Archive for category: Mid-Atlantic Employment Law Letter

by Corey Zoldan
DiMuroGinsberg PC

Regardless of its ultimate outcome, a still-developing disability case in federal court in Norfolk serves to emphasize that you need to proceed with caution when instituting tests—especially written tests—for current employees or job applicants. The case also highlights the critical distinction between a “disability” and an “inability” for purposes of being covered under the Americans with Disabilities Act (ADA).

The case

Rayford Gray worked for Columbia Gas of Virginia for 31 years. He started out as a laborer and later was promoted to service technician. In 2015, Columbia decided to institute a written test for all employees. Gray took the written test but failed it three times. Although he contended that he was still able to perform the essential aspects of his job, Columbia fired him.

Gray asked Columbia to reconsider its decision because his poor test results stemmed from the fact that he had attention deficit hyperactivity disorder (ADHD) and couldn’t read. The company refused, and in September 2018, Gray went to court. His lawsuit claims that Columbia discriminated against him based on his disability by not reinstating him after he made it aware he had ADHD and couldn’t read.

Unanswered questions

At this point, Columbia hasn’t responded to Gray’s lawsuit. But if the case isn’t dismissed or otherwise resolved, we can expect to learn more details as it proceeds.

Those details may include the scope of Gray’s disability and whether he was in fact still able to perform the essential functions of his job. Additionally, if he couldn’t perform the essential functions, then the issue becomes whether Columbia needed to—and could have—provided him with reasonable accommodations that would have enabled him to continue to do his work.

Is there a causal connection?

An interesting point that neither Gray nor Columbia has yet addressed is the connection between ADHD and the inability to read.
In 2012, the U.S. 4th Circuit Court of Appeals (which is based in Richmond and whose rulings apply to Virginia employers) considered whether ADHD is a disability. In that case, Halpern v. Wake Forest Univ. Health Science, the appeals court held that “ADHD and anxiety disorders constitute disabilities giving rise to protection under the . . . ADA.” In reaching that conclusion, the court reasoned that the ADA protects against any “mental or psychological disorder, such as . . . specific learning disabilities.” Clearly, that language includes ADHD and dyslexia.

The situation becomes trickier, however, if Gray’s ADHD and inability to read are unrelated. The Equal Employment Opportunity Commission (EEOC) has previously commented in the appendix to its ADA regulations that “disadvantages such as poverty, lack of education or a prison record are not impairments.” Thus, if a person is unable to read because of a poor education, that person isn’t disabled.

This distinction between disability and inability is likely to be an issue that will be developed as the case moves forward. In all likelihood, addressing the matter will require expert testimony about the nature and effects of ADHD and its impact on Gray’s ability to read and other cognitive functions. Gray v. Columbia Gas of Virginia, 2:18-cv-00475-HCM-LRL.

Avoiding ADA claims

While the distinction between ADHD and an inability to read might ultimately allow Columbia to prevail in the lawsuit, there are several proactive, preventive steps you can take to avoid disability discrimination lawsuits in the first place. The EEOC recommends that you offer an oral test as an alternative to a written test for employees who have a disability that hinders their ability to read. If administering the test in an alternative format isn’t a viable option, the EEOC suggests assessing the ability of a disabled applicant or employee “through an interview, or through education, license, or work experience requirements.”
Further, if the employee or job applicant first becomes aware of having a disability that could have affected the test results only after the test is given, which is what Gray claims, you should have a policy requiring him to inform you immediately. At that point, you should consider providing a retest if a reasonable accommodation is available. Bear in mind, however, that the EEOC says you aren’t required to accommodate when an employee seeks a retest for an “essential function of the position and no reasonable accommodation was available to enable the individual to perform that function, or the necessary accommodation would impose an undue hardship.”

Because an appropriate assessment of your obligations under the ADA involves a number of complex issues, it’s always wise to consult with experienced employment counsel to make sure you have addressed all the necessary factors and have a solid factual and legal basis for the actions you take.

Editor’s note: Because of the various important issues Gray’s lawsuit raises for all employers, we will monitor the legal proceedings and keep you informed of key developments as the case moves forward.

Corey Zoldan is an attorney with DiMuroGinsberg PC and a contributor to Virginia Employment Law Letter. He may be reached at czoldan@dimuro.com.

By: Jonathan R. Mook
As published by HRHero.com, a division of BLR, in the Virginia Employment Law Letter

Dealing with employees on Family and Medical Leave (FMLA) always is tricky. You can incur liability for interfering with an employee’s leave rights as well as for retaliating against an employee for seeking to exercise those rights or taking FMLA leave. Additionally, oftentimes an employee who qualifies for FMLA leave due to a serious health condition also may be disabled under the Americans with Disabilities Act (ADA). In this circumstance, you have two federal laws to worry about.

To help sort through these issues, we have asked DiMuroGinsberg partner, Jonathan R. Mook, who is a nationally recognized authority on the ADA and leave issues, to provide our readers guidance on how to avoid both FMLA and ADA claims.

Is it permissible to terminate an employee who is on FMLA leave?

