Blog: The Labor & Employment Law Blog

Download: 1055962.pdf

In LVRC Holdings, LLC v. Brekka, et. al. (9/15/09), the Ninth Circuit Court of Appeals upheld the trial court’s summary judgment for defendants finding that defendant, Brekka, was “authorized” to use LVRC’s computers while he was employed, and that he did not access the computers “without authorization” under the Federal Computer Fraud and Abuse Act (CFAA) when he emailed documents to himself and his wife prior to leaving LVRC.

Factual Background.

Brekka was hired by LVRC in April 2003 to oversee a number of aspects of its residential treatment facility in Nevada. His duties included internet marketing programs and interacting with LVRC’s website consultant, LOAD, Inc. At the time he was hired, he owned and operated two other consulting businesses himself which were also in the addiction rehabilitation services. While he worked for LVRC, Brekka commuted between Florida where he resided and one of his businesses was located, and Nevada. He was assigned a computer at LVRC but while commuting back and forth between Florida and Nevada, he would email documents he obtained or created at LVRC to his personal computer. There was no written policy at LVRC regarding the emailing of LVRC documents to personal computers.

In June 2003, Brekka asked a LOAD administrator, Nick Jones, for a log-in for LVRC’s website and it was provided. With this log-in, Brekka could gain access to information about LVRC’s website. In August 2003, Brekka and LVRC entered into discussions regarding the possibility of Brekka purchasing an ownership interest in the company. He emailed a number of LVRC documents to his personal email account and his wife’s personal email account. They included a LVRC financial statement, its marketing budget, admissions reports for patients at the facility, among other things. After discussions between LVRC and Brekka broke down in mid-September 2003, Brekka quit. He left his LVRC computer at the company and it still contained the email in which LOAD had sent him the log-in information. After he left, another employee or consultant of LVRC deleted that email with the log-in information. During a routine monitor of the website on November 19, 2004, a LOAD administrator noticed that someone was logged into the LVRC website using the log-in and password given to Brekka back in June 2003. The log-in and password were then deactivated and LVRC filed a report with the FBI alleging that Brekka had been unlawfully logging into LVRC’s website.

The Case.

LVRC filed a civil lawsuit claiming that Brekka committed two of the crimes established by the CFAA: 1) that he intentionally accessed a computer without authorization or exceeded his authorized access; and 2) that he obtained information from a protected computer (and the conduct involved an interstate or foreign communication). (18 U.S.C. §§ 1030(a)(2) and (a)(4).) LVRC alleged that Brekka violated these sections of the CFAA when he emailed LVRC documents to himself in September 2003 and when he continued to access the website after he left LVRC.

The CFAA prohibits a number of different computer crimes, the majority of which involve accessing computers without authorization or in excess of authorization, and then taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data. (18 U.S.C. § 1030(a)(1)-(7).) While violation of the CFAA carries with it criminal penalties, section 1030(g) of the statute provides for a civil private right of action by persons injured by the crimes.[1]

The trial court granted Brekka’s summary judgment motion holding that LVRC had failed to establish a violation of section 1030(a)(2) or (a)(4). The trial court found that “It is undisputed that when Brekka was employed by Plaintiff that he had authority and authorization to access the documents and emails that were found on his home computer and laptop.” There was no evidence that Bekka accessed an LVRC computer or any of the documents on the computer “without authorization.” Brekka had “authorization” to access the LVRC computers for purposes of sections 1030(a)(2) and (a)(4) because he was employed by LVRC at the time he emailed documents to himself and his wife, and there was no evidence that he had agreed to keep the emailed documents confidential or to return or destroy those documents upon the conclusion of his employment. Also, the trial court found that LVRC had failed to put forth any evidence that Brekka logged into the LVRC website after leaving LVRC’s employ.

