employee's personal data

I would love to be able to tell my clients that the Internet and social media has created a very complex set of legal issues that requires them to hire me in order to help develop all new handbook policies, change the way they conduct background checks on applicants, and monitor their employees. However, unfortunately, this is not the case. Employers and employees need to calm down a bit. I cringe when I hear employment lawyers (and Facebook’s Chief Privacy Officer recent comments about employers asking to have employee’s Facebook passwords) advising people to refrain from using the Internet to do background checks on applicants because it may reveal that they are in a protected category, and then this could (possibly) be grounds for a discrimination case. Are these same lawyers advising their clients not to conduct interviews because during a face to face interview the employer will learn the same information? And just because the employer knows that an applicant or employee is in a protect class does not mean that discrimination occurred if it takes an adverse employment action against the applicant or employee. Sure, all employers are subject to frivolous legal actions. But, as I tell my clients, there are only two things my clients and I can control: (1) the advice I give them about how to act according to the law, and (2) whether my clients listen to my advice and act accordingly. The one thing we cannot control, no matter how hard we wish we could, is being able to stop people from filing a baseless lawsuit.

We’ve had the Internet since the 1970’s, and it became mainstream in the 1990’s. I would argue that most people (at least in the U.S.) have had experience on the Internet for at least a decade now. There has not been a lot of case law that has changed the way employment lawyers advise their clients on new human resources policies given the advent of the Internet and social media.

Have the courts simply not caught up with these "new" developments?

As typical lawyers always suggests at this point – courts are slow to deal with emerging technology issues, but I don’t think that is a play here. Courts are slow, but we’ve been actively using the Internet for a decade now. They are not that slow, and I think rather that the rules that were already in place and governed employer’s and employee’s activities were and still are sufficient in addressing the vast majority of the employment issues involving the Internet and social media. Sure, on the fringes there are a few technical items that may be the exception to this, but for the vast majority of employers the Internet and social media does not change much about how HR should conduct itself. The basic analysis regarding monitoring and employee’s off work conduct and right to privacy – the issues usually at play in these types of cases – is the same if the conduct at issue was done off the Internet. I would even argue that privacy cases usually are easier when it involves a posting on the Internet, as no one has any reasonable expectation of privacy in such a public disclosure.

What about social media policies?

That usually leads to the next question, “What about social media policies?” Again, most employers probably don’t need a specific social media policy.  And a basic policy (if you really think a social media policy is necessary) that the employer may terminate or discipline an employee for anything they do on the Internet if the employer could terminate or discipline the employee if the conduct at issue did not occur on the Internet would normally be sufficient.

Employers, lawyers, and employees need to take a step back and realize that even though we have these great new technological advances, the law developed before this technology does a pretty good job at resolving these issues in the employment context.

Mat Honan at Gizmodo wrote recently about a new company that helps employers search applicant’s “internet background” to assist in the hiring process. As Mat rightly points out, much of the concern over this “new technology” is overblown, and as he puts it, "[e]mployers would have to be stupid not to Google job candidates."  As I have pointed out before, much of the unduly concern is that lawyers don’t understand the technology, and therefore if they don’t understand it, their client’s use of the technology can only lead to bad things.

I think Guy Kawasaki had a great perspective on this issue when I recently interviewed him. He said he would be worried about a job applicant who did not have a Facebook page: what is wrong with this person? Is he anti-social? Is he not with the times or just simply does not understand simple technology? As Mat points out as well, with some common sense a job applicant can easily manage the results of an online search by being careful about which information he or she provides to the employer. For example, an internet search for the job applicant’s private email address might turn up more personal information than if the applicant has a separate email they only use for work purposes and lists on their c.v.

From the employer’s perspective I don’t think the analysis changes much for searching employees background on the Internet:

Generally, under Federal law, employers may utilize social networking sites to conduct background checks on employees if:

  1. The employer and/or its agents conduct the background check themselves;
  2. The site is readily accessible to the public;
  3. The employer does not need to create a false alias to access the site;
  4. The employer does not have to provide any false information to gain access to the site; and
  5. The employer does not use the information learned from the site in a discriminatory manner or otherwise prohibited by law.

The Wall Street Journal recently wrote about how employees are surprised after being given notice that they have been laid-off that they cannot retrieve personal (and business related) information from their computers. The author notes that with advances in technology that often times blur the boundaries between work and personal pursuits, many employees are hit really hard when they cannot retrieve their personal contacts from their work PDA or computer:

As layoffs sweep across industries, employees’ personal information is winding up in the dustbin, as well. Most workers know better than to store personal files on their office computer. But employees who spend the majority of their time at the office often treat the company PC as their personal gadget, filling it with music, photos, personal contacts — even using the computer’s calendar to track a child’s soccer schedule. That makes it all the more distressing when a newly laid-off worker learns that his digital belongings are company property.

The author correctly notes that what information is the employee’s as opposed to the employers is probably going to be set forth in and governed by the employer’s policies. Often times these policies will be provided to the employee when he or she first starts:

Employees worried about their job security should review the forms they signed when they were hired. They should look at the company’s electronic communications policy, employee guidelines and non-compete agreements to make sure they understand everything properly. When employees sign these agreements, they should also make copies to save at home, too, Ms. Yancey says. Those that break these agreements risk being fired or sued by their employer, she adds.

It is important to note that in California, it is extremely difficult for employers to enforce non-competition agreements due to a California Supreme Court ruling in Edwards v. Arthur Andersen last year. California employers can still protect company information through other means, such as establishing that the information is a trade secret, or is proprietary information.

Steps California Employers Should Take To Avoid Litigation Over Electronic Data

  • California employers need to establish a clear policy that establishes that the employee does not have any privacy expectation in any data stored on company owned computers or devises.
  • The policy should establish that all aspects of an employee’s use of company equipment can be monitored.
  • Employers need to have the employees sign an acknowledgment of electronic data and monitoring policy.
  • The employer should remind employees of the electronic data policy at least every year.
  • If employers do have trade secrets, they need to maintain strict protocols to ensure that only employees with a “need to know” have access to the information and take steps to ensure that the information is protected.
  • If an employee who has been laid off requests personal information from his or her computer such as family pictures, an employer’s accommodation of this request will be somewhat of a step towards minimizing the employee’s ill-will towards the company (and less likely to pursue litigation against the company).