Zungoli v. United Parcel Svc., Inc., 2009 WL 1085440 (D.N.J., April 22, 2009) – In this case, the plaintiff was terminated for poor performance after failing to register on the company’s internal websites for employee benefits and performance evaluations. The plaintiff alleged he was concerned that the sites did not provide adequate security to protect UPS employees’ personal information, because they did not provide a user authentication system, and they specifically advised the user that there was no reasonable expectation of privacy when using the sites. The plaintiff sued under, inter alia, the New Jersey Conscientious Employee Protection Act (CEPA), otherwise known as the “whistleblower” statute, claiming that he was terminated for objecting to the employer’s requirement that violated his right to privacy.

The district court found there were sufficient facts to support the plaintiff’s CEPA claim. In the first instance, the plaintiff’s performance evaluations directly referenced his refusal to utilize the company’s web portals. Moreover, there was a substantial nexus between the conduct of which the plaintiff complained and a law, rule or mandate of public policy. In this regard, the court cited New Jersey’s Identity Theft Protection Act, N.J.S.A. 56:11-44, et seq., which requires companies to enact protections and remedies to protect citizens’ personal information and prevent identity theft. It further cited the principle, recognized by New Jersey courts, that individuals do have a reasonable expectation of privacy in their personal information, and a right to keep their information confidential.