Delaware Employment Law Blog

Employees love social networking. Some employers also love social networking, especially in the context of recruiting, onboarding, and engagement efforts. But employers are not so crazy about the use of Web 2.0 tools by employees.  The question is often asked whether employers may lawfully access an employee's (or applicant's) social-networking page.  And the answer, as any lawyer worth his oats surely will tell you, is "it depends."

There are a number of different contexts in which this question can arise and each has a different response.  For example, in the hiring context, employers often want to conduct a DIY background check by Googling a candidate or searching for the candidate's Facebook profile.

I've already said plenty on this topic and won't rehash it here.  (See More Good Advice on Best Practices for Use of Social Networks for Employers, Free Podcast: Employers' Use of Facebook, MySpace, and Other Social Networking Sites).  But, generally speaking, this presents only minor (and avoidable) potential legal issues.   

A different context occurs when an employer wants to view a current employee's Facebook or MySpace page.  Add to that the situation where the employer doesn't want the employee to know about it's "investigation" or where the employer sees something it doesn't like and takes adverse action because of it, and you've got an entirely different set of circumstances and associated legal issues.

A recent case in the U.S. District Court in the District of New Jersey is the perfect "flare-gun" case--sending a poignant warning to employers considering similar actions.  In Pietrylo v. Hillstone Restaurant Group, a waiter at the employer's Houston's restaurant created a MySpace page and group.  The group was private--only those who were invited by its creator could access the site. The waiter, Pietrylo, gave access to co-workers, who could then read postings or create postings themselves.

Continue reading "Jury Verdict Against Employer Who Accessed Employee's MySpace Page" »

Social networking site Tagged.com is accused of stealing the identities of 60 million people. N.Y. Attorney General Andrew Cuomo announced that his office intends to file suit. In short, Tagged.com is alleged to have sent invitational e-mails that appeared to be from one of their users to one of the user’s contacts. The e-mail read that the recipient was being sent photos from his or her friend—the Tagged.com user. To view the photos, the recipient non-member, had to register for a Tagged.com account. Then Tagged.com accessed the new member’s contact list, restarting the cycle.

(via Death By Email)

This is a serious and unfortunate example of the wide-spread danger that can result the misuse of technology.  Combined with the far-reaching power of social media and, as this story makes clear, the potential impact can increase exponentially. 

Larry Mendte’s ankle bracelet came off yesterday. Mendte completed his six-month house arrest and is free to live out the rest of his two-and-a-half-year probation outside the confines of his Main Line home. The house arrest and probation constitute the sentence he received after pleading guilty to intentionally accessing the private e-mail account of his former co-anchor, Alycia Lane. 

Mendte was convicted under the Computer Fraud and Abuse Act (CFAA), which makes it unlawful to intentionally access a protected computer without authorization. In the last few years, employers have tried, with mixed results, to put this statute to work against employees who engage in cyber-sabotage.

In January 2009, for example, an employer filed suit under the CFAA against two former sales reps, alleging that the former employees had deleted information from their company laptops after resigning.[1] That case was dismissed, though, in a somewhat disappointing ruling from the District Court, which held that the intended purpose of the CFAA was limited to preventing and prosecuting computer hacking and did not extend to the misdeeds of former employees.

But in February 2009, another federal court declined to dismiss a claim under similar facts.[2] In that case, an employer sued former executives under the CFAA, alleging they’d e-mailed documents to their home computers when they were preparing to compete with the company.

So often, employers want to file a counter-claim in response to what they believe is a bogus suit filed for a former employee. The law rarely provides for this, though. For many employers and their legal counsel, the application of the CFAA to the wrongdoings of former employees is a developing area of the law with great potential.

[1] Lasco Foods, Inc. v. Hall & Shaw Sales, Marketing & Consulting, LLC, 600 F. Supp. 2d 1045 (E.D. Mo. 2009)

[2] Ervin & Ervin Smith Advertising v. Ervin, No. 8:08-459 (D. Neb. Feb. 3, 2009).

Online social networks (OSNs), such as Facebook and MySpace, have found their way into the workplace.  Employees' use of OSNs and the impact of that use on workplace productivity are topics all to themselves.  OSNs are also being used by employers, though, as well.  In fact, Facebook and similar sites are becoming increasingly common tools in employers’ arsenals.  Employers have found a number of ways to use technology to their advantage.

The various ways that employers are putting these tools to use span across the entire employment relationship, from pre-employment (recruiting), to potential employment (screening), and then all the way through the employment relationship (monitoring).  

