Category Archives: Employee Privacy

March 25, 2014

2014 Wyoming Legislature Keeps Status Quo, But Changes On The Horizon?

By Brad Cave

The 2014 session of the Wyoming Legislature did not pass any significant employment legislation, but the Legislature’s actions on some of the measures it did consider could portend a much more interesting 2015 legislative session. 

Independent Contractors.  The issue of independent contractors garnered the most legislative attention of any employment issue in the 2014 session.  In February, we reported on House Bill 16 which would have created misdemeanor criminal penalties for “knowingly failing to properly classify an individual as an employee” leading to a reduction in unemployment contributions or workers compensation premiums or benefits. (A companion measure, Senate File 112, was introduced in the Senate but failed to get sufficient votes for introduction.)  This measure was sponsored by the Joint Corporations, Elections and Political Subdivisions Interim Committee.   Although it failed to garner the two-thirds vote required for introduction during a budget session, a majority of the representatives in the House voted in favor introduction in the 32-26 vote.  This bill may rear its ugly head again in the 2015 general session, where introduction requires only a majority vote. 

On the bright side of the independent contractor issue, Senate File 96 proposed an amendment that would have relaxed the definition of independent contractor in the unemployment and workers compensation statutes.  Those two identical definitions currently require that a person classified as an independent contractor meet three requirements: 

  • The person is free from control or direction over the details of the performance of services by contract and by fact;
  • The person represents his services to the public as a self-employed individual or an independent contractor; and,
  • The person may substitute another individual to perform his services. 

These three factors have always been part of the commonly accepted definition of an independent contractor, as recognized by courts, other statutes and the Internal Revenue Service.  But courts and the IRS weigh these and several other factors, without any single factor or group of factors controlling the determination.  This approach permits employers to fashion independent contractor relationships under a variety of circumstances.  Because of the “and” between the second and third factor, the Wyoming definition requires employers to meet all three of these factors, regardless of the other circumstances surrounding the independent contractor relationship.  Add to that the fact that the second factor is wholly outside of the employer’s control, and you have a very strict and onerous definition. 

Senate File 96 would have added a second test to the unemployment and workers compensation definitions to give employers two ways to prove independent contractor status.  Under the second option, a person providing services would be properly classified as an independent contractor if the person: 

  • is free from control or direction, asserted directly by the person or entity contracting for the services, over the details of the performance of services by contract and by fact; and,
  • has substantial investment used in connection with the performance of the services.  The investment may include physical assets, financial assets, education, experience, intellectual property or any combination of these factors. 

This proposed change would obviously open the door to a broader range of independent contractor relationships, and recognize the importance and prevalence of the sole proprietor independent contractor, particularly in technology services.  

Senate File 96 passed the Senate with strong support, but the House defeated the measure by a vote of 54 to 6.   Reasons for its demise may include timing – it was brought to the floor of the House on the last day for the entire House to consider new measures.  Also, there may have been some confusion about whether the changes would be consistent with the IRS definitions of independent contractors and other statutory definitions.  Because the House had little or no time to resolve these questions, the measure died.  We encourage the Legislature to address this topic again next session. 

Employer Access to Social Media Accounts.   The surprise proposal of the session was Senate File 81, which would have put Wyoming on the bandwagon of other states which are restricting employer access to employees’ social media accounts.  This proposal would have amended the Wyoming Fair Employment Practices Act to make it an unfair employment practice for employers to “request or require” any employee or applicant to disclose any username, password or other method of accessing personal social medial accounts.  Social media accounts was broadly defined under the proposal, to include videos, images, blogs, podcasts, instant and text messages, email, internet websites or locations and other online services or accounts.  

The measure included exceptions to the general restrictions for (1) access to employer social media accounts used for the employer’s business purposes; (2) when personal social media is reasonably believed to be relevant to an investigation of allegation of employee misconduct or violation of laws or regulations, if access is limited to the investigation or a related proceeding; (3) when conducting an investigation of an employee’s social media when required to comply with the requirements of state or federal law, or the rules of a self-regulating organization; or, (4) when an applicant applies for law enforcement employment. 

Senate File 81 flew through the Senate with strong support, and started strong in the House, but was then defeated by a House vote of 36-16. 

Our experience suggests that this is a solution in search of a problem.  The huge majority of employers already avoid efforts to access employees’ social media because learning such information can cause all sorts of headaches for employers.  In fact, employers usually learn about employees’ social media content when employees report to the employer some other employee’s bad behavior as described on social media, and usually expect the employer to do something about it.  Although the exception for investigation-related access is helpful, even that language forces employers to couch their requests in terms that will simply raise the stakes of workplace situations. 

Wyoming employers should pay attention next session to see if the Legislature takes up this topic. 

Misconduct Disqualifications from Unemployment Benefits.  Senate File 76 added a new definition of misconduct to the unemployment compensation statute to outline the circumstances under which a former employee may be disqualified from unemployment benefits.  It was signed by Governor Mead on March 10, 2014, and will become effective on July 1, 2014. 

