As we have discussed on our blog, the National Labor Relations Board (NLRB) has continued a campaign of enforcement actions against employers who, according to the NLRB, have unlawfully terminated employees for discussing working conditions on social media. As we reported, in the first of such "Facebook" enforcement actions to come before an NLRB administrative judge, the employer was ordered to reinstate five employees and to pay back their wages.On September 28, 2011, in the second "Facebook" case to reach an NLRB administrative judge, an employer was found to have been justified in terminating an employee car salesman for Facebook postings that mocked the employer and did not concern working conditions
Omer Tene, Managing Director, Tene & Associates is reporting on the court's decision:In a highly important decision, the Tel Aviv District Court annulled a forum selection clause in a clickwrap contract, holding the user was not sufficiently aware of the choice of foreign forum or of the fact he was contracting with a foreign company; and had not clearly consented to such choice.
It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country's data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.
On August 18, 2011, the Associate General Counsel of the National Labor Relations Board ("NLRB" or the "Board") issued a report analyzing the Board's recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests.
The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC's complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack's credit reports to decide whether and on what terms to extend credit to their customers.
We previously reported on our blog that a Connecticut ambulance company settled the National Labor Relations Board's (NLRB's) allegations that the company violated an employee's federal rights by firing her for criticizing a manager on Facebook. The NLRB continues its enforcement blitz with another Facebook firing complaint.
On May 12, 2011, the Federal Trade Commission announced that the operators of 20 online virtual worlds have agreed to pay $3 million to settle charges that they violated the Children's Online Privacy Protection (COPPA) Rule by collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents' prior consent. The FTC noted that this settlement is the largest civil penalty for a violation of the FTC's COPPA Rule.
On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.
As we have reported previously on our blog, federal agencies, including the FTC, NLRB and EEOC have been very active in taking action against privacy and information security violations. This trend continues with the Securities and Exchange Commission's (SEC's) recent announcement of a settlement with three former executives a brokerage firm (GunnAllen Financial, Inc.). The SEC alleged that the former executives violated the Commission's Privacy Rule and Safeguards Rule (Regulation S-P) and aided and abetted the firm in violating these rules. This enforcement action marks the first time the SEC assessed financial penalties against individuals charged solely with violating Regulation S-P.
The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).
As we have previously reported on our blog, 2011 has seen a whirlwind of privacy enforcement activity. The FTC, NLRB, EEOC, HHS and FINRA have all taken privacy enforcement actions this year. This March, the FTC has announced privacy settlements with Chitika and Twitter.
This month, federal agencies and FINRA have announced significant privacy enforcement actions that have resulted in millions of dollars in fines. The U.S. Department of Health and Human Services (HHS) imposed a $4.3M fine on a health plan for violations of the HIPAA Privacy Rule; the Federal Trade Commission (FTC) settled with several resellers of consumer reports allegations that the resellers failed to adequately safeguard consumer information; and FINRA imposed a $600K fine on two securities firms for failure to safeguard access to customer records. Here are the details:
Dan Or-Hof, a privacy and technology partner at the Israeli law firm Pearl Cohen Zedek Latzer is reporting that a decision by Israel's National Labor Court imposes severe restrictions on the employers' ability to monitor employee emails. Organizations with employees in Israel must promptly take steps to verify that their employee monitoring policies and practices in the country are consistent with the ruling.
Yesterday we wrote on our blog about the NLRB's Facebook firing settlement. I was interviewed on Fox Live this morning about the case, its implications for employees and businesses, and other developments in workplace privacy. You can view the clip at http://video.foxnews.com/v/4531424/facebook-firing-case-settlement/?playlist_id=87937
The National Labor Relations Board (NLRB) has announced that settlement has been reached in the closely watched Facebook firing suit brought by the agency.We have previously reported on our blog that the NLRB filed an administrative complaint against a Connecticut ambulance company alleging that the company violated an employee's federal rights by firing her for criticizing a manager on Facebook. In the complaint, the NLRB took the position that union and non-union employees have a right to criticize their employers, management or working conditions, and cannot be punished for engaging in such protected activity. The NLRB also alleged that the company maintained overly-broad rules in its employee handbook regarding blogging, Internet posting, and communications between employees. The complaint asserted that an employee's right to criticize the employer and management is an extension of the federal right to discuss unionization and form unions.
On December 23, 2010, Russia's President Dmitry Medvedev signed legislation delaying until July 1, 2011 the enforcement of the country's omnibus data protection law (the Federal Law Regarding Personal Data). Pursuant to the new legislation, the revised effective date for the country's data protection law is January 1, 2011, but operators have until July 1, 2011 to bring their personal data information systems into compliance with the law.