former employee that is obviously personal— the envelope is the size and shape of a greeting card; the address is handwritten; it is addressed to the former employee in care of the company; it has a handwritten, nonbusiness return address; and it was hand-stamped rather than metered—then the employer’s clear duty is to return it unopened to the U.S. Postal Service for forwarding.
In contrast, if the envelope has all the earmarks of a business cor- respondence, including a preprinted return address of one of the
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 347
company’s customers, most employers would not hesitate to open the letter, but their right to do so is not clear. A federal criminal stat- ute prohibits the taking of mail out of any post office or authorized depository “with design to obstruct the correspondence, or to pry into the business or secrets of another,” or opening or destroying the same. An 1877 federal court case says it is no defense to prose- cution under the statute that the letter in question related in part to the defendant’s business.
Figure 18.2 is a suggested employee handbook provision that may help address the matter.
FIGURE 18.2: EMPLOYEE MAIL
Mail arriving at the company’s place of business that reasonably appears to be business mail intended for the company may be opened by any authorized company employee, even if it is addressed to another specific employee or former employee. By accepting employment, an employee grants permission to the company to open mail in accordance with the foregoing and that the permission continues throughout the employment and after it ends.
SOCIAL MEDIA POLICIES Faced with concerns about the accuracy of resumes, the reliability of reference information, and the risk of negligent employment claims, employers are more and more turning to the Internet to investigate prospective employees. There they can often find a wealth of infor- mation. For example, a job candidate may have a Facebook page or other social media accounts (some two billion individuals regularly use Facebook, according to press reports), may be listed on the web- site of a club or organization in which he or she is a member, or may maintain a blog on a topic of personal interest. Some candidates, perhaps out of youthful exuberance (and indiscretion), may even brag electronically about alcohol consumption, drug use, or sexual exploits, providing photos or videos of the conduct being described.
An employer’s collection and use of online information raises a number of legal questions. Postings can reveal information, such as
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law348
ancestry, family status, religious affiliation, political belief, or sexual orientation that is otherwise unavailable to the employer and that should not be considered in the hiring process. Once an employer has obtained such information, it is open to a charge of using the information in its decision-making.
Some states prohibit employers from considering after-hours activities in making employment decisions, so long as the activity is otherwise lawful and does not interfere with job performance. A handful of states specifically prohibit employers from requesting usernames and passwords to online accounts. Even in the absence of such laws, obtaining personal information from social media may amount to a common-law invasion of privacy. And if the employer obtained the information by circumventing a security device, such as by guessing a password or by misrepresenting the employer’s iden- tity, the employer may have violated federal law, such as the ECPA.
Employers that decide to include Internet searches as part of the application process might consider using a nondecision-maker to screen purely personal or otherwise irrelevant information, so that the ultimate decision-maker has only job-related data on which to base his or her decision.
CASE STUDY: IMPROPER ACCESS TO SOCIAL MEDIA ACCOUNT A server at a New Jersey restaurant created a private, password- protected account at Myspace to vent about work, and he invited other present and former restaurant employees to participate. Postings on the account came to include vulgar, critical comments about the restaurant and its policies, about its managers and customers (many of whom were identified by name), mentions of drug use, and suggestions of possible violence against the restaurant and its managers. When a supervisor learned of the existence of the account, he pressured a participant-employee to provide her password, and he then shared the password with upper management. Management accessed the account a number of times, read the postings, and then
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 349
fired the employee who created the account and an employee who had posted there. The two fired employees sued the restaurant on a variety of claims, including violation of the federal Stored Communications Act and invasion of privacy. A jury agreed and awarded them money damages.
ALERT! As explained in Chapter 2, the federal Fair Credit Reporting Act (FCRA) regulates an
employer’s obtaining consumer reports from consumer reporting agencies such as
Equifax and Experian. A recent Supreme Court case called Spokeo, Inc. v. Robins
seems to imply that an online people search engine could also qualify as a consumer
reporting agency (CRA), triggering an employer’s FCRA duties.