I'm a guest blogger this week at LexisNexis' Workers' Compensation Law Center.  In today's post, I discuss the many ways that employers are putting Facebook, LinkedIn, and other, similar sites, to work in the workplace.  (See How Employers Are Putting Online Social Networking Sites to Work.)  Be sure to check out the post to learn about the variety of ways employers have utilized the very same type of technology that is considered one of the biggest drains on employee productivity. 

[Update to Change to Facebook's Privacy Policy Under Attack]  Here's the quick background of this post, if you don't know already: 

Facebook has privacy policy warning users that their content is "owned" by Facebook until they terminate their membership or permanently remove the content.  Facebook changes policy by adding one sentence, which states that, even after the termination of one's membership, Facebook retains ownership of that member's content--forever.  Facebook users are outraged and there is a public outcry about concerns for privacy rights. Facebook announces that the policy is legitimate and here to stay.

That gets you caught up through this morning.  But there's more to the story.  This morning, on CNN's American Morning, Facebook's Chief Privacy Officer, Chris Kelly, spoke about the outcry from users following the change in the policy's language.  And, it turns out, Facebook has been persuaded by the public voice.   In a total about face, (sorry but the pun is intended), Facebook has decided to again change its policy, this time to satisfy the concerned public. 

One of the most insightful points made by Kelly came as a reminder about just how private your content is not, once posted online.  From the transcript of today's show:

Well, we think it's incredibly important for people to realize the power that they can have in terms of choosing to put up information or not, and then also to whom they show that information.

The video can be viewed in whole at the CNN website: Facebook's About-Face

1 in 5 employers use online social networking sites (OSNs) to screen job applicants.  Some employers even use OSNs to monitor the activities of current employees.  (Think workers' comp fraud.)  If done properly and for the right purpose, I support the use of the Internet as a tool for employers.  But there are plenty of critics of the practice. 

Those who are against the use of sites like Facebook and MySpace to screen job candidates cite "privacy" concerns.  I don't buy it.  There is no reasonable expectation of privacy when it comes to information an individual voluntarily posts on-line.  Yes, there may be other problems if an employer creates a false identity for the purpose of "tricking" an individual into granting the employer permission to access his or her site or web page.  But, the simple act of viewing something that was published for the purpose of being viewed, does not seem like a privacy violation from my perspective. 

Continue reading "Change to Facebook's Privacy Policy Under Attack" »

The possibility of identity theft has become a reality for tens of millions of credit and debit cardholders.  Yesterday, Heartland Payment Systems, a major payment processing company, revealed that its secure systems had been hacked and that the private data of millions of individuals may have been stolen.  This is said to be the largest data breach ever.

The N.Y. Time reports that those responsible for the massive theft could be part of an “international ring of hackers that are introducing breaches at a number of financial institutions.”  With an operation of this magnitude, it seems likely that this is the case--that the breach was a result of highly organized criminal entities.  But, more commonly, the theft of personal data is not so far-reaching or as complex.  An, often, it is the result of actions by an insider--an employee--who leaks the data for revenge or for money, or both.

For example, in December of 2008, an employee of Certegy Check Services, physically removed 2.3 million consumer data records to resell. The former employee sold consumer information to a data broker, who then sold it to a number of direct marketing companies.

Another example occurred in September of 2008, when Countrywide Mortgage notified the FBI that a former employee had sold customers' personal information to a third party, including names, addresses, social security numbers and application information. The FBI arrested the employee and reported that as many as two million people may have had their data stolen.

Then there was the case of the unauthorized sale of Britney Spears' sealed psychiatric information to the National Enquirer by an employee of the UCLA Medical Centre.  The employee was later prosecuted for the breach, was is believed to have been a series of disclosures over a period of several months.

Employers who've not yet implemented an effective procedure for responding to the unauthorized access of employees' personal data should consider the Heartland story a real wake-up call about the realities of identity theft.  No one is immune from a potential security breach.  But everyone should know what to do if one does occur. 

Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves
fraud or deception, typically for economic gain.  Identity theft is a serious crime, the effects of which can take years to correct, not to mention the enormous amounts of time and the overall inconvenience that are required. 

Identity theft is a serious enough topic that there is good reason to write about it any time of year.  But right now, there are more reasons than ever.  First, there's the current state of the economy.  In difficult economic times, theft traditionally increases as people become more desperate in the search for resources.  Second, it's the holiday season, when the need for extra money increases, right along with depression rates and anxiety levels. Third, internet shopping continues to be a popular alternative to the stressful hustle and bustle of the mall.  Add these factors together and it's difficult to imagine identity theft rates slowing down significantly any time soon. 

