Workplace Privacy, Data Management & Security Report : Privacy Lawyers & Attorneys : Jackson Lewis Law Firm : Data Security, HIPAA & Confidentiality Issues

Have you ever reviewed the Facebook or LinkedIn profile or other social media activity of an employee or applicant? How about requiring employees or applicants to provide access to social media activity as a condition of employment. The Maryland and Illinois legislatures would like to limit employers' ability to engage in this kind of activity with new laws that would be the first of their kind in the nation.

Maryland. Under one version of the law in Maryland, H.B. 364, employers would not be permitted to

• require an employee or applicant . . . to disclose any user name, password, or other means for accessing any internet site or electronic account through an electronic device, or
• require an employee to install on the employee's personal electronic device software that monitors or tracks the content of the electronic device.  

Under this bill, the employer could not discipline the employee or refuse or fail to hire the applicant for not complying with such requests. However, an employer could require an employee to disclose username, password or other means of access to the employer's internal computer or information systems. 

The provision that would prohibit employers from monitoring or tracking content on electronic devices would present a dilemma for employers faced with various legal and ethical obligations to safeguard personal and other confidential data. Many employers are struggling to find ways to track, limit, and in some cases encrypt, personal and other confidential information maintained on portable electroinc devices, including the personal devices of employees. This bill would make that process more challenging, particulalry for businesses with nationwide operations in heavily regulated businesses such as healthcare, insurance, finance and so on.   

Two other bills (H.B. 310, S.B. 434) also are being considered that would prohibit public and nonpublic colleges and universities from making similar demands on students and applicants.

Illinois. The Illinois law being considered (H.B. 3782) would make it unlawful for "any employer to ask any prospective employee to provide any username, password, or other related account information in order to gain access to a social networking website where that prospective employee maintains an account or profile."

Existing Risks with Searching/Monitoring the Social Media Activity of Employees or Applicants. The Maryland and Illinois laws, if passed, may be the first of their kind, but they certainly are not the first risks employers have faced when engaging in this kind of activity. In fact, there are a range of existing risks employers must consider, such as

• Finding medical information protected under the American with Disabilities Act or the Genetic Information Nondiscrimination Act.
• Acting inconsistently when similar information is found about different applicants/employees/executives.
• Acting on information that is not true.
• Intruding into private areas.  
• Failure to document the steps taken in conducting the search.
• Not realizing the Fair Credit Reporting Act may apply and require consent and notice requirements.
• Unlawfully limiting protected concerted activity under the National Labor Relations Act.

Employers therefore need to proceed carefully when using social media as a tool for making decisions concerning hiring, promotion, discipline, and termination.  Assessing whether to engage in such activity, how and when to do so, who should be authorized to search and monitor in this way, and what training should be provided can go a long way to minimizing these risks.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In connection with its coverage of national signing day, ESPN.com recently highlighted that social media is increasingly being utilized by coaches to contact, recruit and gather information about players. For players, it's a way to get recruited, control the message and interact with fans and other recruits at unprecedented levels.  And, like in the workplace, misuse of the media can have unfortunate consequences. A New Jersey high school prospect recently found this out when he was expelled from Don Bosco Preparatory after questionable posts were viewed on his Twitter account.  We have noticed similar trends and similar missteps in the employment context, where social media is often being utilized by companies and employees without first being well thought out. 

While the NCAA does provide some social media regulations, online interaction is far less regulated than more “old fashioned” forms of communication. According to Gregg Clifton, Co-chair of the Jackson Lewis’ Collegiate and Professional Sports Industry Group, “The days of face-to-face interaction between coach and recruit have been forever transformed. While the NCAA limits direct phone contact and texting by coaches to recruits, current NCAA regulatory freedom still permits coaches to use social media to contact, recruit, and gather information about players they are considering for their programs.” Similarly, both state and federal employment law struggle to keep up with the ever expanding social media realm.  This was most recently highlighted by the NLRB General Counsel’s report on social media. Consequently, even for employers that do have social media policies, they often do not address key issues such as the company’s presence on-line, regulatory requirements that apply in their industry, and how managers and supervisors should and should not be using the medium. In fact, as shown by many of the NLRB’s rulings discussed in the recent report, many policies contain overbroad proscriptions that violate a variety of laws.  

To keep up with social media, some schools are hiring individuals to monitor the social media of prospective student-athletes and to make sure that improper interaction is not occurring, as well as to ensure confidential information, such as under FERPA, is not being disclosed.  Employers too are seeking to hire individuals to not only assist in utilizing social media for marketing, but also individuals who can monitor how social media is and should be utilized in employment decisions.  This is particularly true for statutes and regulations which one may not necessary link with social media.  For example, employers often don’t realize that they may improperly acquire genetic information in violation of the GINA by “friending” or “following” employees or applicants. 

Of course, schools also are employers…so, while universities and colleges need to institute effective policies and procedures to address their use of social media in recruiting, they also must address social media usage in the employment context.  

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Today, the NLRB's Acting General Counsel posted a second report concerning social media issues and the National Labor Relations Act. The cases discussed in this report should provide further guidance to employers struggling with developing strategies for using social media in their business, developing employee policies regulating activity in social media, and enforcing those policies. Look for follow up analysis from us and our Labor partners.

Check out our prior reporting on related developments.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The ECRI Institute recently published an excellent summary of key issues for hospitals concerning social media (registration required), a valuable read for any hospital administrator, risk manager or human resources director. ECRI reports that approximately 4,000 U.S. hospitals own social media sites and that number is sure to grow significantly. One of the reasons for this growth will likely be due in significant part to the increasing number of people looking to social media to research health decisions. According to a National Research Corporation survey cited in the summary, 41% of nearly 23,000 respondents said that they used social media for this purpose.

The summary discusses critical areas for healthcare organizations to consider concerning social media, which can be applied to most other industries:

• Understand the medium - what is social media, what are the different venues (Facebook, LinkedIn, FourSquare etc.), what is the competition doing, what new media is coming.
• Determine desired uses - promotion of services/sales, recruiting, reputation management, community involvement, education, and so on. 
• Assess risks - privacy, network security, employment, reputation, regulatory, malpractice, and protecting the brand.
• Develop policies and procedures - control company message and regulate employee activity.
• Implement and train and reevaluate - limit the number of employees who can speak for the organization, train employees on legal risks (such as with HR looking up applicant/employee background information on line), determine whether social media plan is producing desired results

Businesses in all industries are "going social," and should be developing a comprehensive plan before doing so. The ECRI summary provides a good starting point for thinking through some of the issues, particularly for those in healthcare.   

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A Wall Street Journal article on December 2 discusses the National Labor Relations Board's emergence into social media and non-union workplaces. For employers that have not looked at their policies and practices concerning employee activity in social media, this article serves as a good reminder. 

