Supporters of such laws say they are necessary because an increasing number of employers are doing credit checks even though there is no proof that bad credit is a marker of risky employees.  They say the practice unfairly injures the huge pool of people whose credit was damaged by layoffs, medical bills or other factors beyond their control. They also say it disproportionately screens out minorities.  “Bernie Madoff had a pretty good credit score,” said Matthew Lesser, a Connecticut state representative.

The limited research on the topic seems to support the new laws.  Even a spokesman for one of the credit reporting companies acknowledges that there is no research to show any statistical correlation between what’s in somebody’s credit report and their job performance or their likelihood to commit fraud.

Advice to employers:  only use credit report history when there is some correlation between that information and the position in question, such as those that regularly handle money.  And only use the credit report as one factor among several in evaluating candidates.

A class action filed in New York yesterday alleges that the management consulting firm Accenture discriminates against African Americans and Latinos in the way it conducts its background checks.   In particular, it alleges that Accenture has rejected or fired otherwise  qualified individuals who have criminal records even where the criminal history has no bearing on the individual’s fitness or ability to perform the job.

According to the Complaint, “Such policies and practices are illegal because they adopt and perpetuate the racial disparities in the American criminal justice system … For decades, the Supreme Court and the EEOC have recognized that overly broad restrictions on hiring individuals with criminal records are discriminatory and illegal.”

The teaching here is clear: employers should avoid blanket criminal record policies.  Where a background check reveals a prior conviction, consider whether it would affect the applicant’s ability to perform the job.  For instance, a conviction for embezzlement would be a concern for a bank teller position; a conviction for jay walking would not. You should also consider how old the conviction is, and evidence of rehabilitation.  In the end, you need to be able justify the rejection of an applicant by pointing to legitimate business reasons for doing so.

Two other points:  make sure that background checks are being used and interpreted consistently across the company.  And focus on convictions, not on arrests.

For more guidance, check the EEOC’s website.

A decision this week by New Jersey’s Supreme Court adds another layer to the ongoing debate over employee’s right to privacy within the workplace.   The Court concluded that an employee, Marina Stengart, could reasonably expect that e-mail communication with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them.   In addition, the Court held that the employer’s lawyer violated the rules of professional conduct by reading Stengart’s e-mails. 

Underlying Facts: 

While employed by Loving Care Agency, Ms. Stengart  was provided with a laptop computer to conduct company business. From the laptop, she could send e-mails using her company e-mail account; she could also access the Internet through Loving Care’s server. Unbeknownst to Stengart, browser software automatically saved a copy of each web page she viewed on the computer’s hard drive in a “cache” folder of temporary Internet files. Stengart used her laptop to access a personal, password-protected e-mail account on Yahoo’s website, through which she communicated with her attorney about her situation at work. She never saved her Yahoo ID or password on the company laptop. Not long after, Stengart left her employment with Loving Care and returned the laptop. In February 2008, she filed the pending complaint.

In anticipation of discovery, Loving Care hired experts to create a forensic image of the laptop’s hard drive, including temporary Internet files. Those files contained the contents of seven or eight e-mails Stengart had exchanged with her lawyer via her Yahoo account. At the bottom of the e-mails sent by Stengart’s lawyer, a legend warns readers that the information “is intended only for the personal and confidential use of the designated recipient” of the e-mail, which may be a “privileged and confidential” attorney-client communication.

Attorneys from the law firm representing Loving Care reviewed the e-mails and used the information in discovery. Stengart’s lawyer demanded that the e-mails be identified and returned. The Firm disclosed the e-mails but argued that Stengart had no reasonable expectation of privacy in files on a company-owned computer in light of the company’s policy on electronic communications, which states that Loving Care may review, access, and disclose “all matters on the company’s media systems and services at any time.” It  also states that e-mails, Internet communications and computer files are the company’s business records and “are not to be considered private or personal” to employees. It goes on to state that “occasional personal use is permitted.”

Legal Analysis:

After first counseling that these types of cases must be decided based on their unique fact, the Court concluded that regardless of an employer’s written policies, an employer has no right to retrieve and read an employee’s attorney-client communication which is sent through a personal, password-protected e-mail account, even where the employee uses the company’s computer system.   “ Under all of the circumstances, Stengart could reasonably expect that e-mails exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private. By using a personal e-mail account and not saving the password, Stengart had a subjective expectation of privacy. Her expectation was also objectively reasonable in light of the ambiguous language of the Policy and the attorney-client nature of the communications.”

In concluding that the attorney-client privilege protected the e-mails, the Court also rejected the claim that the attorney-client privilege was waived. The Policy did not give Stengart, or a reasonable person in her position, cause to anticipate that Loving Care would be watching over her shoulder as she opened e-mails from her lawyer on her personal, password-protected Yahoo account. Similarly, Stengart did not waive the privilege as she took reasonable steps to keep the messages confidential and did not know that Loving Care could read communications sent on her Yahoo account.  In fact, the Court concluded that even a policy that provided unambiguous notice that an employer could retrieve and read an employee’s attorney-client communications, if accessed on a personal, password-protected e-mail account using the company’s computer system, would not be enforceable.

Bottom Line:

While employers should adopt and enforce policies relating to computer use to protect the assets and productivity of a business, but they have no basis to read the contents of personal, privileged, attorney-client communications.

Quck updates this morning on a couple of previous posts, both involving food. 