Just last week, a coworker mentioned that she had recently had her credit card number "skimmed" at a gas station.  She didn't realize the theft had occurred, though, until Monday morning when she checked her online bank account and was stunned to see that the account was substantially overdrawn!  Another coworker said that she too had been subject to a similar fraud, though the credit card company had not been able to determine exactly how it had occurred. 

I experienced the same type of theft recently when my credit card number was used to make thousands of dollars in online purchases over the course of a few hours.  The number of purchases triggered my bank's security alerts and I was called to confirm the purchases.  Thankfully, the bank's quick efforts prevented any damage from being done.  But this conversation between three coworkers shows how surprisingly common identity theft really is. 

When it comes to protecting your personal information, awareness is key.  Below is a short summary of some of the basics about identity theft.  Employers should keep themselves and their employees in the loop by circulating this type of information during the holiday season.

How Does the Thief Get the Identity Information?

• Steals credit cards, wallets, or purses.
• Steals mail to obtain checks and credit-card numbers.
• Rummaging through trash to find documents containing personal identifying information.
• Completes a change-of-address form on behalf of the victim, thereby diverting the individual's mail.
• Use personal-identifying information obtained on the internet.
• Theft of business records either by stealing records or files or by bribing an employee to do the same.
• E-mail "phishing"-- a scam where the thief pretends to a bank or the government.
• Obtaining a copy of the victim's credit report by posing as a landlord or other person who would have a lawful right to the information.

What Does the Thief Do With the Identify Information?

• Go on spending sprees using your credit card
• Open new credit card accounts
• Open new checking accounts using your name,date of birth and social security number to write
  bad checks
• Change the address on your credit card accounts
• Take out auto loans in your name
• Rent a home in your name
• File for government benefits using your name (unemployment insurance)
• Give your name to police during an arrest
• Establish phone and wireless service in your name
• Declare bankruptcy in your name to avoid paying debts or eviction

Some of the national resources available to learn more about preventing, reporting, and correcting identity theft include the Identity Theft Resource Center, the Federal Trade Commission, and the U.S. Department of Justice. 

In Delaware, the Office of the State Bank Commission has developed several helpful outreach and education programs.  And, for additional information specific to employers trying to assist employees who've been subject to a data security breach, see What to Do If Your Employees' Private Data Is Stolen.

Larry Mendte, former Philadelphia news anchor, was sentenced today in federal court after pleading guilty to reading the emails of his former co-anchor, Alycia Lane, and forwarding the information along to reporters, reports the Philadelphia Inquirer.   Mendte was sentenced to three years of probation, a $5,000 fine, and 250 hours of community service.

Mendte, who apologized for his conduct, admitted that he accessed Lane's personal email on more than 500 occasions.  He stated that he was motivated by a "flirtatious, unprofessional, and improper" relationship he'd had with Lane.  Lane was present in the courtroom but did not speak on her own behalf.

For the salacious details of this unusual workplace drama, see our earlier posts:

More Drama at the News Desk: Co-Anchor Suspected of Snooping Through E-Mails

Employee Embarrasses Employer, Who Fires Employee, Who Sues Employer

Prying Eyes: What is "Private" Becomes Even Fuzzier for Employees Who Snoop

ABA Journal Takes Note of Our Newsworthy News Anchors

TV News Anchors' Soap Opera Has the Makings of a Made-for-TV Drama

The Mendte-Lane Saga Concludes With a Guilty Plea and a Lawsuit

And what, if anything, can be learned from this latest chapter? Here's what I would offer as the Lessons to Be Learned from the Love-Hate Saga of Larry Mendte and Alycia Lane:

1. Anti-fraternization policies may get some good publicity from this case.  The "flirtatious" relationship between the two co-anchors seems to be, according to Mendte, what sparked his bizarre conduct.
2. Be careful not to disregard the claims of the co-anchor who cried wolf.  Despite Lane's prior allegations regarding Mendte's alleged snooping, her employer was not inclined to believe her, probably because she'd previously volunteered for the spotlight by appearing on the Dr. Phil show, and other unusually public conduct.  This goes to show that, when receiving a complaint from an employee, not to carry our own biases and preconceived beliefs into the investigation.  Go figure--she might actually be telling the truth!
3. Privacy is a big deal.  It's a big enough deal that his violation of it landed a very popular local public figure into very hot legal water.  As Mendte is reported to have opined during his sentencing hearing: "When I look back on the story of my life, I can't believe it brought me to this moment. I am ashamed."