The unemployment compensation statute already states that an employee will be disqualified from benefits if the Department of Workforce Services finds that the employee was discharged for “misconduct connected with his work”  but does not define that phrase.  To fill the gap, several years ago the Wyoming Supreme Court adopted a definition that required a showing of an act of the employee that indicated a disregard of the employer’s interests or the commonly accepted duties, obligations and responsibilities of an employee, to include carelessness or negligence of such a degree or recurrence as to reveal willful intent or intentional disregard of the employer’s interests or the employee’s duties and obligations.  Violation of company policies or rules could qualify as misconduct under the court’s definition, provided the employee acted intentionally.  The court’s definition also provided that inefficiency, failure of good performance due to incapacity or inability, ordinary negligence or good faith errors in judgment were not adequate to disqualify an employee. 

The new definition of “misconduct connected with work” seems to adopt much of the Wyoming Supreme Court’s interpretation of the phrase.  The phrase is now defined as “an act of an employee which indicates an intentional disregard of the employer’s interests or the commonly accepted duties, obligations and responsibilities of an employee.”  The amendment also excludes from the definition of misconduct, (1) ordinary negligence in isolated instances; (2) good faith errors in judgment and discretion, and (3) inefficiency or failure in good performance as the result of inability or incapacity. 

Because the new statutory definition is very similar to the definition the Supreme Court has used for years, we will need to see how the definition is applied by the Department and the courts to determine whether the misconduct standard has changed at all through this amendment. 

Computer Trespass.  Although not an employment measure, House Bill 178 created a new criminal offense that may give employers a new tool to help prevent employee sabotage.  This measure, which passed both houses and was signed by Governor Mead, created the crime of computer trespass.  A computer trespass occurs when a person knowingly and without authorization, with the intent to damage or cause the malfunction of a computer, system or network, sends malware, data or a program which alters, damages or causes the malfunction of the computer, system or network, or causes it to disseminate sensitive information. 

The measure also created a civil remedy for computer trespass, and permits a person who suffers damage due to a trespass to sue the computer trespasser for damage to computers, systems, or networks, and the costs incurred because of the loss of use of those assets.  The person brining the action can recover the damages caused by the trespass, as well as the costs incurred to identify the trespasser and to serve a complaint on the trespasser. 

House Bill 178 was passed by both houses, and signed by Governor Mead on March 10, 2014.  The new law will become effective on July 1, 2014. 

This new law may be useful to employers if former or disgruntled employees attempt to misuse an employer’s computer systems.  Employers should adopt and periodically review technology policies that carefully define when and how employees are authorized to use the employers’ computer, systems and networks.  If an employee causes computer damage under questionable circumstances, such policies may help employers draw clear lines about when an employee’s access is unauthorized and pursue civil remedies under the statute. 

And the Rest of the Pack.  A few other employment measures never saw the light of day during the 2014 session.  House Bill 45, which would have raised the minimum wage, and House Bill 57, which would have restricted employers’ ability to restrict the post-termination value of accrued vacation, both failed to get enough votes for introduction.  

Bottom Line.  The 2015 legislative session should be interesting, with the possible return of independent contractor and social media legislation.  These are significant issues for Wyoming employers.  We will keep you posted.

Click here to print/email/pdf this article.

January 7, 2014

Idaho Basketball Coach Fired For Posting Breast-Holding Picture on Facebook Should Be Reinstated, Says Grievance Panel

By Scott Randolph 

Posting family reunion pictures on your Facebook page seems like a pretty benign thing to do.  For Pocatello High School’s girls basketball coach Laraine Cook, however, one reunion picture showing her boyfriend touching her clothed breast cost her her job.  Although Cook removed the photo within 24-48 hours of it being posted on Facebook, the school district fired her.  Cook filed a grievance and a three-member grievance panel (Panel) recently concluded that Cook’s firing was unduly harsh and unfair, recommending that Cook be reinstated as head basketball coach and a substitute teacher.  In re Cook, Pocatello Sch. Dist. Grievance Panel, No. 14-03, 12/23/13. 

Photo Was a “Misstep” in Judgment But Not Immoral or Indecent 

Cook worked as a substitute teacher with the Pocatello School District and as head coach for the girls high school basketball team.  Her boyfriend was the high school’s football coach.  After both attended Cook’s family reunion in the summer of 2013, Cook posted numerous photos from the reunion on her public Facebook page.  In one photo, Cook and her boyfriend stood by a lake wearing bathing suits.  Each had one arm around the other’s waist and her boyfriend’s other hand rested on Cook’s breast.  

After the Pocatello High School Athletic Director and Assistant Principal saw the photo, they told Cook’s boyfriend to tell Cook that “it was not a good idea to post such a photo.”  A number of Pocatello High School students were Facebook “friends” with Cook.  After being informed of the Athletic Director’s concerns, Cook immediately removed the picture from her Facebook page.  A few months later, administrators for the school district became aware of the photo.  Despite the lack of any prior performance or disciplinary issues with Cook, the school district fired her.  The district also reported Cook to the Idaho State Department of Education Professional Standards Commission for posting “a picture of a sexual nature on a social media website.”  Although the football coach was also in the photo, the school district did not terminate his employment but according to reports, “reprimanded” him. 

