Employers Need to be Wary About Handling Personal Data

Bloomberg Law for HR Professionals is a complete, one-stop resource, continuously updated, providing HR professionals with fast answers to a wide range of domestic and international human resources...


In a world where personal data is increasingly cheap, readily gathered, easily searchable, and seemingly eternal, employers and individuals had better be wary of how they handle and how they create information, according to employment law attorneys who participated in an Oct. 27 webinar sponsored by the American Bar Association.

“[E]verything about you is out there,” David C. Thompson, an associate with Munger, Tolles & Olson LLP in Los Angeles, told participants. To illustrate his point, he said that in the course of a five-minute online search of former ABA President Stephen N. Zack, he not only obtained basic information, such as his age and home address, but information about Zack's political affiliation, religious background, income level, and even hobbies and interests.

“Digital data processing puts data at the tip of your fingers,” Thompson said. This has caused a mergence between many individuals' private and public lives, he said. Public portraits of individuals are being created using information gathered from their supposedly private actions, he said.

Websites Provide Data to Anyone

Websites such as Spokeo and Google now provide detailed private information about individuals to anyone, Thompson said. He cited the implications of a statement made in December 2009 by Eric Schmidt—Google's chief executive officer at the time—that “if you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.” While there might be individuals who fall into that category, he said, others are not necessarily doing things they shouldn't, but are doing things they still would not want the whole world to know about.

In the employment context, he gave the example of a professor who also is a Star Trek fan and might be photographed at a Star Trek convention, with the likelihood that the image will be digitized and disseminated. Although there is nothing inherently wrong with attending a Star Trek convention, he said, a professor might not want his personal interests associated with his scholarly work.

So much information is being collected, stored, and disseminated that employees need to be concerned with the prevalence of either inaccurate or incomplete data, Thompson said. When data are wrong, outdated, or maybe even true but not complete, a damaging picture of a person can be created.

Some Online Activity Protected

Both Thompson and Mark Risk, a solo attorney in New York, discussed the National Labor Relations Board's position on protected online activity by employees who discuss, wages, hours, and working conditions with each other for the sake of trying to improve them. The line between protected and unprotected social media conduct is not yet clearly defined, Thompson said.

Risk noted that Section 7 of the National Labor Relations Act, which protects employees' right to engage in protected concerted activity, applies to all employees whether or not they belong to a union.

Although an employee has the right to engage in protected concerted activity, Risk warned that an employee who spends the day on a Facebook or Twitter account, text messaging and the like, “can be disciplined [for such actions] because that's not their job.” Employees will be protected to the extent that they are talking to each other on matters that, under traditional NLRB law, are in the realm of wages, hours, and working conditions.

Heather A. Morgan, a partner with Paul Hastings LLP in Los Angeles, highlighted the distinction between protected and unprotected activity. In one scenario, she said, an employee who complains on Facebook about her boss to her family would not be considered as engaging in protected concerted activity. In a situation where the employee is complaining to a co-worker or responds to a co-worker's complaint about a manager, however, then the employee's actions would fall into the realm of protection, Morgan said.

Risk said he has found that employers have difficulty understanding NLRB's decisions in this regard because, “understandably,” they view negative Facebook postings “as if the employee had taken out a billboard on the highway.” Conversely, NLRB views Facebook not so much as a public place but as a place where employees can speak to each other, he said.

Moreover, Risk continued, it is hard for employers to understand the flexibility in NLRB rulings regarding the language that an employee can use when discussing protected topics, language that the employer may consider as bordering on defamation.

Off-Duty Conduct

Employees' “off-duty” online conduct also creates issues for employers, which don't always view it as immune from scrutiny, and for employees, who may wonder where the line of protection for off-duty conduct falls, Thompson said.

Morgan said when an employee's off-duty conduct may threaten violence, “then it seems to be fair game for the employer to take action.”

Because discrimination and anti-harassment laws have made it somewhat the duty of employers to police the workplace, Risk said employers cannot necessarily turn a blind eye to what their employees are posting online. The way people speak to each other and the way they treat each other “may implicate other obligations of the employer,” he explained.

However, when asked what an employer's duty is with regard to actively monitoring employees, Risk said he did not “think there's an affirmative duty of an employer to look at postings of the employees.”

By Erica D. Smith



Request Bloomberg Law for HR Professionals