Tag Archives: privacy

Social Media and the Law, as well as other Fun Legal Info

Posted on by under Social Media and the Law, Uncategorized

Well, it’s amazing isn’t it? The month of January of 2012 is almost done and so much has already happened. Here are some interesting social media and the law news that I found, as well as some other fun pieces to carry you over for the day until tomorrow’s Draw the Law.

Google and Privacy Concerns (this well continue to be an issue for 2012 for all Social Media)

Have you noticed that Goolge is making some major pushes lately?  Well come March 1 the search engine plans on doing a turnabout and begin combining information it collects about the user from various sites/services into a single profile. Definitely a privacy issue brewing, especially when the privacy officer has to issue statements. Click: Google to merge user data across its services – CNN.com You can also read the lengthy notification, which you keep bypassing when you log onto your Google+ page.

GPS = 4th Amendment “Search” as Determined by SCOTUS

For all of you interested in criminal law, like Marcus Landsberg criminal lawyer extraordinaire, notice that the Supreme Court- GPS Tracking Is Illegal Without Warrant. Basically, SCOTUS feels that the use of a GPS Tracking device is a “search” for the purposes of the 4th Amendment, thus cops must get a warrant.

Mutant Toys or Mutant Dolls? Yes, it Matters

This was a great listen if you love comic books and would like to theorize that certain superheroes are not human. Basically, the point of this podcast: Mutant Rights – Radiolab, was showing the importance of the word “doll” versus “toy” – you may not think it means much, but if you are an IP attorney and have an import business getting a cheaper rate for your action figures is a must and it all boils down to if a mutant is a human or not.

Department of Homeland Security Following Facebook Posts

Earlier this month DHS released a document stating it is monitoring social media and news sites. They cited federal law that they have to “provide situational awareness” to federal, state, local and tribal governments. You can read more about this here: DHS watching social media, news sites | Greeley Gazette.

NLRB Finds Certain Arbitration Clauses Violate Labor Laws

The National Labor Relations Board (NLRB) has determined that mandatory arbitration agreements that prevent employees from joining together to pursue employment-related legal claims in any forum, whether in arbitration or in court violate federal labor laws. Check that announcement here: Board finds that certain mandatory arbitration agreements violate federal labor law.

Local Startup and Social Media Infromation

For you startup lovers, don’t forget tomorrow night will be Startup Hawaii kickoff. For more information, check it out here: Startup America Comes to Hawaii | Aloha StartUps. It will be at Bar 35 downtown. Definitely come on down if you started or are going to start a business!

Also check back at Alohastartups.com as I will be writing some future posts talking about Hawaii’s new legal non-profit aimed at helping entrepreneurs and startups, Business Law Corp. (businesslawcorps.org). I hope to get some interviews with the founders soon!

Finally, clear sometime in February as I will be getting down with Social Media and the Law as I will be trying to schedule a talk at The Greenhouse Innovation Hub and will be a panelists at Social Media Club Hawaii’s Creating a social media policy for business – what, how and when? event at Amuse Wine Bar on Feb. 21st. Hope to see you there!

Draw the Law: People Issues IX, Protecting Workplace Privacy Part III

Posted on by under Draw the Law

If you like today’s post or any of my other series please “Subscribe” to this blawg to receive e-mail updates.  In addition, follow me on Twitter and “Like” me on Facebook.  If you need to contact me directly, please e-mail me at Ryankhew@hawaiiesquire.com.

For the past two Draw the Law posts I have focused on workplace privacy protections, which have included the following topics:

  1. Credit and background Checks and Surveillance and Electronic Monitoring
  2. Searching Personal Property and HIPAA Privacy

Today is the final day for the subject of dealing with sensitive or private information in the workplace.  I will be focusing on Job References, Social Security Numbers, and other kinds of Personal Information. Note that the last two types of information require businesses to protect them for not only employees, but people in general. This includes customers/clients/patients.  This is good because next week I will focus on legal issues with customers, and this is a nice segue into that series of posts.

Job References Immunity (HRS 663-1.95)

Suppose you let an employee go and a couple of weeks later another company calls you up asking about this former employee. If the former employee was decent or good you may consider giving them a reference or providing information to put them in a positive light. However, if they were terrible you may be inclined to be honest, as you do not want another employer to go through the headaches you did.