Click here for more information.   

• Email This
• Print
• Comments
• Trackbacks
• Share Link

 As the holidays approach, I am reminded of an employment law attorney I used to know who wrote a column about this time of year about holiday parties. He would warn Human Resources (“HR”) professionals to beware of sexual harassment issues as the punch flows and inhibitions dissipate at the annual office get-together.  How things have changed. In this era of Facebook and I-phones, every day is a holiday party in terms of potential liability. It used to be the only photographic evidence of employee carousal was a black and white photocopy of someone’s derriere. Now, smart phones capture everything in full color pixilation and the evidence is posted instantly. We may never know what Herman Cain and his associates were up to in the 1990s, but if it had happened now, you can bet there would be a text, tweet, or digital photo to add fuel to the Yule log fire.

As 2011 draws to a close, most employers have realized they cannot ignore social media. Social media exponentially increases a company’s opportunity for marketing. But HR folks also know that social media exponentially increases the opportunities for employees to do silly things and get in trouble. More than one fast food franchise has had to respond to digital photos posted on line of teen-aged employees bathing in a restaurant sink. Even folks who ought to know better, including an NFL quarterback and a United States Congressman, allegedly sent digital photos of their sugarplums to women who either did not want them, or did not mind sharing them on the Internet.

Based on my conversations with members of corporate HR departments, in the 2012 New Year they will be facing Social Media 2.0 – Rise of the Smart Phones.  Anyone who does not already have a smart phone will probably get one for Hanukkah or Christmas. All employers should already have a social media policy addressing expectations of privacy, anti-harassment, overtime, trade secret protection, Federal Trade Commission (FTC) restrictions, and exceptions for concerted activity and protected speech under the National Labor Relations Act.  Next year, employers will need to consider whether certain categories of employees should be required to keep smart phones locked away during business hours and will also need to respond to the growing demands by employees that they be allowed to conduct confidential company business on their personal I-phone.

Many employment law attorneys and HR managers may be asking Santa for a respite from the technology onslaught, and may need a drink at the holiday party as much as the next employee.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Written by Alexander Nemiroff

Employers are beginning to realize that their employees are sending or receiving recommendations on social media sites, such as LinkedIn, that are inconsistent with the employer’s policies, or worse, are false or fraudulent. They need to do something about it.

A large number of social media web sites are allowing users to recommend the work performance or services of co-workers, vendors, and customers. Unfortunately, many employers are not paying attention to this phenomenon. To their chagrin, they are discovering serious problems with these recommendations only when it is much too late.

For many years, attorneys have advised employers that providing positive or negative references for former employees can be problematic. Negative references for employees can often lead to defamation actions. As for positive references, a number of courts have found employers liable who provided false positive references for former employees that employers knew had committed crimes or engaged in other misconduct. As a result, many employers today simply provide neutral references for all former employees.

Unsanctioned recommendations appearing on social media sites also can cause complications for employers. Take, for instance, an ill-timed positive reference published by a manager on a social media site extolling his former employee’s honesty while, at the same time, but unbeknownst to the manager, the employer was contemplating litigation against the former employee for taking trade secrets or other confidential business information as he was leaving. 

Anonymous recommendations or endorsements by employees also may run afoul of the Federal Trade Commission’s Guidelines on the Use of Endorsements and Testimonials in Advertising, 16 C.F.R. § 255. For example, employees anonymously endorsing their own company’s products without full disclosure of their relationship may trigger liability. The Guidelines require not only full disclosure of such relationships, but that employers have procedures in place to prevent such an endorsement from being made.

To avoid these issues, employers should take several steps. First, employers need to amend their written social media and/or reference policies to address unauthorized employee recommendations and references on social media sites. Depending upon the circumstances, barring employees from making such references may be appropriate. However, this is not always practical or prudent for employers who are encouraging employees to promote their businesses through social media. Under these circumstances, employers may require that employees request authorization from their human resources department or other designated individual before making references or recommendations, and to make any necessary disclosures.

Simply amending social media and references policies and procedures, however, may be insufficient. Employers need to be vigilant and proactive in this area. Appointing suitable personnel, and perhaps a social media manager, to monitor public social media sites to ensure that employees are not violating these critical policies, is another measure employers should consider. When monitoring, special care should be taken by governmental entities not to violate an employee’s constitutional right to privacy and by private employers not to infringe upon laws protecting employee off duty or protected concerted activities. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Have you hired a social media manager?  A social media guru/wizard/ninja/diva?  Each of these job "titles" are increasingly being used by companies to attract individuals who specialize in marketing a company's brand and/or services in social media.  A recent article in the Chicago Tribune and Los Angeles Times highlights just how prevalent these job titles are becoming corporate America.  

As companies struggle to keep up with the rapidly evolving world of social media, they are turning to hiring to hiring social media managers to handle their social media presence.  However, companies should be leery of the “jump first, look second” approach.  In fact, several key questions should be asked when delving into the realm of social media and hiring a new, typically younger employee with responsibility for a company’s social media existence and, therefore, its brand

Qualifications:

• What qualifications are you looking for?  Often companies seek a younger employee who is "tech-savy."  Traditional employment issues notwithstanding (i.e. age discrimination when an "older" employee is not hired/considered for a position), companies must also consider what their social media mission/focus will be.  For example, to the extent a company utilizes social media as a marketing tool, will you want your social media manager to have a background in marketing?  Similarly, to the extent you wish to utilize social media to handle client/customer complaints, will you want your social media manager to have a background in customer relations? Will you hire an external candidate who is perhaps unfamiliar with your company and its mission, or will you hire an internal candidate?

Responsibilities:

• What products/services will the social media manager be responsible for discussing/marketing?
• Will the social media manager have total freedom to explore and execute social media opportunities? 
• What policies will the social media manager be responsible for implementing?  Will the social media manager have responsibility for implementing the company's social media policy to employees and managers as well?

Training/Protocols: 

• What training will be provided to your social media manager?  For example, will the social media manager be trained on what information he/she should or should not consider when examining posts by customers and/or employees? 
• What policies will govern your social media manager’s employment?  Will the social media manager be permitted to “friend” employees/subordinates on social media or establish policies for employees to follow? 
• What safety protocols will be in place?  For example, if your company has a Facebook page, will you social media manager be responsible for maintaining the password and access to same?  How will the company transition its social media presence if and when the social media manager separates from employment? 

While the above list is by no means exhaustive, it demonstrates some of the additional considerations that must be examined when a company wishes to expand into social media.   Companies are often unaware of the need to consider these questions prior to implementing a social media policy or hiring a social media manager.  However, examining these points will help ensure your company’s social media experience flows more smoothly. 

