Defending The Digital Workplace

An ebusinesscounsel.com publication

Resources and Links for Employment Law Issues Facing Employers and Employees

I no longer actively publish on this blog site. However, readers of this blog or those interested in issues at the intersection of employment law and technology issues can still discuss these issues with me at my new blog, The Michigan Employment Law Advisor. This blog is focused on Michigan and federal employment law issues facing employers and employees.

Additionally, for more information about the legal services my law firm provides, as well as free resources for entrepreneurs, start-ups, and HR professionals, please see my law firm website at Shinn Legal, PLC.

I would also welcome the opportunity to connect with you on TwitterLinkedIn, or Facebook.

In any event, I appreciate all the readers and comments who participated in the employment law discussions and I look forward to continuing to develop those discussions. Best to you.

Facebook Firing Ends in Settlement with NLRB

The National Labor Relations Board (NLRB) announced that it had reached a settlement in a case involving an employee’s discharge for posting negative comments about a supervisor on the employee’s Facebook page. Click here for the NLRB’s press release.

In sum, however, the NLRB had issued a complaint against American Medical Response of Connecticut, Inc., on October 27, 2010,  alleging that the discharge violated federal labor law  (the National Labor Relations Act or “NLRA”) because the employee was engaged in “protected activity” when she posted the comments about her supervisor, and responded to further comments from her co-workers.

Under the National Labor Relations Act, employees  have a federally protected right to form unions, and it prohibits employers from punishing workers — whether union or non-union — for discussing working conditions or unionization.

The NLRB complaint also alleged that the company maintained overly broad rules in its employee handbook regarding blogging, Internet posting, and communications between employees. This policy prohibited employees from making disparaging remarks about the company or depicting it online without permission. Further, the NLRB alleged that AMR (the employer) had illegally denied union representation to the employee during an investigatory interview shortly before the employee posted the negative comments on her Facebook page.

Under the terms of the approved settlement, the company agreed to revise its social media policy to ensure that the rules do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions. The allegations involving the employee’s discharge were resolved through a separate, private agreement between the employee and the company.

The Take Away for Employers

This had been the first case in which the NLRB sought to argue that workers’ criticisms of their bosses or companies on a social networking site was a protected activity under the NLRA and that employers would be violating the NLRA by punishing workers for making statements in the context of social media. Accordingly, employers likely would have welcomed guidance from the NLRB as to how the 75-year-old NLRA would be reconciled with the technological realities of how employees communicate in the age of social media.

For example, the employee involved in the NLRB’s complaint, Dawnmarie Souza, at one point mocked her supervisor on Facebook, using several vulgarities to ridicule him. This eventually drew supportive responses from her co-workers that led to further negative comments about the supervisor. Where a Facebook conversation involves several co-workers it is more likely to be viewed as “concerted protected activity.” But what if instead, Ms. Souza had simply lashed out in a negative post against a supervisor and no co-workers joined in the discussion (not even a single “like” in Facebook terminology). Would that type of comment in the absence of “co-worker discussion” still be considered protected?

In any event, from a strategic perspective, employers should appreciate that this issue will be resolved another day, perhaps under a less “labor friendly” NLRB.

The clear take-away, however, is that the NLRB’s original complaint and this settlement signals that the NLRB intends to protect employees’ rights to discuss the conditions of their employment with co-workers irrespective of whether this discussion takes place at the water cooler or on Facebook.

Accordingly, it is critical for employers – regardless of whether your workforce is unionized or not – to review your Internet and social media policies to determine whether they would be subject to a similar attack by the NLRB that the policy ‘reasonably tends to chill employees’ ” in the exercise of their rights under the NLRA to discuss wages, working conditions and unionization. Areas to consider include:

  • Does the social media policy expressly restrict protected activity;
  • Would an employee construe the social media policy as prohibiting protected activity;
  • Has the social media policy been used to discipline employees who engaged in protected activity; and
  • Was the policy put into place in in response to concerted or protected activity.

None of  this should be taken as legal advice, but it is good advice. And we would welcome the opportunity to offer our insight as to what policies should and should not say and strategies for managing the unique risks found at the intersection of social media and employment and labor law.