MySpace and Employment Law have crossed paths again. This time, they intersect, again, in education law. But this isn’t the first time.

You may remember Stacy Snyder, the "Drunken Pirate,” who, at the time, was a student in the Education program at Millersville State University.   In a moment of poor judgment, Snyder posted a photo of herself in a pirate hat, drinking, captioned "drunken pirate" on her personal MySpace page.  School officials  learned of the photo and refused to give Snyder a teaching credential because they believed the picture promoted underage drinking. 

Alas, another teacher has fallen prey to MySpace.  A federal District Court in Connecticut has upheld the decision of a school board in that State, which voted to not renew a teacher's contract because of content posted on his MySpace profile. The court found that the non-renewal decision did not violate the teacher’s constitutional rights to Free Speech or Free Association. 

A high school teacher, Jeffery Spanierman, apparently created a MySpace profile, which he used to communicate with students.  The discussions concerned a mix of topics, some of which were unrelated to the school.  Of course, Spanierman's venture into the world of social networking soon came to the attention of the school administration.   An administrator viewed the profile and believed it contained inappropriate comments and "peer-like" discussion with students.  Spanierman deleted the profile after these concerns were brought to his attention. 

But the lure of the social networking site proved to strong for Mr. Spanierman to long resist.  Shortly after deleting the original profile, Spanierman created a second one.  After learning of the second profile, Spanierman was placed on an administrative leave.  Ultimately, the school district decided not to renew Spanierman's teaching contract.   Spanierman filed suit against the school district and various individual officials alleging several violations of his constitutional rights.  In particular, Spanierman claimed that his rights of Free Association and Free Speech had been breached.

The District Court rejected Spanierman's arguments. Although the court determined that Spanierman was not acting pursuant to his official duties as a teacher in maintaining the MySpace page, it found that the page's content did not deal with matters of public concern.  The sole exception to this was a short poem on the Iraq war.  But there was no evidence that any administrator retaliated against Spanierman for expressing his views on that conflict in verse.  The Court went on to note that the school district would likely have been able to demonstrate that Spanierman's "speech" would have been sufficiently disruptive so as to outweigh any the First Amendment value it possessed.

The Court also rejected the teacher's free association claim.  MySpace may be a social networking website, but here, there was “no evidence in the present case that MySpace, as an organization, purports to speak out on matters of public concern.”

Off-duty conduct as grounds for termination is a common topic in employment law. It is not uncommon for employers to include "morals clauses" in employment contracts. And social-networking sites are not the only forums in which employees are getting "busted." You may remember the recent scandal involving not the internet, but a local newspaper, which ran unfavorable photographs of the then-president of the community college engaging in off-duty conduct that reflected negatively on his leadership and judgment. Robert Paxton, resigned after the paper published a photograph of him pouring beer into a young woman’s mouth.

Companies will not risk their reputations on drunken pirate escapades or inappropriate MySpace relationships. Few states offer protection under the law for employees' off-duty conduct. Delaware is not one of those states--employers have full authority to determine what actions constitute "bad behavior," and can result in termination. 

FaceBook, MySpace, and other social network sites, have multiple uses. Of course, the traditional idea is that members gather to meet new people and share experiences.  As most recruiting and hiring managers are well aware, these websites can provide substantial insight into the personality and personal lives of job applicants. 

The value in this hiring strategy is subject to debate.  William W. Bowser and I will be debating it ourselves in greater detail tomorrow in our audioconference, Click Here for Lawsuit: Applicant Screening With Google and MySpace.  Employers must balance the need to make crucial hiring decisions with the privacy demands of Gen Y.  The arguments against using the internet's resources as the basis for employment decisions are shrinking, though.  And, if the trends continue, employers who do not utilize the web in hiring may find that they're alone in that decision. 

A survey released yesterday reports that the use of social networking has just begun to get off the ground outside America.  In North America last year, the number of users increased by 9% compared to an increase of 25% worldwide. 

Social networking has seen growth not only in the number of members, but also in the number of ways it has been put to use.  For example, the National Law Journal's article, Social Networking Sites Help Vet Jurors.  The article details how many lawyers now incorporate a Facebook-MySpace background-style check into their jury selections.  The information that is available online about potential and seated jurors can be invaluable in selecting jurors, striking potential jurors, and even in crafting opening and closing arguments that will hit home for the jury-audience.

