December 2019 Legal Report
DUTY OF CARE
A court in Paris, France, determined that a French railway services company is liable for the death of an engineer who died while traveling for work.
According to the BBC, the Court of Appeal of Paris upheld French law and ruled that TSO is accountable for accidents that its employees experience while traveling for business.
The man, identified as “Xavier,” died from a heart attack at a hotel in central France after an extramarital sexual encounter with a stranger. The company argued that although Xavier was traveling for business, he was not operating in a professional capacity when he accompanied the stranger to her hotel room.
In its counterargument, the state health insurance provider insisted that Xavier’s death was a workplace accident. The provider said that sexual activity is considered normal behavior, akin to personal hygiene regimens, dining, or other actions that would normally occur during a work trip.
The court maintained that the death was an industrial accident, supporting the insurance provider’s opinion. The court’s opinion said that employees traveling for business have the right to protection from their employer throughout their entire trip. (Tribunal des Affaires de Securite Sociale de Meaux, RG no. 16/08787-N, May 2019.)
A U.S. federal appeals court ruled that the Office of Personnel Management (OPM) is liable for its failure to protect roughly 21 million peoples’ personal information—including that of federal employees.
In 2014, hackers gained access to two OPM databases that contained personally identifiable information. One database housed information on roughly 21.5 million people, including federal and military staffers, personnel for third-party providers, and visitors to certain government sites. The second database included personnel records for approximately 4.2 million federal employees.
Following the breach, some of the people affected said that their compromised data was used to initiate identity theft, resulting in unauthorized charges to their credit cards, withdrawals from bank accounts, opening new lines of credit, delays in receiving tax refunds, filing of fraudulent tax returns, and improper use of their Social Security numbers.
Working with their employment unions, the affected individuals filed suit against OPM. They claimed that the agency’s cybersecurity practices were “woefully inadequate, enabling the hackers to gain access to the agency’s treasure trove of employee information, which…exposed plaintiffs to a heightened risk of identity theft and a host of other injuries,” according to court documents.
The court remanded the case back to a district court, which had dismissed the plaintiffs’ claims because it determined they did not have standing to sue. They appealed the dismissal to the U.S. Court of Appeals for the District of Columbia Circuit, which ruled in the plaintiffs’ favor.
The appeals court, finding that the charges were well-founded, said there was standing for potential damages, highlighting the potential for future identity theft.
The U.S. Court of Appeals for the District of Columbia Circuit noted the agency was targeted by hackers before the 2014 breach and that OPM’s inspector general had warned the agency that its databases were vulnerable.
In light of these factors, the court said the agency had a fundamental duty to protect current and former employees’ information and that the plaintiffs’ suit could proceed.
The decision, which returns the case to the U.S. District Court for the District of Columbia, could result in OPM paying damages to individuals affected by the breaches. (American Federation of Government Employees, et al. v. Office of Personnel Management, et al., U.S. Court of Appeals for the District of Columbia Circuit, No. 17-5217, 2019)
A U.S. federal court determined that a terrorism watchlist, maintained by the federal government and used by the FBI and the U.S. Department of Homeland Security, violates some American citizens’ rights.
The Terrorist Screening Database (TSDB) watchlist is managed by the FBI’s Terrorist Screening Center and includes roughly 1.2 million people—mostly foreigners living or based outside of the United States. However, about 4,600 U.S. citizens or lawful permanent residents are also on the watchlist.
American citizens who are on the watchlist can be restricted from traveling or entering the United States, denied government benefits, and subjected to heightened police or Transportation Security Agency (TSA) scrutiny, such as enhanced screening procedures.
Twenty-three citizens on the watchlist filed suit against Charles Kable, the director of the Terrorist Screening Center, alleging that they have suffered a range of consequences without a constitutionally adequate remedy for removal from the list.
In his opinion, District Judge Anthony Tenga found that the process for inclusion on the watchlist does not sufficiently protect the constitutional rights of American citizens who might be placed on it. He also wrote that the TSDB might not be constitutional because the reasons for including someone on the list are too ambiguous. The court discovered that being placed on the list “did not require any evidence that the person engaged in criminal activity, committed a crime, or will commit a crime in the future; and individuals who have been acquitted of a terrorism-related crime may still be listed.”
(Anas Elhady, et al. v. Charles Kable, et al., U.S. District Court for the Eastern District of Virginia, No. 1:16-cv-375, 2019)
Illinois enacted a new law to address sexual harassment in the workplace.
The Workplace Transparency Act (formerly S.B. 75) amended existing state legislation—the Illinois Human Rights Act (IHRA) and the Victims’ Economic Security and Safety Act—and added new protections by combining the Hotel and Casino Employee Safety Act, the Sexual Harassment Victim Representation Act, and the Victims’ Economic Security and Safety Act.
