From DIscharge, to Charge, to Litigation: Tips for ... · medical records, driver’s license...
Transcript of From DIscharge, to Charge, to Litigation: Tips for ... · medical records, driver’s license...
2
3
Businesses are always looking for an edge
o A competitive advantage can boost the profit margin
Often, data is the edge
o Market understanding
o Customer demand
• Sooner known, sooner pursued/exploited
o Efficiencies
• Production, distribution, marketing.
4
Data is already being gathered, but what is it being used
for?
o Unmined data is a missed opportunity
Data analytics allow existing sources of information to be
gleaned for patterns, trends, etc.
o If two competitors gather similar data, but one utilizes better then
a competitive advantage is gained
o It worked for the Oakland Athletics in baseball.
Cannot ignore
o (Remember when the internet or social media was a fad?)
5
Think of your business – where does technology
generate data?
o Software
o Hardware
o Communications
• Phone, Email, Text
If your company is generating it and keeping it, why not
harness it?
o What might it show?
6
Gathering and using data for discipline
(monitoring).
Gathering and using data for hiring.
7
The Economist predicts an end to
performance reviews and an end to middle
management. (December 2015)
Deloitte and Accenture have announced they
are getting ride of the performance review.
8
Reasons to monitor
o Ensure productivity
o Dissuade cyberslacking and social notworking
o Protect trade secrets and confidential business information
o Prevent fraud, theft, and embezzlement of money
o Avoid harassment claims
o Protect against wrongful termination claims
o Detect and dissuade improper behavior
o Avoid identity theft and data breaches
o Ensure employees are not snooping in
medical records, driver’s license
records, etc.
Not a reason to monitoro Prurient curiosity
9
Requirements to Monitor
o FTC guidance regarding endorsements
o FINRA requirements
o Child pornography reporting requirements
o Electronic discovery
10
Types of Monitoringo Work email
o Social media
o Internet use
o SureView™ and other new products
o Cloud-based accounts
Keystroke/keylogging
Cached files
Saved passwords on computers
o GPS (e.g., Xora StreetSmart App)
o RFID
o Video
o Motion Sensor (e.g., OccupEye™)
o Audio
o Physical searches
o Drug testing
o Polygraphs
11
Microphone
Infrared sensor
Accelerometer
Bluetooth
A sociometric badge that measures movement,
face-to-face encounters, speech patterns and
vocal intonations.
12
“The content could be personal notes about one's family.
Or it could be company secrets. If the employee copies it to
a USB stick, the software (SureViewTM) sets off a red alert,
grabs that same file and displays its contents in real-time.”
13
Software That Sees Employees, Not Outsiders, As The Real Threat, Shahani,
NPR, all tech considered, July 23, 2014
“Companies currently use software to block an employee
from copying or emailing an unauthorized document. But
according to a study by the research group Gartner, only 5
percent of that software traces every move, looking for bad
actors. By 2018, the study projects, it'll be 80 percent.”
14
Software That Sees Employees, Not Outsiders, As The Real Threat,
Shahani, NPR, all tech considered, July 23, 2014
• Why are you tracking?
• What do you hope to gain while tracking?
• What decisions are you going to make from tracking
information?
• Company-owned vehicles
• Company-owned cell phones, laptops, and other portable
devices
• Employee-owned cell phones, iPad, laptops, and other
portable devices
15
Several states prohibit use of RFID and microchips
implanted in an employee’s body.
MO Rev. Stat. § 285-035-1
ND Cent. Code § 12.1-15-06
WI Stat. § 146.25
CA Civil Code § 52.7
OK Stat. § 1-1430
16
Practical concerns
o Technology can promote isolation
o Are systems user friendly?
o Employee morale
o Ability to individualize
o Costs of installation, operation, updates, etc.
o Reluctance to use because of fears about privacy and
technology
o Storage, record retention and destruction
17
Not explicitly in U.S. Constitution (except
searches by the government)
Almost all states have a common law
tort for “invasion of privacy”
California and several other states have
a state constitutional right to privacy
Statutory claim for invasion of privacy
exists in Nebraska
Federal statutes are often industry-
specific (financial, medical, etc.)