The Panel deciding Cook’s grievance looked at whether the school district’s decision to fire her was a violation of school district policy or whether the decision was unfair.  The Panel decided that Cook’s conduct was not in any way immoral or indecent or a violation of the Code of Ethics for Professional Educators.  It instead determined that Cook’s decision to post the photo on her public Facebook page that students could access was a “misstep in professional judgment and inappropriate” and contrary to the best interests of the school district.  The panel therefore concluded that Cook was properly subject to discipline under the district’s corrective disciplinary policy.  The Panel decided, however, that termination of employment was not warranted in Cook’s case as she removed the photo when the issue was brought to her attention, expressed sincere regret and had no prior performance problems.  The Panel deemed Cook’s firing as unduly harsh and unfair. 

The Panel concluded that a fair resolution would be to reinstate Cook as a substitute teacher for the district and to hire her as the head girls basketball coach at the high school for the 2014-15 season.  The Panel further recommended that its decision be provided to the Professional Standards Commission in support of Cook.  Finally, because the school district lacked a social media policy, the panel found that the district should adopt a policy and instruct employees about the standards of conduct related to the use of social media to help alleviate any confusion about what was acceptable or not. 

Will Panel’s Reinstatement Decision Stand? 

Will Cook actually be reinstated in time to coach this season?  It depends.  The Pocatello School District Board of Trustees has the ability to overturn the Panel’s decision at its next regularly scheduled public meeting.  Either party then has forty-two (42) days after the filing of the board’s decision to appeal to the district court in Bannock County.  Stay tuned to see if the reinstatement decision stands and Cook returns to coach this year. 

Does the Panel’s Decision Offer Lessons for Employers? 

Employers should consider what lessons they may learn from this much-publicized personnel decision.  First and foremost, employers should consider adopting a social media policy that spells out what is acceptable (or not) and the potential consequences for violating the policy.  Employers that have a progressive discipline policy must take that policy into account when making employment related decisions based upon employees’ violation of the standards of the organization.  Finally, employers should take into account all the circumstances when making employment decisions, such as past performance, the employee’s willingness to accept responsibility, and any efforts to mitigate a questionable social media post.

Disclaimer: This article is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal advice and are not intended to create an attorney-client relationship between you and Holland & Hart LLP. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.

Print Friendly and PDF

November 25, 2013

Montana Supreme Court Stresses Right of Privacy in Employment Records

By Jason Ritchie 

Montana employees have a reasonable expectation of privacy in their personnel files, including identifying information such as job title and department. The Montana Supreme Court emphasized these privacy interests while examining whether the City of Billings was required to release copies of internal personnel investigative documents to the local newspaper following the investigation and discipline of five city employees. Billings Gazette v. City of Billings, 2013 MT 334.  The case serves as a good reminder to employers to properly safeguard employment records. 

City Employees Disciplined for Inappropriate Computer Use 

In early 2012, the City of Billings (City) discovered that five city employees may have been using their work computers to access pornographic websites during work hours.  Separate investigations were conducted, resulting in a five-day suspension for each of the five employees.  The City issued each of these employees a written corrective action determination which summarized information learned through the investigation and setting forth the resulting disciplinary action. 

Some months later, the Billings Gazette requested a list of all City employees who had been disciplined in the prior six months as well as copies of all records of disciplinary actions and other information related to the employees’ access to inappropriate websites.  The City provided some investigative documents but removed the names and other identifying information related to the five suspended employees and uninvolved third persons, citing privacy concerns. The newspaper went to court to obtain the documents with the identifying information included, arguing any privacy interest that the disciplined employees may have in the information did not clearly exceed the public’s right to know.  The district court reviewed the requested documents and ordered the City to turn over the corrective action forms and other documents with removal of only the identifying information related to third parties.  The City appealed the district court’s order to the Montana Supreme Court. 

Balancing Constitutional Right to Privacy with Public’s Right to Know 

The Montana Constitution provides the right of individual privacy but also establishes the public’s right to examine documents and deliberations of all public bodies and agencies.  These competing interests must be balanced to determine whether the individual privacy clearly exceeds the merits of public disclosure under the facts of each case.  

In this case, the Court held “that society would be willing to accept as reasonable a public employee’s expectation of privacy in his or her identity with respect to internal disciplinary matters when that employee is not in a position of public trust, and the misconduct resulting in the discipline was not a violation of a duty requiring a high level of public trust.”  Finding that the five disciplined employees were not elected officials or high level management and their inappropriate computer usage did not relate to the performance of a public trust function, the Court found that their expectation of privacy clearly outweighed the limited merits of public disclosure of their identifying information.  The Court ruled that the City did not have to turn over documents containing the employees’ identifying information. 

All Employers, Public and Private, Should Maintain Privacy of Personnel Records 

Although the Billings Gazette case dealt with a public employer (the City), the Court’s emphasis on employees’ privacy interests in their personnel records and their identifying information is relevant to private sector employers as well.  The Court noted that employment records regularly contain references to family, health or substance abuse problems, employer criticisms, test scores, background checks, military records and other types of information that employees reasonably expect to be confidential.  Employers should take care to safeguard personnel files and employment records at all times.  Access to personnel files should be limited and only those with a “need to know” should be permitted to view individual employment records.  In addition, medical information must be kept separately from the rest of an employee’s personnel file.  Take the time to review your recordkeeping policies and procedures to ensure that your organization does not violate your employees’ privacy interests.