The Ninth Circuit found that while the CFAA does not define “authorization,” based on the fundamental canon of statutory construction, the word is to be given its ordinary and common meaning. Therefore, it held that “an employer gives an employee ‘authorization’ to access a company computer when the employer gives the employee permission to use it.” According to the court, because LVRC permitted Brekka to use the company computer, he did not act “without authorization.” Further, the court found that Brekka did not “exceed authorized access.” This phrase was defined by Congress to mean “access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” (18 U.S.C. § 1030(e)(6).) According to the Court, based on this definition, an individual who is authorized to use a computer for certain purposes but goes beyond those limitations is considered by the CFAA as someone who has “exceeded authorized access.” On the other hand, a person who uses a computer “without authorization” has no rights, limited or otherwise, to access the computer in question. In this case, the court found that there was no dispute that Brekka had permission to access the computer without limitation and he was still employed by LVRC when he emailed the documents to himself and his wife. The Court affirmed the trial court’s summary judgment finding that Brekka did not access LVRC’s computer without authorization.

The Court also affirmed the trial court’s summary judgment that Brekka did not violate CFAA by logging onto the website after he left LVRC because LVRC did not meet its burden of producing evidence that a genuine issue of material fact existed in this regard.

Note to Employers.

This case review addresses solely the CFAA. LVRC and other employers often have other legal remedies available if a departing employee misappropriates its confidential and proprietary information or fails to return its property.

However, it is important that employers have clear and concise Electronic Use Policies and Confidentiality & Proprietary Information Policies in place. These policies can help to protect against an employee’s improper use of the company’s electronic media (e.g. computers, telephones, and remote communication devices) and the improper access to, and disclosure of, the company’s confidential and proprietary information. The employment lawyers at WGC regularly draft such policies and would be happy to assist employers in the review and/or drafting of such policies.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

____________________

[1] Section 1030(g) provides in part that “Any person who suffers damages or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.”

In the recent case of Gross v. FBL Financial Services, Inc., the United States Supreme Court held that a plaintiff must prove that his/her age was the “but for” cause of the adverse employment action they claim was discriminatory (e.g. demotion). Plaintiff was 54 years old when his employer reassigned him from his position as a claims administration director to a claims project coordinator. Many of his responsibilities in the director position were transferred to one of his subordinates who was in her early 40’s. Although Plaintiff’s compensation was not reduced, he believed that his transfer to the coordinator position was a demotion and filed an age discrimination claim under the federal Age Discrimination in Employment Act (ADEA).

When instructing the jury, the trial court utilized the “mixed motive” instruction. The court told that jury that Plaintiff only needed to show that his age was a “motivating factor,” among other factors, in order for him to state his case and then the burden would shift to the employer who would have to prove that it would have “demoted” Plaintiff regardless of his age. Based on the mixed motive instruction, the jury returned an award in Plaintiff’s favor. The employer appealed and the appellate court reversed the trial court finding that the Plaintiff must show “direct evidence” that age was a reason for the demotion before the court could provide a mixed motive instruction.

The case went before the Supreme Court on the sole issue of whether an ADEA plaintiff must present direct evidence of discrimination in order to receive a mixed motive jury instruction. However, in reviewing this issue, the Court actually decided that the mixed motive theory does not apply to the ADEA at all. It’s decision was based on the distinction it made between Title VII which permits the use of the mixed motive theory and the ADEA. The Court reviewed a previous decision, Price Waterhouse v. Hopkins, in which the court found that under Title VII, a plaintiff must first prove that discrimination was a “motivating” or “substantial” factor in the employer’s action, after which the burden of persuasion shifts to the employer to show that it would have taken the same action regardless of the impermissible discriminatory consideration. Congress amended Title VII after Price Waterhouse to adopt its reasoning and clarify that a plaintiff need only prove that the discriminatory factor was a “motivating” factor not the “but for” cause of the decision.

The Court found that not only is the language of the ADEA and Title VII different, but also that Congress did not amend the ADEA when it amended Title VII to adopt the Price Waterhouse reasoning. Thus, the Court held that under the ADEA, a Plaintiff must prove that ‘but for” his or her age, the employer would not have taken the claimed discriminatory action.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

Download: Can an Employee Release a Wage Claim.pdf

Labor Code section 206.5 provides that “an employer shall not require the execution of a release of a claim or right on account of wages due, or to become due, or made as an advance on wages to be earned, unless payment of those wages has been made. A release required or executed in violation of the provisions of this section shall be null and void as between the employer and the employee.” The section also provides that requiring such a release could constitute a misdemeanor.

Based on this section, for years employers have either been unable to obtain a release from an employee for any wage claim, or have obtained such releases without any guarantee that they are enforceable.

