http://lifeinc.today.com/_news/2013/05/16/18280258-big-brother-may-not-be-watching-but-your-employer-probably-is?lite

Tracking Sensors Invade the Workplace ]]> http://workrights.us/?feed=rss2&p=648 0 http://workrights.us/?p=625 http://workrights.us/?p=625#comments Mon, 15 Apr 2013 16:05:13 +0000 Admin1 http://workrights.us/?p=625 NWI president Lewis Maltby was interviewed on NBC’s Today show regarding the Harvard e-mail hacking scandal.

http://www.today.com/video/today/51144808

Lewis Maltby
National Workrights Institute
November 3, 2012

What goes around comes around.
Anonymous

American privacy law has been much discussed. A small forest has been consumed producing the judicial opinions and law review articles on the subject. Unfortunately, all of them are wrong.

Officially, employment privacy is a balancing test. In fact it is not. When you look at what courts do, rather than what they say, the rule is very simple; if the employer owns the communications device, it can do anything it wants. If an employer wants to read workers’ personal e-mail sent on company computers it can do so. No justification is needed, much less balanced against employees’ interest in privacy. This rule holds even if workers send e-mail on their own time, such as working on a company laptop at home. The only exception is the rare situation where workers have statutory privacy rights. With the exception of a handful of state laws, this is limited to the Electronic Communications Privacy Act (ECPA). In essence, ECPA says that employers are not allowed to deliberately eavesdrop on workers’ oral conversations on personal subjects.

This rule has destroyed any semblance of privacy at work. The wall between personal lives and work lives has disappeared almost as completely as the Berlin wall. People communicate about work away from the office virtually every day. Workers get cell phone calls from the company on evenings and weekends. They receive, and respond to, e-mail, instant messages, pages, and text messages about work while at home. As hand-held devices proliferate, this process becomes even more ubiquitous. And workers routinely communicate about personal matters while at work, with employers’ blessing. Over 90% of employers today officially permit reasonable personal use of company computers.

But employers make no effort to avoid reading the personal messages they allow workers to send. It would not be difficult for an employer to allow workers to select a handful of e-mail addresses (husband, doctor, etc.) and program monitoring software to ignore these messages. But I don’t know of a single company in America that does it. It wouldn’t be hard to keep people in IT from reading other workers’ e-mail. But I don’t know of a single company in America that does it. One in four employers doesn’t even have a policy on this subject, and the companies that do don’t enforce it.

The end result is that employers routinely monitor the vast majority of personal communication that takes place at work and the law does nothing about it.
Unintended Consequences

Be careful what you wish for. You might get it.
Anonymous

Recently, however, this simplistic rule has begun to work against employers.
Courts have been very reluctant to grant employers access to employees’ personal computers. The only cases in which such access has been allowed have involved employers who had strong evidence that the employee had downloaded confidential company information onto his personal computer and misused it. For example, in RKI Inc. v. Grimes, the employer had evidence that the employee had accessed the company computer from his home computer and downloaded confidential information two days before he quit and went to work for a competitor. But in Sabin v. Miller, the court refused to give the employer access to the employee’s personal computer, even though there was evidence of misconduct and it was undisputed that the employee had frequently downloaded employer records onto her personal computer (with her employer’s permission). In Wyatt Technology v. Smithson, the employer was found to have violated the Computer Fraud and Abuse Act when it accessed the personal computer of a former employee of a company whose assets (including the computer) it had purchased even though it had a good faith belief that the former employee was misusing it’s trade secrets in his work for a competitor. As the line between work and private life continues to disappear, and people do work on their home computers, this problem will become more serious for employers.

The rapid spread of wireless communication under existing law is going to be a nightmare for employers. The 9th Circuit Court of Appeals recently held in Quon v. Arch Wireless that an employer violated the Stored Communications Act when it access and read a worker’s text messages without his consent. The SCA is almost identical to ECPA. The organization that owns the system can monitor it without limit or justification, but others cannot access it without the consent of the individual who sent the message.

Employers’ difficulties are increasing with the spread of wireless communications devices owned by the employee. The rules for employer access to such devices will probably be similar to those described above for personal computers. Employers will often be unable to see communications in which they have a legitimate interest.

The best answer to this growing problem is to change privacy law so that access to information is determined by legitimate interest in the subject matter rather than ownership of the equipment involved.

An examination of court decisions on negligent hiring, however, reveals that the risk is much less than employers believe and is confined to a relatively small number of jobs.  Properly understood, the risk of negligent hiring liability does not limit the ability of employers to hire the vast majority of former offenders for most jobs.

