Would you let your employer microchip you?

Our family dog, Loula, is microchipped. Our vet offered it to us as a service when Loula first joined our family. It provides some peace of mind in the sad event that Loula goes missing and ends up in a shelter or vet office. They would be able to read the rice-grain RFID chip embedded in her leg, discover that she belonged to us, and return her.

Loula, however, is a dog, she’s not an employee. Which is why I’m troubled that a Wisconsin employer has decided to offer microchip implants as a “service” to its employees.

NBC reignites privacy debate by requiring social-media passwords of job applicants

“Those who cannot remember the past are condemned to repeat it.”  (George Santayana)

It’s been eight long years since Bozeman, Montana, set the internet on fire by requiring that job applicants for municipal positions turn over passwords to their personal social media accounts as part of the application process. In the wake of that story, states rushed to introduce legislation prohibiting this practice; many succeeded. And, the story more or less died.

Thank you, NBC, for reigniting it.

10 key elements of any data security policy to safeguard your company

Yesterday, I told you that small businesses (less than 250 employees) suffered 31 percent of last year’s cyberattacks. What can you do to best protect your business (of any size) to repel an attack? Let me introduce you to the Data Security Policy, an essential component of any employee handbook now, and likely forever.

What should an effective Data Security Policy contain? Consider 1) consulting with a knowledgeable cybersecurity attorney; and 2) including these 10 components (c/o me, Travelers, and the U.S. Small Business Association):

As sure as today is Cyber Monday, your employees are shopping from work

Today is Cyber Monday, the biggest online shopping day of the holiday season. In fact, it is estimated that today will be the biggest online shopping day ever, with over $3.36 billion in sales.

And, guess what? Given that most of those doing the shopping will be spending the majority of their prime shopping hours at work, from where do you think they will be making most of their Cyber Monday purchases.

Consider these statistics, pulled from CareerBuilder’s 2016 Cyber Monday Survey:

The newest threat to your cybersecurity? Your lunchroom appliances

Dinner is always a bit of cluster in my house. We are a home of two working parents, and, with music lessons and band rehearsals three nights a week, it seems that we are always scrambling for our evening meal. More often than not, we end up eating out, which is neither good for our wallets nor our waistlines.

Is social recruiting discriminatory?

Yesterday, I noted that the EEOC is examining the impact of “big data” on how employers reach employment decisions.

Looking at an issue and doing something about it, however, are two entirely different animals. I wonder what business the EEOC has looking at this issue at all. The EEOC’s mission is to eliminate discrimination from the workplace. Certainly, there is no claim that neutral data points intentionally or invidiously discriminate based on protected classes.

For God’s sake, think before you email

I have lots of readers. Thousands upon thousands. Do you know who doesn’t read my blog, however? Former DNC Chair (and Congresswoman) Debbie Wasserman Schultz. How do I know? Because, if she does, she would have read this:

Who knows what evil lurks in the hearts of public Wi-Fi?

According to Politico, an IT company set up various fake Wi-Fi networks around the RNC with names such as “Google Starbucks”, “I vote Trump! free Internet”, and “I vote Hillary! free Internet”. The goal was to see how many people would join the unsecured networks. The answer: 1,200, with 68 percent compromising the information on their devices.

“I use public Wi-Fi all the time,” you say. “After all, wireless data is expensive. What’s the harm in using a public network?”

Watch this video, and then let’s chat about how to discuss this important security issue with your employees.

Do you understand your state’s wiretap law?

Here’s one you don’t see everyday. According to ESPN, the Los Angeles Lakers are peeved at one of their teammates, rookie D’Angelo Russell. So far, no big deal. That is, no big deal until you understand the cause of the rift. I’ll let ESPN take it from here.

Sources told ESPN.com that some teammates' trust in Russell is eroding after a video surfaced in the past week that shows Russell recording a private conversation between himself and teammate Nick Young. Young does not appear to realize he is being taped. The video, which is believed to have come to light last week via the Twitter account of a celebrity gossip site, shows Russell filming Young while asking questions about Young being with other women.

Should you allow employees to shop online from work?

Today is Cyber Monday, the day online retailers promote their (alleged) deepest holiday discounts. It is estimated that more than 125 million Americans will take advantage of these sales and shop online today. And, many, if not most, of them will do so from work.