Recently however, the Court of Appeal in Watkins v. Wachovia Corporation provided some clarification on when a release of a wage claim may be valid. In Watkins, the Plaintiff was employed by Wachovia as a sales assistant. She assisted stockbrokers with client contact and other duties. After the federal Department of Labor investigated a separate Wachovia branch office and determined that the sales assistants had been improperly classified as exempt employees, Plaintiff joined in a class action against Wachovia claiming unpaid overtime. Wachovia brought summary judgment claiming that when Plaintiff’s employment was ended, she signed a release of all claims, known or unknown, specifically including wage claims, in exchange for severance pay. Plaintiff conceded that she signed the release but argued that it was unenforceable as to her overtime claim based on Labor Code section 206.5’s prohibition on such releases. Wachovia responded that section 206.5 does not prohibit releases of claims subject to a “bona fide dispute.” The trial court agreed and granted the summary judgment. Plaintiff appealed and the trial court’s decision was affirmed.

Based on the court’s decision, a release of a wage claim is valid if: 1) there is a “bona fide dispute” regarding whether or not wages are owed; 2) the employer has paid all of the undisputed wages without regard to whether the employee signs the release; and 3) the employee receives something of value in exchange for releasing the right to sue for the additional (disputed) wages.

When does a “bona fide dispute” exist?

A bona fide dispute exists when the employee and the employer have a reasonable factual basis for taking a position contrary to the other side’s position. In this case, the court found that a bona fide dispute existed when Plaintiff signed the release. She claimed she worked overtime hours for which she was not paid. In the litigation, she submitted a declaration indicating that she had been told to work off the clock if she had not finished her work within her scheduled 8 hour workday. She also submitted separate time sheets she had kept while working for Wachovia that showed the overtime she had worked. Finally, she testified that she had complained to management about not being paid overtime and that one manager had told her that her brokers would have to compensate her for any overtime which they did not.

The court held that when Plaintiff signed the release of all claims at the time of her termination, a “bona fide dispute” existed because: 1) she received all wages Wachovia conceded were due based on the timesheets she submitted; 2) she believed she possessed a claim for further overtime; and 3) she voluntarily elected to receive enhanced severance benefits in exchange for releasing her claims against Wachovia. Therefore, the court ruled that the release of the wage claim was enforceable.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

Download: Employee Has No Right to Post-Termination Commissions.pdf

In Nein v. HostPro, Inc., a Court of Appeal held that the language of the employee’s employment agreement precluded him from recovering commissions following his termination of employment. Plaintiff worked as a sales representative for HostPro for a period of 2 years. He signed an employment agreement that expressly provided that Plaintiff would be eligible for commission pay “so long as [he] remains employed with the Company as a Sales Representative.”

Plaintiff was terminated in December 2001. In January 2002, HostPro and a potential customer who Plaintiff had approached and negotiated with prior to his termination, completed the transaction. Plaintiff sued claiming he was entitled to commissions on the transaction. HostPro moved for summary judgment arguing that based on the terms of the employment agreement, it had no duty to pay Plaintiff commissions. The trial court granted summary judgment and Plaintiff appealed. The Court of Appeal agreed. It said that the employment agreement was “susceptible to only one interpretation – that once plaintiff ceased to be employed by defendant, he would no longer be eligible for commission pay.”

CAUTIONARY NOTE: Despite the ruling in HostPro, employers should be careful when drafting commission plans and consult with their employment counsel since there are other cases which have interpreted similar language as punitive and resulting in a forfeiture of commissions when the sales was ultimately consummated based on the efforts of the employee prior to termination.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

Download: A Disability Access Claim under the Unruh Act.pdf

The California Supreme Court has finally settled the troubling issue of whether intentional discrimination must be shown to prove a disability access claim under the California Unruh Act. In Munson v. Del Taco, Inc., the Court decided the issue after it was certified to the California Supreme Court from the U.S. Court of Appeal for the Ninth Circuit because of the conflicting decisions in federal and state courts.

Plaintiff, Munson, was a disabled person who claimed that when he visited Del Taco in San Bernardino, he encountered numerous architectural barriers that prevented his equal access. He sued Del Taco under the federal ADA and the California Unruh Act. The Unruh Act prohibits discrimination by business establishments in California on the basis of age, ancestry, color, disability, national origin, race, religion, sex, and sexual orientation.