The answer is “yes,” but proceed with care and caution.  Sometimes, while an employee is out on FMLA leave, the employer discovers that the employee has not been doing his or her job or has been engaged in some type of workplace misconduct that would justify termination. In this circumstance, the FMLA allows an employer to terminate the employee because it is a reason other than the employee’s taking or being entitled to the leave.  Bear in mind that any evidence of poor performance or misconduct should be sufficiently documented. That way, if, and when, an FMLA complaint with the Department of Labor or a lawsuit is filed, you will be able to present evidence that the basis for the employee’s termination was other than the employee’s taking (or need for) FMLA leave.

Even if it is permissible, do you advise the termination for misconduct of employees on FMLA leave?

I usually advise employers to wait and allow the employee to complete his or her FMLA leave.  When the employee returns to work, then the employer can confront the employee with the information that the employer has obtained while the employee was out.  During the meeting with the employee, the employer should ask the employee if there is any excuse for the employee’s misconduct or any mitigating factors.  If there are not, the employer can then take a job action.

When is it permissible to terminate an employee who has been on FMLA leave and has returned to work?

Again, it is permissible to terminate an employee for reasons other than the taking of FMLA leave (or the need for such leave), such as poor performance or misconduct.  The law does not require you to keep an unqualified or disruptive employee. The only circumstance in which an employer should consider letting an employee go for reasons relating to FMLA leave would be if the employee has falsified the FMLA documentation that the employee submitted to the employer to be approved for FMLA leave.  If an employee engages in fraud with respect to the taking of FMLA leave (for example, taking FMLA leave to go on vacation rather than for medical treatment), then the employer has a basis for termination.

What steps should an employer take to prepare for the possibility that an FMLA leave request will be followed by a need for an ADA reasonable accommodation?

Normally, it is the responsibility of the disabled employee to request a need for an ADA accommodation.  An employer need not anticipate an accommodation request.  However, where an employee has a serious health condition that rises to the level of an ADA disability, an employee may request leave for medical treatment and, possibly, recuperation.  If the employee is entitled to FMLA leave, the employer will provide the employee with the 12 weeks of FMLA leave (or longer under certain state laws).  After the FMLA leave expires, the employee may be entitled to additional leave as a reasonable accommodation under the ADA.

What is the EEOC’s position on leave as an ADA accommodation?

The U.S. Equal Employment Opportunity Commission (EEOC) has said that leave for medical treatment is a type of reasonable accommodation and that an employer may need to extend the leave until it becomes an undue hardship on the employer’s operations.  However, not all courts agree with the EEOC’s analysis.  In an opinion authored by Judge (now Justice) Neil Gorsuch, the Tenth Circuit Court of Appeals in its 2014 decision in Hwang v. Kansas State University said that an employer was not required to provide an employee suffering from cancer additional time off after the employer had already granted six months of paid leave.  Recently, in Severson v. Heartland Woodcraft, Inc., the Seventh Circuit said that a request for leave of several months over and above the twelve weeks of FMLA leave was not required as an ADA accommodation.

If additional leave is not granted, must the employer consider alternative accommodations?

Importantly, even if the accommodation of a multi-month leave of absence is not required under the ADA, you still need to explore other accommodations to allow a disabled employee to return to work following the expiration of that employee’s FMLA leave.  Such accommodations could be the elimination of those marginal job functions that the employee cannot perform or transferring the employee to a vacant position that the employee can perform notwithstanding the employee’s limitations caused by the disability.  You need to think ahead to take into account these possibilities. Unfortunately, there is not one easy answer. To make sure you have checked all the boxes, it always is advisable to consult with experienced employment counsel.

Jonathan R. Mook is a nationally recognized authority on the Americans with Disabilities Act and is a co-editor of the Virginia Employment Law Letter. For questions regarding this article or other employment law issues, you may contact Jonathan at jmook@dimuro.com.

by Milton Whitfield and Jayna Genti DiMuroGinsberg PC

Last month, we reported on the costs of data breaches and steps you can take to help prevent what has become a very common occurrence at businesses and organizations across the country. If a data breach occurs at your organization, you need to be aware of Virginia laws that require you to undertake a number of steps to mitigate the potential harm to any individuals who may be affected.

States act to protect individuals against identity theft

Virginia, along with 46 other states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands, has enacted legislation requiring private-sector, governmental, and educational entities to notify individuals when there are data security breaches involving personally identifiable information. These security breach laws typically include provisions addressing:

• Who must comply with the law (e.g., businesses, data/information brokers, and governmental entities);
• What is considered “personal information” (e.g., a person’s name combined with his Social Security number (SSN), driver’s license, or state ID; financial account numbers);
• What constitutes a breach (e.g., unauthorized acquisition of data);
• What’s required with regard to notice (e.g., who must be notified and the timing or method of notice); and
• What is exempt (e.g., encrypted information).

Virginia’s security breach notification laws include Virginia Code § 18.2-186.6 (breach of personal information), § 32.1-127.1:05 (breach of medical information), and § 22.1-20.2 (student data security). Some of the key aspects of these Virginia laws that employers should understand are set out below.

