Deletion of Facebook Page = Spoliation

Posted on April 11, 2013 by Jason C. Gavejian

A New Jersey District Court has sanctioned a personal injury plaintiff for spoliation following the plaintiff’s deletion of his Facebook account which defendants were trying to access.  

The defendant’s discovery requests asked for documents or records of “wall posts, comments, status updates or personal information posted or made by plaintiff on Facebook and/or any social media website from 2008 through the present.” Later, the defendant sent forms for plaintiff to execute which would authorize Facebook and other sites to release plaintiff’s information. The plaintiff executed all the authorizations except the one for Facebook.

Plaintiff’s failure to execute the Facebook authorization was raised before the Court and the Court ordered plaintiff to execute the authorization.  Plaintiff agreed to enable access by changing his password to a certain word. Thereafter, defense counsel accessed the account to confirm the password change and printed some of the accounts content.  

The following day, Facebook notified plaintiff of the account access from an unknown IP address in New Jersey. Plaintiff notified his counsel who contacted defense counsel to confirm that the records would be sought from Facebook headquarters. Defense  counsel responded, explaining the account was accessed to confirm the password change but would not be accessed again as the authorization was sent to Facebook.

Facebook responded to the authorization advising that the Stored Communications Act barred it from disclosing the data but suggested having plaintiff download the content himself.    Counsel for the parties agreed that plaintiff would do so and turn over a copy, along with a certification that he had made no changes since he was first ordered to execute the authorization. However, plaintiff’s counsel later advised defendants that plaintiff had deactivated the account and could not reactivate it. The plaintiff claimed he deactivated the account because of the notification he received that unknown people were accessing his account without his permission.

The defendants moved for sanctions claiming that the deletion was intentional as postings contained in the deleted account would have helped refute plaintiff’s damages claim. Defendants based this assertion on content printed from the account prior to deactivation.  The Court rejected plaintiff’s argument that the information contained in the account was not intentionally suppressed and found that even if plaintiff did not intend to deprive defendants of the data, he intentionally deleted the account and thereby failed to preserve relevant evidence.

This case, as well as the case discussed here, provide valuable authority for accessing social media content in litigation. 

Tags: , , , , , , , , , , , , , , , ,
Like Tweet LinkedIn Email

Manti Te'o Story Highlights Reliability of Social Media

Posted on January 17, 2013 by Jason C. Gavejian

Unless you have been living under a rock from the past 24 hours, you are familiar with the story of Notre Dame linebacker, and Heisman Trophy runner up, Manti Te’o.  

As first reported by Deadspin.com it appears that the story of Manti Te’o’s “girlfriend” and her apparent death at the hands of leukemia were an elaborate hoax.  Deadspin’s article seems to imply that Manti Te’o was somehow involved in this hoax, while CNN.com reports that both Te’o and Notre Dame have insisted that he was simply a victim. 

Lennay Kekua, the name of the “girlfriend,” is apparently only known through several social media accounts maintained in that name.  However, Deadspin reports that it was able to locate the woman whose picture was utilized as the profile picture for Kekua.  According to that woman, the picture used was her public Facebook profile shot.  Similarly, she informed Deadspin that other pictures reporting to be “Kekua,” were actual taken from several of her social media accounts.  

While the details of this story continue to unfold, the story highlights one of the biggest risks of information obtained through social media; reliability.   As evidenced by the Te’o story, it is not difficult for someone to obtain a photograph of an individual and begin social media interactions in either that person’s name, or utilizing that person’s likeness.  Although this story illustrates one way such a “hoax” could occur, it is easily conceivable that a “fake” social media account could be utilized to post discriminatory, hurtful, or insensitive comments in the name of another.  While we have previously highlighted some of the issues surrounding an employer’s search of social media for employees or prospective employees, in this instance, “fake” comments could easily cost an individual a job, or a prospective job.  While the individual may lose out on employment, it is also possible that the employer is losing an excellent employee due to false information. 

Tags: , , , , , , , , , , , , , , , , ,
Like Tweet LinkedIn Email

Union Not Liable for "Threats" Against Employees Made on Facebook

Posted on January 10, 2013 by Joseph Lazzarotti

Our Labor colleagues reported on an interesting decision in the context of the National Labor Relations Act and involving Facebook. The decision holds that threats made by union members on Facebook are not treated the same as threats made by those same union members who happened to be on a picket line or in person. Read the full article.

