Skip to content

Legal Report February 2016


Searches. A federal judge dismissed a class action lawsuit brought by current and former California retail workers against Apple. The suit demanded compensation for the time it took workers to complete the company's bag-search policy.

The policy required all employees to submit to a search of their personal packages and bags. The checks, conducted by a manager or security officer, were required before the employees were allowed to leave the store.

Employees were required to clock out before being searched, meaning their recorded hours of work did not include time waiting for bag searches. Apple enacted this policy because it was concerned about the internal theft of its products, according to court documents.

A group of current and former Apple retail employees in California filed a class action lawsuit to demand compensation for time spent waiting for the bag check.

Apple argued to have the case dismissed because employees could avoid the search process by choosing not to bring personal bags and Apple devices with them to work.

Judge William Alsup sided with Apple and dismissed the case, saying that the decision to bring a bag to work is a choice, and "that free choice is fatal" to the plaintiffs.

"Apple could have alleviated that concern [about theft] by prohibiting its employees from bringing personal bags or personal Apple devices into the store," he wrote in his dismissal order. "Instead, Apple took the lesser step of giving its employees the optional benefit of bringing such items to work, which comes with the conditions that they must undergo searches…before they exit the store." (Frlekin v. Apple Inc., U.S. District Court for the Northern District of California, No. 13-03451, 2015)

Discrimination. Triborough Bridge and Tunnel Authority (TBTA) will pay $206,500 to resolve charges of pregnancy discrimination brought by female bridge and tunnel operating force officers (BTOFOs).

The U.S. Equal Employment Opportunity Commission (EEOC) and the U.S. Department of Justice (DOJ) investigated TBTA after female officers filed complaints, and found that it had engaged in a pattern or practice of unlawful sex discrimination against female BTOFOs when it "declared these officers unfit for duty solely because they were pregnant," according to a release by the EEOC.

The female officers were denied equal terms, conditions, and privileges of employment that were afforded to male officers, and pregnant officers were directed to turn in their firearms and were transferred to unfavorable assignments. Furthermore, the medical documentation female officers provided to TBTA to indicate their fitness for duty status was rejected by TBTA medical staff.

This conduct, the EEOC and DOJ said, violates Title VII of the 1964 Civil Rights Act, as amended by the Pregnancy Discrimination Act of 1978.

"An employer cannot rely on stereotypes about pregnant employees in making decisions on their ability or inability to work," said Kevin Berry, district director of the EEOC's New York District, in a statement. "Such conduct is unlawful as well as unfair and counterproductive."

Along with providing monetary relief, the settlement agreement requires TBTA to provide in-depth training to all employees about the protections Title VII gives pregnant employees. It also requires TBTA to distribute new and revised fitness for duty and workplace accommodation policies and procedures that conform to Title VII requirements.

Additionally, TBTA will provide guidance to its medical staff about the requirements of Title VII "regarding the protection that the law affords pregnant TBTA employees."


Food Safety. The U.S. Food and Drug Administration (FDA) finalized its first federal safety rules for produce in an effort to prevent foodborne illness under the Food Safety Modernization Act of 2011. The new rules "formalize industry accountability and best practices for food importers and the produce community," according to a press release by the FDA.

For instance, the Produce Safety rule establishes science-based standards for growing, harvesting, packing, and holding produce that are designed to "work effectively for food safety across the wide diversity of produce farms."

The standards in the rule include requirements for water quality, employee health and hygiene, wild and domesticated animals, biological soil amendments (waste) of animal origin, and equipment, tools, and buildings.

"When followed, the standards are designed to help minimize the risk of serious illness or death from consumption of contaminated produce," the FDA said.

Another rule, the Foreign Supplier Verification Programs rule, requires food importers to verify that suppliers are producing food in a way that meets U.S. safety standards.

"The final rule ensures that importers conduct verification activities (such as audits of a supplier's facility, sampling and testing of food, or a review of the supplier's relevant food safety records) based on risks linked to the imported food and the performance of the foreign supplier," the FDA explained.

