I’ve been holding my breath waiting for the decision by the U.S. District Court for the Northern District of Chicago in the Allen v. City of Chicago overtime collective action before giving you a blog post on this case. The trial concluded almost two months ago. Because I am starting to turn blue, and because the issue is an important one, I’m not waiting any longer.
The case involves claims by Chicago police officers in the Bureau of Organized Crime seeking pay for time spent off-duty checking and responding to emails, texts and phone calls on police department issued Blackberry’s. Although not requiring hours and hours of off-duty work each day, the officers claim that they were contacted after hours by informants, other members of law enforcement, and their superiors, and often could not wait until normal working hours to address the issue. The time, they claim, added up.
The police department defended the case by pointing to a policy dating back to 2010 that informed employees that they were not obligated to carry data devices or respond to messages while off duty. The department also asserted that in 2013 it issued a policy forbidding employees from doing so. The officers, however, countered by contending that there was an unwritten policy that required them to work off the clock, largely imposed by a culture in the department.
Although I don’t have a crystal ball, my gut is that the outcome favors Chicago. Courts in other jurisdictions have relied on employer policies prohibiting “off the clock work” in dismissing employee claims for pay for work performed in violation of the policy. These courts recognize that employees, in the face of such a policy, have a responsibility to accurately record their own time and to complain to their employer if a supervisor asks them to work without recording their time. Another great fact for the City of Chicago is that officers who actually reported working overtime answering messages on their devices outside of normal working hours were paid their overtime.
So what does this have to do with privacy and data security? It demonstrates that issues often handled by privacy, data security and IT professionals often touch on a variety of other issues as well. In company-device and BYOD policies and user agreements, such professionals need to address potential wage and hour issues by making it clear that non-exempt participants in the program must properly record their time, are prohibited from using the device for work outside of their regular working hours, and/or are prohibited from working off the clock. The documents should provide a clear avenue for complaining about any requests to work off the clock (either directly or by reference to another company policy). This issue will take on even greater importance soon when the U.S. Department of Labor issues its final regulations, making millions of employees, including many managers, nonexempt and eligible for overtime under the FLSA.
If, however, the court in Allen finds that such off the clock policies and prohibitions are not sufficient to defeat claims for unpaid wages, employers will need to find other ways to ensure that non-exempt employees are properly paid. That might include monitoring employee use of the devices during non-working hours. That kind of monitoring can absolutely raise privacy concerns, and the employee’s consent to monitoring will become critical. In those states with social media password protection laws, prohibiting an employer from even asking the employee for a password to a private account can make monitoring tricky. Other state laws may come into play, such as California Penal Code Section 637.7 which prohibits the use of electronic tracking devices to determine the location or movement of a person. Too much tracking might also give the employer information about an employee that it otherwise might not want to have, such as information that would disclose an employee’s protected characteristic - such as gender preference. Company policies and the device program terms of use, therefore, should take these laws into account. One must have: prohibit employees from using personal accounts (such as personal email accounts) for work.
Hopefully, however, my gut is right. Stay tuned……
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.