Revisions to FTC’s Red Flags Rule Exempts Lawyers, Doctors, and Accountants

The Federal Trade Commission’s (FTC) Red Flag Rules have been revised to exclude certain professionals prior to the latest enforcement deadline of December 31, 2010. Specifically, President Obama signed into law on December 18, 2010, the Red Flag Program Clarification Act of 2010 (Clarification Act), which clarifies the scope of the FTC’s Red Flags Rule. Under the amendment, professionals such as doctors, lawyers, and accountants are excluded from the Red Flags Rule. For a full copy of the Act, click here

The Red Flags Rule was enacted to protect consumers from identity theft by requiring “creditors” covered under the Rule to establish written policies and procedures to identify risks of identity theft to their customers. Under the plain language of the Red Flags Rule, a business becomes a “creditor” when it provides products or services in advance and require payment from the customer at a later time. Further, under prior FTC interpretations “creditor” was broadly interpreted to cover lawyers, doctors, accountants, and others because they bill for services after the services have been performed.

Under the the Clarification Act, however, the meaning of the term “creditor” now includes only those who (1) regularly and in the ordinary course of business obtain or use consumer reports in connection with a credit transaction; (2) furnish information to consumer reporting agencies in connection with a credit transaction; or (3) advance funds to or on behalf of a person, based on an obligation of the person to repay the funds. The Clarification Act does not specifically exclude doctors, lawyers, and accountants. But Senator Christopher Dodd (D.-Conn.) and Senator Mark Begich, (D.-Alaska) make clear that the Clarification Act does not extend to these professionals and other small businesses as creditors covered under the Red Flags Rule simply because they provide services and bill clients, patients, and customers for payment at a later time, except to the extent that they furnish information to consumer reporting agencies in connection with a credit transaction. Finally, the Clarification Act allows the FTC to determine in the future whether the scope of the Rule should be expanded to include other types of creditors that offer or maintain accounts subject to a reasonably foreseeable risk of identify theft.

From a practical standpoint, even those professionals and businesses specifically exempted from the Red Flags Rule should establish an identity theft prevention program: It is a good business practice to eliminate or, at least, minimize the chance of a data breach and minimizing the subsequent fall out with your customers. Additionally, there may be other applicable regulations that may require certain protection programs. For example, doctors must have HIPAA security programs in place and there is a patchwork of state statutes that cover data security and reporting requirements for breaches.

For questions about Red Flags Rule Compliance, establishing an information security program, or improving your organization’s current policies and procedures for preventing losses,  contact E-Business Counsel, PLC.

Written by Jason Shinn

December 21, 2010 at 3:38 pm

E-Discovery and Zombie-Lawyers

In the recent genre of zombie horror movies, the living are infected with a viral agent that transforms them into automations that terrorize and wreak havoc on the living. Ultimately society faces an apocalyptic battle against mobs of lumbering, mindless, flesh-eating, creatures.

It is not uncommon for e-discovery to act as the catalyst for transforming once living, thinking attorneys (often very bright attorneys) into unthinking, legal automations that wreak havoc on e-discovery. But whereas  the infected zombies devour the living, zombie-lawyers devour resources, wreak havoc on litigation strategy, and even threaten the ethical mandates upon which the legal profession is based upon.

The court dockets are littered with examples of e-discovery disasters. And certainly among those disasters are circumstances that are beyond the control of attorneys, even exceptional attorneys. But equally true is that a zombie-lawyer was likely the cause behind a number of these disasters. In reviewing court opinions and based on my own experience going back to 2001 in responding to e-discovery issues, this conclusion is justified.

In that time, I’ve worked with a number of great attorneys. But no matter how competent or exceptional those attorneys were in their respective legal corners of the universe, e-discovery was a new area of law for them. Some understood this fact and either got up to speed or relied upon those that had put the time into knowing this area. Others did not.

For those that did not, there were generally two explanations:

First, “conducting” e-discovery was not justified in light of the amount of the dispute and the insurance carrier is not going to pay for that. This explanation was given at a time where there was no option (as if there ever was) to elect to not conduct e-discovery. Similarly, it was explained that litigation strategy consist of working up a litigation file to position it for settlement. There is, however, no “sliding scale” for complying with court and ethical requirements. A $25,000 dispute requires the same adherence to court rules and ethical requirements as a $2.5 million claim.