The FDA also finalized the Accredited Third-Party Certification rule, which creates a program to accredit third-party auditors to conduct food safety audits and certify that foreign food facilities and the food they produce meet FDA requirements.

"To prevent potentially harmful food from reaching U.S. consumers, the FDA can require in specific circumstances that a food offered for import be accompanied by a certification from an accredited third-party certification body," the FDA said.

These rules are designed to allow the FDA to take a more proactive approach to preventing foodborne illnesses, which affect an estimated 48 million people each year.​


Social Media. President Barack Obama signed a bill into law (P.L. 114-80) that instructs the secretary of the U.S. Department of Homeland Security (DHS) to create a social media working group to enhance the dissemination of information between the DHS and stakeholders.

The group will develop and provide best practices to the emergency preparedness and response community on the use of social media before, during, and after a natural disaster, an act of terrorism, or other man-made disasters.

The group—made up of representatives from the DHS, the American Red Cross, the Forest Service, the Centers for Disease Control and Prevention, the U.S. Geological Survey, and the National Oceanic and Atmospheric Administration—will meet twice a year and prepare reports for Congress on analysis of current social media technologies, best practices, and recommendations to improve the DHS's social media presence for emergency management, among other topics.

Privacy. The U.S. House of Representatives passed legislation that grants European citizens some rights under the Privacy Act of 1974.

Under the bill (H.R. 1428), the U.S. Department of Justice would identify foreign countries or regional economic integration organizations whose natural citizens may bring civil actions against U.S. government agencies if they unlawfully disclose their personal information.

Congress must pass this bill, or a similar measure in the Senate (S. 1600), to finalize an umbrella agreement with the European Union that allows the two to exchange data between law enforcement entities during criminal and terrorism investigations. The agreement applies only to government exchanges of information.

Rep. James Sensenbrenner, Jr. (R-WI), introduced the bill, which has three cosponsors. It will now move to the Senate.

Cybersecurity. President Barack Obama signed an omnibus spending bill into law (P.L. 114-100) that includes provisions that make it easier for companies to share cyber threat indicators.

The Cybersecurity Information Sharing Act (formerly S. 754) allows private entities to share and receive cyber threat indicators and defensive measures with other entities and with the federal government. Threat indicators are defined as information that is "necessary to describe or identify malicious reconnaissance," according to the act.

Companies, however, must remove personal identifying information not related to cybersecurity threats before sharing data under the act.

The act also allows the director of national intelligence and the U.S. Departments of Homeland Security, Defense, and Justice to share cyber threat indicators with private companies and state, tribal, or local governments.

The government is required to use security controls to protect against unauthorized access or acquisition of data that is shared with it under the act. ​



Privacy. Germany's Bundestag (lower house of parliament) passed a law that requires telecoms and Internet companies to store customer metadata and make it available to law enforcement agencies that are investigating "severe crimes."

If enacted, the law will require phone providers to retain phone numbers, date and time of phone calls and text messages, and approximate location data for mobile phone calls. Internet providers will be required to save the IP addresses of users, along with date and time of connections made. However, the law excludes the content of communications, websites accessed, and metadata of e-mail traffic from being retained.

The law also requires that the data be stored in Germany for up to 10 weeks on air-gapped servers (servers physically isolated from unsecured networks), must be encrypted, and can only be accessed if two authorized individuals are present. Additionally, investigators will only be able to access the data with a court order, and must log the time and purpose for accessing data.

The law will now move to the Bundesrat (upper house) for consideration.

United Kingdom

Surveillance. U.K. Home Minister Theresa May announced a new bill that would force Internet and communications firms to help government spies hack into computers.

The Investigatory Powers Bill would require communication providers to assist intelligence agencies, the govern­ment, and the police in hacking into suspects' phones and computers. However, communications could only be intercepted after a warrant issued by the home secretary has been approved by a specially appointed judge.

The bill includes provisions requiring Internet and communication companies to retain customer Web histories for up to one year, and grants security and intelligence agencies the power to bulk-collect communications data.

The bill is designed to replace the Data Protection and Investigatory Powers Act of 2014, which expires on December 31, 2016.