Photo of Lindsay Burke

Today, one of the most critical risks a company can face is the cyber risks associated with its own employees or contractors.  Companies are confronting an increasingly complex series of cybersecurity challenges with employees in the workplace, including employees failing to comply with established cybersecurity policies, accidentally downloading an attachment containing malware or providing their credentials in response to a phishing scam, or intentionally stealing company information for the benefit of themselves or the company’s competitors by simply copying information to their email or a thumb drive and leaving the company.  Contractors or consultants with access to company systems can pose these same challenges. To guard against these risks, companies can implement various policies and procedures to address an employee’s tenure, from pre-hiring to post-employment, and can implement many of these same precautions with respect to contractors, consultants, or any other third parties with access to company systems.
Continue Reading Cyber Risks in the Workplace: Managing Insider Threats

By Lindsay Burke and Brian Fitzpatrick

On March 10, 2014, the EEOC and the FTC issued joint guidance on how the anti-discrimination laws and the Fair Credit Reporting Act (“FCRA”) apply to background checks performed by employers for employment application purposes. This guidance is published in two documents, one directed at employers and the other directed at employees and applicants, and aims to provide high-level practical assistance and answers to commonly asked questions that arise during the application process.  The pamphlet directed to employers builds off of the EEOC’s April 25, 2012 guidance regarding employer use of criminal history information, which we summarized here, and addresses the request for, appropriate use of, and disposal of such information.

Employers are reminded of their obligation to treat all applicants and employees equally and to refrain from performing background checks in a selective manner, where that decision is or could be perceived to be based on protected characteristics, including medical history (which implicates genetic information). When using background information to make employment decisions, employers must apply the same standards to all individuals and be cautious of basing employment decisions on background problems that may be more common among people of certain protected categories. If a certain type of background check disproportionately impacts members of a protected group, it must be job-related and consistent with business necessity. The guidance does not explain, however, how employers are to discern whether these warnings apply, nor does it mandate that employers conduct any research to investigate these possibilities. 


Continue Reading EEOC and FTC Issue Joint Guidance on Background Checks Performed by Employers

A New Jersey federal court recently held that an employee’s Facebook wall posts were protected by the Stored Communications Act (“SCA”), 18 U.S.C. § 2701 et seq., in one of the first cases to analyze the SCA’s application to the Facebook wall.  Ehling v. Monmouth-Ocean Hospital Service Corp.., No. 2:11-cv-3305 (WMJ) (D.N.J. Aug. 20, 2013).  An important factor in the court’s ruling was the fact that the employee had configured her privacy settings to restrict her posts to her Facebook “friends.”

The court found that the employer had not violated the SCA by viewing the employee’s wall, however, because a co-worker, who was one of her Facebook friends, showed the post to their employer without any prior prompting by the employer.  

This ruling provides further reason for employers to avoid unauthorized access to an employee’s social media activities.  The court’s holding is consistent with the passage by 11 states of laws prohibiting employers from demanding social media passwords from employees.  But employers that learn of social media activity by employees through passive means may still be able to take action based on that information.


Continue Reading Federal Court Finds Stored Communications Act Applies to Facebook Wall Posts

Many employers have been surprised by recent rulings that two common employment policies run afoul of the National Labor Relations Act (“NLRA”) even if their employees are not union members.  Based on a legitimate interest in preserving confidentiality and privacy, many employers have adopted social media policies limiting what employees may post on Facebook or Twitter about their employer or co-workers.  Based on similar privacy considerations, employer procedures for investigating sexual harassment and other complaints often place restrictions on what employees may reveal to their co-workers or others about the allegations.  According to recent decisions, however, both policies may violate Section 7 of the NLRA, which permits employees to engage in “concerted activity” for “mutual aid and protection.”

Section 7.  It is well established under the NLRA that employees may confer with one another about their wages and other terms of employment and may take  “concerted” action in an effort to improve their working conditions.  Employees (but not managers) are protected by Section 7 of the NLRA, whether or not they are members of a union. But employers rarely face Section 7 issues since claims under Section 7 must be asserted in charges filed with the National Labor Relations Board (“NLRB”), and few employees do so.   

Confidentiality of Complaint Investigations.  Enforcement Guidance issued by the EEOC directs employers conducting investigations of workplace harassment to assure complainants that they “will protect the confidentiality of harassment complaints to the extent possible.”  Employers routinely adopt policies asking employees who are part of workplace investigations, either as complainant or witness, to keep such investigations confidential.  Such policies help ensure the integrity of investigations, prevent workplace retaliation for participation in investigations, protect the privacy of complainants, and foster an environment where employees will readily report harassment concerns.


Continue Reading The NLRB Strikes Down Employer Policies on Social Media and the Confidentiality of Complaint Investigations