Jonathan Ingber - Employment Law Update

If an employer uses a tracking system that continues to record the location of the device or car after work hours, the employer will be exposed to potential invasion of privacy claims or claims that a termination was wrongful because it was based on the employee's off-duty conduct. In a general sense, this type of tracking is similar to tracking the location of noncompany property. Any time an employer tracks noncompany property using GPS, privacy concerns will immediately be raised.

In one 2015 California suit, Arias v. Intermex Wire Transfer , a saleswoman sought economic damages of over $500,000 and unspecified punitive damages against her former employer for wrongful termination and invasion of privacy. Intermex had asked its employees to download a GPS tracking app to their personal smartphones so that the company could monitor their locations. Ms. Arias did so, but allegedly expressed concern that location tracking could occur after business hours. A regional vice president allegedly acknowledged that tracking could take place after work hours and allegedly said that Ms. Arias was required to keep her phone on “24/7” so she could answer calls from clients. The suit alleged that the vice president and perhaps others had tracked Ms. Arias's location after work hours.

Ms. Arias was fired a few weeks after removing the app from her smartphone. The suit later settled for an undisclosed amount. The bottom line: employers should never monitor employee locations after work hours and should ensure that monitoring programs or apps are deactivated after work hours — otherwise, they are at risk of a suit like Arias v. Intermex Wire Transfer. 4

Technology has continued to blur the lines between one's work life and personal life, and that blurring is being compounded by the willingness of some companies to allow employees to conduct work activities using personally owned devices. Although not inherently wrong or evil, the crossover between work and personal activities raises some vexing questions for employers:

Are the devices secure, or can they be used as a “back door” into company e-infrastructure?– Failure of the company to implement bring your own device (BYOD) security protocols, educate employees about BYOD security, and monitor security performance can leave the company exposed to a wide variety of malware, viruses, misappropriation risks, and data corruption risks.

In civil suits or regulatory proceedings, the BYOD device can be subject to discovery. Practically speaking, this means that everything on the device may be subject to disclosure to the opposing party or regulator — whether the information is work-related or personal. Many companies now use mobile device management systems (MDM) to virtually segment work and personal information on a variety of smartphones and operating platforms. This software may assist the employer in differentiating work and personal data, but may not be infallible given today's crossovers of our business and personal lives.– In employment cases, the key issue is going to be whether the employee had a reasonable expectation of privacy because the device belonged to the employee.Note: A carefully drafted APA and BYOD policy is a MUST if the employer is going to successfully argue that the employee's expectation of privacy was removed. The policy must clearly spell out if the employer will be monitoring work-related internet use or emails or text messages sent or received using employee-owned devices, or using GPS tracking (only during work hours) of employee-owned devices; describe the steps the employer will take to segregate or otherwise protect personal information of the employee; and obtain the consent of the employee to monitoring of employee-owned devices based on the employer's legitimate business purposes.The BYOD policy also needs to cover the employee's obligations to preserve information on the device when a “litigation hold” is issued because the employer is sued or named in a regulatory proceeding, or litigation is reasonably anticipated.The employer needs to ensure that litigation hold notifications cover all employees and devices that may contain information potentially related to a suit or proceeding.If the employer has any concerns about employees deleting electronic communications, the employer could choose to make a mirror image of the hard drive of the company server through which the communications are routed. This action should be taken only after consulting legal counsel so that the company understands all of the legal implications of taking this action.

The BYOD policy should educate employees about the possibility that customs, border enforcement, or law enforcement personnel could seize devices believed to contain company information, with a corresponding loss of personal information on the BYOD device.

Employers also need to consider how the BYOD policy should address the loss of personal information caused by installation or operation of company-owned software; the loss of personal information because of security breaches not prevented by company systems; and the possible exposure to repetitive stress injuries (for example, carpal tunnel syndrome) from use of BYOD devices.

When an employee is terminated, the employer may have a standing instruction for the IT department to remotely “wipe” a device clean to prevent the misappropriation or the inadvertent loss of company data. What happens if an employee's device is wiped, with a loss of personal information, pictures, videos, or emails? You can guess that a former employee is unlikely to give the company the benefit of the doubt when asking how personal data came to be deleted.

The use of personal devices for work communications by non-exempt employees after work hours can expose the employer to overtime claims by these workers, especially if the employer makes a habit of contacting the employees after work hours. We further explore the topic of “off-the-clock” work later and in chapter 6.

1 If an employer monitors the location of an employee who is using a device owned by the employee, what is a potential result?A suit for invasion of privacy.A suit for defamation.An EEOC discrimination claim.A suit for repetitive stress injuries.

2 If a company is sued by a third party, an employee who has used his or her own device to conduct company businessMay be terminated.May be disciplined.May be forced to turn over the device in discovery.Will be named as a codefendant.

As referred to in chapter 1, the issue of employees working “off-the-clock” (working without recording the time and being paid for the time) is expected to be a source of a significant number of employment litigation cases originating in 2018 and 2019. A portion of that litigation may relate to BYOD policies, especially in cases in which employers lack clear policies that require employees to accurately record time worked at home, off company premises, or e-remotely.

In March 2014, a federal judge denied a motion by Dollar Tree (DT) to decertify a suit filed by between 4,000 and 6,000 current and former DT employees for violation of the employees' Fair Labor Standards Act (FLSA) rights. The suit alleges that the employees were required to work off-the-clock

when making bank deposits;

during meal periods; and

when unloading trucks, retrieving carts and boxes, and stocking inventory.

DT is alleged to have