 

Tags: , , , ,
Like Tweet LinkedIn ">Email

"Friend" Request Lands Attorneys In Hot Water

Posted on September 7, 2012 by Jason C. Gavejian

Two New Jersey defense lawyers face attorney ethics charges in connection with the way they allegedly accessed Facebook. Regardless of how these charges are resolved, the facts in the case should serve as a reminder to attorneys to become more familiar with social media, and perhaps be more specific in the direction they give to their staff.  

The New Jersey Office of Attorney Ethics (OAE) alleges that John Robertelli and Gabriel Adamo caused a paralegal to "friend" the plaintiff in a personal injury case so they could access information on the plaintiff’s Facebook page that was not publicly available.  The OAE alleges that the conduct violated Rules of Professional Conduct governing communications with represented parties, along with other rules.  Both attorneys deny the charges and claim that they only directed the paralegal to do general internet research, and that they did not tell her to add the plaintiff as a “friend” to gain access to otherwise private information. 

The Facebook access came to light during deposition questioning when the plaintiff was asked very specific questions about his travel, dancing, wrestling, or activities which would tend to disprove his claims as to the seriousness of the injuries he allegedly suffered after being struck by a police cruiser while doing push-ups in a driveway.   

The attorneys are charged with violating RPC 4.2, concerning communications with represented parties; 5.3(a), (b) and (c), failure to supervise a nonlawyer assistant; 8.4(c), conduct involving dishonesty and violation of ethics rules through someone else's actions or inducing those violations; and 8.4(d), conduct prejudicial to the administration of justice. Mr. Robertelli, the supervising partner, is also charged with breaching RPC 5.1(b) and (c), which impose ethical obligations on lawyers for the actions of attorneys they supervise.

While no New Jersey ethics opinion to date addresses “friending” individuals in connection with litigation, the bars of New York, New York City, Philadelphia, and San Diego have deemed it unethical.

These OAE charges, along with other New Jersey legal precedent, highlights the concerns and issues surrounding improper access to otherwise private social media content. 

Tags: , , , , , , , , , , , , , , , , , , , , , ,
Like Tweet LinkedIn ">Email

Monitoring and Accessing Social Networking Content--New Jersey District Court Weighs In Again

Posted on August 15, 2012 by Jason C. Gavejian

The District Court of New Jersey recently denied an employer’s motion to dismiss a former employee’s causes of action for invasion of privacy following a supervisor’s alleged unauthorized access to the employee’s Facebook account. 

In Ehling v. Monmouth-Ocean Hospital Service Corp., the plaintiff, a registered nurse and paramedic, alleged that the defendants engaged in a pattern of retaliatory conduct as soon as she became President of the local union. Specifically, the plaintiff alleged that defendants gained access to her “private” Facebook account by having a supervisor summon another employee, who was “friends” with the plaintiff, into an office and coercing or threatening that employee into accessing their Facebook account so that the supervisor could view those posts which the plaintiff had restricted to only her “friends.”   Plaintiff went on to allege that the supervisor then viewed and copied plaintiff’s Facebook postings. One such post was in regard to a shooting that took place at the Holocaust Museum in Washington, DC and stated:

An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I wasn’t to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a different! WTF!!!! And to the other guards…go to target practice.

Ultimately, in June 2009 the Hospital sent letters regarding the above posting to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services as it was concerned that Plaintiff’s Facebook posting showed a disregard for patient safety. Plaintiff alleged the letters were malicious and meant to damage her professionally.

The Court dismissed plaintiff’s New Jersey Wiretapping and Electronic Surveillance Control Act (“NJ Wiretap Act”) claim holding that the NJ Wiretap Act only protects those electronic communications which are in the course of transmission or are backup to that course of transmission. As plaintiff’s allegations involve a “live” posting, it did not fall under the purview of the NJ Wiretap Act. 

However, the Court went on to hold that plaintiff’s common law invasion of privacy claim involving defendants’ unauthorized “accessing of her private Facebook postings” could proceed. In relying on another New Jersey district court case which involved a supervisor’s asking an employee to gain access to a private social media account, the Court held that privacy determinations are made on a case-by-case basis, in light of all the facts presented. The Court went on to hold that the plaintiff had a plausible claim for invasion of privacy as she may have had a reasonable expectation that her Facebook posting would remain private, considering that she actively took steps to protect her Facebook page from public viewing.   

As we have mentioned before, legal guidance involving the utilization of social media in employment decisions is ever evolving and employers must remain vigilant as courts continue to develop these cases.  

