As we noted in a previous post, the Board has been particularly aggressive in finding employer policies will run afoul of Section 7 of the Act even when they have strong threads of common sense attached to them. In the case we reported on in March – Latino Express, Inc., NLRB Case No. 13-CA-122006 (Mar. 17, 2015) – the Board came down against an employer even when the employer had already rescinded its questionable policy. The Board was very unforgiving in that instance and seems to be continuing that trend.

In Rocky Mountain Eye Center, NLRB Case Nos. 19-CA-134567, 19-CA-137315 (May 6, 2015), two employees of a physician’s office were terminated for disseminating records housed on the office’s information system, a system that included both patient and employee data. To protect this information, the company’s confidentiality rule stated that a “[b]reach of either patient or facility confidentiality is considered gross misconduct and may lead to immediate dismissal” and defined “confidential information” as including, but not limited to “patient information, physician information, personnel information, billing, purchasing and financial information.” So far, so good, right?

To support a union organizing drive, the two employees at issue had accessed the employer’s information systems to obtain contact information for several other employees, for the purpose of having the Union contact them. When the Union began contacting these employees, the employees questioned how the Union received their contact information, which prompted an investigation into whether a breach of the office’s records occurred. After an investigation, the company determined that the employees breached the confidentiality rule by accessing and disseminating the employee information, housed in the same system as patient data, and were terminated in accordance with the company’s confidentiality rule.

Of course, the NLRB held that the termination was unlawful. After first concluding that the confidentiality rule could reasonably be construed to restrict Section 7 rights, the NLRB reasoned that it was overly broad in that it included a prohibition against utilizing employee contact information which could be used for Union organizing. Further, the employer made the mistake of housing both employee and patient data on the same system, and such a mistake could not be attributed to the employees who were merely exercising their Section 7 rights by collecting employee contact information, not patient information.

Although not as shocking as the decision in Latino Express, the beat is clearly continuing to go on at this activist NLRB. With another unforgiving decision, employers should continue to be vigilant in reviewing their policies and be prepared to defend against similar charges from the Board. Oh, and while you’re at it, it’s a good idea to keep employee information separate from customer, client and patient data.

While breaches of customer data have received most of the media scrutiny, employee data breaches also are causing company headaches. But there remain increasing pressures to also gather and utilize employee data through the monitoring of employee communications to measure productivity, maintain corporate image, and to deter or prevent wrongdoing.

The seminar will focus on key questions employers face when balancing obligations to their business and employees such as:

• What are HR best practices in these areas?
• What are the lessons learned from past employee data breaches?
• What are employees’ electronic privacy rights in the workplace?
• How should a business strike the right balance between an employee’s privacy rights and protection of the business?
• Can employees use companies’ email systems for personal reasons?
• Can employers monitor employee email use? Do they have to let employees know if they are doing so?
• Can employers sanction employees for comments made on social media? What constitutes private behavior vs. behavior that can adversely affect a company’s image?
• Can employers monitor data on personal devices that are also used for business reasons?