Many employers have been surprised by recent rulings that two common employment policies run afoul of the National Labor Relations Act (“NLRA”). These rulings apply to policies covering all non-management employees, including employees who are not covered by a collective bargaining agreement. Based on a legitimate interest in preserving proprietary business information, confidentiality, and privacy, many employers have adopted social media policies limiting what employees may post on Facebook or Twitter about their work, their employer, or their co-workers. Based on privacy considerations, employer procedures for investigating sexual harassment and other complaints often place restrictions on what employees may reveal to their co-workers or others about the allegations. According to recent decisions, however, both policies may violate Section 7 of the NLRA, which permits employees to engage in “concerted activity” for “mutual aid and protection.”
Continue Reading Social Media and Other Policies Struck Down By NLRB Even for Non-Union Employees
confidential information
Safer “Bring Your Own Device” Policies: New Guidance from the UK Information Commission’s Office
By Helena Milner-Smith & Mark Young on
Posted in Privacy, United Kingdom
On 7 March 2013, the UK Information Commissioner’s Office (ICO) issued new guidance for employers on the use of personal devices for business purposes. The guidance is largely informed by a survey commissioned by the ICO and carried out by the market research firm YouGov. According to the survey, 47 percent of adults in the UK use personal smart mobile phones, laptops or tablets for work purposes, but less than 30 percent are given guidance on secure use and the risks relating to loss or theft. However, even when an employee uses a personal device, an employer may still be liable in the UK for the loss of data relating to individuals that the employer is required to protect.
UK companies have in recent years been increasingly amenable to allowing employees to use personal devices for business purposes, a practice known as “bring your own device” to work, or BYOD. The driving forces behind the trend for BYOD include cost considerations and a rise in flexible working practices. The ICO guidance reminds employers that their responsibilities as data controllers apply equally in the context of BYOD. In other words, employers remain liable for any data loss, theft, or damage to personal data that occurs, regardless of whether processing takes place in their secure corporate IT environment or on the personal devices of their employees.
Continue Reading Safer “Bring Your Own Device” Policies: New Guidance from the UK Information Commission’s Office