Virtual Hawaii Employment Lawyer

Last year, business owner Paige Darden stumbled upon an employee’s MySpace profile saying this person was planning a two-hour lunch because her boss was out of the office.

Concerned about her small firm’s reputation, which was identified as the writer’s employer, Ms. Darden says she began occasionally checking the profile. While most subsequent posts seemed like harmless venting, she says the employee eventually crossed the line by threatening a co-worker. View article here: Businesses Wary of Social Media.

Recent changes enacted as part of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and its implementing regulations require Covered Entities and their Business Associates to implement Security Breach Notification procedures and may require revisions to existing Business Associate Agreements (“BAAs”). HITECH was passed as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”). The new requirements became effective September 23, 2009, following the publication of the Department of Health and Human Services (“DHHS”) Security Breach Notification Interim Final Rule (the Interim Rule) in August of 2009. Their enforcement begins on February 23, 2010.

HITECH requires Covered Entities to report to the affected patient, and in some cases to the Centers for Medicare and Medicaid Services(CMS) and/or the local media, any breach to the security of “unsecure” protected health information (“PHI”) held in electronic form. The law applies to Business Associates and BAAs are required to incorporate specific provisions of the law. Accordingly, all Covered Entities and Business Associates should review their BAAs and policies/procedures to ensure compliance with HITECH.

Effective Jan. 1, Big Island motorists are prohibited from using hand-held cell phones while driving.  The new law also bans the use of other electronic devices such as laptop computers and video games but permits the use of hands-free devices.  Violators can be penalized up to $150, with fines increasing up to $500 if use of the electronic device causes an accident.  See Big Island Cell Phone Ban.

The Supreme Court agreed on Monday to decide whether a police department violated the constitutional privacy rights of an employee when it inspected personal text messages sent and received on a government pager.  The Supreme Court has given public employers wide latitude to search their employees’ offices and files.  But it has also said that the Fourth Amendment, which forbids unreasonable government searches, has a role to play in any analysis of that latitude.  It will now address a case involving the Ontario Police Department, which had a formal policy reserving the right to monitor “network activity including e-mail and Internet use,” allowing “light personal communications” by employees but cautioning that they “should have no expectation of privacy.”  It did not directly address text messages. 

Members of the department’s SWAT team were given pagers and told they were responsible for charges in excess of 25,000 characters a month.  Under an informal policy adopted by a police lieutenant, those who paid the excess charges themselves would not have their messages inspected.  The lieutenant eventually changed his mind and ordered transcripts of messages sent and received by Sgt. Jeff Quon. In one month in 2002, only 57 of more than 450 of those messages were related to official business.

Sergeant Quon and some of the people with whom he messaged sued, saying their Fourth Amendment rights had been violated.  Judge Kim McLane Wardlaw, writing for a three-judge panel of the United States Court of Appeals for the Ninth Circuit, in San Francisco, said the department’s formal policy had been overridden by the “operational reality” of the lieutenant’s informal policy.  Read the article here:  Supreme Court Case to Shape Electronic Privacy Issues.

More employees are using their own laptop computers at work, a trend that employers should approach with considerable caution, observers warn.  Concerns about establishing boundaries between personal and company information, protecting company networks against viruses and malware that may infect workers’ computers, and retrieving vital company data when the employee leaves the firm are just a few issues with which employers must contend, observers say.  Read article here: Employee-Owned Laptops Present Risks.

“Recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically.” View article here: Electronic Privacy and Email.

During an investigation into a harassment claim involving allegations of harassment by text message, can an employer access employees’ text messages outside of a discovery request without violating their expectations of privacy?  View an article on this issue here:  Text Harassment Investigations.

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.  The announcement can be viewed here: Deadline Extended.

The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The Commission previously delayed the enforcement of the Rule for entities under its jurisdiction until November 1, 2009. The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Web site (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups.

On August 24, 2009, the Department of Health and Human Services (“HHS”) issued its interim final rule with regard to breach notification requirements for unsecured protected health information.  Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, which is part of the American Recovery and Reinvestment Act of 2009 (“ARRA”).  HHS was required to issue interim final regulations regarding notification provisions in the event of a breach of unsecured protected health information.  Covered entities and their business associates (service providers to covered entities) only have 30 days after publication (or until September 23, 2009) to comply with these new rules. Read more…

The Fair and Accurate Credit Transactions Act (“FACTA”) has a new set of regulations, known as the “Red Flags Rule.”  The Red Flags Rule is an anti-fraud regulation. It was jointly issued by several federal agencies to implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act and is enforced by the Federal Trade Commission (“FTC”).  FACTA applies the Red Flags Rule to any business that allows a consumer to pay for property or services after the property is conveyed or the services are rendered. Read more…

The Federal Trade Commission (“FTC”) announced that it is extending the enforcement date of the Red
Flags Rule from August 1st to November 1, 2009.  The three-month delay will provide creditors and financial institutions additional time to develop and implement the written identity-theft prevention programs required by the rule. Read more…

The federal Eastern District Court of Missouri recently issued a ruling that could broaden the remedies available to Hawaii employers for damage caused to computers by departing employees. Read more…