The latest available numbers suggest that more and more companies are allowing employees to shop online from work. As of 2014, 27% of employers permit unrestricted access to employees shopping online while at work, up from 16% in 2013 and 10% and 2012. Meanwhile, 42% allow online shopping but monitor for excessive use, while 30% block access to online shopping sites. Similar data is not yet available for 2015, but one can assume that these numbers have continued to trend towards greater access for employees.

Yet, just because companies allow a practice to occur does not mean it makes good business sense. Should you turn a blind eye towards you employees’ online shopping habits, not just today, but across the board? Or, should you permit more open access?

New workplace app raises old issues

At the beginning of 2015, I reported on the launch of a new app — Memo — which allowed employees to post anonymous comments or complaints about their workplaces. Microsoft has now joined the fray of workplace griping apps with one of its own, called Forum.

According to the app’s description, it “lets ideas thrive, facilitates open dialogue within organizations, and enables employees to freely express themselves.” More importantly, unlike Memo, Forum appears to be non-anonymous. From iMore: “Forum has apparently been designed primarily for businesses to give their employees a chance to speak their minds and connect with their fellow workers and executives.”
 

Be careful what you email (yes, this is a lesson I need to keep repeating)

Two USERRA posts within four days? What is this world coming to?

In Arroyo v. Volvo Group North America (7th Cir. 10/6/15), the appellate court was faced with the issue of whether the district court correctly dismissed an Army Reservist’s USERRA lawsuit. Volvo claimed that it fired LuzMaria Arroyo for violations of its attendance policy. The court, however, thought that the following emails exchanged between her supervisors suggested otherwise:

• “I find myself with a dilemma if I were to discipline a person for taking too much time off for military reserve duty…. I certainly give her credit for serving our country but of course I am also responsible for our business needs.”
• “First, we do not have to grant time off for [Arroyo’s] travel time. Her legal obligation is 2 weeks per year, which we do give off, and 1 weekend per month. The drills she attended were most likely extra training, which we do not have to grant the time. We do not have to give extra time for her travel to and from her weekend duty. She does have the option to transfer to a closer unit, we cannot make her transfer.”
• “Unfortunately, there isn’t a lot we can do…. Per the law we have to wait for her. Sorry it isn’t what you wanted to hear.” (after her deployment to Baghdad.)
• “[Arroyo] is really becoming a pain with all this.”

Beware the email chain of fools

A software engineer rejected for a job by GoDaddy is suing the company for discrimination. Why does he believe that the company discriminated against him? According to USA Today, he read it in the email chain included in his otherwise vanilla rejection email.

The e-mail…, which appears to be sent from a group titled the “GoDaddy Recruiting Team,” begins with a tame form letter, explaining that Connolly had not been selected for a job as a mobile IOS developer. But the note he said he saw below it in the e-mail chain packed an unusual punch.

It read, “about keith he’s great for the job in skills but he looks worse for wear do we really want an obeese (sic) christian? is that what our new image requires of us.”

Like many before it, GoDaddy says that either it was hacked or the email was fabricated. Some computer forensics will sort out the truth of that defense. If it turns out that the email is legit, GoDaddy might want to rethink its “we are not offering any kind of settlement or an apology” position.

Do I really need to tell you not to ever put something like “do we really want an obese Christian” in an email. Some things are better left unsaid, or, more to the point, un-typed. And, for god’s sake, please read those emails (all of them) before you click send. It makes my job a whole lot easier defending you without that smoking gun. 

And, before my employee-advocate readers get all over my case for defending one’s right to discriminate merely by keeping silent, yes, in an ideal world no one would think this way. But, my job is to defend the companies that have the misfortune of employing those that do. If GoDaddy is wrong, and one of its recruiters did send that email, then it should stand by its pronouncement that it is “proud to be an Equal Opportunity Employer” and settle, period.

Putting together the puzzle on off-duty emails and overtime

Employers, I can see the writing on the wall, and it’s not looking good for your continued reliance on your non-exempt employees using their smartphones off-the-clock.