CRIMINAL RECORDS The EEOC and some courts have taken the view that using crimi- nal convictions as a basis for employment decisions has a disparate impact on certain minorities. (Disparate impact discrimination is dis- cussed in Chapter 14.) Nevertheless, employers are generally free to inquire about and base decisions on conviction records and pending charges so long as they can show a reasonable business purpose for doing so.
ALERT! A number of states and local jurisdictions have enacted ban-the-box laws that either
restrict when an employer may inquire about a candidate’s criminal record or (with
limited exceptions) prohibit the inquiry entirely. States that allow old convictions to be
expunged often prohibit inquiry about expunged records.
To establish a reasonable business purpose and reduce the risk of a successful disparate impact claim, employers should adopt a policy that includes the following:
• Only relatively recent convictions are considered. • The policy is crime-specific, in only excluding applicants for crimes that, if committed during employment, would have a significant
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law350
negative impact on the employer’s business (for example, a finan- cial institution asking about convictions for dishonesty, or a retail establishment asking about theft and shoplifting convictions).
• The policy is position-specific (in the financial institution exam- ple, only applicants who will be dealing with customers’ or the employer’s funds are excluded).
• The employer has a factual basis for the policy, such as statistics showing that the rejected applicants, as a class, are significantly more likely than the general population to commit the crimes the employer is concerned about.
Asking about arrests that did not result in a conviction is much more likely to result in a successful disparate impact claim. In gener- al, employers should not ask about or consider arrest records.
DRIVING RECORDS The federal Driver’s Privacy Protection Act of 1994 prohibits state motor vehicle departments from disclosing a driver’s personal information without the consent of the person involved. Personal information is defined as information that identifies an individu- al, including an individual’s photograph, Social Security number, driver identification number, name, address, telephone number, and medical or disability information. Excluded from the defini- tion is information on vehicular accidents, driving violations, and driver’s status.
When an employer needs to check a candidate’s or employee’s driving records, the simplest procedure is to require the candidate or employee to obtain the record himself or herself. As always, the decision should be supported by a reasonable business purpose and should be invoked on a nondiscriminatory basis.
IDENTITY THEFT Identity theft is a serious and growing national problem. According to some reports, the top cause of identity fraud is theft of records
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
Employee Privacy 351
from employers or other businesses that maintain personal infor- mation on individuals. The information that employers necessarily obtain as part of the employment relationship—name, birthdate, address, and Social Security number—is the very information that enables an identity thief to commit crimes. Employers need to safe- guard that information, and failure to do so could result in legal liability. Employers should consider the following steps to protect employee personal information:
• Keep records containing employee information in a secure room or file area and separate from other company records.
• If employee information is maintained electronically, be sure the files are protected by a password. Change passwords frequently, particularly when an employee with password access leaves the company.
• Consider encrypting any employee information that is electron- ically stored; also, consider isolating the information from the office computer network and from the Internet.
• Perform thorough background checks on all employees who have access to personal employee information.
• Do not allow access by unauthorized employees, particularly tem- porary employees who sometimes take jobs for the sole purpose of obtaining identity theft data.
• Do not use Social Security numbers for identification purposes or on employee badges; in addition, do not print Social Security numbers on paychecks or other documents that could be available to the general public. (In some states, it is illegal for an employer to print Social Security numbers on checks or use Social Security numbers for employee identification purposes.)
• Limit distribution of company directories and allow employees to exclude personal information—such as home addresses, phone numbers, and spouse’s and children’s names.
• Develop a records retention policy that requires destruction of all obsolete records; in addition, shred obsolete records, rather than merely discarding them.
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
The SHRM Essential Guide to Employment Law352
• Ask vendors that have access to personal information about your employees—your payroll service, third-party benefit plan administrators, etc.—what steps they have taken to safeguard the information.
• Consider requiring contractual provisions with vendors, obli- gating them to maintain appropriate safeguards, to notify you immediately about unauthorized access or other problems and to indemnify you if one of their employees compromises your information.
EBSCOhost - printed on 11/29/2022 4:43 PM via UNIVERSITY OF MARYLAND GLOBAL CAMPUS. All use subject to https://www.ebsco.com/terms-of-use
