Legal Report July 2012

U.S. JUDICIAL DECISIONS

HARASSMENT. A California appeals court has ruled that a company can be held liable for harassing statements made by employees on a blog. Even though the blog was accessed by employees while they were off-duty, the court ruled that once the company learned of the blog, it had a duty to act to stop the harassment.

Ralph Espinoza was born without any fingers or a thumb on his right hand. Self conscious, Espinoza often kept his hand in his pocket when working at his job with the Orange County (California) Probation Department (OCPD). Espinoza began working at the OCPD in 1996 and by 2006 was working as a deputy juvenile corrections officer providing security for the juvenile hall.

On August 24, 2006, Espinoza filed a report claiming that his supervisor had behaved in an unprofessional manner by shouting during a discussion. Three days later, one of Espinoza’s fellow officers started a blog from a home computer. The blog discussed work issues at OCPD. Postings began appearing that offered $100 to any workers who could provide a photo of “the claw.” Extremely crude and offensive postings referring to Espinoza’s hand were a recurring theme on the blog.

On August 31, a post urged OCPD employees to punish the “rats” by having “no human contact.” A list of the supposed rats followed. Espinoza’s name was at the top of the list. Similar posts appeared on a daily basis, referring to Espinoza as “the claw” and “the one-armed bandit.”

One of Espinoza’s coworkers told him about the blog and Espinoza logged on for the first time on September 7. Espinoza reported the blog to his manager but Espinoza was never contacted about an investigation.

Throughout September and October, Espinoza’s coworkers mocked him by putting their right hands in their pockets when Espinoza approached. The coworkers also refused to unlock security doors when Espinoza requested to exit from a secure area. Espinoza found “claw” written in several places in his work area, and an electric utility car he used was intentionally vandalized as was Espinoza’s personal vehicle. Both Espinoza and one of his peers filed complaints about the harassment, and were told that senior management had been informed.

In August, OCPD’s IT manager investigated the blog and found that many employees were accessing the site from work. Some were using generic login passwords but others were using identifiable names. In September, management sent an e-mail to department employees informing them that the blog postings violated company policy. OCPD also blocked access to the site using generic passwords. However, employees could still log in using their specific passwords. Three employees were identified as possible authors of the blog. However, none of these employees were interviewed.

In early October, management sent out another e-mail to employees asking that the blog be deleted. The e-mail described the blog as “hurtful, destructive, and highly unprofessional.” Postings on the blog continued for several months.

In late October, two directors held a meeting with Espinoza to discuss the blog. The directors said that an investigation was underway and that a list of 15 suspects had been compiled. However, Espinoza was not contacted again, and none of the suspects were interviewed.

In April 2007, Espinoza was diagnosed with high blood pressure. He reported having nightmares and unexplained illnesses. He was eventually diagnosed with depression and placed on disability.

Espinoza filed a lawsuit against OCPD for discrimination and harassment based on disability. A jury found in favor of Espinoza and awarded him $820,000 in damages. OCPD appealed the decision.  OCPD claimed that the court should not have admitted the blog posts into evidence, because the conduct was outside the physical workplace and the agency had no authority over the blog. The appeals court disagreed, ruling that even though the blog was created outside the workplace, the activity on the blog was perpetrated by employees and referred to workplace issues in general and to Espinoza specifically. Further, the court noted that management twice implored employees to stop posting on the blog, indicating that managers clearly felt that employees were responsible. And, though OCPD did block those with generic passwords from accessing the site, it did not block those using personal passwords even though it had the ability to do so.

The court also ruled that OCPD was aware of other harassing conduct at the workplace that was unrelated to the blog. Employees placing their hands in their pockets, refusing to open doors, and writing “the claw” where Espinoza was sure to see it were all tangible examples of workplace harassment. And though OCPD was aware of this conduct, it failed to investigate, noted the court. (Espinoza v. County of Orange, California Court of Appeal, No. G043345, 2012)

U.S. CONGRESSIONAL LEGISLATION

COUNTERFEIT DRUGS. A bill (S. 1002) that would enhance penalties for drug counterfeiting has been approved by the Senate Judiciary Committee. The bill must now be taken up by the full Senate.

