Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Employment

Subscribe to Employment RSS Feed

New Guidance for Employers Conducting Background Checks

Posted in Employment, Workplace Privacy

Employers who investigate workers’ criminal or credit backgrounds may want to review federal guidelines released March 10.

The joint publication of the Federal Trade Commission and the Equal Employment Opportunity Commission provides detailed guidance for employers who check into the criminal or credit histories of applicants or employees. “Background Checks: What Employers Need to Know” aims to guide employers in complying with federal laws that prohibit workplace discrimination and regulate commercial background reporting agencies.

Separate laws restricting employers’ ability to request and/or rely on such background checks have also been enacted by many states and cities, including Seattle and San Francisco.

The publication released today offers guidelines for developing policies and practices that avoid improper practices or discriminatory employment decisions. For example, the report advises:... Continue Reading

San Francisco Enacts Employee Privacy Ordinance

Posted in Employment, Workplace Privacy

A new San Francisco ordinance will prohibit employers and city contractors from asking job applicants about their criminal histories until after they conduct a live interview or make a conditional offer of employment. When the ordinance takes effect in August, San Francisco will join the ranks of 10 states and more than 50 cities to restrict employers’ inquiries into applicants’ criminal backgrounds. Check out our advisory on the San Francisco ordinance here.

Last year, Seattle restricted employers’ ability to inquire about applicants’ histories.... Continue Reading

Oregon Restricts Employers’ Access to Private Social Media Accounts

Posted in Communications/Media, Employment, Marketing and Consumer Privacy

Oregon recently joined numerous states in prohibiting employers from seeking access to employees’ or prospective employees’ private social-media accounts, personal email, and other online content. Employers may not:

  1. Require or request that an employee or applicant allow the employer access to the individual’s personal social media account (e.g. cannot ask for the password);
  2. Compel an employee or applicant to add the employer to the individual’s social media contact list, (e.g. cannot require the employee to “friend” the employer on Facebook); or
  3. Compel an employee or applicant to allow the employer to view the personal account.
  4. ... Continue Reading

IM what I am, but does it always have to stay around?

Posted in Employment

Recent news reports about the scandal involving Speaker Hastert and the leadership of the House GOP, and former Florida Republican Rep. Mark Foley’s efforts to contact current and former House pages have reminded all of us of the durability of the Instant Message (or “IM”).

In an article (not available online to non-subscribers) in Wednesday’s Wall Street Journal entitled “Those IMs Aren’t as Private as You Think”, two Journal reporters, Amol Sharma and Jessica E. Vascellaro, discuss these risks, especially from the standpoint of employers and companies that allow employees to use the medium.... Continue Reading

Employees Be Warned: Do Not Delete

Posted in Employment

Posted by Joseph Vance

Employers may have a new weapon to use against disgruntled employees who delete data on their computers before leaving the company. In a recent Seventh Circuit Court Appeals decision, International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), the court held that the employer could maintain a claim against a former employee under the Computer Fraud and Abuse Act, 18 U.S.C. sec. 1030 (“CFAA”).

In that case, in the course of his employment, the defendant Citrin was issued a laptop to use to record data that he collected in the course of his work to identify potential acquisition targets. Citrin decided to quit and go into business for himself. However, before returning the laptop to his employer, Citrin deleted all of the data on the laptop and installed a secure-erasure program to ensure that the deleted files could not be recovered. The deleted files included not only the data he collected but also data that would have revealed to his employer improper conduct that Citrin had engaged in before he decided to quit.

The CFAA provides that whoever “knowingly causes the transmission of a program, information, code, or command, and as a ... Continue Reading

Insiders – The Real Threat To Data Security?

Posted in Cyber and National Security, Employment

The data security plans of many organizations are largely focused on technical measures to guard against efforts by outsiders to gain unauthorized access to the organization’s networks, computers and data. Studies and news reports continue to show, however, that the greatest risks to most organizations’ sensitive data are really internal and come from insiders – disgruntled current or former employees or contractors.... Continue Reading