How to respond to a government audit of your employment records
You may have seen the recent headlines about Google – they successful fought a request by the federal government, Office of Federal Contract Compliance Program (“OFCCP”), for the contact information for 25,000 employees!
How does this effect my company?The OFCCP audits federal government contractors to ensure compliance with federal discrimination laws. As a federal government contractor, Google spent $500,000 (for a $600,000 government contract) to comply with OFCCP's information requests, which included salary and demographics information for 21,114 employees. Google complied but then OFCCP asked for even more information, including the contact information for 25,000 employees.
Google objected to this second request, in part, by arguing that it breached their employees' privacy. OFCCP argued that it need to speak with employees in order to determine whether Google was discriminating against women in their compensation process (there has been no determination that Google has discriminated yet). The judge agreed with both parties to some extent and limited the OFCCP's request to 8,000 employees.
You do not have to be a federal contractor in order to be audited by the government. Many other California and Federal agencies, such as the Equal Employment Opportunity Commission ("EEOC"), National Labor Relations Board ("NLRB"), and California Labor Commissioner, also have broad power to audit and subpoena your employee records. If you receive any subpoenas or requests for information it is essential to deal with it promptly to protect your business.
Why do I need to protect my employee's privacy?The California and federal constitutions protect an employee's privacy at work, which includes disclosure of contact information. Although responding to a subpoena is often an exception to privacy laws, it is essential to make sure that your actions are compliant with the law. While handling an inquiry from a government agency, you do not want to also be subject to privacy claims from your employees.
How can I protect my business?1. Implement Relevant Policies. Even though an employee has an expectation of privacy at work, this expectation can be modified through the employer's policies. It is important to have policies that balance an employee's privacy with the business needs of the employer. For example, employers could implement a policy that allows employers to release employee information.
2. Audit your Employment Practices. If you receive a subpoena, it is often because the agency thinks you are doing something wrong. At that point, it is often too late to prevent any liability. You should audit your current employment practices to ensure that you are complying with the relevant law and make any necessary changes.
3. Do not Destroy any Records. Upon receipt of a subpoena, do not destroy any records. That will make the situation worse. However, you can limit the records that can be audited by implementing and following a legally compliant Document Retention Policy.
4. Get Advice. When you receive any subpoena, please contact legal counsel for advice about how to proceed. A subpoena often means that the agency is looking for something. You should obtain advice about how to navigate the situation to minimize your risk.