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

In a 23-page report, the Acting General Counsel for the National Labor Relations Board summarizes the Board's positions on social media and labor relations. This report is an interesting read and provides insight into one aspect of drafting social media policies - whether the policy will violate an employee's right to take part in protected concerted activity.

The report notes that:

Recent developments in the Office of the General Counsel have presented emerging issues concerning the protected and/or concerted nature of employees’ Facebook and Twitter postings, the coercive impact of a union’s Facebook and YouTube postings, and the lawfulness of employers’ social media policies and rules. This report discusses these cases, as well as a recent case involving an employer’s policy restricting employee contacts with the media. All of these cases were decided upon a request for advice from a Regional Director.

Social media clearly is an important issue for the Board and this memorandum likely is not its last word on the rules that will shape employer policy concerning the use of this media. The following discussion summarizes the memorandum and its effects on social media policy.

See related articles concerning NLRB activity concerning social media.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

. . . A Potential Headache for Employers of Younger Workers

Written by Lillian Moon

Retail, entertainment, hospitality and other industries that traditionally employ large numbers of younger workers may soon get dragged into criminal proceedings because of “sexting” by their younger workers. Florida has joined 20 other states — Alaska, Arkansas, California, Hawaii, Indiana, Iowa, Kansas, Mississippi, Nevada, New Jersey, New York, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Texas, and Guam — which have all enacted similar legislation addressing teen sexting. Because employees frequently transmit these materials using their employer’s networks, criminal prosecutions under these laws may require employers to respond to discovery requests and subpoenas, or permit searches pursuant to warrants obtained by law enforcement authorities, which, in turn, may unexpectedly trigger disciplinary proceedings.

On June 21, 2011, Florida Governor Rick Scott signed into law H.B.75/S.B. 888. Under this law, which will take effect beginning October 1, 2011, a minor (anyone under the age of 18) commits the criminal act of “sexting” if he or she knowingly uses a computer, cell phone, or other transmission device (1) to transmit or distribute to another minor a photograph or video of any person which depicts nudity; or (2) possesses such photograph or video which was transmitted or distributed by another minor, unless the photograph was unsolicited, the minor took reasonable steps to report the photograph or video to their legal guardian, school official, or law enforcement, and the minor did not transmit or distribute the video or photograph to a third party. A minor’s first offense is considered noncriminal and is punishable by 8 hours or community service or a $60 fine. The minor’s second offense is a misdemeanor in the first degree, punishable with imprisonment not to exceed one year or a $1,000 fine; and the minor’s third offense is a felony of third degree, punishable with up to five years’ imprisonment or a $5,000 fine.

Of course, sexting is not only an issue for minors. It is fast becoming an easy and well-utilized mechanism for sexual and other workplace harassment. Accordingly, employers should review and update their anti-harassment policies to include a prohibition of harassment via e-mail, text messaging, or use of social networking sites; and they should review their electronic communications policies to include a prohibition against using any employer-provided electronic device to transmit or retain any sexually suggestive or explicit pictures, texts, videos or any other derogatory material regarding race, ethnicity, age, disability, religion, or any other protected category. Employers should also educate and train employees on the revised policies and continue to enforce all policies in a fair and consistent manner. At the same time, employers should remain mindful of any limitations on such policies (as written or as applied) that may be imposed under the National Labor Relations Act.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Written by Ron Sgambati

NLRB Acting General Counsel Lafe E. Solomon offered some insight into the NLRB’s interest in Social Media earlier this month when he spoke at the Annual Conference on Labor at New York University. During his presentation, Solomon revealed that every one of the 52 NLRB regional offices across the country has at least one pending case presenting issues about employee use of Social Media or an employee’s policy concerning the use of Social Media.

Solomon noted that his work had reached a higher profile than his predecessor, and he credited it in large part to the NLRB’s attention to social media. Solomon said that the “good part” about the intense publicity the NLRB has received over the past year has been that he has had the “rare privilege” of using media appearances and interviews to explain the rights of employees under the National Labor Relations Act (“NLRA”), which had been unfamiliar or unknown to many Americans.

Solomon’s comments make it apparent he enjoys having the NLRB in the spotlight. His comments also explain what may be the motivation behind the NLRB focus on Social Media - the topic of Social Media provides the Board with an always-available platform from which to reach a public which may not otherwise be interested in hearing what the Board has to say about the NLRA.

Due to the pervasiveness of Social Media cases at all 52 regional offices, it appears certain that the summer months will heat-up with discussion of Social Media issues at the workplace.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Co-Author:  Joseph J. Lazzarotti

The pervasiveness of social media in professional and everyday communication is a hot button issue (discussed at length here), particularly for private and public employers and organizations.  In fact, many organizations have adopted, or are considering adopting, social media policies for employees and providing training for how employees should interact in cyberspace.  But what should those policies say and what should the training focus on?

To answer those questions, organizations should, among other things, develop and shape their policies, training and discipline concerning social media with an eye toward their particular businesses, regulatory environments, and whether they are in the public or private sectors. A number of recent developments show why this is critical:

·         Two recent Third Circuit opinions handed down on June 13, 2011-- J.S. v. Blue Mountain School District and Layshock v. Hermitage School District (discussed below)-- illustrate the importance of educating employees (teachers and administrators) about student’s First Amendment rights concerning social media and when discipline is appropriate,

·         FTC’s guidelines for endorsement of products or services are important for businesses whose employees are likely to be commenting online about the company’s products and services,

·         The NLRB’s recent actions regarding social media use and the National Labor Relations Act are important for all employers, particularly those in traditionally union-dominated industries,

·         The use of social media in the health care setting is presenting a range of challenges under HIPAA and patient privacy generally.

In addressing the extent to which school officials can regulate student speech, the Third Circuit Court of Appeals has held that school officials violated students’ First Amendment free speech rights by disciplining students for creating, outside of school, “fake” social networking profiles ridiculing their school principals. 

In Blue Mountain School District, 8^th grader J.S., using her home computer, created a MySpace profile in the name of her principal.  The profile was presented as a self-portrayal of a bisexual Alabama middle-school principal named “M-Hoe,” and contained crude and vulgar content. Upon learning of the content, the School District suspended J.S. for 10 days.  The Court held that because J.S. was suspended for speech that caused no substantial disruption in school and that could not reasonably have led school officials to forecast substantial disruption in school, the School District’s actions violated J.S.’s First Amendment free speech rights.  

In Layshock, Justin Layshock, a high school senior, using his grandmother’s computer, also created a MySpace profile in the name of his principal.  The profile included “degrading” content regarding the principal.  Upon learning of the profile, the School District suspended Justin for 10 days.  In analyzing whether a school district may punish a student for expressive conduct that originated outside of the schoolhouse, did not disturb the school environment, and was not related to any school-sponsored event, the Court found the School District was prohibited from reaching beyond the school yard.  

