In a new class action filed recently against a hospital housekeeping company, employees allege their employer’s fingerprint scanning time-tracking system runs afoul of privacy laws. The Pennsylvania-based company Xanitos Inc. now faces the lawsuit in federal court in Illinois, claiming the company violated the state’s Biometric Information Privacy Act (BIPA).
A magistrate judge in the U.S. District Court for the District of Oregon recently made findings and recommendations to dismiss a purported class action against Kroger subsidiary Fred Meyer. The suit alleges that the retailer’s background check process for prospective employees violates the Fair Credit Reporting Act by both failing to properly disclose that a report will be run, and failing to comply with the statute’s procedural requirements before taking adverse action against an applicant.
In EEOC v. McLane Co., Inc., the Ninth Circuit recently held that the EEOC has broad subpoena powers to obtain nationwide private personnel information, including social security numbers (“SSNs”), in connection with its investigation of a sex discrimination charge.
Damiana Ochoa, a former employee of a McLane subsidiary in Arizona, filed a charge with the EEOC alleging sex discrimination (based on pregnancy), claiming that when she tried to return to work after taking maternity leave, the company informed her that she could not return to work until she passed a physical capability strength test. Ochoa alleged that the company requires all new employees and all employees returning from medical leave to take the test and acknowledged that she failed this test three times. Based on her failure to pass the test, the company terminated Ochoa’s employment.
State legislation concerning employee privacy in social media continues to grow with six states passing such legislation in 2014, including Tennessee, Louisiana, New Hampshire, Oklahoma, Rhode Island, and Wisconsin. As discussed here, these laws focus on an employee’s right not to disclose personal social media passwords to an employer, as well as prevent employers from requiring access to content not available to the general public.
In Purple Communications, Inc., a divided National Labor Relations Board held that employees have the right to use their employers’ email systems for statutorily protected communications, including self-organization and other terms and conditions of employment, during non-working time. In making this determination, the Board reversed its divided 2007 decision in Register Guard, which held that employees have no statutory right to use their employer’s email systems for Section 7 purposes.
The U.S. District Court for the District of New Jersey recently ruled that non-public Facebook wall posts are protected under the Federal Stored Communications Act (the “SCA”) in Ehling v. Monmouth-Ocean Hospital Service Corp., No. 2:11-CV-3305 (WMJ) (D.N.J. Aug. 20, 2013). The plaintiff was a registered nurse and paramedic at Monmouth-Ocean Hospital Service Corp. (“MONOC”). She maintained a personal Facebook profile and was “Facebook friends” with many of her coworkers but none of the MONOC managers. She adjusted her privacy preferences so only her “Facebook friends” could view the messages she posted onto her Facebook wall. Unbeknownst to the plaintiff, a coworker who was also a “Facebook friend” took screenshots of the plaintiff’s wall posts and sent them to a MONOC manager. When the manager learned of a wall post in which the plaintiff criticized Washington, D.C. paramedics in their response to a museum shooting, MONOC temporarily suspended the plaintiff with pay and delivered a memo warning her that the wall post reflected a “deliberate disregard for patient safety.” The plaintiff subsequently filed suit alleging violations of the SCA, among other claims.
As reported on Hunton & Williams’ Privacy and Information Security Law Blog, on June 5, 2013, the United States District Court for the Northern District of Ohio denied an employer’s motion to dismiss, holding that the Stored Communications Act (“SCA”) can apply when an employer reads a former employee’s personal emails on a company-issued mobile device that was returned when the employment relationship terminated. The defendants, Verizon Wireless (“Verizon”) and the manager who allegedly read the plaintiff’s emails, argued that the SCA applies only to computer hacking scenarios, and that the plaintiff authorized the reading of her personal emails.
As reported on Hunton & Williams’ Privacy and Information Security Law Blog, on January 25, 2013, Kmart Corporation (“Kmart”) agreed to a $3 million settlement stemming from allegations that it violated the Fair Credit Reporting Act (“FCRA”) when using background checks to make employment decisions. The FCRA addresses adverse actions taken against consumers based on information in consumer reports and includes numerous requirements relating to the use of such reports in the employment context.
Beginning January 1, 2013, employers must issue an updated notice form to applicants and employees when using criminal background information under the federal Fair Credit Reporting Act.
As reported on Hunton and Williams LLP’s Privacy and Information Security Law Blog, on August 8, 2012, the Federal Trade Commission announced a settlement agreement with employment screening company HireRight Solutions, Inc. (“HireRight”). In its first enforcement action against an employment background screening company for Fair Credit Reporting Act (“FCRA”) violations, the FTC alleged that HireRight functioned as a consumer reporting agency, but failed to comply with certain FCRA requirements. The proposed consent order imposes a $2.6 million penalty on HireRight and requires the company to remedy the alleged FCRA violations, create and retain certain records and submit reports to demonstrate compliance.