Tags: , , , , , , , , , , , , , , , , , , , ,
Like Tweet LinkedIn Email

Employee's Failure to Understand Facebook's Settings Does Not Support Privacy Claim Against Employer

Posted on July 9, 2012 by Joseph Lazzarotti

An employee's claim that he did not realize his employer could view posts he made to a co-worker's Facebook wall did not support his claim that the employer intruded upon the employee's seclusion, a Texas Court of Appeals held last week. Sumien v. Careflite (Tex. App. 2012).

In this case, the plaintiff and some of his emergency medical technician co-workers were commenting on Facebook about wanting to "slap" or otherwise constrain patients who are difficult to control while they are being transported. The company terminated Sumien and another technician following the company's Compliance Officer learning of these posts and receiving complaints about the comments.

In addition to wrongful termination and other claims, the plaintiff alleged that the employer's viewing these comments amounted to an impermissible "intrusion upon seclusion." To prove an intrusion upon seclusion claim, the former employee needed to show "(i) an intentional intrusion, physical or otherwise, upon another's solitude, seclusion, or private affairs or concerns that (ii) would be highly offensive to a reasonable person." The court found that not knowing his employer could view his comments did nothing to support the employee's claims that the employer intentionally intruded upon his seclusion, and denied the appeal.

In addition to providing some authority to defend intrusion upon seclusion claims in similar circumstances, this case also shows that employers need to think through whether and to what extent they need to be more involved in controlling and shaping employee activity on social media. This case involved complaints from other employees about the posts, but also could have involved patient complaints relating to disclosures of protected health information under HIPAA. The posts also could have been viewed by the company's business partners or potential business partners in a negative light, adversely affecting the company's reputation. A well-drafted policy, training and consistent enforcement generally are good steps to minimizing these risks.

Tags: , , ,
Like Tweet LinkedIn Email

Illinois Next in Prohibiting Employers from Demanding Social Media Passwords?

Posted on May 29, 2012 by Joseph Lazzarotti

The vote by the Illinois Senate, 55-0, in favor of HB 3782 may put Illinois ahead of California and other states to follow Maryland in making it illegal for Illinois employers to ask employees or applicants for their Facebook and other social media passwords. The bill awaits signature by Governor Pat Quinn, which was overwhelmingly approved by the House in March.

HB 3782 would amend the State's Right to Privacy in the Workplace Act to make it illegal for employers to ask potential and current employees for their social media passwords:

It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's account or profile on a social networking website or to demand access in any manner to an employee's or prospective employee's account or profile on a social networking website.

However, the law would not limit an employer's right to: 

  • have policies to regulate employees' use of the employer's electronic equipment, Internet use, social networking site use, and electronic mail use; or
  • monitor the employee's use of the employer's electronic equipment and the employer's electronic mail.

The law also would not prohibit employers from reviewing information about employees or applicants that is in the public domain, so long as the employer complies with other applicable law. Of course, even information in the public domain can have traps for the unwary employer, such as learning about an applicant's family medical history on his or her Facebook site which would raise issues under the Genetic Information Nondiscrimination Act.

Tags: , , , , , , ,
Like Tweet LinkedIn Email

"Liking" A Facebook Page Is Not Protected By The First Amendment

Posted on May 22, 2012 by Jason C. Gavejian

A Virginia district court recently held that an employee’s clicking of the Facebook “like” button is not comparable to speech. Accordingly, the court affirmed the dismissal of First Amendment retaliation claims brought by employees of a Virginia sheriff’s office finding that the employees’ action was insufficient to merit constitutional protection.

Sheriff B.J. Roberts of the Hampton, Virginia Sheriff’s Office was up for re-election in 2009. Employees within the sheriff’s office alleged that Sheriff Roberts learned that the employees were supporting his opponent when the employees “liked” the opponent's Facebook page. After he was re-elected, Sheriff Roberts terminated the employees allegedly due to staff reductions and performance issues.

The employees sued Sheriff Roberts alleging that he violated their First Amendment rights to freedom of speech and freedom of association when he unlawfully fired them for actively supporting his political opponent.

The U.S. District Court for the Eastern District of Virginia rejected the employees' claims because the employees failed to allege that they had engaged in protected expressive speech when they “liked” the opponent's Facebook page. The court explained that without existing speech warranting First Amendment protection, the employees could not prove a violation of the right to freedom of speech occurred. The court held that “merely ‘liking' a Facebook page is insufficient speech to merit constitutional protection. In cases where courts have found that constitutional speech protections extended to Facebook posts, actual statements existed within the record.”