Definition of Negligent Hiring

Negligent hiring is a common law tort, defined as a failure to use reasonable care in selection of an employee where there is a foreseeable risk of harm to third parties.  What constitutes reasonable care is essentially undefined; its meaning lies in the decisions judges and juries have made in specific cases.

Frequency of Negligent Hiring Cases

The National Workrights Institute conducted a search for all reported negligent hiring cases.  In the 28 years since the first reported negligent hiring decision, we found a total of 92 published decisions.

Employers won 18 of these cases.  The number of cases in which the plaintiff prevailed was 74, less than 3 cases per year.

While the total number of negligent hiring cases is obviously higher, it still represents a very small risk for employers.  In other types of civil cases, approximately 1 of every 100 cases filed results in an appeal.  This indicates that there are only about 270 successful negligent hiring cases every year in the entire United States.  The chance that an employer will be successfully sued for negligent hiring even once in a year is a fraction of 1%.

Experienced management attorneys report that they rarely see negligent hiring cases.  NWI spoke with several leading management employment lawyers.  Each of them told us they see at most one negligent hiring case per year.  Several employers we spoke to reported that they had never been sued for negligent hiring.

Negligent Hiring and Criminal Records

Not all cases of negligent hiring involve the employment of people with criminal records.  Many cases did not involve any type of prior misconduct of the employee.

     Negligent Retention

The most common example is negligent retention (17 cases).  In a negligent retention case, the employer is found liable not because of any misconduct by the employee before they were hired, but because the employer failed to respond appropriately to workplace misconduct (not necessarily criminal) and the employee later harmed a third party.

Colon v. Jarvis[1] is a typical such case.  In Colon, the employee was a teacher.  On several occasions, complaints were lodged against him for improper conduct with students.  The school district, however, took no action.  When Colon’s next victim sued, the court held that the district was liable.  Its negligence in responding to the first complaints was responsible for Colon having the opportunity to molest the plaintiff.

While negligent retention cases bear a superficial resemblance to negligent hiring, the action required by an employer to avoid liability is totally different.  To avoid negligent retention liability, an employer must pay close attention to the conduct of its employees after they have been hired and take appropriate action.  Refusing to hire applicants with prior misconduct does not prevent liability for negligent retention.

     Liability Not Based on Employee Conduct

Some cases of negligent hiring do not involve employee misconduct at any time (4 cases).  The liability arises from the employer’s decision to hire applicants who were not qualified for the position in question.

For example, in Piney Grove Baptist Church v. Goss,[2] the employer hired a construction foreman who had no training or experience in the use of scaffolding platforms.  The platforms created under his supervision were defective and collapsed, killing another worker.

     Failure to Investigate

In many negligent hiring cases, liability is found, not because the employer hired an applicant with a record of misconduct, but because the employer hired an applicant for a sensitive position without adequately checking his background (7 cases).[3]

Typical of such cases is Interim Healthcare of Fort Wayne v. Moyer[4]. The employer hired applicant for a home health aide position.  This is an extremely sensitive position in which the employee has unsupervised access over a vulnerable person in an isolated context.  Before hiring the applicant for this position, the employer conducted a criminal record check, which disclosed no record.  However, it spoke with only two of the applicant’s former employers.  Among the four that it omitted was his most recent employer.  The court held that this was an inadequate investigation for such a sensitive position.

    Other

In one case, Sumner &. Foster v. EZ TV Rentals[5], the court found that the employee had directed the employees to take property it believed to be its own from the plaintiff’s apartment.

    Cases Based upon Prior Misconduct

Eliminating the above from the analysis leaves a total of 55 reported cases in which the employer was found negligent because it hired an applicant with prior misconduct over the course of 28 years; or approximately 196 such cases filed in the entire country annually.

By comparison, approximately 5,000 wrongful discharge cases are filed annually, half of which are successful.  An employer is 10 times as likely to face liability for wrongful discharge as for negligent hiring.  This does not mean that employers should ignore the issue, but it does mean that the risk to employers is extremely low.

When Is an Employer Liable?

Cases where employers have been held liable for negligent hiring fall into a short list of specific types of positions.

Access to Vulnerable Populations. This includes teaches, priests, nurses, and other employees who have access to children, the elderly, or other people who are not in a position to defend themselves.

Access need not be a regular part of the job for an employer to face liability.  In Pittard v. Four Seasons Motor Inn[6] the employee assisted in preparing banquets.  While this did not involve contact with minor guests, the employee had access to all areas of the hotel except for guest rooms.  He encountered a minor guest in the pool area and sexually assaulted her.  The court found it foreseeable that the employee would encounter unescorted minors from time to time and held that the hotel should not have hired someone it knew had a record of violent behavior.