Disclaimer: This article is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal advice and are not intended to create an attorney-client relationship between you and Holland & Hart LLP. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.

Print Friendly and PDF

July 22, 2013

Myriad of Social Media Privacy Laws Create Havoc for Multi-State Employers

By Elizabeth Dunning 

ComputerDoes your company request that your employees and applicants provide user names and passwords to their personal social media accounts?  Do you require applicants to log onto their online accounts in your presence so that you can view their content?  Perhaps you ask employees to “friend” their supervisors.  If you haven’t followed new developments in state employment laws, you may not realize that such activities are unlawful in some states.  In just two years, eleven states have passed social media privacy laws that prevent employers from accessing employees’ and applicants’ personal online accounts.  Each state law differs in certain respects, making it difficult for multi-state employers to adopt a uniform and consistent social media policy.  To help sort things out, we highlight here the primary differences in the state social media privacy laws. 

States with Workplace Social Media or Internet Privacy Laws 

The eleven states that have enacted social media or internet privacy laws affecting employers to-date are:  Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Mexico, Oregon, Utah and Washington.  All but one of these states protect the access information for both current and prospective employees, with New Mexico only protecting the log-in information of applicants. 

Differences in State Social Media Laws 

Generally, all of these states prohibit an employer from requesting or requiring an employee or applicant to disclose his or her user name, password or other means of accessing his or her personal social media accounts. Many of these states also make it unlawful to discipline, discharge, discriminate against or penalize an employee, or fail to hire an applicant who refuses to disclose his or her access information to personal social media accounts.  However, that’s where the uniformity in the laws generally ends.  The following chart highlights numerous key differences between the state laws. 

Legal Provision

States Recognizing Provision

Prohibits employers from requesting that employee add employer representative or another employee to his or her list of contacts (e.g., “friend”)

Arkansas, Colorado, Oregon and Washington

Prohibits employers from requesting employee to access his or her personal social media account in the presence of the employer (“shoulder surfing”)

California, Michigan, Oregon and Washington

Prohibits employers from requesting employee to change the privacy settings on his or her personal social media accounts

Arkansas, Colorado and Washington

Specifically permits employers to view and access social media accounts that are publicly available

Arkansas, Illinois, Michigan, New Mexico, Oregon and Utah

Exception when access required to comply with laws or regulations of self-regulatory organizations

Arkansas, Nevada, Oregon and Washington

Exception for investigations of employee violation of law or employee misconduct

Arkansas, California, Michigan, Oregon, Utah and Washington (Colorado and Maryland limit this exception to investigation of securities or financial law compliance)

Exception for investigation of unauthorized downloading of employer’s proprietary, confidential or financial data

Colorado, Maryland, Michigan, Utah and Washington

Inadvertent acquisition of personal log-in information while monitoring employer systems not a violation but employer not permitted to use the log-in information to access personal social media accounts

Arkansas, Oregon and Washington

As you can see, the differences in the laws exceed the similarities, making it difficult for an employer operating in more than one covered state to comply with all applicable provisions.  Even the definition of covered social media accounts varies by state, creating even more inconsistencies. 

Would a Federal Law Help? 

With eleven laws in place and almost 20 additional states considering social media privacy bills, the issue seems ripe for a federal bill that would bring some uniformity to the protections offered to employees and applicants.  In February 2013, the Social Networking Online Protection Act, which offers such workplace protections, was introduced into the U.S. House of Representatives.  Unfortunately, it has languished in committee and is not expected to pass.  In addition, a federal law on the issue will likely only simplify the web of state laws if it specifically preempts state law.  Without federal preemption, we might face two sources of law on the issue, federal and state, which might muddy the waters even more.  In any event, it does not appear that a federal law will be enacted before additional states enact their own laws, leaving employers to struggle with the variances in state law. 

Best Practices for Complying with Social Media Privacy Laws 

With the vast amount of information available on social media and the increased use of social networking platforms for business purposes, it is likely that most employers will at some point need to access or review content on an employee’s or applicant’s social media account.  Perhaps it will be for an investigation of an employee who downloaded proprietary information or perhaps it will be to confirm derogatory statements about the company made by an employee.  Whatever the reason, the first step is to recognize that these laws exist and you will need to review which, if any, apply to your company and/or the employee involved.  Remember that you are generally free to access publicly available social media content.  However, if one of these state laws applies, consult with legal counsel before accessing (or requesting access to) any personal social media accounts to determine what restrictions and exceptions are applicable to your particular circumstances. 

Establish a social media policy specifying that employees are not permitted to disclose or post proprietary or confidential company information on their personal social media accounts.  Make a clear delineation between company/business-related social media accounts where you control who speaks on behalf of your organization, and personal accounts where employees do not represent the views of the company. Be careful that your social media policy does not run afoul of the National Labor Relations Act by interfering with employees’ right to discuss their wages and working conditions in a concerted manner.  Communicate your policy to your employees through normal channels, such as your employee handbook, online policy/intranet, etc. 