The law changes the IHRA in several ways. Federal regulations mandate that only employers with at least 15 employees are subject to anti-discrimination, anti-harassment, and anti-retaliation statutes. Under the new law, any employer in Illinois with one or more employees is subject to the requirements.
The law also requires Illinois employers to provide sexual harassment training to all employees every year, with industry-specific training for employers in the bar and restaurant sectors. Failing to train employees could trigger a fine.
Other changes to the IHRA include a prohibition of discrimination based on whether someone—even a non-employee—is thought to belong to a protected group, prohibition of using nondisclosure or non-disparagement clauses specific to harassment or discrimination allegations in employment agreements, and using other measures that could hamper a potential, current, or future employee from reporting harassment or discrimination.
In addition, employees will be granted leave in connection with gender violence and sexual harassment, as well as due to domestic or sexual violence. Under the new law, hotels and casinos must take certain steps to protect employees from incidents like sexual assault and harassment from guests.
The U.S. Department of Education issued a $4.5 million fine against Michigan State University for a “systemic failure” to protect its students from sexual abuse—a violation of the Clery Act.
The Clery Act requires U.S. colleges, universities, and all other higher education institutions to compile data on certain crimes related to sexual assault, hate crimes, and other criminal acts that occur on campus. The information must be reported annually to employees and students. The act also requires institutions to inform students about threats to campus safety.
The department opened two investigations—one by the Office for Civil Rights and another by the Office of Federal Student Aid—into Michigan State in February 2018. The investigations looked into the university’s treatment of allegations of sexual violence committed by its former employee and adjunct professor, Larry Nassar. They also examined the conduct of Nassar’s supervisor, William Strampel.
Nassar, who was also employed by USA Gymnastics during his time at Michigan State, was convicted in 2017 of seven counts of first-degree criminal sexual conduct with minors—some of whom were university students he assaulted while on campus. By the beginning of 2018, approximately 150 women had accused him of sexual assault.
The investigations determined that Michigan State University violated the Clery Act by failing to properly classify reported incidents and disclose crime statistics; failing to issue timely warnings in accordance with federal regulations; failing to identify and notify campus security authorities and establish an adequate system for collecting crime statistics from all required sources; and lacking administrative capability.
Along with the fine, the department ordered the university to significantly alter its procedures to remain Clery Act compliant, according to a press release.
The corrective actions include hiring an independent Clery Act compliance officer who reports to a high-level executive; creating a new Clery Act compliance committee, which will include representatives from several offices involved in campus safety, crime prevention, fire safety, emergency management, and substance abuse prevention; and establishing a system of protective standards and wider reporting, meant to safeguard student-athletes. Similar measures will protect minor children who participate in university-sponsored programs.
Elsewhere in the Courts
A U.S. circuit court of appeals decision will allow several families to sue the U.S. government for its alleged role in the 2015 deaths of nine people killed at a South Carolina African American church. The appeals court overturned a lower court’s ruling that granted the U.S. government immunity. The victims’ families plan to sue the government for negligence in its background check of the gunman, Dylan Roof, when he purchased the firearm he used to carry out the shooting. Then-director of the FBI James Comey said that lapses in the Bureau’s National Instant Criminal Background Check System allowed Roof to buy the firearm. Roof has been convicted of federal murder and hate crimes for the act and sentenced to death. (Felicia Sanders, et al. v. United States of America, U.S. Court of Appeals for the Fourth Circuit, No. 18-1931, 2019)
An American Airlines mechanic was charged with sabotaging a plane in Miami, Florida, prior to takeoff. Abdul-Majeed Marouf Ahmed Alani allegedly tampered with the airplane’s system in July 2019, gluing a piece of foam inside the aircraft’s navigation system. The plane was grounded when the flight computer issued an error message to the pilots. The tactic was meant to secure Alani overtime work, according to court documents, and was allegedly carried out in response to frustrations over stalled union contract negotiations. (United States of America vs. Abdul-Majeed Marouf Ahmed Alani, U.S. District Court Southern District of Florida, No. 1:19-mj-03419-JJO, 2019)
The U.S. federal government filed a civil suit against former government contractor Edward Snowden in response to his book, Permanent Record, alleging that he violated a non-disclosure agreement by failing to submit the material for review prior to publication. The lawsuit was filed on the same day as the release of the book, an autobiography that includes details of Snowden’s time spent working for U.S. intelligence at the CIA and the National Security Agency. The U.S. Department of Justice also sued the book’s publishers. This lawsuit is separate from the criminal charges against Snowden involving the disclosure of classified information. (United States of America v. Edward Snowden, U.S. District Court for the Eastern District of Virginia, No. 1:19-cv-01197, 2019)