After summary judgment proceedings, Del Taco appealed arguing that the Unruh Act requires a showing of intent. The Court of Appeal certified the following issue to the California Supreme Court: “Must a plaintiff who seeks damages under California Civil Code § 52, claiming the denial of full and equal treatment on the basis of disability in violation of the Unruh Act, prove intentional discrimination?”

In answering the question, the California Supreme Court examined the original language and history of the Unruh Act and the various cases interpreting it. It noted that in 2001, it ruled in Harris v. Capital Growth Investors XIV, that proof of intentional discrimination was necessary to establish a violation of the Act. However, it went on to explain that in 2002, the state Legislature amended the Act to include ADA violations as violations of the Unruh Act. Under the ADA, there is no requirement that intentional discrimination be shown to establish a violation of the Act. Therefore, the California Supreme Court held that proof of intentional discrimination was not necessary to establish a violation of the Unruh Act based on the public accommodation provision of the ADA.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

In Johnson v. United Cerebral Palsy/Spastic Children’s Foundation of Los Angeles and Ventura Counties, a California Court of Appeal has held that an employee can prove a case of discrimination by putting on evidence from other employees that claim that they too were subject to discrimination by the employer (“me too” evidence).

In Johnson, Plaintiff claimed she was terminated after taking sick leave related to her pregnancy. The employer filed a summary judgment motion claiming that Plaintiff was terminated because she falsified her timesheets when she said she had worked at home when she had not. The Plaintiff submitted various pieces of evidence in opposition to the summary judgment motion to try and prove that the employer’s stated reason for termination was pretext, including declarations from other employees who believed that they had been subjected to discrimination by the employer but had never taken any action against the employer for such alleged discrimination.

One employee said in her declaration that when she attended a meeting with managers involved in Plaintiff’s case, they discussed their desire to fire a pregnant employee because “they were worried about being liable in case she was injured, but they could not do that because it was illegal.” According to the declaring employee, the managers then discussed what reasons they could use to fire the employee. Another employee declared that one of the managers fired her and told her it was because she was pregnant; and yet another declared that she was terminated without any reason within weeks after revealing she was pregnant.

The trial court held that the declarations were inadmissible and ruled in favor of the employer on the summary judgment. Plaintiff appealed and the Court of Appeal held that the “me too” evidence in the declarations was per se admissible and was substantial evidence that the employer’s stated reason for terminating Plaintiff was pretext for discrimination. The court said that this evidence of the managers’ prior treatment of pregnant women showed intent or discriminatory animus.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

The Federal Trade Commission (FTC) has just announced that it will delay enforcement of the identity theft “Red Flags Rule” (Rule) until August 1, 2009. The Rule was discussed previously in Weintraub Genshlea Chediak’s Law Alert Article: Deadline to Have Identity Theft Prevention program Prepared and Implemented is May 1, dated April 15, 2009.

The Rule was adopted by the FTC after the Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. According to the FTC, some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

The express purpose of the extension is to provide more time to entities that may be covered by the Rule to create and implement written identity theft prevention programs. The FTC’s announcement of the extension also indicates that it plans to publish a template to help entitles with a low risk of identity theft to comply with the Rule.

The FTC’s announcement can be found at: http://ftc.gov/opa/2009/04/redflagsrule.shtm.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

On January 6, 2009 the Department of Labor (DOL) issued Opinion Letter FMLA2009-1-A to respond to a request for clarification regarding employee notification procedures under the Family and Medical Leave Act (FMLA) as discussed in the DOL’s previous Wage and Hour Opinion Letter FMLA-101 (January 15, 1999). The DOL indicated that it was brought to its attention that some employers had interpreted Opinion Letter FMLA-101 to stand for the proposition that under the FMLA, employers were not permitted to apply their internal call-in policies or discipline employees under their no call/no show policies, provided the employees provide notice within two (2) business days that the leave was FMLA-qualifying, regardless of whether the employee could have practicably provided notice sooner.