The bill would make it illegal to knowingly steal or embezzle a medical product or obtain it through fraud or deception. It would also be illegal to transport, handle, traffic, or store a stolen medical product. The bill defines a medical product as a drug, biological product, device, medical food, or infant formula that is being transported or stored prior to being available for purchase.

Those who violate the law would face up to three years in prison for medical products valued at less than $3,000 and up to 20 years for products valued at more than $3,000. Civil actions may be brought against violators for $1 million or three times the value of the product, depending on which is greater.

S. 1002 would also allow prosecutors to pursue the theft of medical products under the Racketeer Influenced and Corrupt Organizations Act (RICO).

INFORMATION SHARING. A bill (H.R. 3523) that would encourage information sharing on cybersecurity between the government and the private sector has been approved by the House of Representatives. The measure is now pending in the Senate Intelligence Committee.

The bill would require the government to establish procedures that would allow private sector companies, operators of critical infrastructure, and the federal government to safely share cyberthreat information. Cyberthreat information would include attempts to degrade, disrupt, or destroy computer systems or networks. It would also include the theft or misappropriation of private or government data, intellectual property, or personally identifiable information.

The procedures would ensure that cyberthreat information is shared only with certified entities or persons who hold the appropriate security clearance. The procedures would also be devised to protect intelligence from unauthorized disclosure.

Under the bill, the federal government would be liable for damages if it intentionally discloses, uses, or releases cyber threat information provided by the private sector.

BORDER SECURITY. A new law (P.L. 112-127) criminalizes the act of conspiring to illegally cross the border into the United States. The bill was approved by a large margin (416-4) in the House of Representatives and gained unanimous consent in the Senate. President Barack Obama signed the measure on June 5.

The bill makes it illegal to attempt or conspire to construct, or finance construction of, an unauthorized tunnel or subterranean passage to cross the international border between the United States and another country. The bill requires that the Department of Homeland Security (DHS) submit an annual report to Congress describing the cross-border tunnels discovered the previous year and the ways the DHS could effectively investigate and prosecute those who constructed the tunnels.

DATA SECURITY. A bill (H.R. 4257) that would require the federal government to improve its data security procedures has been approved by the House of Representatives. The bill is now pending in the Senate Homeland Security and Government Affairs Committee.

Under the bill, the federal government would conduct a review of its data security procedures and develop a risk assessment based on the harm that would result from disclosure of the information. From these reviews, the government would develop information security policies, standards, and guidelines. The policies would also include a plan for automated and continuous monitoring of computer systems to detect, report, respond to, and mitigate data security incidents.

STATE LEGISLATION

Florida
DRUG TESTING. A law (formerly H.B. 1205) recently signed by Governor Rick Scott will require that state employees be randomly tested for drugs and alcohol. Tests will be conducted every 90 days with up to 10 percent of state employees being tested during each sweep. Employees will be selected randomly via a computer-generated method administered by an independent third party.

Employees who test positive will be disciplined or discharged, depending on the specifics of their case. Those who are disciplined will be required to complete a rehabilitation program. While some employees may be allowed to continue working while completing the program, employees in safety-sensitive positions would not be allowed to continue working and would be transferred to another position or placed on leave.

District of Columbia
EMPLOYMENT. A new law signed by Mayor Vincent Gray makes it illegal for employers in the District to discriminate against the unemployed when making hiring decisions. Employers would not be able to consider employment status during hiring decisions and would be barred from mentioning employment status in job advertisements. Employers are also prohibited from retaliating against those who report a violation of the law.

Employers are allowed to advertise job requirements, such as holding current and valid licenses, permits, or other credentials, as required for specific job vacancies.

This column should not be construed as legal or legislative advice.