Tag Archives: technology

The Legal Risks of Using Artificial Intelligence in Hiring and Recruiting

Contributed by Allison P. Sues, February 20, 2020

AI conceptual in business technology, artificial inteligence concept

As employers seek to reduce costs and time in the hiring process through artificial intelligence (AI) tools, they should also be aware of potential legal risks that come with merging recruitment with technologic innovation. Employers are turning to AI to assist with many aspects of the recruitment and hiring process, including automating the sourcing of potential candidates, screening from an existing candidate pool, and using AI assessment tools, such as conversational chatbots and video interviewing tools that can measure a candidate’s strengths based on factors such as facial expression, word choice, body language, and vocal tone. 

While these AI tools can be helpful in streamlining and strengthening the recruitment process, they can also cause unintended disparate effects on protected classes and place employers at risk for discrimination claims. For example, an AI tool may prioritize candidates that live within the same zip code as the office because studies show that employees with favorable commutes stay longer with their employers. However, such an automated selection may eliminate candidates from areas primarily composed of minorities and have a negative disparate impact on African American and Latino candidates. As another example, an AI tool may prioritize candidates with similar profiles to current successful employees in the company, which could put women or minorities at a disadvantage if the current workplace profile has more white men in higher positions.

The EEOC is currently looking at two instances of alleged discrimination in AI recruitment and hiring, and more charges and lawsuits on this issue are expected to appear. The EEOC has made clear that employers using AI in their hiring process can be liable for unintended discrimination, and AI vendors regularly include non-liability clauses in their contract with employers.  Therefore, employers must take steps to vet their AI tools and validate that they are not causing unintended discrimination in recruitment. Employers should test the AI algorithm’s functionality in pilot systems to determine whether the results may be biased. For sizeable employers, an internal Chief AI Officer may be used. Smaller employers may prefer to contract with a data scientist. Either way, these people should work with the employer’s counsel to validate the data, assess for bias, and determine risk for legal liability, all while protecting the information under the attorney client privilege. 

While AI in recruitment is not regulated on a federal level yet, Illinois has just enacted a first-of-its-kind law called the Artificial Intelligence Video Interview Act. Effective since January 1, 2020, this law requires employers who use AI to analyze video interviews of candidates to do the following: 

  • Employers must notify applicants that AI will be used in their video interviews.
  • Employers must explain to applicants how the AI works and what characteristics the AI will be tracking in relation to their fitness for the position. 
  • Employers must obtain the applicant’s consent to use AI to evaluate the candidate.
  • Employers may only share the video interview with those who have AI expertise needed to evaluate the candidate and must otherwise keep the video confidential.
  • Employers must comply with an applicant’s request to destroy his or her interview video within 30 days.

The teeth of this Act remain uncertain as it does not explicitly provide for a private right of action or damages for violations of the statute. Regardless, employers should tread cautiously and proactively in utilizing AI in video interviews or at any other stage of the hiring and recruitment process.

FYI, Text Messages and IMs Are Discoverable Too

Submitted by Suzanne Newcomb, April 12, 2018

Back in November we reported on a federal judge ordering several members of management to turn over messages from their personal email accounts and counseled employers to be proactive in managing employees’ use of personal email for company business. The guidance set forth there rings true for text messages and other forms of electronic communication (e.g. WhatsApp, Slack, Trello and myriad others) as well.

49297353 - woman using mobile phone in office workplace.As we explained in our prior post “document production” encompasses not only “documents” in the traditional sense, but all relevant information “stored in any medium” along with its metadata. To be fair, private entities are not required to retain every communication or even every document generated in the course of conducting business. But certain communications are subject to retention regulations and knowledge that litigation is “reasonably foreseeable” triggers a separate and distinct obligation to retain all information relevant to the potential dispute.

Companies that fail to preserve information once an obligation to do so arises run the risk a court will issue a “spoliation instruction” which allows the jury to assume, based on the fact that a party failed to retain relevant evidence, that the evidence it lost or destroyed must have been unfavorable to that party’s position in the litigation. Not a comforting thought for any business.