These decisions were based on the Supreme Court’s landmark case on the First Amendment’s application to public schools is Tinker v. Des Moines Indep. Cmty. Sch. Dist., 393 U.S. 503 (1969).  In Tinker, a group of high school students decided to wear black armbands to school to protest the war in Vietnam.  When school officials learned of the plan, they preemptively prohibited students from wearing armbands.  Several students who ignored the prohibition and wore armbands to school were suspended.  Eventually, the students brought suit alleging their First Amendment rights had been violated.  The Supreme Court overruled the district and circuit courts, holding that student expression may not be suppressed unless school officials reasonably conclude that such expression will “materially and substantially" disrupt the work and discipline of the school. 

These cases demonstrate the court's struggle in addressing social media content, especially where there are additional constitutional concerns when a party is a public entity.  For many organizations, First Amendment issues will not be at issue, but there likely will be other considerations.  As each and every industry is impacted by social media, attempting to address it in a one-size-fits-all manner without taking appropriate considerations into account is not only impractical, but in some cases unlawful.  As these developments have shown, efforts to address social media must include an effective industry specific social media policy coupled with training programs to educate employees on the use of social media in all facets of employment and conducting the entity's business. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Written by Ron Sgambati

It’s hard to miss the National Labor Relations Board’s recent activity targeting employer decisions based on workers’ use of social media - as it attempts to establish parameters in the work-life balance between social media and rights protected by the National Labor Relations Act. Just when employers understandably may feel compelled to stop basing employment decisions on social media use, a recent Advice Memorandum is giving employers hope.

The Arizona Daily Star had encouraged its reporter to use social media to reach people who might not read the paper and to drive readers to the newspaper’s website. The employee tweeted using his work computer, his company-provided cellphone and his home computer and linked his Twitter account to his Facebook and MySpace pages. Therefore, whenever he tweeted, the same message would be posted on Facebook and MySpace.

In one tweet, the employee criticized the Daily Star’s television staff. The employer warned the employee that his comments were inappropriate, but he continued to post inappropriate tweets, while commenting as a public safety reporter. The tweets included, “What?/?/?/? No overnight homicide? WTF? You’re slacking Tuscon.”

His employer suspended him then terminated his employment. He filed a charge with the NLRB Regional Office claiming he was terminated for engaging in NLRA-protected concerted activity. The Regional Office, as instructed by Office of the General Counsel’s Memorandum dated April 12, 2011, referred the charge to the Division of Advice (“Division”) because the charge involved discipline for engaging in alleged protected concerted activity using social media.
The Division did not find a violation of the NLRA. It instructed the NLRB Regional Office to dismiss the unfair labor practice charge. It determined that after opening a Twitter account and linking it to the Daily Star’s website, the employee engaged in “inappropriate and offensive Twitter postings that did not involve protected concerted activity” and was terminated for engaging in misconduct. This is an important development for employers, perhaps signaling the NLRB’s seemingly aggressive social media stance may not be one-sided.

The victory, however, has been tempered by the NLRB General Counsel’s May 9, 2011, complaint against Hispanics United of Buffalo, a nonprofit organization that provides social services to low-income clients. The complaint alleges the firing of five employees for Facebook postings that criticized working conditions was improper interference with protected concerted activity. It alleged that an employee posted a co-worker’s allegations that employees did not help the company’s clients enough and other employees responded to the post by defending their work and blaming working conditions, including staffing workload issues. The employer fired the five employees after learning of the posts because it found the comments were harassing to the employee who made the original post. A hearing has been scheduled for June 22, 2011.

These latest developments seem to show the NLRB searching for balance between the workplace and social media. The Wall Street Journal reports the Board said it had more than two dozen cases involving worker complaints aired on the social media site Facebook. Stay tuned . . . but in the mean time, employers need to think carefully before acting.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Maryland Senate recently referred Senate Bill 971 which prohibits Maryland employers from demanding that workers and job applicants turn over their passwords to specific websites or web-based accounts. 

Under the bill, employers would be prohibited from refusing to hire applicants and disciplining, terminating, or taking other adverse employment action against employees who refuse to provide their passwords. The bill also bans employers’ threats of such action.  

The bill was introduced in response to employers’ asking applicants and employees for their passwords as part of background checks to see the content posted by the individuals on social networking sites (e.g., Facebook ). S.B. 971 would, however, permit employers to require workers to disclose their passwords only to the employers’ internal computer systems.  

This proposed Maryland law, and case law from New Jersey, should alert employers that utilizing social media in their hiring, discipline, or termination decisions is under scrutiny.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A registered nurse terminated from employment for posting on Facebook while dispensing medication to a patient could not collect unemployment benefits in Pennsylvania. Chapman v. Unemployment Comp. Bd. of Review. This case is another example why it is critical to have clear, written electronic communication and social media policies in place that are reasonable and enforced consistently. Without the policy in place, this employer surely would have had a more difficult time defending the unemployment claim.

In this case:

• the employer's policies provided that (i) it may immediately discharge an employee who engages in conduct that could cause a life threatening situation and (ii) cell phone usage is prohibited while on duty;
• the employee was aware of these policies and had previoulsy been warned about them;
• while on duty and dispensing medicine to patients, the employee used her personal cell phone to post comments on her Facebook page about an unpleasant and embarrasing incident experienced by a coworker;
• the nursing director heard other nurses speaking about the Facebook posts in the hall and asked one of the nurses to show them to her; and
• the employer terminated the nurse who made the posts on grounds that her conduct could cause a life threatening situation to patients.  

Reversing an earlier decision that would have allowed the employee to receive unemployment because her actions did not constitute "willful misconduct," Pennsylvania's Unemployment Compensation Board of Review noted that the nurse "was aware of the employer's policy prohibiting the use of cell phones while on duty, yet she violated that policy despite having been previously warned for doing so.” The Pennsylvania Commonwealth Court agreed.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Written by Ron Sgambati

Seemingly intent on making sure it is perceived as current, if not trendy, today’s National Labor Relations Board (NLRB) has continued to demonstrate an avid interest in social media. Not only is it paying attention to new media in all its forms, but it is also actively participating, with a Facebook page, a YouTube channel and a Twitter feed.

On April 12, 2011, the NLRB General Counsel issued a memorandum (pdf) to NLRB Regional Directors updating the list of matters that must be submitted to the Division on Advice. Included on the list are cases involving:

employer rules prohibiting or discipline of employees for engaging in, protected concerted activity using social media, such as Facebook or Twitter.

This is expected to allow the Board to have an earlier and more uniform oversight of matters involving social media.