But what the zombie-lawyer fails to recognize is that technology and e-discovery expertise can significantly bridge the gap between meeting ethical and legal requirements and efficiently conducting discovery. Ironically, these same zombie-lawyers make decisions that routinely increase the amount of litigation cost. Even more troubling are the decisions that could result in a doomsday litigation scenario of spoliation, adverse inferences, and even outright default judgments.

The other explanation is more of a refusal to accept change or acknowledge that e-discovery required a new knowledge base. In this regard, I’ve worked with attorneys who refused to abandon WordPerfect because they didn’t want to learn MS Word. In one instance, an attorney would create documents in WordPerfect scan to PDF, email to the client, have the client make handwritten changes, email/fax back those changes, and then revise the original WordPerfect file.

In another instance, I specifically used the Federal Rules to request that responsive documents be produced in their native digital format or a reasonably usable equivalent to be agreed upon by counsel. The agreement was easily reached and the digital equivalent of over ten-thousands of pages were produced in the initial production. Despite the fact that the production was fully searchable and indexed, a major problem arose with the production.  The problem, however, was not between opposing counsel. Instead, the Senior Partner was upset and annoyed to the point of using expletives because he “liked” paper and insisted on sticking with paper. This instance is further noteworthy in that this same attorney would put in hours to learn a file or a relevant substantive area of the law to adequately defend the claims. Unfortunately, hours were mindlessly consumed first printing out the digital production and then actually reviewing, page-by-page, the production.

Regardless of the reason, when it comes to e-discovery, it cannot be ignored because it is inconvenient or expensive. It also cannot be simply a matter of going through the same motions.

Enjoy Halloween this year and try to catch Night Of The Living Dead – the quintessential and classic zombie movie.

Jason Shinn provides e-discovery consulting for business organizations with a focus on litigation preparation, risk reduction or elimination, and attorneys. He has helped organizations save hundreds of thousands of in e-discovery defense costs.  He has  been asked to consult with a major insurance carrier in creating an e-discovery endorsement and retained as an e-discovery expert in state court litigation. More information is available at http://www.ebusinesscounsel.com.

Written by Jason Shinn

October 29, 2010 at 5:02 pm

Posted in Uncategorized

Fired Employee Makes Unauthorized Changes to Company Website and How to Prevent this From Happening to Your Company

A former employee vandalized the website of his former employer according to a report of the West Bloomfield Beacon. The police were told that the ex-employee was fired July 6 and he allegedly made unauthorized changes to prices and instructor names on the company website. The business owner believes the ex-employee of using old login names to access the company website.

Unfortunately, incidents like this are not isolated. For example, a federal grand jury recently indicted a former employee of the Transportation Security Administration (TSA) for trying to corrupt a database of terrorism suspects in an inside job that many within the information security industry say is a stark reminder of how important it is to track insider access to sensitive data stores. (click here for the full story). This individual planted a virus in his employer’s computer system after learning that he would be fired from his job.

Employers have a number of tools available to pursue rogue individuals who would do harm their business organizations harm. I’ve written about the Computer Fraud and Abuse Act as one such tool (See the Michigan Manufacturing Association’s Insight magazine), for example.

Preventing Digital Sabotage

More importantly, there are a number of steps employers can take before such conduct happens. In fact, employers should have a checklist to follow when an individual is terminated that covers the cancellation of all IT access and related passwords. For a copy of an expansive employee termination checklist, contact me here. Also, I would appreciate hearing about any other measures or best practices that you think should be included on this list. Thanks.

Written by Jason Shinn

August 24, 2010 at 9:39 am

Posted in Uncategorized

Germany Proposes Ban on Employers using Facebook to Screen Applicants

A proposed law in Germany may make it illegal for employers to check out prospective job candidates on Facebook and similar non-career focused social networks, according to TechCrunch.

The proposed law, however, would not make it illegal to “google” or otherwise conduct Internet searches of applicants – but employers would be required to disregard information that is either too old or outside of a candidate’s control. Further, social networks focused on professional purposes, e.g., LinkedIn, would be permissible.

I am more of an expert on German beer than German law. And I have not reviewed this particular proposed German law so I am not in a position to intelligently speak on whether or how practical this “Anti-Facebook” law would be once implemented.

But the genesis for this “Anti-Facebook” law does provide a good off-ramp for US employers to address legal risks associated with using social media to research applicants.