While this case may be helpful in the context of public employees, private employers must still be conscious of several issues including: how they obtain social media information about their employeespotential NLRB issues if an employee’s “likes” could be considered protected concerted activity; and potential state constitutional protections of an employee's right to privacy.

Tags: , , , , , , , , , , , , , , , , , , ,
Like Tweet LinkedIn ">Email

California to Follow Maryland in Prohibiting Employers from Demanding Social Media Passwords From Employees

Posted on May 12, 2012 by Joseph Lazzarotti

Not long after Maryland enacted a law prohibiting employers from demanding passwords to employees' or prospective employees' Facebook and certain other social media accounts, the California State Assembly voted 73-0 in favor of A.B. 1844. The California bill would prohibit an employer from requiring: 

an employee or prospective employee to disclose a user name or account password to access a personal social media account that is exclusively used by the employee or prospective employee.

The state's Senate will now need to consider the measure, where a related bill, S. 1349 (named "The Social Media Privacy Act"), would also protect students from having to disclose similar information to school officials. A hearing on S. 1349 is scheduled for May 21. Congress and a number of other states, including, Delaware, Illinois, Michigan, Minnesota, Missouri, New York, and South Carolina are considering similar measures.

Employers will need to monitor these developments carefully and consider how to advise and train their managers and human resources personnel about these new requirements.
 

Tags: , , , ,
Like Tweet LinkedIn Email

Maryland Prohibits Employers From Demanding Social Media Passwords

Posted on April 10, 2012 by Joseph Lazzarotti

UPDATE: Governor Martin O'Malley signed the bills discussed below into law on May 2, 2012.

Maryland will likely become the first state to prohibit employers from demanding usernames, passwords or other means to access any personal account or service through an electronic communication device (computer, phone, PDA, etc.), such as social media sites Facebook or LinkedIn, belonging to employees or job applicants. If signed by Governor Martin O’Mailey, as expected, the new law would become effective October 1, 2012, after being passed unanimously passed in the Senate last week and by a vote of 128-10 in the House. Employers need to monitor developments, as legislatures in other states have taken up similar measures.

S.B. 433/ H.B. 964 applies to any employer engaged in business in Maryland, as well as any unit of state or local government. It also reaches any agent, representative or designee of a covered employer. So, an employer cannot ask a third party to do under the law what the employer cannot do.

Covered employers also are prohibited from discharging, disciplining or otherwise penalizing  employees or applicants (or threatening same) who refuse to comply with the requests for access prohibited above. In addition, employers may not fail or refuse to hire applicants to object to similar requests. However, the Maryland law prohibits employees from making unauthorized downloads of company financial or proprietary data, and permits employers to investigate when it receives information about such activities. 

Tags: , , , , , , , ,
Like Tweet LinkedIn Email

Can My Employer Require Me to Turn Over My Facebook Password?

Posted on March 25, 2012 by Joseph Lazzarotti

Written by Richard Greenberg

 
In this space we have frequently discussed social media issues ranging from legal considerations in policy development, to employers' legal and practical risks attendant to reviewing job applicants' social media presence, to legislative reactions to employers' requiring disclosure of passwords as part of their background check process.   Two further reactions to the password disclosure issue are worthy of note.
 
First, Connecticut Senator Richard Blumenthal has stated he will introduce federal legislation similar to that currently under consideration in the Illinois and Maryland legislatures.   Arguing that employers' mandating disclosure of user names and passwords "is a huge invasion of privacy," State Assemblyman John Burzichelli has indicated that he will introduce similar legislation prohibiting the practice in the New Jersey legislature.
 
Second, in a statement issued this past Friday by Erin Egan, Chief Privacy Officer, Policy, Facebook responded to "a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information [which] ...undermines the privacy expectations and the security of both the user and the user’s friends [and]...also potentially exposes the employer who seeks this access to unanticipated legal liability."  Facebook advised that it is now a violation of its Statement of Rights of Responsibilities to share or solicit a Facebook password since users "shouldn’t be forced to share [their] private information and communications just to get a job" and friends of users shouldn’t have to worry that [their] private information or communications will be revealed to someone [they] don’t know and didn’t intend to share with just because [their friend] is looking for a job."
 
Employers must stay abreast of these developments as they continue to refine all policies and procedures pertaining to employee social media usage. 