While, this is not privacy matter per se, it is a sharing of information about someone and in the State of Hawaii we give employers a “qualified immunity” for providing this information. If you provide a job reference about a current or former employee to a prospective employer you just need to act in good faith when you give this information (even if it may be negative.

For job reference calls, Employer A is immune from a suit from former employee so long as what he is saying to Employer B are not lies.

Many times a former employee cannot get employed, and find out that a old boss is telling things that are brutal to their career. However, the employee has to prove in a court of law that what the former boss knows they saying false things or trying to mislead the asking employer.

While, you may have a defense against a former angry employee you might not want to say whatever you want, no matter how true the matter may be. The best strategy here is to develop a termination process, tell the employee (or wait for them to ask) that you can be used as a reference, and prepare a list of things to tell a prospective employer about them and keep it with the employees file.

Social Security Numbers (HRS 487J)

In the State of Hawaii we protect Social Security Numbers (SSN) .  More specifically, we prevent businesses from doing the following:

  1. printing an individual’s entire SSN on anything mailed to the individual, except in 2 situations: (a)what is being mailed is between employer-to-employee; or (b) the person requests that their entire SSN is sent;
  2. requiring people to give their SSN over the Internet, unless the connection is secure or the SSN is encrypted (thus job application forms on websites have those secure login protocols);
  3. requiring people to use their SSN to access an Internet website, except in the situation where a PIN or password is also required to access the website.

Prohibited uses of Social Security Numbers.

In general, if you do not have the sophisticated job application systems you probably want to avoid using SSNs and trying to gain more information through interviewing. SSN is sensitive information and the State takes it seriously. So much so for every violation the penalty is $2,500.

Personal Information (HRS 487R)

In addition to SSNs, other types of personal information are protected against unauthorized access and businesses that collect this information either for employment purposes or a customer database need to avoid disclosing this information. Basically, we have given people the right to be protected and safe knowing this information is being safeguarded by the entities we give them to.

What is Personal Information?

So “personal information” is a very specific set of information. Most of it you have memorized as you routinely use it to verify who you are whether it is for employment, getting benefit from the government or other instiutions, and for records purposes.

Personal information = person’s name + any of the following:

  1. SSN;
  2. Driver’s License Number;
  3. Financial Account number;
  4. a code that allows access to financial information.

"Personal Information" is a person's name + their SSN, or License #, or their Bank Account #, or PIN.

How can a Business Take Reasonable Measures to Protect this Information?

The main goal is so that information cannot be read or reconstructed based on the medium it was recorded so any of the following methods is appropriate depending on the situation:

  1. Burning;
  2. Pulverizing
  3. Recycling;
  4. Shredding papers;
  5. Destroying electronic media;
  6. Erasing electronic media;
  7. Or finally a catch-all, a procedure relating to the adequate destruction of personal records as official policy in the writing of the business entity.

A business cannot simply just throw away personal information it must assure that it is properly destroyed using one of the above methods.

If you are a one-person shop, like I am. Invest in a good shredder.  If you are a larger business consider outsourcing to a professional information destruction service. However, before you sign that agreement with them make sure you review their policies and procedures, and insure that they are thorough because you are still responsible for any leaked information.

Similar, to the SSN situation you may be fined up to $2,500 per violation by the government. If you have a lot of workers and customers in your database and a fraction of that is leaked you could have a very expensive lawsuit.  In addition, to the government coming after you the person who’s information that you released by accident can also sue you.

Final Word: Record Retention and Destruction

In this age where we get an ID or number for everything we do we set-up databases to contain all that information and make it easy to sort through. However, those numbers represent people and the law has decided to protect that information. Therefore, a business needs to have a thorough record retention and destruction policy. In addition, it becomes key that the people who access this information (no matter how routine or mundane it may seem) are responsible. If you need to figure out how to handle sensitive information or need an update/review your procedures in this area contact a HR specialist or attorney to help your compliance steps.

Remember that next week we will move out of human resource problems and move on to legal issues with customers. Also stay tuned a poll determining what the next subject of my talk at The Box Jelly, Hawaii’s first coworking space, will be going up soon.

Have an Aloha Friday!

*Disclaimer:  This post discusses general legal issues, but does not constitute legal advice in any respect.  No reader should act or refrain from acting based on information contained herein without seeking the advice of counsel in the relevant jurisdiction.  Ryan K. Hew, Attorney At Law, LLLC expressly disclaims all liability in respect to any actions taken or not taken based on the contents of this post.

