New Guidance for Employers Conducting Background Checks

By Angela Galloway

Employers who investigate workers' criminal or credit backgrounds may want to review federal guidelines released March 10.

The joint publication of the Federal Trade Commission and the Equal Employment Opportunity Commission provides detailed guidance for employers who check into the criminal or credit histories of applicants or employees. “Background Checks: What Employers Need to Know” aims to guide employers in complying with federal laws that prohibit workplace discrimination and regulate commercial background reporting agencies.

Separate laws restricting employers’ ability to request and/or rely on such background checks have also been enacted by many states and cities, including Seattle and San Francisco.

The publication released today offers guidelines for developing policies and practices that avoid improper practices or discriminatory employment decisions. For example, the report advises:

Continue Reading...

San Francisco Enacts Employee Privacy Ordinance

By Angela Galloway

A new San Francisco ordinance will prohibit employers and city contractors from asking job applicants about their criminal histories until after they conduct a live interview or make a conditional offer of employment. When the ordinance takes effect in August, San Francisco will join the ranks of 10 states and more than 50 cities to restrict employers' inquiries into applicants' criminal backgrounds. Check out our advisory on the San Francisco ordinance here.

Last year, Seattle restricted employers' ability to inquire about applicants' histories.

Oregon Restricts Employers' Access to Private Social Media Accounts

By Christie S. Totten, Chrys A. Martin, Angela Galloway, and Peter G. Finch

 Oregon recently joined numerous states in prohibiting employers from seeking access to employees’ or prospective employees’ private social-media accounts, personal email, and other online content. Employers may not:
  1. Require or request that an employee or applicant allow the employer access to the individual’s personal social media account (e.g. cannot ask for the password)
  2. Compel an employee or applicant to add the employer to the individual’s social media contact list, (e.g. cannot require the employee to “friend” the employer on Facebook); or 
  3. Compel an employee or applicant to allow the employer to view the personal account.
Continue Reading...

IM what I am, but does it always have to stay around?

Posted by Bruce E.H. Johnson

Recent news reports about the scandal involving Speaker Hastert and the leadership of the House GOP, and former Florida Republican Rep. Mark Foley's efforts to contact current and former House pages have reminded all of us of the durability of the Instant Message (or "IM").

In an article (not available online to non-subscribers) in Wednesday's Wall Street Journal entitled "Those IMs Aren't as Private as You Think", two Journal reporters, Amol Sharma and Jessica E. Vascellaro, discuss these risks, especially from the standpoint of employers and companies that allow employees to use the medium. 

Continue Reading...

A New Form of Identity Protection: Information Concerning Potential Class Action Plaintiffs Ruled Confidential

Posted by Joseph Addiego

On May 15, 2006, the California Court of Appeal issued a noteworthy decision that reinforces the privacy rights of employees who are potential plaintiffs in class action lawsuits against their current employers.

Continue Reading...

Employees Be Warned: Do Not Delete

Posted by Joseph Vance

Employers may have a new weapon to use against disgruntled employees who delete data on their computers before leaving the company. In a recent Seventh Circuit Court Appeals decision, International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), the court held that the employer could maintain a claim against a former employee under the Computer Fraud and Abuse Act, 18 U.S.C. sec. 1030 ("CFAA").

In that case, in the course of his employment, the defendant Citrin was issued a laptop to use to record data that he collected in the course of his work to identify potential acquisition targets. Citrin decided to quit and go into business for himself. However, before returning the laptop to his employer, Citrin deleted all of the data on the laptop and installed a secure-erasure program to ensure that the deleted files could not be recovered. The deleted files included not only the data he collected but also data that would have revealed to his employer improper conduct that Citrin had engaged in before he decided to quit.

The CFAA provides that whoever "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer," violates the Act. Citrin argued that merely erasing a file from a computer is not a "transmission." The court, however, concluded that the loading of the secure-erasure program onto the computer (either as an Internet download or from a disk insertion) constituted a "transmission" under the Act.

Employers Educate their Employees about Phishing . . . by Posing as Phishers

In an attempt to battle against the neverending surge of phishing attacks, some employers have taken the unusual measure of devising and sending their own fake emails to employees.

Continue Reading...

Insiders - The Real Threat To Data Security?

The data security plans of many organizations are largely focused on technical measures to guard against efforts by outsiders to gain unauthorized access to the organization's networks, computers and data. Studies and news reports continue to show, however, that the greatest risks to most organizations' sensitive data are really internal and come from insiders - disgruntled current or former employees or contractors.

Continue Reading...