What is remarkable about this trend is the revelations that often come with the discovery of an individual's FaceBook or MySpace page. Over and over, when social networking is used as a means to find out the "real" personality, behavior, and preferences of others, whether it be a job candidate or a potential juror, the "real" version is drastically different from the version presented to the searching party. 

Employee-privacy rights.  Compensation-based jealousy.  Bitter co-workers.  Electronic monitoring.  Gender discrimination.  Clash of the Gen X and Baby-Boomers, even?  The continuing saga involving former news anchors Larry Mendte and Alycia Lane has all of the makings of an employment-law thriller. 

Last we checked in with the two former news anchors, KYW-TV announced its decision to terminate long-time host, Larry Mendte, following a federal investigation and raid of Mendte's home and office.  On Monday, July 21, the U.S. Attorney's office filed a federal criminal information charging Mendte with a single felony count of intentionally accessing a protected computer without authorization.  See the full Information here: 

The allegations, as detailed in meticulous fashion in the Information, are based on the government's claim that Mendte hacked into Layne's personal e-mail accounts and released the info he stole to the press and others.  The hacking is said to have gone on for a period of two years but, last quarter alone, is alleged to have tapped into her accounts approximately 537 times.  Lane's lawyer is reported so say that Mendte was jealous of his younger co-host, who garnered lots of attention and who made $100,000 more than him a year. 

That alleged jealousy could land Mendte with a jail sentence of up to six months.

The Acting U.S. Attorney Laurie Magid, explained the government's interest in the case.  "We live in an age in which many people exchange and share personal, sensitive information by e-mail every day."

This is a great lesson for employers.  Privacy rights are on the minds of employees everywhere.  It's an already-serious issue when employers monitor their employees' e-mail and internet use.  But add to that a potential threat from co-workers and privacy paranoia seems like a very realistic possibility.

For earlier episodes in the soap opera:

More Drama at the News Desk: Co-Anchor Suspected of Snooping Through E-Mails

Pardon Me? Anchorwoman’s Cursing Caught on Live TV

What do News Anchors, Sports Figures, and Corporate Executives Have in Common? Employment Agreements and Risk-Avoidance Clauses.

The lines of privacy in the workplace are blurred, at best. There are lots of questions about the limits placed on employers when it comes to monitoring their employees' technology use.  We do know that employers should notify employees if the company wants to reserve the right to monitor e-mails, voicemail, and internet access.  In Delaware, this notice is mandatory.  But it is not clear whether this notice can extend to web-based, personal e-mail accounts, like G-Mail or Yahoo!, when the accounts are accessed by employees during working time on a company-provided computer, accessing the internet through the company's server.  (See my previous post, Suit Raises Tough Questions About Privacy Rights of Former Employees for a case involving these facts; and if you're still not sure, just ask the Mayor of Detroit, Is It Time to Update Your Electronic Communications Policy? If you’re the Mayor of Detroit, the answer is “Yes”). 

And that is just the tip of the iceberg.

A recent decision from the Ninth Circuit Court of Appeals has added another layer of complexity. In Quon v. Arch Wireless Operating Company, the court found that the employer-defendant violated its employee's rights by reading his text messages without his consent.  The case was brought by a police officer, whose text messages were reviewed by his boss, who had obtained them from the internet service provider.  The reason given by the officer's supervisor was fairly innocuous--to determine whether the officer was using his city-issued pager for personal communications. 

The important take-away from this case is consent, consent, consent.  The court found that the officer had a reasonable expectation of privacy in the text messages.  Had the employee consented to the employer's search, the whole suit would have been avoided. 

And how can you get an employee to consent, you ask?  Easy.   By having all employees read and sign a comprehensive electronic-monitoring policy at the time of hiring. 

Already doing that? Great.  Now get a Gen Y to read it.  Have him or her tell you about all of the types of technology you've missed.  Does your policy even cover text messages? Now's the time to check. 

Can I read my employees' e-mails? Labor and employment attorneys get this question often. It's not as common, though, that the possible cyber-sleuth is a co-worker rather than a member of management. Recent drama at the news desk of Philadelphia's CBS 3 fits this unusual profile. 

The First of the Fallen Anchors

Long-time CBS news anchor, Larry Mendte, is under federal investigation.  He is suspected of reading the e-mails of former co-anchor, Alycia Lane.  After Lane was involved in several scandals of her own, her employment contract was terminated after she allegedly assaulted a plain-clothes police officer in New York City, and using a homophobic slur. See my earlier post, Bad Boys, Bad Boys, Whatcha’ Gonna Do When They Work for You?, for more details on the Alycia Lane scandal.

