Human Hand, Digital Tablet, Touching.

Since the Americans with Disabilities Act (ADA) was passed in 1990, businesses have been vulnerable to “drive-by lawsuits” alleging that their facilities are physically inaccessible to disabled customers or guests.  The new trend in ADA litigation is the “surf-by” lawsuit—disabled individuals who sue under the ADA because a business website they visited was allegedly inaccessible to them.  The U.S. Department of Justice also has been aggressively enforcing website inaccessibility violations even though it won’t issue regulations until 2018.

If you’re still not convinced that the threat of website accessibility lawsuits is real, consider that in March, a California trial court became the first in the nation to rule on summary judgment that a retailer’s website violated the ADA and California’s anti-discrimination law (the Unruh Act).  The court determined that the website was inaccessible to visually impaired individuals.  The judge slapped the retailer with $4,000 in statutory damages under the Unruh Act, ordered it to either modify or remove the website, and awarded the plaintiff its attorneys’ fees, which are estimated to be in the six-figure range.

What can business owners do to prevent being sued for website accessibility violations?  Start with these steps:

  1. Determine if the ADA applies to you. Title I of the ADA applies to private employers with 15+ employees.  Covered employers may not discriminate against employees with disabilities and must make reasonable accommodations for them.  In addition, accessibility may be an issue for business websites that allow job applicants to apply online.  Title II applies to State and local governments.  Under Title III, the website of an organization that qualifies as a “public accommodation” must be accessible to individuals with disabilities.  Courts are split on whether “pure Internet” organizations (i.e., those without a bricks-and-mortar presence) are subject to website accessibility requirements.
  1. Identify accessibility issues. If the ADA applies to you, determine if your website poses accessibility problems to disabled individuals.  The DOJ has not yet officially adopted rules for website accessibility, but is considering two sets of standards – the Web Content Accessibility Guidelines (WCAG) 2.0 created by the World Wide Web Consortium and the Electronic and Information Technology Accessible Standards published by the U.S. Access Board for compliance with Section 508 of the Rehabilitation Act.  Common accessibility barriers include lack of closed-captioning for audio and video content, a site navigation structure unfriendly to keyboard-only users, and failure to provide descriptive text for images and non-text content.
  1. Get expert help. Web accessibility standards are highly technical.  Consider consulting an IT expert with web accessibility experience to help you identify accessibility problems and solutions.  You should also consult a lawyer with ADA experience to help you evaluate and mitigate legal risk, or to devise a defense strategy if you’ve already received a demand letter threatening litigation.

Digital privacy versus national security. That’s how scores of articles have framed the controversy over Apple Inc.’s refusal to cooperate with the FBI in bypassing the security features of an iPhone used by Syed Farook, one of the deceased shooters in the San Bernardino terrorist attack. Largely overlooked is the fact that Farook’s employer could’ve prevented the whole controversy had it installed common software on the phone.

Syed worked for the County of San Bernardino as a health inspector. The county issued the iPhone in question to Farook to help him do his job. Farook signed an agreement giving the county the right to search the contents of the phone, but the county did not take measures to ensure its could enforce that right. Employers who allow their employees to use mobile devices for work typically install mobile device management (MDM) software on the device. MDM allows the employer to unlock a mobile device phone remotely, wipe the contents of the device, push software updates, and track the device’s location. According to an AP report, the county had a contract with a MDM provider, but it never installed the MDM software on Farook’s phone. The MDM service costs $4 per month per phone.

There are HR and IT lessons to be learned from this incident. One lesson is that employees should be required to grant their employers access to their mobile devices as a condition of using them for work-related purposes. Specifically, management should obtain an employee’s signed written agreement authorizing the company to access the contents of a mobile device that is connected to the company network. The County of San Bernardino did it at least obtain this kind of authorization.

A second lesson is that the right to access an mobile device is useless if you have no practical way of gaining access. This is where technology like MDM software is useful. Installation of MDM controls should be standard operating procedure in any Bring Your Own Device program. MDM software doesn’t have to be expensive either. Popular email server platforms like Microsoft Exchange have MDM controls built in. For more robust functionality, consider investing in specialized MDM solutions.

It shouldn’t take the prospect of a terrorist attack to highlight the importance of taking these lessons seriously.

Anyone with a smartphone has the ability to record sound and video. This can raise privacy concerns as well as create a record of events without others’ knowledge. For these reasons, companies may prohibit employees from making workplace recordings.   If your employee handbook contains such a rule, consider giving it a second look because the National Labor Relations Board (NLRB) recently struck down “no recording” rules implemented by Whole Foods.

A three-member panel of the NLRB reviewed two workplace policies: one prohibiting employees from making audio or video recordings of company meetings without prior management approval or the consent of all parties to the conversation, and the second prohibiting employees from recording conversations without prior management approval. The stated purpose of both policies was to foster open and honest communication, a free exchange of ideas, and an atmosphere of trust. Allowing employees to record conversations in secret, the policies explained, would deter employees from holding frank discussions about sensitive and confidential matters in the workplace.