The FMLA requires employees to provide notice of the need for leave due to the birth or placement of a child, or for their own serious health condition, or to care for a covered family member with a serious health condition, 30 days before the leave is to begin where possible. (See 29 U.S.C. § 2612(e).) Where it is not possible to provide 30 days notice of the need for such leave, employees must provide “such notice as is practicable.” (Id.)

On January 16, 2009, the DOL’s final updated FMLA regulations (Final Rule) went into effect. (73 Fed. Reg. 67934 (11/17/08).) In the Final Rule, the DOL adopted the proposed revisions regarding the timing of employee notice of the need for FMLA leave with some minor modifications. The DOL noted that the “one to two business days” time frame set forth in the 1995 regulations had been misinterpreted as permitting “employees two business days from learning of their need for leave to provide notice to their employers regardless of whether it would have been practicable to provide notice more quickly.” (73 Fed. Reg. 68003.) In discussing the proposed changes to § 825.302, the DOL stressed that

“both current and proposed § 825.302(b) defined ‘as soon as practicable’ as ‘as soon as both possible and practical, taking into account all the facts and circumstances of the individual case.’ The deletion of the ‘two-day rule’ does not change the fact that whether notice is given as soon as practicable will be determined based upon the particular facts and circumstances of the employee’s situation.” (73 Fed. Reg. 68003.)

Thus, the final § 825.302(b) states that

“[w]hen an employee becomes aware of a need for FMLA leave less than 30 days in advance, it should be practicable for the employee to provide notice of the need for leave either the same day or the next business day. In all cases, however, the determination of when an employee could practicably provide notice must take into account the individual facts and circumstances.” (73 Fed. Reg. 68098.)

Also, the final § 825.303(a), which addresses the timing of notice for unforeseeable FMLA leave, similarly states that an employee must provide notice to the employer as soon as practicable under the facts and circumstances of the particular case. Specifically, “[i]t generally should be practicable for the employee to provide notice of leave that is unforeseeable within the time prescribed by the employer’s usual and customary notice requirements applicable to such leave.” (73 Fed. Reg. 68099.) According to the DOL’s Opinion Letter FMLA2009-1-A, in both situations, employees must comply with their employer’s usual and customary notice and procedural requirements for requesting leave, absent unusual circumstances. (See 73 Fed. Reg. 68099 (setting forth § 825.302(d) (“Complying with employer policy”) of the Final Rule); 73 Fed. Reg. 68100 (setting forth section § 825.303(c) (“Complying with employer policy”) of the Final Rule).)

The Final Rule replaces the statement that employees will be expected to give notice to their employers “promptly” with the statement that “it generally should be practicable for the employee to provide notice of leave that is unforeseeable within the time prescribed by the employer’s usual and customary notice requirements applicable to such leave.” Therefore, according to the DOL, where an employer’s usual and customary notice and procedural requirements for requesting leave are consistent with what is practicable given the particular circumstances of the employee’s need for leave, the employer’s notice requirements can be enforced. The DOL concluded that to the extent that Opinion Letter FMLA-101 has been interpreted to create a flat “two-day rule,” the Department is hereby rescinding it.

To clarify its interpretation of the Final Rule, the DOL applied it to the following example: if an employer has a policy requiring employees to call in one hour prior to their shift to report absences and an employee who is absent on Tuesday and Wednesday, but does not call in on either day and instead provides notice of his need for FMLA leave when he returns to work on Thursday, it is the DOL’s opinion that unless unusual circumstances prevented the employee from providing notice consistent with the employer’s policy, the employer may deny FMLA leave for the absence.

The DOL’s FMLA2009-1-1 Opinion Letter can be obtained at: www.dol.gov/esa/WHD/opinion/opinion.htm.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.

Download: Legal Alert.pdf

Pursuant to the Federal Trade Commission’s (“FTC”) Identity Theft Prevention Red Flags Rule (16 .C.F.R. § 681.2) which went into effect on January 1, 2008, all financial institutions and creditors must prepare and implement a written “Red Flags” Program by May 1, 2009. The determination of whether a business or organization is covered by the Red Flags Rule is not based on a particular industry or sector, but rather on whether the activities of the business or organization fall within the relevant definitions.

What Businesses are Covered?

“Financial institutions” are defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other person that, directly or indirectly, holds a transaction account belonging to a consumer.