The Cyber-Scandal Spreads

And now attention has been turned to Lane's former colleague, Larry Mendte.  Late last week, Mendte and CBS News learned that he was being being investigated for snooping through Lane's e-mail.  Reading others' e-mails without permission or privilege is a federal crime.  (Last week we discussed Delaware's state law, which requires employers to provide written notice of their intent to monitor employees' e-mails.  See Employers' Policies on Technology in the Workplace).

Mendte's home computer was seized by the FBI as part of the probate.  CBS 3 issued the following statement yesterday:

Late last week, CBS 3 became aware of an investigation by the U.S. Attorney's Office regarding anchor Larry Mendte. CBS 3 is cooperating fully with that office in this matter. Mr. Mendte will not be on CBS 3's broadcasts pending further investigation.

While the investigation is ongoing, Mendte has been dethroned. It doesn't seem so positive.  Mendte's lawyer said yesterday, "We hope to work together with CBS 3 to reach a mutually agreeable resolution as to his status." 

That does not sound good.

Get Consent to Monitor Employees' E-Mails or Risk a Mendte-Style Result

Let this be a word of warning to any employer who may be inclined to search their employees' e-mails without complying with state and federal notice requirements.  Cyber-sleuthing has serious consequences.

And if you learn that another employee has been snooping through a co-workers electronic data, including e-mails, act quickly and seriously.  Take a page from CBS 3 and consider suspending the employee until your investigation is complete.

Employers, do you know what to do if your employees' confidential data is stolen or lost? There are ways employers can prepare to act quickly and effectively in the event of a data security breach. Delaware employers in particular have a wealth of resources made available by the State. But don't wait until it's too late to learn about the necessary steps to take to help your employees in a time of crisis as well as to protect against liability. 

Notify Your Employees Immediately

Once you learn that there has been a potential data breach, you should notify every potentially affected employee.  Do so immediately.  Every minute counts when this confidential information has been obtained by someone with the wrong intentions.

Exactly how you give notice may differ based on the state where your business is located.  Delaware employers are guided by a state law, the Delaware Credit and Identity Theft Protection Act.  The Act instructs employers to provide written notice to employees that the security of their data may have been breached.  The Act also contains sample language for the notice.  In essence, the Act explains that employees should consider placing a "security freeze" on their credit report.

A security freeze is a permanent hold on your credit information. It costs nothing to have the security freeze put in place and it takes no more than three days from the time of the request. 

If someone wants to use your credit to get a loan, extend a line of credit, or finance a big purchase, the lender will need to contact a credit reporting agency to determine your credit rating.  If a freeze is in place, no information will be provided.  But you will be alerted and can, in turn, alert the authorities. 

And unlike a fraud alert, a security freeze will stay in place until you ask to have it removed permanently or lifted temporarily.

Monitor Your Credit Report

Another important step to take is to request a copy of your credit report and continue to do so periodically and cautiously monitor it for any inaccuracies.  By law, Delaware residents are entitled to one free credit per year from each of the three credit agencies.  The website that has been created for this purpose is www.annualcreditreport.com.  Or you can download the free credit request form (pdf) and mail the completed copy to:  Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA   30348-5281.

There is no penalty for Delaware residents who request their credit report or who put a security freeze on their credit.

Delaware Employers Should Utilize the Resources Offered by the State

Employers should know that the State of Delaware also offers several helpful resources.  It's a great idea to order some of these now to have on hand in the event that a theft does occur.  The new brochure, "Identity Theft Hurts"  has answers to many of the questions residents have about credit reports including what is in your credit report and what to do if you find an error in your credit report. The brochure also covers the issue of identity theft and steps you must take if you are a victim of identity theft.

The Office of the State Bank Commissioner also distributes a new brochure from the Federal Trade Commission entitled Stop Think and Click (also available as Stop Think and Click in Spanish), which highlights seven practices for safe computing.  The brochure also focuses on a new web site called onguardonline.gov, which provides practical tips from the federal government and the technology industry to help you be on guard against internet fraud.  The Office of the State Bank Commissioner recently released links to the top five web sites consumers can use to fight identity theft. 

The Office is partnering with the Delaware Money School and has scheduled over a dozen meetings in the spring of 2006 across the state on identity theft and free credit reports. Residents can register on line or call the money school for information about how to set up a presentation in your neighborhood or school.