In the past few days, this issue has picked up a ton of momentum. First, the Wall Street Journal ran an article entitled, “Can You Sue the Boss for Making You Answer Late-Night Email?” Then, the Wage & Hour Litigation Blog reported that the Department of Labor’s Wage & Hour Division announced a request for information regarding “the use of technology, including portable electronic devices, by employees away from the workplace and outside of scheduled work hours outside of scheduled work outside of scheduled work hours.” Finally, the ABA Journal reminded us that the same Wage & Hour Division will likely raise the salary floor for exemption eligibility from $23,600 a year to $50,000 a year. This significant bump in the salary test will remove a large chunk of your employees from many of the FLSA’s key overtime exemptions.

What does all this mean? It means that you need to take a long, hard, look at which of your employees you are requiring to connect when they are “off-the-clock.” If you are requiring your non-exempt employees to read and respond to emails after their work day “ends,” you need to examine whether the FLSA requires that you pay them for that time (more often than not at a 1.5 overtime premium).

I’m pretty certain that the Department of Labor consider this time compensable, but I’m not so sure. Even if reading and replying to work-related email is compensable “work,” I’m not convinced that employers should have to pay employees for it. Most messages can be read in a matter of seconds or, at most, a few short minutes. The FLSA calls such time de minimus, and does not require compensation for it. “Insubstantial or insignificant periods of time beyond the scheduled working hours, which cannot as a practical administrative matter be precisely recorded for payroll purposes, may be disregarded.” Think of the administrative nightmare if an HR or payroll department has to track, record, and pay for each and every fraction of a minute an employee spends reading an email.

Nevertheless, if you want to eliminate the risk over this issue, I suggest you consider a couple of steps:

1. Audit all of your employees for their exempt status. This audit will ensure that you have your employees properly classified as exempt versus non-exempt.
2. Consider implementing an email curfew for your non-exempt employees (which has its own pros and cons).

This issue is not going away any time soon, and illustrates the difficulty the law has keeping up with the stunning pace of technology.

For more on this important issue, I recommend Just how nervous should companies be about FLSA lawsuits over employee smartphone use? (Hint: very) via Eric Meyer’s Employer Handbook Blog.

Is hiring for “digital natives” age discrimination?

Let’s say you’re looking to fill a position at your company that requires a certain degree of technical proficiency. Or, you just want to make sure that the person you hire is comfortable with a computer, an email account, and an iPhone. Is it legal to advertise that the position requires a “digital native?” According to Fortune.com, some companies have begun using this term as a hiring criteria in job postings. Yet, is “digital native” simply code for “younger?”

“Digital native” certainly appears to be a loaded term. According to the Fortune article, some employment attorneys believe that the “trend” towards digital natives is “troubling” and “a veiled form of age discrimination.”

• “This is a very risky area because we’re using the term that has connotations associated with it that are very age-based. It’s kind of a loaded term.” Ingrid Fredeen, attorney and vice president of NAVEX Global

• “I don’t believe using ‘digital native,’ a generational term, as a job requirement would stand up in court. I think older individuals could definitely argue ‘digital native’ requirements are just a pretext for age discrimination.” Christy Holstege, California civil rights attorney

Let me offer a counter-argument. I’m 42 years old, more tech savvy than most, and, by any definition, a digital native. I’ve been using computers since my early grade-school years. I’d fit any criteria seeking a “digital native,” and, yet, I’m also inside the age-protected class. While I do not believe companies should use “digital native” in job advertisement or descriptions (just as I wouldn’t use “recent graduate”), one challenging its use cannot examine that use in a vacuum. Instead, take a look at the hiring demographics. How many employees over 40 (over 50, over 60) hold a position that calls for a digital native. If the answer is “none,” then the employer has a huge problem. If, however, there exists a good mix of ages—both outside and inside the protected class—then there also exists a great argument that the term “digital native” has no loaded, illegal subtext.

Your employees are your biggest security risk

It seems that every week we read a story about another company that has been hacked and had its information and data compromised. Most companies believe that their greatest security risk comes from cyber terrorists overseas—nameless and faceless hackers sitting in some high tech hovel in some foreign country.

Your greatest security risk, however, comes from within—your own employees.

Case in point? This story, via Fusion:

In January, authorities arrested Eddie Raymond Tipton, the Director of Information Security for the Multi-State Lottery Association, a non-profit organization that runs multi-state games for 33 different state lotteries, on charges of fraud.… Tipton is being accused not just of claiming a winning ticket he wasn’t allowed to have, but hacking into the lottery’s random number-generator software to engineer a win for himself.… 

According to the court documents, the Multi-State Lottery Association’s random-number generator computers are disconnected from the Internet and kept in a locked, glass-walled room that is under 24-hour video surveillance. Prosecutors allege that Tipton entered the room on November 20, 2010, changed the camera’s settings to have it record less frequently, and inserted a USB drive containing malware that would manipulate the results of the upcoming lottery drawing.