The definition of “creditor” under the Red Flags Rule is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. According to the FTC, this can include a wide variety of businesses from utility companies to health care providers.

Only financial institutions and creditors with “covered accounts” must implement a Red Flags Program. There are two types of “covered accounts”:

1. “Consumer accounts” which are those offered to customers primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions (e.g. credit card accounts, mortgage loans, automobile loans, cell phone accounts, and checking accounts); and
2. Any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks. The FTC advises that in determining if accounts are covered under this second category, businesses should consider how they are opened and accessed. For example, there may be a reasonably foreseeable risk of identity theft in connection with business accounts that can be accessed remotely (e.g. through the Internet or by telephone).

Requirements for an Effective “Red Flags” Program.

Financial institutions and creditors must develop, implement, and administer an Identity Theft Prevention Program, which must include four basic elements.

1. Identification of Red Flags. The Program must include reasonable policies and procedures to identity the “red flags” of identity theft they are likely to come across in their business. “Red flags” are potential patterns, practices, or specific activities indicating the possibility of identity theft. Some examples are alerts or notices from credit reporting agencies, certain suspicious documents, suspicious personal identification information, and suspicious account activity. Some red flags may also be relevant to the particular business or organization.
2. Detect Red Flags. The Program must be designed to detect the “red flags” that have been identified. The financial institution or creditor must lay out procedures for detecting them in the day-to-day operation of the business. In creating the procedures, the business needs to consider how detection may differ depending on whether an identity verification is taking place in person or at a distance (e.g. by telephone, mail, Internet, etc.).
3. Prevention and Mitigation. The Program must spell out appropriate actions the financial institution or creditor will take when it detects “red flags.” The procedures for responding to a “red flag” will depend upon the degree of risk posed. A business must be mindful to accommodate and/or comply with other legal obligations (e.g. privacy laws and other laws impacting the medical profession) when taking action.
4. Continued Evaluation. The Program must be re-evaluated and updated periodically due to the ever-changing threats associated with identity theft. According to the FTC, as technology changes or identity thieves change their tactics, financial institutions and creditors will need to update their Programs to ensure they keep current with the risks.

Administering Your “Red Flags” Program.

1. Approval. Pursuant to the FTC, if a financial institution or creditor is a corporation, its Red Flags Programs must be approved by the Board of Directors or a committee of the Board. If the business is not a corporation, the Program must be approved by someone in a senior management position.
2. Administration. The financial institution or creditor must appoint a designated individual(s) to serve as the Administrator of the Program. The Administrator will be responsible for implementing the Program, training personnel on the Program, reviewing documents and information for compliance with the Program, re-evaluating and updating the Program, and reporting to the Board or senior management annually regarding the Program.
3. Training. The Rule requires that financial institutions and creditors train relevant staff on the policies and procedures under the Red Flags Program.
4. Third-Party Providers. If a financial institution or creditor contracts with other service providers and any activity by the service providers implicates the Red Flags Rule, they should seek confirmation that the service providers have an appropriate Red Flags Program in place.

Conclusion.

Compliance with the Red Flags Rule is mandatory for all financial institutions and creditors with “covered accounts.” There is no one-size-fits-all Program and each business or organization should evaluate its “covered accounts” and the various activities or transactions related to those accounts that could give rise to identity theft.

Weintraub Genshlea Chediak can provide assistance not only with the preparation of written Identity Theft Prevention (Red Flags) Programs, but also with training your employees under the Program. For more information or assistance please contact Lizbeth V. West, Esq. at (916) 558-6082.

Lizbeth “Beth” West is a shareholder in the Labor and Employment Law Section and Disputes, Trials & Appeals Section at Weintraub Genshlea Chediak. Beth’s practice focuses on counseling employers in all areas of employment law, and defending employers in state and federal court, as well as before administrative agencies. She has extensive experience in defending wage and hour claims, and complex whistle-blowing and retaliation claims. She also provides training services on various employment issues, such as sexual harassment and violence in the workplace. If you have any questions about this Legal Alert or other employment law related questions, please feel free to contact Beth West at (916) 558-6082. For additional articles on employment law issues, please visit Weintraub’s law blog at www.thelelawblog.com.