Rojgar Job News

With a weekend of football championships behind us, this post tackles the privacy developments that employers here in Connecticut need to run down.  Indeed, while I could just pass off two recent posts from my colleagues, it’s worth going through a progression of options. One development is for the U.S. “ patriots” , while another one lets you fly like an eagle to Europe to understand the implications that an EU regulation can have on US employers. Since my beloved New York football giants were out of it since week one, I’m going to just quarterback what you need to know and, for the sake of everyone, put the football puns on the sideline for the rest of the post. First up, the Connecticut Supreme Court last week recognized a private right of action that patients have against their doctors for unauthorized disclosure of confidential information obtained in the course of that relationship.”  My colleagues in the Health Law group have a deta...

Do you remember when the Target store data breach made news? This was not that long ago, and yet, five years later we’ve arguably become immune to the news. Take Facebook’s latest snafu — 50 million accounts compromised.  And yet, it hardly made headlines for a 24 hour period. Heck, even the U.S. State Department has had personal information about its employees breached in the last month — though “only” one percent may have been affected – so…yawn. Have we become that immune to such breaches at this point?  Perhaps. But that doesn’t mean that employers can let their guard down. Indeed, I would argue that new laws and regulations (including one in California) are making the job of employers even more challenging. I’ll be talking about all of this at my firm’s upcoming Labor & Employment Seminar later this month with my colleague Ashley Marshall.  It’s scheduled for October 25th at the Hartford Mar...

The Greek Data Protection Authority has imposed a 150,000 EUR fine on PriceWaterhouseCoopers Business Solutions SA for – get this – asking their employees’ consent to process their personal data. It may strike you as counterintuitive (and going against everything your mother ever told you) that asking consent could get you into trouble, but where personal data are concerned, so it would appear to be. As you know, each data processing activity has to have a legal basis. The principles of lawful, fair and transparent processing of personal data under the GDPR require that consent only be used as a legal basis only where the other legal bases do not apply. The case at hand involved the processing of employees’ personal data. In most cases, this type of processing by an employer does not require consent, as there are other bases available: the performance of the (employment) contract: in order to employ an employee, you will inevitably be required to process some of ...

Learning point 4: a disclosure does not have to be either true or in the public interest to qualify for protection, provided the worker has a reasonable belief that both are the case In part 1 of this blog series we noted that whistleblowing complaints are not always easy to identify and in part 3 we discussed the importance of being able to show why you treated an employee in a certain way. This week we have seen an EAT decision ( Okwu v Rise Community Action ) that neatly illustrates these learning points, plus a few more. Miss Okwu started work with Rise Community Action, a small charity, subject to a three-month probationary period. As the charity had a number of concerns about Miss Okwu’s performance, it notified her that it would be extending her probationary period for a further three months. So far so good. A week later, Miss Okwu wrote to RCA raising a number of matters about her employment, including concerns that it was acting in breach of the Data Protection Act by fai...

Unheralded and unannounced, recently revised GDPR guidance from the ICO removed one small source of comfort for employers facing DSARs from employees. It used to say that the 30-day time limit was paused, the clock stopped, if you asked the requester for information to clarify his DSAR and it was not provided. This was not carte blanche to delay things – the request for clarification had to be made as soon as possible (i.e. not Day 29) and it had to relate to information you genuinely and reasonably needed in order to comply with the DSAR. Still, it was better than nothing in a tight corner. You also had to do your best to comply in a timely manner with those parts of the DSAR not covered by your request for further information. However, it has now gone. The revised guidance still allows you to seek clarity from the maker of the DSAR but makes it clear that the clock is not stopped pending receipt of it. There is no explanation of why the original guidance has been changed alread...

Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “ manifestly unfounded ” (and can therefore be batted away by the employer) appear two examples, where: “ the individual clearly has no intention to exercise their right of access. For example, an individual makes a request but then offers to withdraw it in return for some sort of benefit from the organisation” ; and “ the request is malicious in intent and is being used to harass an organisation with no real purpose other than to cause disruption” . There will be few employers on the receiving end of a DSAR from a disgruntled employee who would not consider either or both of those paragraphs to apply to it. So is this at last a means of pushing back against the weaponisation of DSARs in employment disputes, hooray? And if you add to that the refere...