I'm not saying that the threat from your employees comes from the type of malicious mischief of which Tipton is accused. With data security, sins of omission can be as deadly as sins of commission. Do you have a Bring Your Own Device Policy? Do you have employees sign confidentiality agreements? Do you train your employees on the evils of unsecured WiFi and what to do when a mobile device goes missing? If not, you are being cavalier with your data security, which places your entire business at risk of being the next big data breach story.

Some thoughts on accommodations and flexible workplaces

I’ve been thinking a lot over the past three days about the flexibility that employers afford their employees. I am part of a family with two working professional parents (one of whom travels a great deal), and two young children. If I did not have flexibility in where I perform my job, my life would become exponentially more difficult in light of my wife’ travel schedule. The reality is that technology (specifically iPhones, emails, laptops, and iPads) makes work easier. I no longer need to be tethered to my office to be productive. Yes, I enjoy coming to work. I like the camaraderie of my co-workers. I like seeing and talking to other people. I’m a social person and I like being social. But, I can write a brief, or counsel a client, from anywhere. I don’t need my office to produce. 

Last Friday, the 6th Circuit decided EEOC v. Ford Motor Co., which, according to the Court, applied “common sense” to decide that “regular on-site attendance is required for interactive jobs, and that “regular, in-person attendance is an essential function … of most jobs….” I could not disagree more. When the 6th Circuit originally decided this case one year ago, it relied on technology to determine that employers should at least consider whether telecommuting is a reasonable accommodation for a particular job.

As technology has advanced in the intervening decades, and an ever-greater number of employers and employees utilize remote work arrangements, attendance at the workplace can no longer be assumed to mean attendance at the employer’s physical location. Instead, the law must respond to the advance of technology in the employment context, as it has in other areas of modern life, and recognize that the “workplace” is anywhere that an employee can perform her job duties.

My main problem of the re-hearing panel’s decision is that the “common sense” it is applying is rooted in 1965, not 2015. To paraphrase John Oliver from last night, just as it is no longer acceptable to slap a female co-worker on the backside while calling her “toots,” it is no longer acceptable to assume that work must be performed at work. While I haven’t read the 1,400 page record of the Ford case to determine whether physical attendance at work was essential for this plaintiff’s job, my main critique of this decision is that it swings to needle too far to the side of inflexibility. It sets inflexibility as the rule, and telecommuting as the exception. I would flip the rule.

Telecommuting is an important benefit that promotes work/life balance for employees. It is great benefit that employers should be using to attract and retain employees for whom this benefit matters. With the state of technology in 2015, there is little reason that employer should not be doing so.

NLRB eviscerates the line between insubordination and protected concerted activity

Employers struggle with how to handle employees to take to social media to vent about work. And, they do so for good reason. For one, employers risk creating a viral nightmare out of a fleeting vent. Also, the NLRB continues to take a long, hard look at Facebook firings.

Case in point: Pier Sixty, LLC [pdf].

A Pier Sixty employee took to his personal Facebook page to vent about how his manager had been talking to co-workers. This employee, however, used what anyone would consider less-than-professional language to express his frustration. 

Bob is such a NASTY MOTHER FUCKER don’t know how to talk to people!!!!!! Fuck his mother and his entire fucking family!!!! What a LOSER!!!! 

Unfortunately for this employer: 1) the company was facing a union election two days later; 2) this employee supported the union; and 3) he ended his post, “Vote YES for the UNION!!!!!!!”

Not so surprisingly, when the employer learned of the Facebook post, it fired the employee. Also not so surprisingly, the foul-mouthed Facebooker filed an unfair labor practice charge with the NLRB.

The NLRB sided with the employee:

[W]hile distasteful, the Respondent tolerated the widespread use of profanity in the workplace, including the words “fuck” and “motherfucker.” Considered in this setting, Perez’ use of those words in his Facebook post would not cause him to lose the protection of the Act.