Train your supervisors, managers and human resources staff on these laws.  Sometimes supervisors or HR folks think it is acceptable to ask an employee to “friend” them online, or to ask for their log-in information to view pictures or other benign posts.  Despite good intentions, company representatives could get you into legal trouble so advise them of these laws and your restrictions on requesting access to personal social media accounts.

Disclaimer: This article is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal advice and are not intended to create an attorney-client relationship between you and Holland & Hart LLP. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.

Print Friendly and PDF

June 17, 2013

New Nevada Law Restricts Use of Credit Checks for Employment Purposes

By Anthony Hall and Dora Lane 

Nevada recently joined the ever-growing list of states that restrict the use of credit reports by employers.  Effective October 1, 2013, Senate Bill 127 will, with limited exceptions, prohibit Nevada employers from making an adverse employment decision based on credit information and from requesting or requiring any prospective or current employee to submit a consumer credit report as a condition of employment.   

Use of Credit Reports as an Unfair Employment Practice 

By amending the Employment Practices chapter of the Nevada Revised Statutes, Senate Bill 127 makes it unlawful for any Nevada employer to: 

1)  Directly or indirectly require, request, suggest or cause any employee or prospective employee to submit a consumer credit report or other credit information as a condition of employment; 

2)  Use, accept, refer to or inquire about a consumer credit report or other credit information; 

3)  Discipline, discharge, discriminate against or deny employment or promotion, or threaten to take such action, against any prospective or current employee on the basis of the results of a credit report or for refusing or failing to provide a credit report; or 

4)  Discipline, discharge, discriminate against or deny employment or promotion or threaten to take such action against any prospective or current employee for filing a complaint or instituting (or causing to be instituted) a legal proceeding under this law, testifying in any legal proceeding (actually or potentially) to enforce the provisions of this law, or exercising (individually or on behalf of another) rights afforded under this statute. 

Exceptions Allowing the Use of Credit Information 

Under this new law, employers are permitted to request or consider consumer credit reports or other credit information for the purpose of evaluating an employee or prospective employee for employment, promotion, reassignment or retention under the following circumstances: 

  • When required or authorized by state or federal law;
  • Upon reasonable belief that the individual has engaged in specific activity which may constitute a violation of state or federal law; or
  • When information in the credit report is reasonably related to the position for which the employee or prospective employee is being considered (including retention as an employee). 

For most employers seeking to use credit reports to evaluate employees and applicants, it is this last exception that typically comes into play.  Importantly, the new law defines what shall be deemed “reasonably related” to include positions where the duties involve one or more of the following non-exclusive categories:

Care, custody and handling of, or responsibility for, money, financial accounts, corporate credit or debit cards or other assets;

  • Access to trade secrets or other proprietary or confidential information;
  • Managerial or supervisory responsibility;
  • The direct exercise of law enforcement authority as a state or local law enforcement agency employee;
  • The care, custody and handling of, or responsibility for, the personal information of another person;
  • Access to the personal financial information of another person;
  • Employment with a financial institution chartered under state or federal law (including subsidiaries or affiliates of such financial institutions); or
  • Employment with a licensed gaming establishment.

Public and Private Enforcement of Credit Report Law 

This new law provides for two types of enforcement mechanisms with a three year statute of limitations.  First, an individual harmed by a violation of this statute may file a private lawsuit against the allegedly offending employer.  The lawsuit may be filed on behalf of the individual employee or prospective employee, or on behalf of other similarly situated employees or prospective employees.  Courts may grant successful plaintiffs various remedies including employment, reinstatement or promotion to the position applied for, lost wages and benefits, attorney’s fees and costs and any other equitable relief deemed appropriate (without the issuance of a bond). 

Second, the Nevada Labor Commissioner may impose an administrative penalty against an employer of up to $9,000 for each violation of the law or may bring a civil lawsuit against the employer to obtain equitable relief as may be appropriate, such as employment, reinstatement or promotion of the employee and the payment of lost wages and benefits.   

Complying with Credit Restriction Laws in Ten States 

In enacting this new law, Nevada became the tenth state to restrict the use of credit reports for employment purposes, joining California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Oregon, Vermont and Washington.  Additional states are considering similar legislation.  Further, the Equal Employment Opportunity Commission (EEOC) has targeted employers for the use of credit reports as potentially causing disparate impact on certain protected groups.  Complying with these laws can be challenging, especially for multi-state employers. 

Prior to the October 1, 2013 effective date of Nevada’s new law, employers who use credit reports or credit information in their hiring or evaluation process need to review their screening policies.  Specifically, employers hiring individuals in Nevada need to evaluate each position for which they want to use credit reports and determine if the position falls under one of the enumerated exceptions in Senate Bill 127 that allows the use of credit information on applicants and/or current employees.  If the duties of the position do not fall within the list of exceptions, employers should evaluate whether the credit report “is reasonably related to the position.”  If the answer to both of these questions is “no,” then the employer should not request or use credit reports or other information from a consumer reporting agency when evaluating candidates for that position.  Employers with operations or hiring needs in multiple states need to stay abreast of the latest legal requirements to ensure that their credit screening policies comply with each applicable state restriction. This may mean implementing a different credit screening policy in those states where the use of credit reports is restricted by law.