Home Access. In recognition that employees who enter customers’ homes will often encounter people who are unable to protect themselves, courts treat such positions as involving access to vulnerable populations.

Positions of Authority. Police officers and prison guards are authorized to use force in the course of their work.

Firearms. Some jobs that do not involve the use of force involve access to firearms.  Recorded cases involve a camp counselor and salesman in a gun store.

Motor Vehicles. Courts recognize that operating a motor vehicle is hazardous and require employers to take care in selecting employees where this is part of the job.

Financial Responsibility. This includes jobs where the employee has the ability to steal money or valuable property, and jobs that present opportunities to commit fraud.

Alcohol. Some courts have found employers liable for negligent hiring in jobs involving the serving of alcohol.

The common denominator in these cases is that the jobs in question present special risks that require an employer to use appropriate care when hiring.

Exceptions

Of the 45 reported cases involving true negligent hiring, 43 (95%) involved one of the above types of job.  The two exceptions are Glover v. Augustine[7]and Coleman v. Housing Authority of Americus.[8]  In Glover, the employee was an elevator operator who assaulted a female passenger.  His access to vulnerable people was brief and occasional.  However, he had a lengthy criminal record,[9] including two convictions for sexual abuse in the first degree and was a registered sex offender.  In view of all the circumstances, it is difficult to argue that the employer acted responsibly.  In Coleman, the employee sexually harassed a co-worker for three years.  Management was aware but took no action.  The employer’s liability for sexual harassment was clear.  The fact that the employer was aware that the employee had “problems with women” in previous jobs led to an additional finding of negligent hiring.  It is debatable, however, that the employer would have been found liable based on this alone.

Nexus

     Even when the job entails special risks, the employer is not automatically responsible for subsequent harm when it hires someone with a history of misconduct.  There must also be a connection (nexus) between the nature of the job and the previous misconduct.

In the 45 recorded cases negligent hiring, 39 (87%) included a clear nexus.[10]  Most of the exceptions fell into two categories.

Multiple Convictions

In Harrington v. Louisiana State Board of Education,[11] the employer was held liable when a student was raped by a teacher.  The teacher had no history of violence or sexual offenses.  He did, however, have convictions for grand larceny, interstate transportation of forged securities, and possession of marijuana with intent to distribute.  There were two similar cases, one of which involved an employee with 56 prior convictions.

One can debate the wisdom of equating multiple convictions with nexus.  But it is a predictable rule which employers can avoid liability by following.

Drugs

Two other cases involved drugs.  In Harvey Freeman & Sons v. Stanley[12] the employees were resident managers of an apartment complex that the employer knew were selling illegal drugs and were “sexual swingers.”  Their employer was found liable when they sexually assaulted a minor tenant.  In Stephens v. A-Able Rents, Inc.[13] the employee was a delivery driver (who regularly entered customers’ homes) who had been fired from his previous job for using drugs while driving and was known to smoke crack cocaine.  His employer was held responsible when he assaulted and attempted to rape a customer.

How far the “drug exception” to the nexus requirement extends is not clear.  But the two recorded cases involve selling drugs and the use of crack.  It seems unlikely that it includes people who have been convicted of possession of marijuana or other “soft” drugs.

The final exception is Rockwell v. Sun Harbor Budget Suites,[14] in which a security guard murdered a tenant when she broke off her affair with him.  The employee had been fired from several previous jobs for aggressive and threatening verbal behavior.  He was also a registered sex offender but had no other police record.  The court’s conclusion that a history of threatening verbal behavior meets the nexus requirement for a subsequent murder is debatable.

In total, 98% (44 of 45) cases involved situations in which there was a nexus or the case met one of two identifiable exceptions to the nexus rule.

Conclusion

Negligent hiring is a legitimate concern for employers.  However, it is among the smallest legal risks they face.  Only a small number of well-defined jobs create any potential risk.  For millions of ordinary manufacturing and office jobs, negligent hiring is not an issue.

Even for the few sensitive positions where negligent hiring is a potential source of liability, employers can safely hire people with criminal records unless their prior conviction:

1. has a clear nexus to the job in question
2. is part of a pattern of multiple prior convictions
3. involves drug sales or “hard” drugs.

Employers can hire the vast majority of people with criminal records for the vast majority of jobs without risking liability for negligent hiring.

NWI president Lewis Maltby addressed 150 appellate court judges at the July 16 meeting of the Foundation for Judicial Excellence regarding employment privacy.

Judges have consistently held that employees have no right of privacy in company owned computers. Maltby pointed out that this rule, while perhaps fair for office computers, makes less sense when applied to laptop computers the employer encourages employees to take home with permission to use for personal matters.