Even if the air of this workplace is full with tolerated obscenities, should an employer ever have to tolerate this type of language specifically directed at a member of management and his family? More to the point, as the lone dissenter argued:

The language Perez chose to post was not merely obscenity used as curse words or name-calling. The phrases NASTY MOTHER F—er and F—ck his mother and his entire f—ing family are qualitatively different from the use of obscenity that the Respondent appears to have tolerated in this workplace. Perez’ statements were both epithets directed at McSweeney and a slur against his family that also constituted a vicious attack on them.

What are the takeaways for employers?

1. Insubordination is insubordination, period. An employer should not have to put up with this type of harsh language specifically directed at a member of management. Nevertheless, this case illustrates the regulatory environment under which employers currently operate, and the scrutiny that even the safest of terminations might receive.
2. If you want to make sure that you have the freedom to discipline any employee for the use of obscenities, it is safest to apply the same standard to all employees. Nevertheless, I firmly believe that the Board missed the mark in this case. There exists a real and meaningful distinction between the occasional conversational f-bomb and “Fuck his mother and his entire fucking family!!!!“

Are Meerkat and Periscope the “next big thing” for employers to worry about?

Have you downloaded Meerkat or Periscope to your iPhone? Do you even know what Meerkat and Periscope are? They are new apps that permit you to live-stream video. They essentially work the same way—when you launch a live-stream, the app tweets out a link for your followers to watch your video. The only real difference in the experience (aside from the aesthetics of the apps) is that once you stop your stream on Meerkat the link goes dead and the video disappears, while Periscope can keep the link live for 24 hours of replay viewing.

Last week, within hours of Meerkat’s and Periscope’s launches, a massive building explosion on New York’s Lower East Side gave us a glimpse of the potential power of these apps, as they turned everyone with an iPhone into instant video-journalists. As for me, so far I’ve only used them to send out video of my dog sleeping on the couch (although I hope to put Periscope to use for some video legal updates in the near future).

Should employers worry about these apps? They offer employees tremendous power. Imagine your workers live-streaming alleged safety violations in your plant, or active sexual harassment, or a termination meeting, or an employer trying to break up a picket line?

Yet, this technology isn’t the-sky-is-falling for employers. For years, the iPhone has placed this same power into employees’ hands. An iPhone + an active internet connection + a YouTube account isn’t that much different than these new live-streaming apps. These apps remove some of the friction from the posting experience, but otherwise don’t create any new opportunities for your employees to journalize your workplace.

Employers shouldn’t knee-jerk ban these apps (or mobile devices in general) from the workplace. It’s possible that the NLRB would permit employers to ban the use of these apps in the workplace, but it’s just as likely that the NLRB will look at such policies with a harsh eye under its section-7 lens. Until we get some guidance from courts on these issues, there is real risk in broad-based bans of mobile technologies or apps.

Instead of rolling out a reactionary policy that could catch the NLRB’s attention, train your employees on their responsible use of the Internet, and your managers and supervisors on the need to be very aware of the possibility that everything that happens at work no longer necessarily stays at work. Indeed, if it happens at work, it is just as likely to end up on Facebook, Twitter, Instagram, YouTube … or Periscope.

You can follow me on Periscope @jonhyman, and tune in at 5 pm on April 11, where I’ll be broadcasting some of my daughter’s performance live from the Rock and Roll Hall of Fame.

Is your company ready for WYOD?

At 1 pm today, Apple will formally unveil its Watch to the public. While other companies have launched smartwatches, because it’s Apple, today’s launch of the Apple Watch will officially herald the beginning of the era of wearables.

If the era of wearables is upon us, it means that as soon as your first employee wears a smartwatch to work, your HR, legal, and IT departments have a whole host of new issues with which to deal.

Better stated, the issues aren’t new, but their application to an evolving technology is.

If your organization already has a BYOD (Bring Your Own Device) policy, then you are well ahead of the game. You will, however, have to adapt that policy to account for WYOD (Wear Your Own Device). All you’ll have to do is extend your BYOD to expressly cover wearables. These devices will bring email, text messages, financial information, and health data to a smaller, even more portable form. And, the more avenues your employees have to access your network and data, the more ingresses hackers have to steal information and do other bad things. In other words, you need to understand wearables, and account for them in your policies, because your employees aren’t going to wait for an official green light to start using them.

If you don’t have a BYOD policy, what are you waiting for? These issues aren’t going away. What should you be considering? Here is a good starting point.