Workplace privacy concerns aren't limited to technology.  There's been lots of buzz about GPS tracking of employees, use of biometric data in time and attendance programs, and, of course, electronic monitoring of employees' e-mails, and Internet usage. As the case below demonstrates, privacy concerns don't require hi-tech equipment or software.  Just a whole lot of nosey.

A Sordid Affair

The story centers around a Wal-Mart supervisor who had engaged in an improper affair with a co-worker.  Not only was the affair illicit but it also violated Wal-Mart's anti-fraternization policy.  The supervisor was terminated when the company discovered the relationship.  Now, the termination alone might raise a few eyebrows.  But, policy is policy, and the supervisor's relationship was in violation of policy (as well as really bad managerial skills), the company can and should take disciplinary action. 

I Spy (well, Wal-Mart spied, actually)

Where the story becomes truly noteworthy, though, is exactly how Wal-Mart came to first learn about the "violation."  It hired a private investigator to track the couple.  The investigator did just that; following them all the way to a rendezvous hideaway in Central America.

And Then Came the Lawsuit

The romantic and unemployed supervisor filed suit in Arkansas state court alleging violation of contract and wrongful termination based on public policy.  The contract claim was swiftly rejected.  The termination claim, based on the allegation that he was fired in retaliation for reporting Wal-Mart's failure to comply with it's own internal policies regarding factory certification, was equally unpersuasive.  Summary judgment was granted in favor of Wal-Mart, which was subsequently affirmed by the Arkansas Court of Appeals. 

The legal claims asserted in the lawsuit were pretty blasé when compared with the sordid facts that got him terminated in the first place.  Based on the appellate court's decision, the claims seem doomed from the start.  I have to wonder whether the plaintiff wouldn't have been better off asserting a state-law privacy claim. 

The case is Lynn v. Wal-Mart Stores, Inc., No. 07-384 (Ark. App. Ct. Mar. 19, 2008), and a hat tip to the Workplace Profs Blog, who spotted this one back in April.

Privacy rights of employees are a common topic.  But privacy rights of executives is a less frequent employment-law issue. The recent demand for presumptive Republic party candidate John McCain's medical records, as well as the small flurry of excitement about Apple CEO Steve Jobs' cancer diagnosis has put the topic in the headlines. 

There has been much talk in the news about Senator McCain's health.    The talk centers around a melanoma McCain had removed in 2000.  So much attention has been devoted to the topic that the Senator has agreed to release his medical records.

The push for disclosure seems to be based on the argument that the electorate has a right to know the condition of a candidate's health.  On one hand, the demand seems like a crude request to inspect the goods prior to purchase.  But, on the other hand, maybe inspection of health care records is the best we can get short of a warranty.

Employers are permitted to require a fitness-for-duty certification before allowing an employee to return to work following leave for medical reasons.  I can't say I'm convinced but I can see the parallel.

The public demand for McCain's health records raises interesting questions for employers.  Should CEOs and other top executives at large companies disclose to their organization that they have a serious illness?    

A Human Resources Executive Online discussed this question in the context of Apple CEO Steve Jobs' recently disclosed condition of pancreatic cancer.   Jobs told the board of directors and top leadership soon after being diagnosed in 2004.  After consulting with attorneys, the company decided against further release of the diagnosis. 

Jobs tried a variety of dietary and alternative medicine treatment options for nine months before turning to surgery.  It was only after he had undergone surgery successfully that he told employees about his illness.

CNN Money.com criticized Jobs' decision not to disclose his condition, claiming that it put his company and his investors at risk.  And the story made the cover of the April 2008 edition of Fortune Magazine (pictured above).  But during the mid-1990's, Intel CEO Andy Grove did not disclose his cancer diagnosis for a year without controversy. 

It raises an interesting question about the privacy rights of senior executives.  It also makes me wonder whether the news about Steve Jobs will trigger companies to include medical-condition disclosure provisions in executive employment agreements.

Genetic testing is a key advance in preventative health care. But opponents of DNA testing worry about privacy issues--that employers may use genetic data in making employment decisions. The Genetic Nondiscrimination Act of 2007 (GINA) is intended to prevent that.