First, I wrote here about the EEOC’s effort to obtain documents from Schwan’s in a sexual discrimination case.  As expected, Judge Janie Mayeron ruled in favor of the EEOC and has ordered the frozen food company to produce the information sought by the government.

Second, the Supreme Court has agreed to hear the turducken case to consider the privacy rights of government contract employees. 

Now if we could just get the EEOC to investigate the contents of that  turducken!

This morning there are a couple of interesting privacy stories that serve as good reminders of best practices in this area.  The first arises in connection with a union arbitration over discipline meted out to an employee of a municipal liquor store in Paynesville, Minnesota.  As you know, these types of arbitrations usually depend largely on the terms of a particular collective bargaining agreement and the specific past practices of the employer.  What makes this matter interesting, however, is that the employee’s bad conduct came to light because the employer was surreptitiously making audio recordings of everything that happened in the store.

As I discussed here,  employers are generally free to use video surveillance techniques (except in places like locker rooms where employees have a “reasonable expectation of privacy”).  It is far riskier, however, for employers to use audio surveillance, especially if the employees are not made aware of it.  Besides potentially violating federal and state laws governing wiretapping, such a practice might also constitute an invasion of privacy.

The arbitration decision in the Paynesville case mentioned above confirms this analysis.  As the arbitrator wrote: “To meet a fairness or just cause standard, employees would need to be told that they would be subject to both audio and visual surveillance and that the information gathered would be used to review their performance, and potentially used as a basis for discipline.”  While non-union employers probably don’t need to include the language about surveillance being used to review performance, the best practice is for employers who chose to use audio surveillance for legitimate business reasons to advise their employees that they are doing so; otherwise, the employee may claim that she had a reasonable expectation that her private conversations would remain private.

The second development involves credit checks on prospective employees.  As this article in yesterday’s Star Tribune discusses, a number of states are considering legislation that would limit employer’s ability to do credit checks on job applicants based on fears that it unfairly harms people in debt because of past financial problems.

As I have written about before, employers should not have blanket policies regarding background checks for applicants. Credit problems and criminal convictions should not be automatic exclusions; rather, they should be evaluated based on the job, the amount of time since the problem, and other factors.  As one Wisconsin legislator quoted in the Star Tribune rightly put it: “If someone is trying to get a job as a turck driver or a trainer in a gym, what does his credit history have to do with his ability to do that job?”

Sgt. Jeff Quon was a member of the Ontario, California police department.  The department had a written policy reserving the right to monitor “network activity including e-mail and Internet use,” allowing “light personal communications” by employees but cautioning that they “should have no expectation of privacy.”  At the same time, members of the department’s SWAT team were given pagers and told they were responsible for charges in excess of 25,000 characters a month. Under an informal policy adopted by a police lieutenant, those who paid the excess charges themselves would not have their messages inspected.

When the lieutenant changed his mind and ordered transcripts of messages sent and received by Sgt. Quon, he found that in one month only 57 of more than 450 of his messages were related to police business and that many of the messages  sexually explicit.

Sergeant Quon and some of the people with whom he messaged sued, saying their Fourth Amendment rights had been violated.  The Ninth Circuit Court of Appeals agreed, holding the the department’s formal policy had been overridden by the “operational reality” of the lieutenant’s informal policy.

The City of Ontario and its police department, in asking the Supreme Court to hear the case, said “a lower-level supervisor’s informal arrangement” should not be allowed to trump “the employer’s explicit no-privacy policy.”

While the Court’s decision will likely turn on the 4th Amendment’s prohibitions of illegal searches, which does not protect private employees, the decision will likely offer some guidance to private employees as well.

The Supreme Court seems likely to accept a case involving background checks on employees who do contract work for the government, a legal hodgepodge which one judge has analogized to a turducken (a turkey stuffed with a duck and a chicken). 

The case was brought by a group of scientists and engineers at the Jet Propulsion Laboratory, a research facility operated by CalTech under a contract with NASA.  In 2004, the government expanded the scope of background checks required for many government jobs, including those held by contract employees like those at the lab.  The plaintiffs claim that the government’s investigations are overly intrusive and violate their privacy rights.  The Ninth Circuit Court of Appeals agreed with the plaintiffs, and the government has asked the Supreme Court to hear the matter.

The plaintiffs particularly object to requests for information being solicited from schools, landlords, employers and other third parties, especially “adverse” information about alcohol and drug use; finances; and mental or emotional stability.  One form also gives informants space to provide “derogatory” information about the subject.

This case serves as a good reminder that employers should not have blanket policies regarding background checks for applicants. Credit problems and criminal convictions should not be automatic exclusions; rather, they should be evaluated based on the job, the amount of time since the problem, and other factors.

Two interesting stories on privacy issues this morning.

First, Acorn is having even more problems because a republican activist did a little dumpster diving behind its offices in San Diego and came out with a bunch of documents containing social security and driver’s license numbers of its members and job applicants.    Ouch!

Second, Sen. Patrick Leahy is sponsoring a bill called the Personal Data Privacy and Security Act of 2009 that would require entities that keep personal data (like employers) to establish effective programs for ensuring that such information is kept confidential.    You should definitely get ahead of this curve.

Two rather obvious suggestions:  first, have a written plan in place to maintain the confidentiality of all documents and electronic data that contain personal information like social security numbers, and train your employees to follow the plan.  Second, when you throw documents in the trash, shred those that contain confidential or private information.  You never know who might be diving into those dumpsters behind your office!