Hunton Employment & Labor Law Perspectives : Employment Lawyers & Attorneys : Hunton & Williams Law Firm : Labor Law Legislative Updates

In its letter, the EEOC makes a distinction between “personal” and “occupational” health information. According to the EEOC, personal health information is “information obtained in the course of diagnosis or treatment,” while occupational health information “concern[s] an employee’s ability to work.” While both the ADA and GINA sharply limit employers’ right to access personal health information, employers who lawfully utilize post-offer questionnaires or medical examinations will likely obtain personal health information in the normal course of business.  Similarly, health care facilities or other employers who provide on-site medical services might have access to both personal and occupational health information.

As the EEOC points out, the ADA and GINA authorize employers to use or disclose an employee’s confidential medical or genetic information only in limited circumstances. Those limited exceptions do not include the provision of occupational health information to healthcare workers providing non-job related medical services. Similarly, while supervisors and managers are permitted to access information regarding an employee’s work restrictions or necessary accommodations, they do not have the right to access other medical information.

Given the dichotomy between personal and occupational health information and the attendant restrictions on who can access what information, the EEOC suggests that maintaining both types of information in a single medical record “presents a real possibility” that employers are violating the ADA or GINA. According to the EEOC, employers who maintain medical records in an electronic format that allows individuals with access to the records to view all the information contained in the record are even more likely to be in violation of the ADA, GINA, or both.

The EEOC’s letter raises two issues for employers in possession of both occupational and personal health information. First, the EEOC’s letter suggests that employers need to distinguish between occupational or personal health information. Making this distinction is not always easy.  Second, once the employer determines what information is occupational and what information is personal, the employer has to determine whether it has appropriate safeguards in place to prevent unauthorized access to or disclosure of either category of information. For paper files, this might mean maintaining separate folders in separate locations. For electronic medical records, an employer may need to erect an electronic “wall” so that the users of the system only have access to the relevant and appropriate information.

The EEOC’s letter increases the costs and complexity of maintaining confidential employee medical records. Instead of a simple partition between medical and non-medical records, employers may now have to consider establishing additional privacy protections for different types of medical information.

The Plaintiff, Jill E. Maremont, worked as the Director of Marketing, Public Relations and E-Commerce for an interior designer and her company, Susan Fredman and the Susan Fredman Design Group, Ltd. (Defendants). Maremont contends she created a “popular personal following” on Facebook and Twitter, and she also created a company blog called “Designer Diaries: Tales from the Interior.” 

According to Maremont’s complaint, in September 2009 she was struck by a car and was hospitalized, then homebound, for months while she recovered. During this time, the Defendants allegedly impersonated Maremont by writing Posts and Tweets to her personal Facebook and Twitter followers, promoting Susan Freidman Design Group. Maremont asked Defendants to stop, but they continued. Maremont eventually changed her account passwords. 

Maremont filed suit against the Defendants alleging three claims: (1) false association/false endorsement under the Lanham Act, 15 U.S.C. § 1125(a)(1)(A); (2) right to publicity under the Illinois’ Right to Publicity Act, and (3) violation of her common law right to privacy.

Defendants filed a motion to dismiss all claims. The Court denied the motion as to the first two counts, but dismissed the common law action. On the first count, the Court ruled that Maremont had adequately alleged a commercial injury based on the Defendants’ deceptive use of her name and likeliness. On the second count, the Court found Maremont had sufficiently alleged that Defendants used her likeness to promote the business without her written consent, in violation of the state law. The Court also applied a “continuing violation rule” to find this state claim timely, ruling that the limitations period did not begin to run until the Defendants’ “last unlawful Tweet.” On the third count, the Court found Maremont’s claim preempted by the Illinois Right to Publicity Act.  The Court further ruled that Maremont had not adequately developed her alternate argument in Count III, that Defendants’ intrusion into her personal “digital life” is actionable under the common law theory of unreasonable intrusion upon the seclusion of another. She also had not alleged actual malice or special damages, as needed to support a false light claim. The case is now proceeding to discovery.

As this case demonstrates, social media litigation is a growing trend. Employers may unwittingly expose themselves to claims by assuming that all online activity related to the business is company property. Employers should clearly distinguish between the personal social media accounts of their employees and those that belong to the business itself. Personal employee accounts, even if used to promote company business, should not be accessed without the employees’ express written permission. Clear written policies on social media use are the best way to clarify the respective roles and expectations of employees and employers.

Protected Concerted Activity 

Section 7 of the NLRA protects “the right . . . to form, join, or assist labor organizations . . . and to engage in other concerted activities for the purposes of collective bargaining or other mutual aid or protection.”  29 U.S.C. §  157.  “Concerted activity” is action taken in pursuit of a common goal by multiple employees or by a single employee where the employee is authorized by other employees to act on their behalf.  The concerted activity is protected if it is intended for mutual aid or protection (a lawful objective) and executed by a lawful method.  Many people think of strikes, group complaints, or honoring picket lines as typical activities protected by the NLRA.  However, an activity may fall under the protection of the NLRA even where it appears to have little or nothing to do with unions.  Employees have the right to engage in concerted activities even where no union activity is involved and in situations where the employees have not considered a collective bargaining agreement. 