A rule that “ownership trumps all” also denies employers access to information computers owned by the employee, even when there is reason to believe the employee is misusing company information.

Basing privacy law on ownership also denies employers access to messages transmitted by wireless devices, since the vast majority of the system is owned by the service provider.

Maltby urged judges to base privacy decisions on whether an employer has a legitimate interest in the message, not on whether it owns the hardware by which the message was transmitted.

This was the first time that the judges had been presented with this perspective and many found it persuasive.

Liza Concepcion

The company promised her a free cell phone if she signed up for its wireless service.  Then they charged her sales tax on the “free” phone.  Concepcion couldn’t afford to sue; just talking to a lawyer would have cost her more than she was cheated out of.  However, Concepcion was only one of thousands that AT&T had fooled.  Collectively, they had been defrauded of millions.  The law firm of Hulett Harper Stewart filed a class action on behalf of all the victims.

Then Concepcion entered a hall of mirrors.  First, she was told that her contract with AT&T required her to take her claim to arbitration.  That didn’t seem so bad; the arbitration system looked fair and would probably be faster than going to court.

Then the second shoe dropped.  Her contract with AT&T also said that she couldn’t bring a class action suit in arbitration.  Since this would mean no one could sue, her lawyers challenged the contract in court.  When the court ruled against them, they appealed all the way to the Supreme Court.

On April 27, 2011, the Supreme Court upheld the AT&T contract.  Liza Concepcion and the other victims were caught in a catch-22 and AT&T was home free.  Now that other corporations are aware of this new “get out of jail free” card, we can be sure they’ll use it again.

Mica’s Transportation and Infrastructure Committee held hearings last week at which the TSA was scolded for not having the biometric version of its security program up and running.

There’s a good reason the system isn’t installed; it’s not ready.  The TSA itself says the system is still being debugged and recognizes the unique problems associated with biometric technology..  So do the federal government’s own technology experts.

Biometric mistakes can be costly.  Just ask Brandon Mayfield, the Oregon lawyer whose fingerprints the F.B.I. mistakenly identified as matching prints from the Madrid subway bombing.  He was taken from his home in handcuffs, strip-searched, and put in prison for two weeks before the Spanish police convinced the F.B.I. they had the wrong man.

The TSA hasn’t exactly been reluctant about introducing controversial new technology.  Thanks to them, we now have to undergo an electronic strip-search when we get on an airplane.  Aside from the abuse of the machine images, we recently learned that these body imaging systems expose passengers to possibly dangerous levels of radiation that TSA wasn’t “expecting”.

The TSA is already giving privacy and safety short shrift in its rush to install new technology.  Do we really need Congress pushing TSA to move faster?

But there is also grave risk to human rights.  J. Edgar Hoover dreamed of creating files on every political dissident in the country.  F.B.I. agents photographed anti-war rallies, infiltrated civil rights groups, and even wiretapped Dr. Martin Luther King, Jr.

Hoover may be gone, but his legacy remains.  Law enforcement agencies still collect information about critics of American policies under the banner of national security.  So far, this effort has had limited success.  Taking a protester’s picture at a rally doesn’t usually tell someone the identity of that individual.

But if employers or government agencies were to adopt facial recognition (which is only a matter of time), everything would change.  The F.B.I. and C.I.A. would now know the identity of every political dissident in America.  Anonymous political protest would be gone forever.  Furthermore, the F.B.I. recently started a $1 billion dollar project to develop this technique and Tampa Bay Police Department used this technology during the super bowl.

Even worse, the government could use biometrics to track those it deems suspicious virtually 24 hours a day.  If you have access to a secure setting the requires you to verify your identity via fingerprint, iris or face, a record of your actions is made every time.  As biometrics spreads, and our ability to network computers increases, it could be used to make a record of virtually everywhere you go. The airline industry is already on board.

These nightmares do not have to occur.  The National Workrights Institute recently led a blue ribbon taskforce of privacy experts, biometric scientists, unions, employers, and government officials that created guidelines allowing the use of biometrics for greater security where it is needed without undermining human rights.

One of the core principles is that biometric information should not be stored in data bases.  Instead of comparing your iris to a biometric image in a data base, the system could compare your iris to a biometric imprint on a card.  Without data bases, the risk of identity theft is greatly reduced.

Another core principle is that biometric checkpoints should not create records.  In most cases, all that is needed is the assurance that everyone who entered a secure area was authorized to do so.  There is no need to keep records that can compromise privacy.

NWI has begun meeting with Congress and other decision makers to educate them about the dangers of biometrics and convince them to follow the guidelines.  Check out the complete guidelines below.

• NWI Guidelines for Responsible Use of Identity Management Systems.