I'd like to thank Sarah Phaff of our Macon, Georgia, office, who wrote this post with me.
As one who presumably has no nude selfies, you may not be too concerned about a “hack” like the one that continues to afflict celebrities like Jennifer Lawrence and Kate Upton. But that doesn’t mean there aren’t still plenty of technology issues that an employer should look out for. Are you guilty of any of these top ten technology blunders that are either committed or allowed by employers?
Blunder No. 1: Recruiting or hiring employees using “coherent people profiles” assembled by aggregators like Spokeo. Spokeo was fined $800,000 in 2012 by the Federal Trade Commission because it gathered all kinds of data about individuals – including race, ethnic background, religion, economic status, and age ranges – and sold the information to employers who used it in making recruiting and hiring decisions. Spokeo was hit because it was not complying with the Fair Credit Reporting Act, but use of this type of information can obviously also violate state, federal, and local anti-discrimination laws, as noted by an attorney from the Equal Employment Opportunity Commission, who spoke at a session on “big data” sponsored by the FTC.
Blunder No. 2: Asking applicants for their social media passwords. This is illegal in an ever-growing number of states, and a bad idea even if you live where it’s legal. As with Blunder No. 1, Blunder No. 2 could give you a lot of information that you’ll wish you hadn’t had.
Sarah and I are proud to be members of Constangy's new e-Law Practice Group, led by Nancy Leonard and Susan Bassford Wilson, which will help employers navigate the complex landscape of the digital workplace by combining legal acumen and technical expertise. The group will cut across traditional legal practice areas and provide help with issues like social media policies, electronic discovery and document preservation, online hiring processes, and much more - including dealing with employers' techno-blunders (tehe). You can follow us on Twitter at @eLawConstangy, and join our discussion group on LinkedIn.
Blunder No. 3: Legally reviewing “public” social media information too early in the hiring process. This isn’t as bad as Blunders 1 and 2, but it’s still a mistake – particularly if your social media review includes sources that generally contain a lot of personal information, such as Facebook. Again you may get TMI* about an individual’s medical condition or the condition of the individual’s family members, about religious beliefs, about age, and about all kinds of things that you’re not supposed to know early in the process. (On the other hand, reviewing a “professional” social media site like LinkedIn should not be as risky.)
*TMI = Too Much Information
Blunder No. 4: Having a weak, unrealistic, or nonexistent electronic usage policy. If it’s weak, it may not accomplish your goal of having a harassment-free workplace full of productive employees. If it bans all personal internet use during work time, it is unenforceable. Not having a policy at all is bad, too.
A good electronic usage policy will prohibit employees from using the internet and emails, texts, and social media in a way that (1) keeps them from getting their work done, (2) is harassing or discriminatory on the basis of any legally protected characteristic, or (3) is illegal (such as visiting internet gambling sites, doing illegal downloads, or viewing child pornography). Whether you want your policy to go beyond that depends on how much trouble you are willing to risk from the National Labor Relations Board. A good policy will also acknowledge that reasonable personal use of electronic communications is allowed.
Blunder No. 5: If you’re in a business or profession that requires you to preserve the confidentiality of your customers, clients, or patients, failing to ensure that all employees understand that they may never post on social media any individually identifiable information about such customers, clients, or patients. This seems to be a problem primarily with medical care providers, public safety officers, and teachers. Nurse Betty comes home after a hard day, goes on Facebook, and vents,
“So glad to be home!!! Had to flip 350-lb man with kidney stones to prevent bed sores, and my back is killing me – must be wine o’clock!”
Or Officer Jim posts a photo of the crime scene he handled that day, including the faces of the victims and their families. Or Teacher Anne vents about the spoiled brats in her class (by name) and their idiot parents. Make sure your employees know before it’s too late not to do this – if you don’t, you may have to fire an otherwise good employee.
Avoiding these last five blunders will require the involvement of your IT professional:
Blunder No. 6. Not taking extraordinary means to protect highly sensitive information such as employee Social Security numbers, employee medical information, and the company’s trade secrets and confidential business information.
Blunder No. 7: Using a cloud-based system for employment information without taking reasonably prudent precautions, including consideration of the following:
*Where, physically and geographically speaking, are your “cloud” servers located? If they’re in Siberia, your information may not have the legal protections that it would have in the United States.
*Are the data secure?
*If your relationship with your cloud provider ends, who owns the data? (HINT: It should be you, not the provider.)
*How will your information be destroyed securely if the relationship ends?
Blunder No. 8: Not requiring employees to take reasonable security precautions with mobile devices, including use of passcodes, segregation of business information from personal information, and remote wiping of employer information in the event that the device is lost or the employee is terminated.
And don't forget “low-tech” security measures, such as requiring employees to lock their cars when they're leaving laptops or tablets in them to minimize the risk of a security breach via an old-fashioned breaking and entering. (Better yet, encourage employees to never leave laptops or devices in the car at all.)
Blunder No. 9: Failing to keep your employees informed of the latest “hacks” and “phishing expeditions,” and other ways dishonest people may be able to get into your data through the employees’ devices. (This could also include the risks associated with storing nude or other sensitive photos in a “cloud” that is not secure.)
Blunder No. 10: Allowing employees to use unsecured WiFi when working on the road, or in restaurants, cafes, or other public places. (PS – If they’re non-exempt under the Fair Labor Standards Act, then this is “time worked,” too, and you have to pay for it.)
As technology continues to evolve, methods of attack will also become more sophisticated and creative. It’s probably unrealistic to expect that you will never experience some type of technology-related “event.” If you do, act as promptly as possible to limit the damage, and make sure all affected individuals are aware.
On a related note, you should read Dan Schwartz of the Connecticut Employment Law Blog on Four Things to Do NOW Before an Employee Data Breach.
Ain't technology grand?
OTHER NEWS THAT MAY INTEREST YOU . . .
Go here to read an electronic brochure about our eLaw practice group.
And get over to Mark Toth's blog for the October Employment Law Blog Carnival: Halloween Edition. It's terrifying!
- Partner
Robin has more than 30 years' experience counseling employers and representing them before government agencies and in employment litigation involving Title VII and the Age Discrimination in Employment Act, the Americans with ...
Robin Shea has 30 years' experience in employment litigation, including Title VII and the Age Discrimination in Employment Act, the Americans with Disabilities Act (including the Amendments Act).
Continue Reading
Subscribe
Contributors
- William A. "Zan" Blue, Jr.
- Obasi Bryant
- Kenneth P. Carlson, Jr.
- James M. Coleman
- Cara Yates Crotty
- Lara C. de Leon
- Christopher R. Deubert
- Joyce M. Dos Santos
- Colin Finnegan
- Steven B. Katz
- Ellen C. Kearns
- F. Damon Kitchen
- David C. Kurtz
- Angelique Groza Lyons
- John E. MacDonald
- Kelly McGrath
- Alyssa K. Peters
- Sarah M. Phaff
- David P. Phippen
- William K. Principe
- Sabrina M. Punia-Ly
- Angela L. Rapko
- Rachael Rustmann
- Paul Ryan
- Piyumi M. Samaratunga
- Robin E. Shea
- Kristine Marie Sims
- David L. Smith
- Jill S. Stricklin
- Jack R. Wallace
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010