So, how does a company square the need to keep pace in today’s world of lightning-fast communication and also avoid falling victim to claims of spoliation?

  1. Electronic Communications Are Business Records. Remind employees all communications – including text messages and electronic communications sent via messaging apps — are official business records subject to retention policies and discovery in the event of litigation.
  1. Review your Litigation Hold Notice Form. Make sure it covers not only documents in the traditional sense, but also email, text messages, instant messages, and other forms of electronic communication.
  1. Regulate and Police How Your Employees Communicate. Publish clear policies addressing when texting and other forms of electronic communications are appropriate and when they are not. Can an employee text his/her boss if s/he is going to be late? Is it appropriate for sales personnel to negotiate terms with customers by text?
  1. Involve IT Professionals. Enlist the help of IT professionals to safeguard electronic communications the organization is required to retain and to establish protocols that will allow you to quickly capture communications (along with their metadata) that are relevant to actual or potential litigation when the need arises.

 

Illinois Employer Faces Class Action for Using Fingerprints to Track Attendance

Contributed by Suzanne Newcomb, October 5, 2017

Data Protection Keyboard

Technology allowing employers to use biometric data tools to track attendance and maintain worksite security abounds. Purveyors hype the advanced technology’s ability to accurately validate time entries, eliminate fraud, and better control access to the workplace or to sensitive areas within the workplace. If these systems are so readily available, it must be legal for employers to use them, right? As with seemingly everything involving HR and the workplace, it depends.

Last week, a group of Chicago-area employees filed a class action suit, alleging their employer’s use of worker fingerprints for time-tracking purposes violates the state’s biometric information privacy law. Specifically, the employees claimed that their employer failed to:

  • Properly inform them in writing of the specific purpose for which their fingerprints were being collected and the length of time their fingerprints would be stored and used;
  • Provide a publically available retention schedule and guidelines for permanently destroying their fingerprints; and
  • Obtain their written consent before obtaining fingerprints.

In 2008, Illinois became the first state to explicitly regulate the use of “biometric identifiers” which it defines as a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry and their derivatives, regardless of how that information is captured, converted, stored, or shared. 740 ILCS 14/10. The Illinois Biometric Information Privacy Act (BIPA) applies broadly to any individual or entity other than the government, and therefore encompasses all private-sector employers operating within the state.

Illinois Biometrics Legislation Sets Trend

Until recently, Illinois and Texas were the only states with laws addressing biometrics. However, a new wave of high-exposure litigation under BIPA has had an impact on other states’ decisions to introduce legislation on the matter. Many states, including Illinois, have data breach notification laws that cover biometric information, as well as other sensitive personal information.

Employers operating exclusively in jurisdictions that have not regulated the use of biometric information specifically could still face breach of privacy or negligence claims if their employee’s biometric information is compromised.

Tips for Employers

Due to the growing number of data breaches, employers are encouraged to ensure they have protocols in place to safeguard all of the personal information they possess, particularly biometric information.

Whether you are thinking about adopting and using biometric data or have already implemented this technology, it is vital that employers take the following steps before collecting any biometric data to ensure their use complies with the growing regulation in this area:

  1. Assemble a team of experienced legal, cyber-security, and data-breach experts prior to selecting or implementing any technology that uses biometrics. Involve this team in vetting potential vendors, negotiating the terms of vendor contracts, and developing protocols.
  2. Carefully draft policies and procedures to safeguard and properly destroy biometric information, as well as protocols in case of a breach. Ensure those policies, procedures, and protocols (and those of your outside vendors) comply with all applicable laws, including notice and disclosure requirements.
  3. Clearly disclose to your employees, in writing, your intent to collect and use biometric information, the ways the information will be used, the means by which the information will be collected, maintained, and eventually destroyed, as well as the safeguards the company has put in place to secure this information.
  4. Obtain each employee’s informed written content prior to collecting any biometric information. Consider good faith objections and requests for accommodation and analyze and address those requests in accordance with all applicable laws.
  5. Continue to monitor changing federal, state and local regulations in this area.