Under Section 8 of the NLRA, employers may not interfere with, restrain, or coerce employees in their rights to engage in concerted activities.  29 U.S.C. §  158(a)(1).  Employers who take an adverse action toward, or retaliate against, employees because of protected concerted activities may violate the NLRA and possibly find themselves having to defend against an unfair labor practice charge.  As noted, this is the case for both unionized and non-unionized employers. 

Facebook, Blogs, Chat Rooms and More

When addressing employee use of social media, employers should be aware that unions and possibly the NLRB may construe employees’ use of social media as protected concerted activities.  Unions may argue that employees are exercising their Section 7 rights when they use Facebook, blogs, chat rooms, twitter and even email.  Because of its nature, social media provides the perfect opportunity for employees to interact with one another, and unions and the NLRB may try to classify such interactions as employees engaging in protected concerted activity.   

Social media, and employees’ use of it, presents considerable challenges to employers.  Misuses of social media can result in damage to the employer’s reputation, breach of confidentiality, and trade secret theft.  To minimize those risks, employers may implement a social media policy to provide some limitations on how social media may be used relating to the company.  Such policies may address employees’ use of social media both at the workplace, with company property, and outside of the workplace.  When constructing such a policy, employees’ Section 7 rights should be considered.   Employers must avoid any policy that may reasonably tend to “chill” employees in the exercise of their Section 7 rights, such as overly broad restraints that forbid employees from discussing work conditions with one another or from discussing the company on the Internet or other social forums. 

Other Possible NLRA Claims

With regard to social media, unions may also argue that employers violate the NLRA by monitoring employees’ use of social media because they are engaging in surveillance of union activities.  Employers generally may not use surveillance where employees are engaged in protected union activities, such as exercising their Section 7 rights.  Because surveillance tends to discourage employees from exercising their Section 7 rights, it is viewed as a violation of the NLRA.  Where unions assert surveillance concerns with social media, the matter will often turn on whether the social media is public or private (where there are passwords in place to limit access to the blog, chat room, Facebook page, etc.).  Employers also should treat both union and non-union use of social media in the same manner to avoid allegations of discrimination against union members and union interests. 

Because of the significant increase in its use, social media creates new challenges for employers in protecting their legitimate business interests.  Employers should be aware of the possibility that unions and the NLRB could seek to invoke the NLRA to protect employees’ use of social media in several respects. 

Labor and employment partners Juan Enjamio and Terry Connor were among the authors who contributed to the book. Labor team associates Marcia Ganz, Anna Lazarus, and Sarah Ratner and former colleague Valerie Njiiri also contributed to the chapter relating to privacy in the workplace, which includes topics such as standards governing employee monitoring and background screening of employees and applicant.

Key chapters on privacy and the work place include the following:

• In General
• Labor and Employment Laws
• Background Screening of Employees and Applicants
• Disposal of Employee Personal Information
• Protection of Social Security Numbers
• Health Information
• Workplace Monitoring
• Privacy Torts
• Conclusion 

The deskbook also provides a detailed overview (with thousands of specific citations for the legal practitioner) of those areas of information privacy and data security law that have the greatest impact on and are most relevant to U.S. businesses operating in the global arena.  In addition, the treatise contains a collection of sample documents, charts, checklists and other compliance-enabling tools.  For additional information, visit our website at www.hunton.com.

Following an NLRB hearing in which “Jane Doe’s” personnel records were used to determine whether “Clinical Care Coordinators” qualified as “supervisors,” Doe sued the company for invasion of her privacy.  She claimed that a document from her confidential personnel record was improperly disseminated during the hearing in violation of her privacy rights.  A Pennsylvania trial judge allowed her claim to go to a jury that found in her favor.
 
But can releasing personnel files during a court proceeding really put a company at risk for invasion of privacy liability?  The answer is probably not, if handled carefully.  The appeals court in Jane Doe reversed the jury verdict and held that the use of the personnel files in the NLRB hearing was privileged.  The record made clear that the purpose of the disclosure was genuine and related to the NLRB proceeding.  The court focused on the fact that the lawyers, not the company’s management, selected which files to present, and that the information presented from the files was relevant to the issue in the hearing.     

This appellate ruling offers comfort, but perhaps not to the company that had to defend the case (unsuccessfully) to a jury before obtaining a reversal on appeal.  That the matter commanded this much process suggests great care in protecting the personal information of employees when companies are required to produce records in litigation or agency investigations.  For example, in Salt River Valley Water Users Association v. NLRB, 769 F.2d 639 (9th Cir. 1985), the court held it was not an abuse of discretion to limit the union’s access to only disciplinary actions and performance reviews. 