State legislatures are busy passing new
privacy statutes
International law differs
Technology is challenging all of these
established legal structures
The Restatement, Second, of Torts, Section 652A sets forth
four types of common law invasion of privacy:
Unreasonable intrusion upon the
seclusion of another;
Appropriation of the others’ name or
likeness;
Publication of private facts; and
Publicity that unreasonably places the
other in a false light before the public.
Legal Concerns - Employees
o National Labor Relations Act – protected concerted activity
• Employee’s monitoring of email system is lawful so long as the
Employer does nothing “out of the ordinary,” such as increasing its
monitoring during an organizational campaign or focusing its
monitoring efforts on protected conduct or union activists. In Re
Purple Communications
21
Electronic Communications Privacy Act (ECPA)
Stored Communications Act (SCA)
Common law intrusion upon seclusion
State wire tap acts
Notice requirements in CT and DE
Restrictions on disclosure of social media passwords in
20+ states
22
Monitoring work email = usually OK
Using work computer to obtain employee’s password to
personal, cloud-based email account = usually not OK
23
Notice and Consent
Federal Law Requirements
State Law Requirements (wire tap laws)
Exceptions to Law—Be Careful
Practical Considerations and Implementation
24
Legitimate Purpose?
Notice and Consent?
Okay to Videotape?
Okay to Audio Record?
25
Smart phones and tablets now outsell
laptops and desktops
Bring your own device movement (“BYOD”)
Balancing personal versus business use
o Apps, music, photos, videos, contacts,
internet use
Preserving confidential business information
Policies prohibiting personal use of company
smartphone (Get your own smart phone!)
Off-duty work and overtime issues
for non-exempt employees
Prohibiting use of personal smart
phones on business time. (Put it in
the locker!)
Prohibiting smart phone cameras
on the factory floor
Exchanging the old device for a
new one, disposing of old devices
Recruitment/hiring/termination process
Employee participation in blogs, social networks, IM, texting
Employer-sponsored social media
Productivity concerns
Clear policies and monitoring needed (internal and external)
Develop a specific, written policy:
Establish that information systems are the property of
the employer
Reserve the right to monitor
Prohibit inappropriate use
Include penalties for policy violations
29
Train/educate employees and others
Keep the monitoring work-related
Permit reasonable personal use
Monitor the monitor!
30
31
Written information
security policy
Data destruction
Business associate
agreements
Vendor agreements
Electronic communications
Nondisclosure/confidentiality
Privacy/Monitoring (notice)
Sexual harassment
Social media
Bring your own device
Drug testing
Legal / Compliance
- HIPAA
- FCRA
- GLBA
- State law
- Litigation
- International
H.R.
- Information about employees
* Hiring
* Testing
* Monitoring
* Record retention
- Ensuring compliance byemployees
- Smart phones
- Social media
- Monitoring
- BYOD
- E-commerce
- Vendors
- Customers
- COPPA
- Data breach
- Confidentiality
- Trade secrets
- Policies
- Agreements
I.T.
- Passwords
- Data security
- Firewalls
- Technology
“Big Data – A tool for Inclusion or Exclusion?”
Federal Trade Commission – January 2016
34
Illegal discrimination in the form of a
“disparate impact” need not be
intentional. Motive is not required.
35
What if employee tenure is linked to whether
the employee resides in a zip code close to
company headquarters? Is that a fair criterion
for hiring?
What if employee performance correlates with
an interest in Japanese comics and manga?
What if earnings history could predict whether
an applicant might have a propensity for union
organizing, even though the applicant has
never actually engaged in organizing activity?
(The Minority Report effect).
36
City developed algorithm to select restaurants for inspections.
The data revealed a number of variables, including neighborhoods with
tighter quarters tended to have more violations.
These neighborhoods also tended to have higher percentages of
minority residents with lower incomes.
The solution was to set a ceiling on the number of inspections within
each area.
“This would achieve the hard goal, identifying the restaurants most likely to
have problems, while respecting the soft one, ensuring that poor
neighborhoods were not singled out.”
- Algorithms Need Managers, Too, Harvard Business Review, January-
February 2016.
37
39