In the wake of the Sept. 11, 2001, terror attacks, President Bush signed into law the USA Patriot Act, amending 15 federal statutes to give law enforcement officials wider latitude in investigating and punishing terrorists. Several provisions in the 342-page law will impact employers—particularly sections regarding records, electronic surveillance, and financial institutions. But because the new legislation is so far untested for possible violations of employee constitutional rights, employers must approach the new Patriot Act with caution. Here’s a look at key sections that apply to employers.
400+ pages of state-specific, easy-read reference materials at your fingertips—fully updated! Check out the Guide to Employment Law for California Employers and get up to speed on everything you need to know.
Business Records
The Patriot Act amends the Foreign Intelligence Surveillance Act to permit the FBI to apply for a judge’s order requiring any business to produce all records in an investigation of terrorism against the United States. This could include confidential medical records and education records. If you receive such an order, you may not disclose to anyone that the FBI is seeking the information.
In light of this new provision, it’s important to review your written policy regarding the confidentiality of medical information, if you have one. Make sure the policy informs employees that the company will fully cooperate with requests for such information from law enforcement or government agencies. And be sure to redistribute the revised policy to employees. This will help avoid complaints that you released the information in violation of company policy.
Electronic Surveillance
The Patriot Act also expands the government’s electronic surveillance powers. The government may now seize stored voice mail with a search warrant. Previously, voice mail could be taken only with a wiretap authorization, which was more difficult to obtain. (Note that just as in the past, stored e-mail may be seized with a search warrant.)
Also, the law permits the government—without a search warrant—to intercept computer use by a computer trespasser, as long as the government’s interception is authorized by the computer’s “owner or operator.” A computer trespasser is anyone who accesses a computer without authorization. This could include an employee who uses a company’s computer to transmit a personal message without employer permission or uses a computer-based voice-mail system to receive personal messages in violation of workplace policies.
To avoid problems, it’s a good idea to develop a company policy for responding to an electronic surveillance order from a government agency. Also, you should inform employees that you have the right to and may monitor work phone use, electronic mail, and Internet use, and that you will comply with laws regarding government requests to monitor or intercept such use.
Financial Institutions
The Patriot Act requires financial institutions to establish anti-money-laundering programs. Financial institutions include banks, mutual funds, credit card systems, money services businesses, securities brokers and dealers, credit unions, certain types of insurance companies, loan and finance companies, real estate salespeople and brokers, gaming establishments with annual revenues of more than $1 million, travel agencies, and dealers in precious metals or gems.
The anti-money-laundering program must include the following:
- Anti-money-laundering procedures, policies, and controls, including a “Know Your Customer” program that should be able to identify customers or clients and discover the source of their assets.
- An internal compliance officer.
- An employee-training program covering legal requirements, policies and procedures for company financial programs, recordkeeping, and identifying suspicious transactions.
- An independent audit function to test the program.
If you already have an anti-money-laundering policy, be sure to review it in light of these new requirements.