Virginia’s security breach notification laws

Who is subject to Virginia’s laws? The data breach laws apply to any individual, legal, or commercial entity that owns or licenses computerized data that include personal information and any organization supported by public funds that owns or licenses computerized data that include medical information of a resident of the Commonwealth.

What constitutes “personal information”? Virginia’s data breach laws protect the personal and medical information of Virginia residents. “Personal information” means the first name or first initial and last name in combination with and linked to one or more of the following types of information belonging to a resident of the Commonwealth, when the data elements are neither encrypted nor redacted:

• SSN;
• Driver’s license number or state ID card number issued in lieu of a driver’s license number; or
• Financial account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a person’s financial accounts.

What is “medical information”? “Medical information” means the first name or first initial and last name in combination with and linked to one or more of the following types of information belonging to a resident of the Commonwealth, when the data elements are neither encrypted nor redacted:

• Any information about an individual’s medical or mental health history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional; or
• An individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals.

What is a “security breach”? A “breach of the security of the system” means the unauthorized access and acquisition of your unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information maintained as part of your database of personal information and that causes, or you believe has caused or will cause, identity theft or other fraud affecting any resident of the Commonwealth.

Are there any exceptions? A breach of the security of your system doesn’t include the good-faith acquisition of personal information by your employees or agents if the personal information isn’t used for an unlawful purpose or subject to further unauthorized disclosure.
What is the “encryption safe harbor”? The unauthorized acquisition of your encrypted or redacted data, without access to the encryption key, doesn’t trigger the notice requirement under the statutes. The safe harbor isn’t available if personal information is encrypted but the encryption key is compromised.

What is “encryption”? “Encryption” means the transformation of data through the use of an algorithmic process into a form in which there’s a low probability of assigning it meaning without using a confidential process or key, or securing the information by another method that renders the data elements unreadable or unusable.

When are your notification obligations triggered? If a security breach causes, or you reasonably believe it has caused or will cause, identity theft or other fraud affecting a Virginia resident, notification is required.

What are the notice procedures? You must provide written, telephonic, or electronic notice to victims of a security breach without unreasonable delay, unless the disclosure would impede a law enforcement investigation (in which case notification is delayed until it’s authorized by the law enforcement agency). Notice to affected residents must contain specific information described in the statutes. You may provide substitute notice by means prescribed in the statute if your notification costs exceed $50,000, more than 100,000 people are affected, or you have insufficient contact information or do not have consent to provide notice by the primary means required by the statute.

What is “substitute notice”? Substitute notice includes all of the following:

• E-mail notice if you have e-mail addresses for the affected residents;
• Conspicuous posting of the notice on your website; and
• Notice to major statewide media.

When must you notify the AG and consumer reporting agencies? You also must provide notice to the Office of the Virginia Attorney General (AG) without unreasonable delay. If you are required to notify more than 1,000 persons of a security breach at one time, you are also required to notify consumer reporting agencies without unreasonable delay.

What are your third-party notice requirements? If you maintain computerized data that include personal information you don’t own or license, you must notify the owner or licensee of any security breach without unreasonable delay following your discovery of the breach.

Are there other exemptions? You are considered to be in compliance with Virginia law if:

• You maintain and comply with your own notification procedures as part of an
  information security policy and those procedures are consistent with the timing requirements of the Virginia data breach statutes;
• You comply with the notification requirements or procedures imposed by your primary or functional state or federal regulator; or
• You are subject to, and in compliance with, federal requirements under Title V of the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), or the Health Breach Notification Rule promulgated by the Federal Trade Commission (FTC).

How does Virginia enforce its notification laws? The AG may bring a lawsuit and impose a civil penalty not to exceed $150,000 for a security breach or a series of breaches of a similar nature that are discovered in a single investigation. Individuals may bring an action to recover direct economic damages resulting from a violation of the Virginia data breach statutes. Violations by state-chartered or licensed financial institutions are redressed by the primary state regulator. Violations by insurance companies are redressed by Virginia’s State Corporation Commission.

Are private lawsuits permitted? Although security breaches are generally enforced by the AG, nothing in Virginia’s data breach notification statute precludes an individual whose personal or medical information has been compromised from bringing a lawsuit and seeking recovery of economic damages.

Bottom line

The specific steps that you must follow when your security is breached can be quite complicated, as this article confirms. Accordingly, if you experience a data breach, it’s always wise to consult with legal counsel experienced in data breach laws. An experienced attorney can ensure that you are complying with all of your legal requirements. That’s significant because, as our article next month will explain, you may have obligations under federal law as well as Virginia law.

Milton Whitfield and Jayna Genti are attorneys with DiMuroGinsberg PC and contributors to Virginia Employment Law Letter. They may be reached at mwhitfield@dimuro.com or jgenti@dimuro.com.

© 2017 Used with permission of Fortis Business Media, Brentwood, TN 37027.

All rights reserved. http://store.hrhero.com/hr-products/newsletters/vaemp

To download a copy of the article, click here.

Read Part 1