Draw the Law: People Issues VIII, Protecting Workplace Privacy Part II

Posted on by under Draw the Law

If you like today’s post or any of my other series please “Subscribe” to this blawg to receive e-mail updates.  In addition, follow me on Twitter and “Like” me on Facebook.  If you need to contact me directly, please e-mail me at Ryankhew@hawaiiesquire.com.

Today’s post is following up on the kind of laws you as an employer should be worried about when dealing with employee privacy.  Last week I discussed Credit and Background Checks, as well as Surveillance and Electronic Monitoring.  Specifically, I will discuss Searching Personal Property and HIPAA Privacy.

Searching Personal Property

Conducting searches of employees means creating: (1) a safe work environment and preventing risk to the public; (2) securing company property; and (3) ensuring workers remain productive.

Remember worker safety?   Well, the employer has to create a safe work environment.  The employer also would like to make sure that company property remains in the possession of the company.  Lastly, the company needs to make workers remain productivity or doing what they are supposed to be doing.  Therefore, there is a need to search by the employer desks, lockers, and personal items brought onto premise by workers.

For today’s discussion I will focus solely on private employers, as public employers have different laws protecting them.  In general, an employer should not invade their employee’s privacy because they could be violating various laws, such as misappropriation, intrusion, false light, and unreasonable publicity.

Written Policy: Reserving the Right to Search

A company should adopt a policy that reserves the right to search desks, lockers, and other private places (this includes the employees’ person).  This needs to be carefully worded, as not to overstep the employer’s boundaries.  Basically, it should give the searches context, and explain to the employee when they will be conducted.   The employee should sign (acknowledging and consenting) to the searches.

Your policy should be written and explain in what situations a search will be conducted. Have ALL workers read, acknowledge, consent, and then sign off on it for your records.

Management should then go through a process determining when they should conduct a search.  Here are some questions that you should consider before conducting a search:

  1. Is there a legitimate business reason search?  Is it reasonable?
  2. Is there an objective rationale behind the search (do you have good evidence)?
  3. Will the search provide clear evidence that company policy or the law has been violated?
  4. If the search is conducted, will it provide safety to the public or workers by mitigating a risk?

*Do not go on fishing expeditions, it looks like you are grasping at straws and looks especially bad if the search did not yield any results.  Keep the search narrow and focused on the violation that you think the employee has committed.

During the Actual Search

If it is possible, because a search is an antagonistic situation try and get their consent.  When you conduct the search consider that the employee is highly stressed and you may want have these things in mind:

  1. you will want to make this as non-coercive as possible by allowing them to leave;
  2. do not threaten, physically or verbally abuse them;
  3. keep questions to minimum and focus on the task at hand;
  4. have a witness.

HIPAA Privacy

If you have gone to the doctor’s office before, and are a new patient all those forms you have to sign regarding protection of your health information has to do with HIPAA.  However, what does HIPAA have to do with employers?

Protected Health Information

HIPAA's protected health information (PHI) does not only have to do with medical-related fields, but applies to everyone who receives or creates it, including you the employer.

Employers are increasingly becoming involved with the health of their workers do to regulation and the provision of benefits.  Therefore, at some point you may have a worker’s “protected health information”  (PHI) in your possession, which is covered under HIPAA.  PHI is very broad and in general just remember it is health/condition information created or received by not just those in the health care industry, but can be an employer, life insurer, and a school or university.

PHI should be treated as confidential information and remain in locked files away from easy to access places.

Basically, if try to obtain PHI from an employer’s physician or have a self-insured health plan, or are actively involved in plan administration, or happen to be one in the medical industry your business needs to make sure it does not disclose this information.  In addition, there are very specific requirements about how to handle and keep secure HIPAA-related information.

Last Word

In the case of both these privacy law issues it is best to seek out an attorney to help make sure you are compliant and help you draft/review documentation to use.  Worker privacy is always a delicate balance of respecting employee rights, but making sure the company is safe, secure, and can meet its own needs.

*Disclaimer:  This post discusses general legal issues, but does not constitute legal advice in any respect.  No reader should act or refrain from acting based on information contained herein without seeking the advice of counsel in the relevant jurisdiction.  Ryan K. Hew, Attorney At Law, LLLC expressly disclaims all liability in respect to any actions taken or not taken based on the contents of this post.