Disclaimer: This article is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal advice and are not intended to create an attorney-client relationship between you and Holland & Hart LLP. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.

Print Friendly and PDF

June 3, 2013

Criticizing Employer on Facebook Leads to Termination

By Steve Collis 

Griping about your employer on Facebook may feel liberating, but for one Colorado employee, it liberated him right out of his job.  Joe Lobato was feeling really sick at work.  He states that when he told his supervisor he was sick, his supervisor told him not to leave his machinery again.  Lobato then sat at his work computer to compose a long Facebook update complaining about his employer, apparently including the statement, “Guess they think a person is a machine and can’t get sick.” 

A co-worker, and Facebook “friend” of Lobato, reported the Facebook post to the company.  The company fired Lobato for “gross misconduct” for posting negative statements about the company on a public forum.  Now Lobato is talking to the media because he is about to lose his house and wants to get his job back. 

Can’t an Employee Gripe Online? 

Employees have the right to talk about their working conditions and terms of employment with their co-workers, even if such “talk” occurs online.  The National Labor Relations Board (NLRB) has focused a great deal of attention on employers’ social media policies, examining whether restrictions in the policies violate an employee’s right to engage in such conversations.  In fact, overly restrictive polices or actions taken in response to such policies could result in an unfair labor practice charge against the employer.  However, employees’ online rants are not protected when they are not for the mutual aid or protection of an employee or co-workers. 

In addition, in some states, employers may be legally prohibited from accessing their employees’ private online accounts.  Colorado recently passed a law prohibiting employers from requesting or requiring applicants/employees to disclose their user names or passwords for access to their personal electronic communications.  Numerous other states have similar laws restricting employer access to private electronic accounts. 

Lobato, however, appeared to be griping alone.  He did not appear to be initiating any discussion with co-workers for their mutual aid or protection.  In addition, the company learned of the negative comments from someone who had access to Lobato’s Facebook page, not through any apparent improper access.  Moreover, Lobato posted his rant while he was on company time.  Lobato says he has been told that his termination was justified. 

As Facebook, Twitter, and other social media become the new “water cooler” where workplace conversations take place, employees need to realize that comments made online can have consequences.  Employers, on the other hand, need to update their policies and procedures to define acceptable and unacceptable employee use of social media and company electronic resources, without making their policies too restrictive so as to run afoul of the NLRB.  While these new and ever-changing online platforms help shrink the universe by connecting us with acquaintances around the world, they raise unique challenges for both employees and employers alike when used in ways that touch the workplace.

May 15, 2013

Colorado Prohibits Employer Access to Social Media Accounts

By Alyssa Yatsko 

Under a new bill recently signed into law by Colorado Governor John Hickenlooper, employers are prohibited from requiring access to an applicant’s or employee’s personal social media account.   Violations could result in penalties and fines.  Here are the details of this new law. 

Employers Denied Access to Private Social Media Accounts 

Colorado joins the growing trend of states restricting employer access to private social media and other online accounts of job applicants and employees.  Colorado’s new law, House Bill 13-1046,  applies to any employer engaged in a business, industry, trade or profession in the state, except government law enforcement agencies.  It prohibits employers from suggesting, requesting or requiring that an applicant or employee disclose their user name, password or other means of accessing their personal account or online services.  Employers also may not compel an applicant or employee to add anyone to their list of contacts (e.g., to “friend” on Facebook, etc.) or to change their privacy settings on their social media accounts.  Employers violate this law if they discipline, discharge or otherwise penalize an employee, or fail to hire an applicant who refuses to disclose any of the prohibited information or refuses to add the employer to their contacts or to change their privacy settings. 

A person harmed by an employer’s violation of the law may file a complaint with the Colorado Department of Labor and Employment (CDLE).  The CDLE is required to investigate the complaint and issue findings within 30 days after a hearing.  The law provides that the CDLE may create rules regarding the penalties for violations, including imposing fines of up to $1,000 for a first violation and up to $5,000 for each subsequent violation. 

Access Permitted for Company Systems and Certain Investigations  

Two exceptions to the prohibition on requiring access to online accounts are spelled out in the law.  First, employers are permitted to require employees to disclose any user name, password or other access to non-personal accounts or services that provide access to the employer’s internal computer or information systems.  Second, employers are allowed to conduct investigations in two areas:  (1) to ensure compliance with applicable securities or financial law or regulatory requirements based on the receipt of information about the use of a personal online account by an employee for business purposes; and (2) to investigate whether an employee has made an unauthorized posting of the employer’s proprietary information or financial data to a personal online account.  No “fishing expeditions” are allowed under the investigative exceptions; employers may only access personal online information for these investigative purposes following the receipt of information that the employee is using his or her personal online accounts in these specific, inappropriate ways. 