The NLRB saw the “no recording” rules differently. In a NLRB Whole Foods Decision, the NLRB ordered Whole Foods to rescind the rules because they effectively violate employees’ rights under Section 7 of the National Labor Relations Act to engage in protected concerted activity. A majority of the NLRB panel expressed concern that the rule would prohibit employees from engaging in protected activities such as “recording images of protected picketing, documenting unsafe workplace equipment or hazardous working conditions, documenting and publicizing discussions about terms and conditions of employment, documenting inconsistent application of employer rules, or recording evidence to preserve it for later use in administrative or judicial forums in employment-related actions.” The majority noted that covert recordings were an essential element in vindicating Section 7 rights in many cases. The employer’s interest in encouraging open and frank communications did not override the Section 7 rights of employees.

One member of the NLRB panel dissented, arguing that employees would reasonably interpret the “no recording” rules to protect, not prohibit, Section 7 activity. However, the majority found the blanket prohibition on all recordings troubling. A witness for Whole Foods testified that the rules would apply “regardless of the activity that the employee is engaged in, whether protected concerted activity or not.” According to the majority, employees would reasonably read the broad and unqualified language of the rules to prohibit recording Section 7 activity.

The decision suggests that a “no recordings” rule that exempts protected activities could be valid. But where to draw the line between protected and unprotected activities remains an open question. Given the NLRB’s tendency to construe the scope of Section 7 activities broadly, a wide range of business discussions could be considered to involve protected activity and thus exempt from a “no recordings” rule. This would make the rule virtually useless. The NLRB’s decision may not be last word on recording rules, however, as Whole Foods has appealed the decision to the Second Circuit Court of Appeals.

Your employees may return to the office after the holidays with new gadgets strapped to their wrist. Wearable devices like the Apple Watch, Android Wear smart watch, and FitBit are some of the hottest holiday gifts of 2015. Or maybe your company gave wearable devices as gifts to its employees. Either way, wearables are showing up more and more in the office. With that trend come a slew of legal concerns. Here are some of the legal issues created by wearables to be aware of:

Privacy

Wearable devices make it easier to violate privacy rights. If the wearable device is employer-issued, it could be used to track and monitor employees. Be sure to give notice to employees before doing that, and obtain their written consent to having their activity monitored. Employees should be told what information the company collects and how it will be used. If your workforce is unionized, use of wearables for monitoring purposes may be a point for collective bargaining.

Then there’s the privacy of co-workers. Some wearables can record audio and video, but they’re generally less detectable than smartphones and cameras. An employees’ ability to record interactions with co-workers and customers without their knowledge raises a variety of legal challenges. Workplace policies should explain the circumstances under which certain categories may or may not be used and describe the kind of notice employees who use wearables in the workplace must give to co-workers and customers.

Data Security

If a wearable device is allowed access to the company network, it should be subject to BYOD policies like use of encryption, strong password requirements, device locks, etc. Don’t let wearables be an undetected hole in your network’s security. Also be sure to preserve the right to collect work-related information stored on your employees’ wearable devices, as such access might be necessary to comply with information requests in an investigation or litigation.

Productivity

Smartphones and web browsers already give employees plenty of opportunities to engage in distractions that kill productivity, and wearables make that problem even more challenging. Consider modifying your workplace policies to address the use of company resources and company time to engage in personal activity using wearables.

A recent National Labor Relations Board Shore Point Advisory Letter gives a bit of good news to employers who want to use modern monitoring technology to monitor employees that they suspect are breaking work rules. On November 2, 2015, the NLRB concluded that an alcoholic beverage distributor (Shore Point), did not violate labor laws by failing to negotiate with its employees’ union before installing a GPS tracking device on an employee’s company truck. Shore Point suspected that the employee was stealing time while on his work routes. Shore Point’s collective bargaining agreement contains rules against stealing time.

Shore Point hired a private investigator to follow the employee to collect evidence for disciplinary purposes, an established practice the union had not objected to in the past. The investigator placed a GPS tracking device on the employee’s truck to maintain and regain visual contact.  The GPS was only installed on the employee’s vehicle on the days when the investigator was following the employee, and was used as a backup method in case the investigator lost visual sight of the employee and his truck. Based on the investigator’s observations of the employee engaging in misconduct, Shore Point terminated the employee. The union filed a charge alleging that the employer unilaterally engaged in electronic surveillance without bargaining in violation of the National Labor Relations Act.

The NLRB determined that Shore Point did not have an obligation to bargain over the installation and use of the GPS device. Although the use of the device was a mandatory subject of bargaining, it did not amount to a material, substantial, and significant change in the terms and conditions of employment.  Shore Point had an existing practice of using a personal investigator to monitor employees suspected of misconduct. Using a GPS tracking device was just “a mechanical method to assist in the enforcement of an established policy,” and therefore was not a material, substantial, or significant change in policy.  The NLRB also noted that the GPS device only added to information that the private investigator had collected through personal observation, did not increase the likelihood of employee discipline, and did not provide an independent basis for termination.

At least two lessons can be learned from this case. First, when crafting employee work rules subject to bargaining, build in flexibility to allow for use of technological advances in enforcement methods. Second, disciplinary action against an employee should be supported with various types of evidence if possible. Just relying on evidence collected with a controversial or untested method is risky because if the use of the method is determined unlawful, the basis for the disciplinary action disappears.