The directive comes after the Board’s recent involvement in matters concerning possible protected concerted activity on Facebook and Twitter. In late 2010, the NLRB challenged a company’s Social Media/Facebook policies which the company maintained were lawful. The case settled with the company agreeing to make suggested changes to its policies.

In April, 2011, the NLRB targeted another social medial resource – Twitter. According to the New York Times,  the NLRB had warned a New York news agency that it planned to file a complaint accusing the company of illegally reprimanding a reporter over her criticism of company management in a Twitter posting. The Board asserted the company violated the reporter’s right to discuss working conditions with other employees. The matter was resolved when the union and company - which had been negotiating a new contract - reached a tentative contract on April 28, 2011. According to the New York Times,  the company has agreed to negotiate a new social media policy that would include language that will protect employees’ speech and the right to engage in other concerted activity about working conditions.

The Board again focused on Facebook after issuing its directive. On April 27, 2011, the NLRB reported it had approved a settlement in a case involving a California web-based home improvement retailer. A former employee had claimed she was terminated from her employment in retaliation for having posted comments about the company and possible state labor code violations on Facebook. The case was resolved and as part of the settlement the company agreed to post a notice at the workplace for 60 days stating that employees have the right to post comments about terms and conditions of employment on their social media pages and that they will not be terminated or otherwise punished for such conduct.

It is only a matter of time before there is a litigated case and a court’s ruling addressing these very real and reoccurring issues. Employers should exercise care in how they handle social media issues from a labor relations perspective and treat the recent NLRB scrutiny as an invitation to revisit their own social media policies.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Trying to keep up with the fast-moving world of social media, the Kentucky Court of Appeals has ruled that “tagged” or captioned photographs posted on Facebook may be admitted as evidence. The ruling in the case has implications for employers.  In LaLonde v. LaLonde, the appellant-wife objected to the trial court’s admitting into evidence photographs taken from Facebook that identified her by “tagging.”  The photographs appeared to show her consuming alcohol in contradiction to the advice of her mental health providers—a key issue in the custody dispute.     

The wife argued the photographs should not be admitted because Facebook allows anyone to post pictures and then “tag” or identify people in the pictures and she never gave permission for the photographs to be published in this manner on.  Rejecting this argument, the appellate court held, “There is nothing in the law that requires permission when someone takes a picture and posts it on a Facebook page.  There is nothing that requires her permission when she was ‘tagged’ or identified as a person in those pictures.”  The Court acknowledged that modern digital photography techniques may allow for alteration of the photograph, but pointed out that the wife never suggested such techniques were used, instead acknowledging the pictures were accurate.

The potential implications of this holding are numerous.  As we have previously discussed, employers may be able to use social media (which arguably includes tagged pictures) to fight emotional distress damages.  Similarly, as we described here, Facebook content has been utilized by employers in disciplinary decisions.   Our Social Media White Paper provides a helpful discussion of this and other issues employers should think about when it comes to social media.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Co-authored with: John Snyder 

The First Amendment of the U.S. Constitution protects from judicial restraint discussions over matters of public concern, including claims of wide-scale data breaches of social security numbers and other personal information by a former employee on a blog, a New York State Supreme Court justice has ruled. Cambridge Who’s Who Publishing, Inc. v. Sethi, 009175/10, NYLJ 1201482619238, at *1 (Sup. Ct., Nassau Cty. Jan. 25, 2011). Finding no extraordinary circumstance that would overcome the Constitutional protection, the court denied a company’s request to enjoin its former employee from blogging about the company and its products, despite his agreement to maintain the confidentiality of confidential business information.

Relevant Background

Harsharan Sethi was the Director of Management Information Systems for marketing and networking company Cambridge Who’s Who Publishing. When Sethi started working at Cambridge in July 2008, he signed an “employee covenants and non-disclosure agreement.” The agreement prohibited Sethi from using the company’s confidential information, except to pursue Cambridge’s business. Confidential information included “client names, addresses, and credit card numbers.” Cambridge terminated Sethi’s employment in February 2010.

The Blog Post

After Sethi’s termination, Cambridge suspected he was the author of a post on www.cambridgeregistrscam.com, which stated that members might be entitled to a full refund of their membership fees, suggested that members file complaints with the District Attorney and Attorney General, and offered to provide information on management personnel, including “their backgrounds,” “their life styles,” and “their prior run ins with [the] IRS.”

Cambridge viewed the blog post on May 11, 2010, and moved for a preliminary injunction the very next day. It sought to restrain Sethi from: (1) attempting to access Cambridge’s database; (2) contacting Cambridge’s “members” or customers; (3) disclosing customers’ personal information; (4) making any statements about Cambridge that might interfere with its goodwill, including contacting its employees or vendors; and (5) maintaining any blog or website concerning Sethi’s former employment.

The court granted the company’s request for a preliminary injunction, in part, enjoining the solicitation of Cambridge’s customers or disclosing their names or personal information. The court, however, denied Cambridge’s request that Sethi be restrained from making any allegedly defamatory statements regarding the company.

Cambridge later renewed its injunction request, submitting to the court allegedly defamatory statements made by Sethi after the court’s initial ruling. It presented an e-mail from Sethi to the New York Attorney General in which Sethi stated that tapes containing the personal data (including names, addresses, social security numbers, payroll data, checking account and credit card information) of 400,000 Cambridge members were lost or stolen from the company.

The court then granted a temporary restraining order enjoining Sethi from contacting Cambridge’s employees about his former employment or making statements that interfere with Cambridge’s goodwill, including maintaining a website or blog, until the preliminary injunction hearing.

First Amendment Protection

At the hearing, though, Justice Stephen Bucaria finally denied the injunction, holding that the First Amendment of the U.S. Constitution encompasses “at the least the liberty [to] discuss publicly and truthfully all matter of public concern without previous restraint or fear of subsequent punishment.” Finding that the alleged loss of social security numbers and credit card information, among other data, “implicate[] the economic interests of a large number of people” and, therefore, were matters of public concern, the court held that Cambridge had failed to establish “extraordinary circumstances” justifying a prior restraint on speech and warranting the denial of the injunction restraining Sethi from communicating with Cambridge’s customers or law enforcement agencies concerning data loss.

Lessons

Cambridge provides employers with several significant lessons.