Employers Permitted to Enforce Non-Conflicting Policies 

Existing employment policies that do not conflict with the provisions of this new law are permissible and may be enforced.  Employers should examine their policies and practices that may conflict with this law and revise them to remove any requirements or actions prohibited by this law.  Specifically, employers should revisit their background check practices related to social media, workplace investigation procedures, policies governing use of company computers, electronic accounts and personal online accounts as well as any other policy addressing technology and employer access to accounts.

May 6, 2013

Colorado Restricts Employers’ Use of Credit Reports

By Mark Wiletsky 

Employers using credit reports to evaluate applicants and employees take note: Colorado recently enacted the “Employment Opportunity Act” limiting the use of credit reports in employment decisions.  In passing this law, Colorado joins eight other states–California, Connecticut, Hawaii, Illinois, Maryland, Oregon, Vermont and Washington–in restricting employers from obtaining and/or using credit history information when evaluating applicants and employees.   The new Colorado law exempts certain job positions from the prohibition on the use of credit reports, but the exceptions are very fact specific.  Employers need to analyze the job responsibilities of the position at issue in order to determine if they may use credit information under this new law. 

Prohibition on the Use of Consumer Credit Information for Employment Purposes 

Effective July 1, 2013, section 8-2-126 of the Colorado Revised Statutes provides that an employer shall not use consumer credit information for employment purposes unless the credit information is substantially related to the employee’s current or potential job.  This means that Colorado employers are prohibited from using credit information in the employment context except in those limited situations where credit or financial responsibility is substantially related to the job.  The type of information prohibited under this law includes any written, oral or other communication of information that bears on a consumer’s creditworthiness, credit standing, credit capacity or credit history.  This includes a credit score, but does not include the name, address or date of birth of an employee associated with a social security number. 

“Substantially Related” Analysis Looks to Job Responsibilities 

When determining whether a particular position falls within the exception where credit information is “substantially related to the employee’s current or potential job,” employers may not rely on an informal, best-guess determination.  Instead, employers must carefully analyze whether the job in question meets the parameters detailed in the new law.  

Under Colorado’s law, “substantially related to the employee’s current or potential job” is defined to apply to positions that: 

1)         Constitute executive or management personnel or officers or employees who constitute professional staff to executive and management personnel, and the position involves one or more of the following: 

                A)    Setting the direction or control of a business, division, unit or an agency of a business;

                B)    A fiduciary responsibility to the employer;

                C)    Access to customers’, employees’, or the employer’s personal or financial information (other than information ordinarily provided in a retail transaction); or

                D)    The authority to issue payments, collect debts or enter into contracts; OR 

2)         Involves contracts with defense, intelligence, national security or space agencies of the federal government.

Consider this example:  you are hiring a human resource specialist who will administer employee benefits within your company.  May you obtain and use a credit report on applicants for this position?  Assuming this position does not involve federal defense, intelligence, national security or space agency contracts, you first must determine if this position is an executive or management position, or alternatively, if this position is considered professional staff to an executive or manager.  In our example, the employee benefits specialist position may or may not be an executive or management position at your company.  If not, the position may be considered professional staff to an executive or manager if the position reports to an HR Director, Vice President or other similar high level manager or officer.  If we assume this position meets this threshold determination, you next must analyze if the position involves one or more of the four areas of responsibilities where credit information will be deemed substantially related.  Because an employee benefits specialist is likely to have access to employees’ personal and perhaps financial information, it appears to fall within the third area of responsibility where credit information will be deemed substantially related to the job, but the answer is certainly not clear-cut.

Requesting Employee Consent to Obtain a Credit Report  

In addition to the prohibition on the use of credit information for employment purposes, the new Colorado law prohibits employers or their agents from requiring an employee to consent to a request for a credit report that contains information about the employee’s credit score, credit account balances, payment history, savings or checking account balances, or savings or checking account numbers as a condition of employment unless: 

            1) The employer is a bank or financial institution;

            2) The report is required by law; or

3) The report is substantially related to the employee’s current or potential job andthe employer has a bona fide purpose for requesting or using information in the credit report and is disclosed in writing to the employee.   

The written disclosure requirement here is a new procedural step with which most employers meeting this exception will not be familiar.  Employers meeting these criteria now need to provide applicants/employees with a notice of their business purpose for requesting credit information.

Employee May Be Allowed to Explain Circumstances Affecting Credit 

In those cases when an employer is permitted to use credit information because it is substantially related to the job, an employer may ask the employee to explain any unusual or mitigating circumstances that affected their credit history.  For example, if the credit report shows delinquent payments, the employer may inquire further allowing the employee to explain circumstances that may have caused the delinquencies, such as an act of identity theft, medical expense, a layoff, or a death, divorce or separation.   

Adverse Action Disclosure Required 

If the employer relies on any part of the credit information to take adverse action regarding the employee or applicant, the employer must disclose that fact and the particular information relied upon to the employee.  This disclosure must be made to the employee in writing but can be made to an applicant via the same medium in which the application was made (e.g., if the application was submitted electronically, this disclosure may be sent electronically). 

