New Law Requires Certain Vendors to Expand Their Privacy Policies

A recent amendment to the California Online Privacy Protection Act of 2003 (“CalOPPA”) will require certain owners and operators of commercial websites and online service providers to change their posted privacy policies to include additional information.  CalOPPA requires certain owners and operators to conspicuously post their privacy policies related to the collection of personally identifiable information (“PII”) on their websites.  AB 370, signed into law on September 27, 2013 and effective January 1, 2014, now requires these owners and operators to include a discussion of their “do not track” signals in their privacy policies.  “Do not track” signals are mechanisms that provide consumers a choice regarding the collection of PII related to consumers’ online activities over time and across different websites or online services. Continue reading

Accessing Employees’ Private Facebook Posts Can Get Employers Into Hot Water

A U.S. District Court Judge in New Jersey has just found that private Facebook postings by an employee about her employer are subject to the Stored Communications Act, 18 U.S.C. §§2701-11 (SCA).  The ruling raises significant potential hurdles for employers who act on private information posted by their employees on social media sites.

Continue reading

When It Comes To Employee Privacy, What You Say Is As Important As What You Do

This week’s California Court of Appeals decision in Ignat v. Yum! Brands, Inc. is a reminder to employers to be careful what they say about employees’ private matters.  Yum! Brand, the parent company to Taco Bell, Pizza Hut, and KFC, employed Ignat in its real estate title department.  Ignat took a medical leave of absence to care for her health.  She alleged that upon returning to work, her supervisor informed her that she told everyone in the department that Ignat was bipolar.  Ignat claimed that her coworkers thereafter avoided and shunned her, and one co-worker asked her supervisor if she was going to “go postal” at work.  A few months later, Yum! Brands terminated Ignat’s employment. 

Ignat subsequently sued – alleging a single cause of action for common law invasion of privacy by public disclosure of private facts.  Yum! Brands, Inc. obtained summary judgment of Ignat’s lawsuit on the technicality that Ignat did not have any documents showing a disclosure of private facts.  In fact, the trial court was correct that a claim for invasion of privacy required proof of a statement made in a document; an oral statement would not suffice.  Apparently, this anachronism dated back to the development of the common law in earlier times where the only concrete proof of such a statement was a writing. 

The California Court of Appeals reversed the dismissal, holding a verbal disclosure of private facts is enough to violate the common law right to privacy.  The court stated any rule requiring documents to show a violation of the common law right to privacy is outdated as verbal disclosures of private matters can be just as harmful.  It did away with the seemingly irrational requirement that a writing exist to prove the claim.

But, it did leave Yum! Brands with one other possible means of defeating the case.  The court noted that “liability for the common-law tort requires publicity; disclosure to a few people in limited circumstances does not violate the right . . . .”  So, to prevail, Ignat is going to have to show that there was a wide disclosure of her medical condition, not merely disclosure to a few people. 

Interestingly, a claim under the California constitutional violation of privacy (which, for some reason, Ignat did not allege) focuses on institutional record-keeping and does not require a wide dissemination of private information.  Therefore, it is possible that constitutional privacy claims require a writing component. 

This case is an example of why it is important for employers to ensure safekeeping of employees records and train their managers regarding employees’ privacy.  Management employees should be trained on what information they must keep confidential and that they should only disclose such information to other management employees who have a legitimate, business-related need for the information and even then, everyone should know not to disclose the information any further.   

The court’s decision is available here

- Alison Hamer (Los Angeles)