• First, it is instructive of the enforceability of a non-solicitation-of-customers provision that it enforced by injunction.
• Second, absent compelling facts constituting “extraordinary circumstances,” courts generally are reluctant to enjoin or restrain speech that may be protected by the First Amendment.
• Third, the decision raises two key points about data security:
  • Companies that experience an unauthorized access to or acquisition of personal information that they possess may be required to report the unauthorized access to affected individuals and certain state agencies. In New York, there are three state agencies that must be notified in cases of certain breaches of personal information: Office of Cyber Security, Attorney General's Office, and Consumer Protection Board.
  • Likewise, companies must take appropriate steps when employees complain about or raise data-security issues. In at least two court decisions, one in New Jersey and the other in California, employees were permitted to proceed with claims of employment retaliation upon asserting they have suffered an adverse employment action after their complaints about data security at their companies.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Our adversaries are trolling social networks, blogs and forums, trying to find sensitive information they can use about our military goals and objectives. Therefore, it is imperative that all Soldiers and Family members understand the importance of practicing good operations security measures.

-Sgt. Maj. of the Army Kenneth O. Preston

The above quote is contained in the U.S. Army Social Media Handbook, (pdf) published January 2011, which lays out a comprehensive set of guidelines for soldiers participating in social media. According to the the Handbook: The Army encourages members of the Army Family to use social media to connect and tell their stories, but it also advises everyone to do this in a safe
and secure manner.

This move by the Army follows a February 25, 2010, Department of Defense Directive-Type Memorandum (DTM) which provided guidelines for military use of social media and acknowledged
“that Internet-based capabilities are integral to operations across the Department of Defense.”  The DTM clearly indicates that use of social media in the DoD is authorized.

While much of the specific policy governing soldiers' is left to Army leaders, the Handbook provides some familiar advice:

• Take a close look at all privacy settings. Set security options to allow visibility to “friends only.”
• Do not reveal sensitive information about yourself such as schedules and event locations.
• Ask, “What could the wrong person do with this information?” and “Could it compromise the safety of myself, my family or my unit?”
• Geotagging is a feature that reveals your location to other people within your network. Consider turning off the GPS function of your smartphone.
• Closely review photos before they go online. Make sure they do not give away sensitive information which could be dangerous if released.
• Make sure to talk to family about operations security and what can and cannot be posted.
• Videos can go viral quickly, make sure they don’t give away sensitive information.

Many of the technological and personnel issues that concern the Army apply in the private sector, although for obvious reasons there can be far different consequences for the military (and for us). Still, having clear policies and thinking through how social media can affect your business is critical for today's workplace. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Co-authored with Marty Payson

The combination of “social media” and the “workplace” raises many traps for the unwary employer:

Can we use social media when hiring? Can employees be prohibited from using social media at work? Can we monitor employees use of social media? What are the essential elements of a social media policy?

As with many issues involving new technology, however, a good part of the analysis typically reverts back to traditional principles of employment law. The same is likely to be true when the use of social media intersects with certain aspects of Labor Law.

Section 7 of the National Labor Relations Act states:

Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all such activities except to the extent that such right may be affected by an agreement requiring membership in a labor organization as a condition of employment as authorized in section 8(a)(3) [section 158(a)(3) of this title].

An employer violates NLRA Section 8(a)(1) by acts and statements reasonably tending to interfere with, restrain, or coerce employees in the exercise of their Section 7 rights. Thus, employers need to remember to consider existing labor principles issues when adopting and enforcing social media policies, discussing social media usage with employees and monitoring usage, and disciplining employees because of their social media usage.

In a recent case (Salon/Spa at Boro, Inc. 9-CA-45349, 9-CA-454426, 9-CA-45538), employees claimed their manager unlawfully threatened them concerning their social media usage. The manager impressed upon the employees that their postings on social networking sites were perhaps more available for public viewing than they realized, and expressed displeasure that certain current employees were choosing to post comments on social network sites belonging to disgruntled former employees. In addition to agreeing with the employer’s statute of limitations arguments, the Administrative Law Judge found the purpose of the manager’s statements concerning publicity to be didactic, not coercive. In regard to the statements about postings on sites belonging to disgruntled employees, the ALJ found no threats, but rather a lawful expression by an employer of opinion, citing NLRB v. Gissel Packing Co., 395 U.S. 575, 617 (1969).

A nonbinding Advice Memorandum from the National Labor Relations Board in Sears Holdings (Roebucks) Case 18-CA-19081 addressed a social media policy and whether it violated Section 7 of the NLRA. The policy stated:

In order to maintain the Company’s reputation and legal standing, the following subjects may not be discussed by associates in any form of social media:

• Company confidential or proprietary information

• Confidential or proprietary information of clients, partners, vendors, and suppliers

• Embargoed information such as launch dates, release dates, and pending reorganizations

• Company intellectual property such as drawings, designs, software, ideas and innovation

• Disparagement of company’s or competitors’ products, services, executive leadership, employees, strategy, and business prospects

• Explicit sexual references

• Reference to illegal drugs

• Obscenity or profanity

• Disparagement of any race, religion, gender, sexual orientation, disability or national origin

The Division of Advice held that while the provision concerning disparagement of the company’s executive leadership, employees, and strategy could “chill” Section 7 activity, the policy should be viewed in context, not by looking at any provision in isolation. The Division of Advice reasoned that the policy does not apply to Section 7 activity because while the statement “could chill the exercise of Section 7 rights if read in isolation, the Policy as a whole provides sufficient context to preclude a reasonable employee from construing the rule as a limit on Section 7 conduct.” This is because virtually all of the other items on the list of proscribed activities in the policy are clearly not protected by Section 7.

These two decisions provide some good news for employers. The bad news is that both of these decisions were made before the significant changes in the make-up of the National Labor Relations Board following Barack Obama’s becoming President. Many believe the current composition of the NLRB is likely to substantially change these results, requiring employers to exercise more care in how they handle social media issues from a labor relations perspective. There also are related issues that may be revisited by the NLRB in the near future, such as Board’s decision in Guard Publishing Co., d/b/a The Register-Guard, 351 NLRB 1110 (2007) (pdf), that a policy prohibiting use of the employer's e-mail system for any "non-job-related solicitations" does not violate the §8(a)(1).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Confidentiality and non-disparagement clauses are customary in settlement agreements and severance contracts in the employment law context. These days, however, the temptation can be irresistible for disgruntled former employees to trash their former employer on social media sites like Facebook, Twitter, or LinkedIn, on blogs, by text or e-mail or other electronic means.

In the 1800s, Londoners stood on soapboxes at Speaker’s Corner in Hyde Park to air their grievances to small groups of passers-by. But in 2010, with greater permanency and reach, disgruntled employees are more likely to turn to the Internet to share their thoughts to the entire planet. A former software company employee once sent 200,000 e-mails to 35,000 employees complaining of his treatment by a former employer.

For this reason, standard confidentiality and non-disparagement clauses should include a specific prohibition regarding communications on social media and e-mail, along with a liquidated damages provision. This puts the former employee on notice and will make him or her think twice before “tweeting” about the employer. In addition, a court will be more likely to enforce the agreement and award the company damages for a breach if there is specific language addressing this behavior.