FCRA Obligations Still Apply 

Employers who are permitted to obtain and use credit reports under the Colorado law must also comply with the requirements of the Fair Credit Reporting Act (FCRA) in order to obtain a credit report from a consumer reporting agency.  These additional FCRA duties include: 

1)         Providing a clear and conspicuous written disclosure to the applicant/employee before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained;

2)         Getting written authorization from the applicant/employee before obtaining the report;

3)         Certifying to the consumer reporting agency that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer's rights will be provided to the consumer;

4)         Before taking an adverse action, providing a copy of the report and a summary of FCRA consumer rights to the applicant/employee; and

5)         After an adverse action is taken, sending an adverse action notice to the employee/applicant containing certain FCRA-required statements. 

Credit Check Compliance 

Colorado employers need to review and update their background check policies as they relate to conducting credit checks on applicants and existing employees.  In addition to FCRA obligations, employers wishing to use credit reports have additional restrictions and duties under state law.   

Employers now must analyze whether each position for which they wish to obtain credit reports meets the “substantially related to the employee’s current or potential job” criteria.  If the position meets that criteria and the employer wishes to obtain a credit report on an applicant or existing employee, the employer first must provide a written disclosure to the applicant/employee describing the bona fide purpose of obtaining the credit information.  If the credit report reveals questionable or negative information, the employer may (but is not required to) ask the applicant/employee to explain any unusual circumstances that may have led to the unfavorable credit information.  If the employer rejects the applicant/employee for the position based in any way on the credit report, the employer must provide the required FCRA adverse action notices as well as a written explanation of the particular information in the report that led to the employer’s decision. 

Multi-state employers face unique challenges when obtaining and using credit reports for employment purposes as they must comply with various state laws that now restrict such use.  Given the intricacies of complying with the FCRA and applicable state laws, employers are wise to consult with their counsel to review and update their credit check policies. 


April 25, 2013

Tips for Complying with Utah’s Internet Employment Privacy Act

By Elizabeth Dunning

Effective May 14, 2013, Utah employers may not request employees or applicants to disclose information related to their personal Internet accounts.  The Internet Employment Privacy Act(IEPA), recently signed into law by Utah Governor Gary R. Herbert, prohibits employers from asking an employee or applicant to reveal a username or password that allows access to the individual’s personal Internet account.  In addition, employers may not penalize or discriminate against an employee or applicant for failing to disclose a username or password.  A similar restriction applies to higher educational institutions through passage of the Internet Postsecondary Institution Privacy Act. 

With enactment of the IEPA, Utah becomes the fifth state to pass legislation that limits an employer’s access to social media accounts, joining California, Illinois, Maryland and Michigan.  New Mexico passed a similar law shortly after Utah and New Jersey’s law passed the legislature and is awaiting the governor’s signature.  A bill introduced in February in the U.S. House of Representatives called the Social Networking Online Protection Act (H.R. 537) is stuck in committee. 

Public Online Accounts Are Fair Game under the IEPA 

The IEPA does not restrict or prohibit employers from viewing or using online information about employees and applicants that the employer can obtain without the employee’s username or password.  Any online information that is available to the public may be accessed and viewed by employers without violating the IEPA.  Consequently, individuals who set privacy settings on their online accounts to allow “public” access effectively opt themselves out of any protections offered by this new law. 

Utah Restriction Applies to Accounts Used Exclusively for Personal Communication 

In prohibiting employers from requiring disclosure of online usernames and passwords, the IEPA draws a distinction between personal Internet accounts and those used for business related communications.  The law only restricts employer access to personal online accounts that are used by an employee or applicant exclusively for personal communications unrelated to any business purpose of the employer.  It does not, however, restrict access to accounts created, maintained, used or accessed by an employee or applicant for business related communications or for a business purpose of the employer.  

In practice, the line between personal and business related accounts may be blurred as many employees use their personal online presence to network and communicate for business reasons.  Consider the sales person who uses his or her LinkedIn account to communicate with potential buyers within a particular industry, or the CPA who posts tax reminders on his or her Facebook page.  Are those accounts accessible under the IEPA since they are not used “exclusively” for personal communications?  A plain reading of the law suggests that may be the case, thereby watering down the potential protections offered by the IEPA to applicants and employees.   

Steps for Complying with the IEPA 

Utah employers should review their HR forms, policies and practices to ensure that they do not ask applicants and/or employees to provide a username or password to their personal Internet accounts.   Train supervisors and managers not to ask for this information as well.  In fact, take the opportunity to remind supervisors and managers not to “friend” subordinates on personal online platforms, such as Facebook.  In addition, reinforce that employees and applicants may not be penalized or treated adversely for failing to provide a username or password for personal online accounts.   

Remember, too, that even though the IEPA does not prohibit accessing an employee’s or applicant’s public social media accounts, viewing such information creates other risks.  Employers may view information regarding the individual’s religion, race, national origin, disability, age, or other protected group status that could give rise to a discrimination claim.  Furthermore, online information is unreliable and ever-changing, meaning that employers should not rely on what they see online when making employment decisions.  To stay out of trouble, consult with legal counsel before viewing or using social media in the employment context.

For more information about permissible actions and potential damages under the Utah Internet Employment Privacy Act, please see our Client Alert.