The Act was unanimously accepted by the Senate with a vote of 95-0. After final approval from the House, it will go to the President's desk for signature. It could be signed into law as early as next week. The act will protect individuals against discrimination based on their genetic information when it comes to health insurance and employment. These protections are intended to encourage Americans to take advantage of genetic testing as part of their medical care. The purpose of GINA is to ensure that anyone who gets genetic screening tests will be protected from having that information shared with health insurers or employers. Up until now, individuals who tested positive for a certain type of cancer gene could be denied insurance coverage or employment based on his or predisposition to developing cancer years down the road.

“It means that people whose genetic profiles put them at risk of cancer and other serious conditions can get tested and seek treatment without fear of losing their privacy, their jobs, and their health insurance,”

said Ted Kennedy (D-Mass.).

The debate is not a new one--the bill was rejected more than 10 times before it passed. And during those 10+ years, Delaware passed its own genetic antidiscrimination law. Delaware is one of 35 states to prohibit genetic discrimination in employment. State laws typically protect "genetic information." A number of states, including Delaware, have passed or are considering bills that expressly include and requests for genetic services. The Delaware law also makes it unlawful for an employer to "intentionally collect" genetic information unless it can be demonstrated that the information is job-related and consistent with business necessity or is sought in connection with a bona fide employee welfare or benefit plan.

Of the 35 states with these laws, though, there has not been a single suit filed on the grounds of "genetic descrimination," although the EEOC did settle a genetic-discrimination claim that was filed under the Americans With Disabilities Act. In that case, the employer, Burlington Northern Santa Fe Railroad, was alleged to have obtained blood samples from employees that would later be used for genetic testing, unbeknownst to the employees. The employer ceased the conduct within days of receiving the EEOC's complaint and eventually settled the suit.

Additional Resources:
The National Conference of State Legislatures maintains a comprehensive website on laws dealing with genetics and genetic testing if you're interested in where your state currently stands.

But the most detailed resource, by far is that of the National Human Genome Research Institute, (NHGRI) at genome.gov. The NHGRI's site inlcudes dozens of helpful explanations about just about everything genetic--including the legal, social, and ethical implications of genetic testing.

To review GINA's passage through the House and Senate, visit thomas.loc.gov.

From a women's health perspective, U.S. News & World Report's Deborah Kotz's article is a worthy read.

And, as always, our friends at HR Hero has a whole cache of easy-to-read and to-the-point articles on the Genetic Testing page of their website.

Employee-privacy advocates are not in favor of biometrics in the workplace. But many employers do not share the concern. Biometrics are being used in workplaces across the country for purposes ranging from security to timekeeping and attendance.

What are Biometrics?

You may not know it, but you have probably seen biometrics in use numerous times. Catch any modern spy movie and there is sure to be a scene where the main character accesses the inevitable Restricted Area using the fingerprint of a dead man via a "borrowed" digit. Or maybe the triple-secret bank vault can be opened only via a a retina scan of the bank's Very Important President. You get the idea.

Biometrics run the gamut from simple to NASA-level technology. Biometrics on the most basic level could include simple ID badges with the employee's mug-shot style photograph. Signatures are even included in biometrics that are used as a security measure. Today, employers utilize password-management systems that require employees to regularly change their personal passwords in order to access the company's network.

The term "biometrics" refers to a method of authenticating the identity of an individual using enduring physical or behavioural characteristics. Any system that utilizes biometrics relies on the use of biometric identifiers. Also known as "BIs," biometric identifiers are select pieces of information that relay an encrypted picture of some unique feature of the person's biological makeup. Common BIs include fingerprints, retinal scans and voice scans.

Other identifiers that have been suggested and used include: hands, feet, faces, ears, teeth, veins, voices, signatures, typing styles (keystroke), gaits and odors.

How Effective Are Biometrics?

In the employment context, biometrics are used as an authentication tool. The BI is compared to the authenticated BI, which is stored in a database. Used this way, biometrics offer a nearly infallible security system. Unlike traditional security measures, like passwords or security badges, biometrics cannot be shared, lost, forgotten, stolen, or recreated.

But there are security risks for the user. For example, the authenticating, or original, data must be kept as secure as possible, which usually means not being sent wirelessly. And, if it is sent across a network, encryption should be at a maximum. As a compromise, systems often provide for a larger margin of error. And, unlike passwords and security questions, biometrics cannot be changed or revoked when the employment relationship ends.

What Else Could Go Wrong?

Well, lots, actually. Unauthorized access to highly sensitive personal information raises very legitimate concerns about identity theft--a problem that already has employers on high alert for potential liability. And, without any regulatory system in place, what about the potential privacy implications? Surely, employees will want to know what other information can be obtained should the wrong person have access to the database.