In one recent case, a federal court ruled that an employer was relieved from payment obligations under a confidential settlement agreement after the plaintiff texted her friends about the amount of the settlement. In another case, a former CEO and CFO anonymously posted negative comments about a publicly traded company on Yahoo. The company determined their identity by subpoena and sued under a non-disparagement clause, recovering six-figure severance payments. These cases fly under the radar because they are often filed under seal, but they are increasing. 

A claim for breach of a non-disparagement clause is different from a defamation claim in important ways. Most importantly, truth is not necessarily a defense. Damages are generally limited to liquidated damages or compensation damages. Disgorgement of any severance pay is a proper form of contractual damages for a breach.

In City Group, Inc. v. Ehlers, 402 S.E.2d 787 (Ga. Ct. App. 1991), a company’s former president was quoted as saying that he left because of “philosophical differences” and that “[i]t was hard to define the direction of the Company.” The company sued him under a non-disparagement clause. The court held that the comments did not constitute disparagement, noting:   The term, "disparagement," is defined in Webster's Third New Intl. Dictionary (1961) as "diminution of esteem or standing and dignity; disgrace . . ., the expression of a low opinion of something; detraction. . . ."  A “disparaging” term, according to the court, can therefore be broadly viewed as a negative statement, even if true. The Webster’s New Riverside University Dictionary defines “derogatory” as “disparaging.” So the terms seem synonymous.

As employers strive to protect their reputation, good will, and employee morale in the age of social media, non-disparagement clauses are worth a look.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A UK law firm may find itself subject to significant penalties following reports of a data breach affecting thousands of people.  The recent 2010 ABA Annual Meeting in San Francisco devoted two sessions to the topic, specifically dealing with “cloud computing,” and the risks and ethical issues it raises for law firms. As data privacy and security risks mount for all businesses, they are perhaps even more critical for law firms. 

Law schools in the United States teach their students about a long-standing and fundamental tenet of the legal profession – the attorney-client privilege. It is indeed the general obligation of attorneys to keep client communications confidential. Law schools generally do not teach, at least not nearly to the same degree, how lawyers as law firm business owners ought to protect the personal information of their clients from unauthorized acquisition or access, without hampering their practice.

This primer is intended to provide a brief discussion of the key issues for law firms and some helpful steps for developing a plan to safeguard such information.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

ABC news reported yesterday about an employee fired for statements made on a social networking site – this time Facebook. The employee, Massachusetts high school teacher June Talvitie-Siple, was fired by her school district for statements she made about the community, her students and their parents. The 54-year-old teacher mistakenly thought her statements were being communicated only to her circle of friends on the popular site, not to the entire world. As others have found before her, such a misconception can be costly.

What did Talvitie-Siple say on Facebook? In one post, she referred to the students as “germ-bags,” on account of the multiple times she caught illnesses from them. She also described the community and the parents as “arrogant” and “snobby.”

Whether these are the kinds of posts that warrant termination of employment is beyond the scope of this discussion.

The ABC report shows that the negative consequences of unflattering social media communications are on the rise (even though employees have yet to realize it). Companies need to think through their policies concerning these kinds of electronic communications, made both at and outside of work, particularly regarding the appropriate levels of discipline. A helpful discussion of this and other issues employers should be thinking when it comes to social media can be found here.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

All information from plaintiffs’ social networking profiles and postings that relate to their general emotions, feelings, and mental states must be produced in discovery when they allege severe emotional trauma and harassment against their employer, a federal court in Indiana has ruled. (EEOC v. Simply Storage Management LLC, S.D. Ind., No. 1:09-cv-1223, discovery order 5/11/10).

Social networking sites (SNS) such as Facebook and MySpace are fast becoming a hot topic in litigation as they may contain a wealth of potentially relevant information. In Simply Storage, the Equal Employment Opportunity Commission brought suit on behalf of plaintiffs and other similarly situated employees who claimed their employers were liable for a supervisor’s alleged sexual harassment. The EEOC requested a discovery conference because counsel for the parties disagreed as to whether the two named plaintiffs must produce the Internet social networking site profiles, including postings, pictures, blogs, messages, personal information, lists of “friends,” and of causes joined that the user has placed or created online.

The EEOC objected to production of all SNS content (and to similar deposition questioning). It argued the requests were overbroad, not relevant, unduly burdensome (because they improperly infringe on claimants’ privacy), and would harass and embarrass the claimants. Simply Storage countered that discovery of these matters was proper because certain EEOC discovery responses placed the emotional health of particular claimants at issue, beyond that typically encountered in “garden variety emotional distress claims.”

The court weighed ordering complete discovery of the plaintiffs' Facebook and MySpace account information against limiting discovery to content specifically related to the alleged injury.  It found neither alternative satisfactory. According to the court, limiting discovery to posts that specifically referenced the mental issues and harassment alleged by the plaintiffs would be too narrow, while admitting the full profiles would include likely irrelevant—and potentially inflammatory—content. The court held, “It is reasonable to expect severe emotional or mental injury to manifest itself in some SNS content, and an examination of that content might reveal whether onset occurred, when, and the degree of distress. Further, information that evidences other stressors that could have produced the alleged emotional distress is also relevant.”

The court therefore defined the relevant scope of discovery as including “any profiles, postings, or messages (including status updates, wall comments, causes joined, groups joined, activity streams, blog entries) … that reveal, refer, or relate to any emotion, feeling, or mental state, as well as communications that reveal, refer, or relate to events that could reasonably be expected to produce a significant emotion, feeling, or mental state.”

The court rejected the EEOC’s assertion that broad discovery of this kind would violate the plaintiffs' right to privacy and held that, while potentially relevant content may be embarrassing to the plaintiffs, “this is the inevitable result of alleging these sorts of injuries.” In addressing the argument that the profiles were “private” and password protected, the court held that these protections were insufficient to circumvent discovery. “[A] person's expectation and intent that her communications be maintained as private is not a legitimate basis for shielding those communications from discovery.”

This case illustrates the importance of expanding the traditional thinking behind discoverable information to cover social media. Employers, upon advice of counsel, should consider requesting information of this nature. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Whether it be Facebook, MySpace, LinkedIn, Twitter, YouTube or the company blog, employee presence in social media is way, way up, creating risks for employers that are proving difficult to manage without careful planning and appropriate policies.

These risks can take many forms - FTC endorsement issues, inadvertent sharing of confidential company or personal information, harassment claims, blog posts harmful to the company's reputation - to name a few.  The damage can be done whether the employee is posting at home or during working hours.