Among those risks, an employer may learn about information that may later become a cornerstone in a discrimination lawsuit. Consider if a decision-maker’s social media research revealed that an applicant is in a protected class under federal or state laws. Such information may be disclosed through photos showing a person’s race, information about a person’s religious affiliations, or that an applicant is pregnant. Whether this information was a determining factor in the adverse hiring decision will be answered against the factual backdrop  that the employer checked the applicant’s profile and was therefore aware of the particular fact creating the protected class under state for federal law. Now this knowledge, by itself, may not be enough to carry the day in regard to an employment claim, but it is a tangible piece of evidence a plaintiff’s lawyer will certainly point to in supporting that claim.

Or an employer – union and non-union – may open itself up to an unfair labor practice claim. Specifically, Section 7 of the National Labor Relations Act (NLRA) protects employees (unionized and non-unionized workplaces), who engage in “concerted activities for the purpose of collective bargaining or other mutual aid or protection.” 29 U.S.C. § 157. Such activities include the right to discuss terms and conditions of employment, and criticizing their employers when communicating with co-workers and third parties. In the social media context, courts have held that employee comments critical of their employers made through social media channels while discussing union activity may trigger concerted activity protections. See Konop v. Hawaiian Airlines, Inc., (2002) (comment critical of employer’s union negotiation tactics held protected).

The Take-away for Employers: Implement a Social Media Plan & Engage Employees to Make sure it is Followed

The preceding risks are only a few of many examples of risks that employers should consider in assessing the benefits and burdens of social networking sites as they relate to employees. For a more in-depth analysis of these risks, feel free to contact me. Also click here (free registration required) for a free copy of a  social media policy. Click here for a prior post about obtaining employee buy-in when it comes to implementing your social media policy. I am also curious to know how many employers implement a “social media” protocol into their hiring and recruiting policies. Thanks for your input.

Written by Jason Shinn

August 23, 2010 at 9:53 am

Posted in Uncategorized

Workplace Violence – Preventing and Minimizing Tragedy

This past Wednesday, the family owned Hartford Distributors Inc. in Manchester, Connecticut, reopened its doors. Eight days before this reopening, police reported that a truck driver facing possible dismissal charges fatally shot eight coworkers before killing himself.

Tragically, this incident is not isolated: The Bureau of Labor Statistics’ Census of Fatal Occupational Injuries (CFOI) reported 11,613 workplace homicide victims between 1992 and 2006. Averaging just under 800 homicides per year, the largest number of homicides in one year (1080) occurred in 1994. In 2004, violent workplace incidents  accounted for as much as 18% of all violent crime in the United States.

Against this dark backdrop, it is apparent that for any business workplace violence must be a top concern. This is especially true for smaller business organizations who are often hit by violent incidents much harder. Based on experience and personal observations, smaller companies typically do not have the resources to employ security, invest in work place violence prevention training, or employee counseling services. Nonetheless, there are measures that any business – regardless of available resources – should take so it does not become another grim workplace homicide statistic.

Identifying Warning Signs of Workplace Violence

Employers cannot guarantee workplace safety. But there are red flags and behaviors employers should recognize to minimize the chance that an employee’s actions do not boil over into a violent altercation.  For example, the National Institute for Prevention of Workplace Violence identifies 13 signs to look for:
  1. Employees making threats;
  2. Acting unreasonably;
  3. Intimidating or controlling other employees;
  4. Exhibiting paranoid behavior;
  5. Acting irresponsibly;
  6. Exhibiting angry or aggressive behavior;
  7. Showing a fascination with or acceptance of violence;
  8. Holding grudges;
  9. Exhibiting generally bizarre behavior;
  10. Exhibiting signs of depression;
  11. Demonstrating obsessions;
  12. Demonstrating signs of substance abuse; and
  13. Demonstrating signs of desperation.
But recognizing violent tendencies is only the first step. Employers must also enforce workplace violence policies.These policies should be applied uniformly, and should be based upon an objective analysis of the employee’s present tendencies to commit a violent act.

