Twenty years ago, if you suspected an employee was malingering in order to commit workers' comp or FMLA fraud, your options were somewhat limited. You might have stationed a private investigator outside the employee's home — or deputized a nosy neighbor — in the hopes you'd catch the person doing some vigorous yard work.
Nowadays, however, even people on other continents are privy to our employees' whereabouts and activities in real time. Employees use laptops with trackable IP addresses. They tag in to various locations and pose for selfies with social-media-savvy friends. Their cellphones, both work-issued and personal, ping to nearby towers, pinpointing their locations at any given moment with a great deal of accuracy.
Is all of this information (or any of it) legal when it comes to your workplace investigations?
Technology facilitates crowdsourced investigations
"Geosocial investigations are a subset of social media investigations in general," said Garrett McGinn, Partner, Research & Development, DigiStream Investigations. "They are interesting because the focus is not just on a person but a place."
McGinn cited the hypothetical example of an employee suspected of FMLA fraud; his employer has heard rumors that he's partying in Las Vegas. McGinn said that, in general, you're not going to be looking for the employee on his own social media account — but the accounts of others who have tagged in at that location may reveal the employee in the background, possibly cavorting by the pool. "Crowdsourced investigation is where we're seeing the advantage here," he said.
This specific type of sleuthing hasn't really been tested yet in the courts, noted McGinn. But under general principles of surveillance, "if a person is active at their own house, there is a legal doctrine that they can be placed under surveillance as long as they are visible to the general public. If they leave and visit the home of a friend or relative, in terms of surveillance there, they are not on their own property but still within the general public."
The subject's cyber-presence, said McGinn, is similarly public when you are obtaining the information through other people's social media platforms." And anything in the public domain, he said, is "fair game."
He cautioned that for FMLA specifically, an employer must have a "reasonable and articulable" suspicion of fraud in order to launch an investigation. "Just not liking the employee is not enough, nor is the fact of a recent disciplinary action," he said.
Not much case law yet
"There isn't a lot of case law," said attorney Tamara Devitt, a partner at the Orange County and Palo Alto offices of Haynes and Boone, LLP. "I'm not sure if the courts haven't caught up with technology, or if the statutes haven't. Of late, the privacy focus has been more on the consumer privacy angle than the privacy in employment angle."
Devitt cautioned about using publicly available information that the employee might believe is private, such as that obtained from an employer device or employer Twitter account. "An employer will want to have some policy spelling out the use constraints and giving notice to the employee that 'this information may be available to us,' and get consent from the employee to avoid any privacy concern."
There's an additional angle employers need to think about: "The other thing I'm always concerned about is that there's a risk of getting more than you bargained for when you're doing online sub rosa, or other sub rosa," Devitt said. Discovering that an employee is in a protected category — even if that wasn't information you were seeking — may make it legally harder to discipline or terminate the employee down the line. "That information can be part of an allegation for wrongful termination," noted Devitt.
Seek indemnification, if possible
"Are employers using geodata techniques today? Yes, but not on record. It's such a gray area, but nobody wants to be the guinea pig," said Jared Callahan, Industry Solutions Lead at Checkr in San Francisco.
Callahan noted that while employment screening and background checks require consent and disclosure, general investigations are “a little bit grayer." And technology blurs the boundaries further. Callahan noted there is a distinction between, for example, surveilling someone's house and tracking a cell phone's IP address to and from a local CrossFit once a week. Information obtained using the latter method "may not hold water if and when this gets to court," he said.
Callahan advises employers to check with either general or outside counsel to get specifics on applicable state and local privacy laws, including potentially applicable consumer protections: "What is the line? What can or can't I do? Make sure outside third parties (for example, investigators) understand — you may even want to ask these outside third parties to indemnify you in the event of a dispute."
Don't give the investigator too much autonomy
McGinn concurred: "Consult with your legal team [and] your claims adjusters after that reasonable and articulable suspicion of fraud [in the case of FMLA]. Also be sure the investigator knows what to look for. Convey to the investigator the doctor-imposed or self-reported limitations; it's not the investigator's job to draw conclusions."
It's also not the investigator's job to conduct the entire investigation. If an employer suspects employee misconduct and wants to use information available through social media to catch the employee in this misconduct, a full investigation would still have to occur, said Devitt. "Most of the time, we would not recommend just relying on that information alone. Unless there is no possible way the employee could provide an explanation…employers should go to the employee and get an explanation," she said.
Basic principles remain true
The law may be unsettled in this area, but the traditional investigative balance remains unchanged: "It's a tradeoff between the employer's right to investigate and the employee's reasonable expectation of privacy," McGinn said.