This white paper (pdf), which takes into account some of our prior posts, is intended to help employers get a better handle on these issues, particulalry in three area: (1) employees’ misuse of social media; (2) monitoring and regulating employees’ social media use; and (3) basing hiring decisions on information obtained from social media.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On January 29, 2009, I had the opportunity to attend a brief presentation sponsored by Minnesota CLE entitled, “Corporate Data Privacy & Security: 10 Legal Practice Tips,” given by Brad Bolin, Senior Corporate Counsel for Best Buy, Inc. a Fortune 500 electronics retailer headquartered in Richfield, Minnesota. Bolin is a specialist in information security and privacy law. I was curious to hear what data privacy issues were on the mind of someone who monitors these issues for a living on behalf of a large corporation, especially a company that sells some of the very devices that make data privacy more challenging and which is known for its “results oriented” work environment. Many of the issues relate to topics discussed on this blog. The views expressed were strictly those of Bolin, not Best Buy. Here were his observations:

1. Work/Life Balance.  Electronic connections are collapsing the distinctions between work and personal life. Employees expect to be connected 24 -7. Bolin quoted Best Buy CEO Brian Dunn as noting, “Technology is … a constant backdrop in people’s lives, at home, at work, on the road and literally in the palms of their hands. We call it the ‘connected world’ and, as exciting as it is, it’s also increasingly complex, and difficult to keep pace with.”

2. Smart Phones Part 1.  Smart phones are becoming common and are a great example of how the “limited personal use” exception is swallowing the rule. He cited a survey showing that 20% of companies allow their employees to use personal devices for work, and the number is surely growing. Bolin discussed how under the old corporate model, a company that pays for an employee’s smart phone ought to take it back from the employee upon his or her departure, erase the contents and either recycle or reuse the device to prevent the disclosure of confidential corporate information. But what about the employee’s personal photographs, “apps”, movies, contacts and downloaded songs? What if the employee paid for the device but the company reimburses the cost? Securing employee-owned smart phones is not the same as securing corporate-owned devices, he emphasized.

3. Smart Phones Part 2.  Bolin said that, whatever rules you choose, a departing employee should be able to take his or her personal data, while IT should be able to ensure that any corporate information has been safely removed. The process should be simple and transparent to all. Adopt simple rules that make corporate data on an employee's smart phone easier to identify and control. For example, distinguish between media files on the one hand, and xls doc, ppt, and pdf documents on the other. Have a transparent dialog with employees about the trade-offs that exist cost when placing personal phones on the corporate network. For example, an employee might be required to archive SMS text messages on his phone for e-discovery purposes.

4. Texting Issues.  While e-mail typically is stored on a common server, text messages usually are stored by cell phone companies or directly on phones, and often the employer does not directly pay for their storage. Employers must have either a warrant or the employee's permission to see cell phone text messages that are not stored by the employer or by someone the employer pays for storage, Bolin said, citing Quon v. Arch Wireless, et al. 529 F.3d 892 (9th Cir. 2008),  The case is now under review by the United States Supreme Court.

5. TMI = Too much information.  An embedded Global Positioning System (GPS) feature is great for supporting and measuring effectiveness of a mobile sales force, but it raises the danger of collecting information about employees regarding the personal part of their life.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

 According to the newly revised Federal Trade Commission (“FTC”) Guides, employers may face liability for employees’ commenting on their employer’s services or products on “new media,” such as blogs or social networking sites, if the employment relationship is not disclosed. Potential liability may exist even if the comments were not sponsored or authorized by the employer. 

The revised Guides took effect December 1, 2009. They address the application of Section 5 of the FTC Act (15 U.S.C 45) to the use of endorsements and testimonials in advertising and provide examples of the application of Section 5, including examples that could lead to potential employer liability. One such example specifies liability for an employee’s blog posting concerning his employers’ product, where the employment relationship is not previously disclosed:

An online message board designated for discussions of new music download technology is frequented by MP3 player enthusiasts. They exchange information about new products, utilities, and the functionality of numerous playback devices. Unbeknownst to the message board community, an employee of a leading playback device manufacturer has been posting messages on the discussion board promoting the manufacturer’s product. Knowledge of this poster’s employment likely would affect the weight or credibility of her endorsement. Therefore, the poster should clearly and conspicuously disclose her relationship to the manufacturer to members and readers of the message board.”

In comments to the proposed revisions, the Commission agreed that the establishment of appropriate procedures governing “new media” would be a factor in its determination as to whether law enforcement action is appropriate. Tellingly, the Commission stated that it has brought enforcement actions against companies “whose failure to establish or maintain appropriate internal procedures” had resulted in consumer injury. However, the Commission refused to spell out the procedures companies should put in place to monitor compliance with the principles set forth in the Guides, leaving companies to determine for themselves the process that would best fulfill their responsibilities. 

In light of the FTC’s clear recognition of “new media” and enforcement goal, employers should adopt social media and blogging policies as soon as possible. Employers should consider policies and procedures which address employee use of blog or social networking sites. Those policies, like this sample policy, should articulate the types of disclosure employees must include when they discuss their employers or their employers’ products or services. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

More companies are becoming a part of the social networking community – setting up Facebook pages, “friending” their employees and customers, and so on. Businesses use these sites for a variety of purposes including marketing; client, employee and government relations; and community involvement. With lawmaking bodies and courts just beginning to struggle with the range of issues these new media create, companies should exercise caution and monitor the legal, technical, and other developments that may affect their involvement.

Companies already a part of (or thinking of joining) the social networking community should consider the effects on employee relations. In theory, the risks inherent in interactions between/among the company and/or its employees in a social networking environment are similar to risks the company faces in more traditional workplace settings such as the office or company-sponsored events. Online media, however, create some interesting questions:

• Are all of your employees aware of the company site so as not to feel left out?
• Do employees feel as if they must participate on the site – such as accepting other employees as “friends,” or agreeing with company posts? Do they need to be compensated for participation?
• Does a supervisor accepting some employees as friends and not others raise discrimination risks and morale concerns?
• Are employees free to dissent from company positions on its site? How far can employees go? Disciplining or terminating an individual’s employment with the company for activity on the company’s site or some other online social media can be risky on a number of grounds – such as under whistleblower laws (e.g., Sarbanes-Oxley and state/local laws), the National Labor Relations Act, and anti-discrimination and anti-retaliation laws.
• Does active company management of the site constitute monitoring of employee communications?
• How does the company handle the information about employees (and their dependents, friends and others) it may have access to as part of the employees’ participation in the network?

For sure, there are many areas about which companies need to think through as they consider their direct participation in the social networking community – the services of the social network provider, promoting the company’s presence in the community, consumer protection, copyright protections, and so on. Even the list above only begins to scratch the surface of the range of employment law issues that arise when an employer participates in this media.

• Email This
• Print
• Comments
• Trackbacks
• Share Link