Recent amendments to the court rules require redaction of social security numbers, but the experience of the employer in Jane Doe suggests real care be taken in protecting any information not relevant to the case and that might create privacy issues for the employees whose records are produced.  It is also advisable to request from the court or agency requiring or admitting records an order that protects the affected employees’ interests.

In Convertino, the plaintiff, Assistant U. S. Attorney Richard Convertino, filed suit against his employer, the U. S. Department of Justice (“DOJ”), and against Eastern District of Michigan First Assistant U. S. Attorney Jonathan Tukel.  The complaint alleged that Convertino was retaliated against for certain testimony before Congress and that, in violation of the Privacy Act, the DOJ improperly leaked information regarding an investigation into Convertino’s potential prosecutorial misconduct.  The retaliation claim (the only claim alleged against Tukel) ultimately was dismissed for lack of subject matter jurisdiction; however, the parties conducted discovery related to the Privacy Act claim. 

Although the claim against Tukel was dismissed, a discovery dispute resulted in the Court’s review of 36 emails between Tukel and his personal counsel, sent and received using Tukel’s DOJ email account, to determine whether they were protected by the attorney-client privilege.  Tukel intervened in the discovery dispute to assert privilege over the email communications.  Plaintiff Convertino took the position that Tukel waived his right to assert the attorney-client privilege because the communications were made using the DOJ’s email account. 

Judge Lamberth upheld the privilege.  In so doing, he articulated that application of the privilege requires a case by case analysis to determine whether there is a subjective expectation of confidentiality that is objectively reasonable, based on the following:  (1) whether the employer maintains a policy banning personal or other objectionable use; (2) whether the employer monitors the use of the employee’s computer or email; (3) whether third parties have a right of access to the computer or email; and (4) whether the employer notified the employee, or whether the employee was aware, of the employer’s use and monitoring policies.  The Court found that Tukel’s expectation of privacy was reasonable because, according to the opinion, the DOJ does not ban personal use of its email system, Tukel attempted to delete the email, and Tukel was unaware the DOJ “would be regularly accessing and saving e-mails sent from his account.” 

This opinion highlights why employers should develop, maintain, disseminate, and periodically update clear policies regarding acceptable practices for company information technology.  Such policies should include, among other things, guidelines governing personal and prohibited uses and statements related to privacy and confidentiality.  Taking such steps can reduce any arguable expectation of privacy and prevent employees from shielding their personal use of company resources from discovery in litigation against the company.

“Texting”--the preferred communication medium among younger employees--differs from other forms of communication in ways making it easier to cross the line into inappropriate content.  Texts are brief, spontaneous, and informal -- even more so than e-mail.  A text can contain only a limited number of characters, so it is customary to abbreviate (“LOL”; “TLK2UL8R”) and to omit even the minimal greetings and pleasantries usually contained in email messages.  With it’s rapid back-and-forth, texting feels more like a telephone conversation than written correspondence.  But unlike a telephone call, a written record of text communications remains and can serve as powerful evidence in sexual harassment lawsuits -- generating the buzzword “textual harassment.” 

 Use of text messages as evidence in discrimination claims is on the rise.  According to a recent article in the National Law Journal:

Perhaps the biggest culprits...are male bosses who are sending scandalous text messages to female employees, asking them out on dates or promising promotions in exchange for sexual favors. These texts are explosive evidence in lawsuits, and pretty tough to dispute.
--“Textual Harassment” on the Rise, The National Law Journal, July 20, 2009

Inappropriate text messages were key evidence in several recent, high profile employment cases, including a claim by four waitresses against a manager at a Famous Dave’s restaurant in West Virginia.  In support of their claim, the waitresses produced text messages from the supervisor requesting sexual favors.  Text messages appear similarly pivotal in a pending Connecticut harassment case against World Wrestling Entertainment, Inc.  The plaintiff-employee in that case claims that a high-level manager made sexual advances to her in late-night text messages.  

Given this exposure, employers’ anti-harassment policies should treat text messages sent on devices owned and provided by the employer as business records that should be monitored for inappropriate content and managed accordingly.  But the sheer volume of text messages can make monitoring impractical.  In a one-month period (January 2009), for example, AT&T processed 31.1 billion text messages.  (Statement of Wayne Watts, Senior Executive Vice President & General Counsel, AT&T, Inc., Before Subcommittee on Antitrust, Competition Policy & Consumer Rights, Hearing on Cell Phone Text Messaging Rate Increases and the State of Competition in the Wireless Market, June 16, 2009).  Monitoring such a vast number of exchanges could prove impossible even for the most diligent employer.  And if the Ninth Circuit’s opinion in Quon is affirmed, such monitoring may violate the privacy rights of public employees--imposing on employers (at least those in the public sector) the conflicting duties of electronic monitoring to deter harassment without infringing employees’ expectation of privacy in text messages.