With this post I am going to start a series focusing on higher stakes employment issues, the cases and crises that put the most on the line for employers. For smaller and medium sized companies, the very existence of the company may even be at stake. We will look at recent developments and identify proactive steps that readers can and should take to minimize the likelihood of becoming one of those headlines.
One obvious example of such a case is a class or collective action. While the U.S. Supreme Court has in recent years narrowed the availability of class actions, state and federal law continues to provide plaintiffs – and perhaps more significantly their lawyers – the ability to band together and efficiently litigate hundreds and often thousands of individually small claims as a single, very significant piece of litigation. Examples of this phenomenon that we have covered here include vacation pay practices, unpaid internships and unpaid security checks. While these can be huge cases, often the takeaway for employers generally is to check what may seem like relatively minor employment practices. The trick is to identify and focus on the “small” issues that can have fast implications.
The latest example is the class action just filed against Uber Technologies in California federal alleging the company failed to take proper steps to protect its drivers’ personal information. Last month, the company reported that hackers had exposed the personal information of 50,000 current and former drivers. The breach took place in March 2014. The named plaintiff in the lawsuit claims the company was negligent in how it cared for the personal information, and did not notify drivers of the breach in sufficiently timely fashion. The lawsuit claims the information was accessible through a single, easily obtained password. One challenge that plaintiffs in various data breach lawsuits in recent years have encountered is causation – i.e. if somebody steals your identity, how do you prove that the theft arose from the breach at your employer?
Still, there will undoubtedly be more and more data breach cases against employers, and they will not be limited to those with 50,000 allegedly affected workers. Companies of all sizes should consult with counsel to ensure their practices are consistent with good practices that will best protect the company.