Implementing an Anti-Work Place Violence Policy

Effective anti-violence policies should generally include the following:

  • The policy should clearly establish that violence will not be tolerated in any manner from any employee. The policy should also provide a non-exhaustive list of violent acts, including verbal threats or harassment;
  • The policy should explain that prohibition on violence also extends to customers, clients, patients, or guests;
  • The policy should plainly state that employees who engage in workplace violence are subject to discipline, up to and including termination. Further, employees should be advised that appropriate law enforcement agencies may be contacted; and
  • The policy must also establish a convenient method of reporting any examples of violence. The policy  should also promise that all reports will be taken seriously and promptly investigated. Because employees may be reluctant to turn in a fellow employee, the policy should also provide a confidential means of making good faith complaints.

A free sample Workplace Violence Policy is available here as a download. This policy is intended for educational purposes only and is not a substitute for a one-on-one discussion with a competent attorney. Aside from an obvious self-interest in job security, there are many subtle pitfalls when it comes to the interplay with various employment statutes and implementing workplace violence policies. For example, the Americans with Disability Act (ADA) prohibits discrimination on the basis of a disability (whether actual or perceived) or a record of disability. This prohibition could complicate the enforcement of a work place violence policy if misconduct was the result of an employee’s disability. Both the Equal Employment Opportunity Commission (EEOC) and courts generally take the position that employers are almost always entitled to enforce workplace violence policies pursuant contains a “direct threat” exception, and if  the policies are enforced uniformly. But at least one court has found that taking an adverse action against a current employee for past conduct related to a disability may violate the ADA. See Josephs v. Pacific Bell, 443 F. 3d 1050 (9th Cir. 2006) (Employer violated the ADA by refusing to rehire a former employee based upon the former employee’s history of violence). Cases like this make it critical for employers to fully understand what are often subtle pitfalls when it comes to how various employment laws may interact.

Additional Best Practices for Implementing an Anti-Work Place Violence Policy

The following topics for consideration are not “legal” requirements. In fact, there are no current federal laws expressly prohibiting or even regulating workplace violence. Instead, based on experience, the following are measures that should be considered to prevent work place violence or to minimize the damage caused by such violence if it occurs:

  • Senior Management Briefings. Senior management should be briefed on threats and violence at company sites. Such briefings should either provided routinely or when serious incidents occurred.
  • Training to Detect “Red Flags.” Employers should consider providing mandatory training to detect behaviors that indicate the potential for violence. This training may be provided to all employees or only to management. An additional component of this training could include conflict resolution.
  • Employee Assistance Program. Experts recommend that an employee assistance program should be made available at all times. The reality is, however, companies have already been forced to make  deep cuts and are unlikely to have the resources to make such a program available. Nonetheless, employers can identify state and county mental health or social service programs and make such programs known to employees. Identification of domestic violence programs should be a top priority.
  • Crisis Management/Trauma Team. Employers should create some form of crisis management or trauma team. Typically such a team draws members from the following departments: senior management, human resources, security (if applicable), employee assistance, legal, medical, labor relations, labor law, communications, employee support/benefits, operations, and psychological services. If your company is unionized, then a union representative should also be considered;
  • Critical Incident Review. Employers should have a review or debriefing process for critical incidents. The main purpose of this review is to analyze, learn from, and improve procedures. Additionally, this review can assess whether proper procedures were followed in the first place and, if not, why.
  • Establishing emergency road map for Law Enforcement. It is also important to be able to provide a road map for law enforcement if a violent situation erupts. This road map should be a package that includes: (i) A checklist for management to follow that includes contact information for appropriate law enforcement and emergency responders; (ii) Express directions to not speak to anyone other than law enforcement (information that could compromise law enforcement’s ability to resolve the situation could be inadvertently disclosed); (iii) A detailed schematic of the facility that identifies entrances and exits; (iv) A list of all employees on duty at the time of the incident, including emergency contact information for all such employees; and (v) A list of any potentially hazardous substances that are stored on-site that could pose additional risks if compromised or used by the perpetrator. From a practical perspective, this road map should be duplicated so that it is available on-site and off-site.

Conclusion

The Connecticut shooting is a grim reminder of how quickly workplace violence can erupt. But it should also be a reminder of what can be done to prevent or, at least, minimize the tragedy that follows such violence. Accordingly, employers should review and update their anti-workplace violence policies and procedures.

Written by Jason Shinn

August 14, 2010 at 5:58 pm

Follow

Get every new post delivered to your Inbox.