 

Tags: , , , , ,
Like Tweet LinkedIn Email

Maryland and Illinois Seek to Protect Employee Social Media Activity

Posted on February 4, 2012 by Joseph Lazzarotti

Have you ever reviewed the Facebook or LinkedIn profile or other social media activity of an employee or applicant? How about requiring employees or applicants to provide access to social media activity as a condition of employment. The Maryland and Illinois legislatures would like to limit employers' ability to engage in this kind of activity with new laws that would be the first of their kind in the nation.

UPDATE - Newly enacted Maryland law prohibits employers from demanding access to Facebook or other on line accounts of employees and applicants.

Maryland. Under one version of the law in Maryland, H.B. 364, employers would not be permitted to

  • require an employee or applicant . . . to disclose any user name, password, or other means for accessing any internet site or electronic account through an electronic device, or
  • require an employee to install on the employee's personal electronic device software that monitors or tracks the content of the electronic device.  

Under this bill, the employer could not discipline the employee or refuse or fail to hire the applicant for not complying with such requests. However, an employer could require an employee to disclose username, password or other means of access to the employer's internal computer or information systems. 

The provision that would prohibit employers from monitoring or tracking content on electronic devices would present a dilemma for employers faced with various legal and ethical obligations to safeguard personal and other confidential data. Many employers are struggling to find ways to track, limit, and in some cases encrypt, personal and other confidential information maintained on portable electroinc devices, including the personal devices of employees. This bill would make that process more challenging, particulalry for businesses with nationwide operations in heavily regulated businesses such as healthcare, insurance, finance and so on.   

Two other bills (H.B. 310, S.B. 434) also are being considered that would prohibit public and nonpublic colleges and universities from making similar demands on students and applicants.

Illinois. The Illinois law being considered (H.B. 3782) would make it unlawful for "any employer to ask any prospective employee to provide any username, password, or other related account information in order to gain access to a social networking website where that prospective employee maintains an account or profile."

Existing Risks with Searching/Monitoring the Social Media Activity of Employees or Applicants. The Maryland and Illinois laws, if passed, may be the first of their kind, but they certainly are not the first risks employers have faced when engaging in this kind of activity. In fact, there are a range of existing risks employers must consider, such as

  • Finding medical information protected under the American with Disabilities Act or the Genetic Information Nondiscrimination Act.
  • Acting inconsistently when similar information is found about different applicants/employees/executives.
  • Acting on information that is not true.
  • Intruding into private areas.  
  • Failure to document the steps taken in conducting the search.
  • Not realizing the Fair Credit Reporting Act may apply and require consent and notice requirements.
  • Unlawfully limiting protected concerted activity under the National Labor Relations Act.

Employers therefore need to proceed carefully when using social media as a tool for making decisions concerning hiring, promotion, discipline, and termination.  Assessing whether to engage in such activity, how and when to do so, who should be authorized to search and monitor in this way, and what training should be provided can go a long way to minimizing these risks.

Tags: , , , , , , , , , , , ,
Like Tweet LinkedIn Email

Social Media Guide for Hospitals

Posted on January 21, 2012 by Joseph Lazzarotti

The ECRI Institute recently published an excellent summary of key issues for hospitals concerning social media (registration required), a valuable read for any hospital administrator, risk manager or human resources director. ECRI reports that approximately 4,000 U.S. hospitals own social media sites and that number is sure to grow significantly. One of the reasons for this growth will likely be due in significant part to the increasing number of people looking to social media to research health decisions. According to a National Research Corporation survey cited in the summary, 41% of nearly 23,000 respondents said that they used social media for this purpose.

The summary discusses critical areas for healthcare organizations to consider concerning social media, which can be applied to most other industries:

  • Understand the medium - what is social media, what are the different venues (Facebook, LinkedIn, FourSquare etc.), what is the competition doing, what new media is coming.
  • Determine desired uses - promotion of services/sales, recruiting, reputation management, community involvement, education, and so on. 
  • Assess risks - privacy, network security, employment, reputation, regulatory, malpractice, and protecting the brand.
  • Develop policies and procedures - control company message and regulate employee activity.
  • Implement and train and reevaluate - limit the number of employees who can speak for the organization, train employees on legal risks (such as with HR looking up applicant/employee background information on line), determine whether social media plan is producing desired results

Businesses in all industries are "going social," and should be developing a comprehensive plan before doing so. The ECRI summary provides a good starting point for thinking through some of the issues, particularly for those in healthcare.   

Tags: , , , , , , , , , , , ,
Like Tweet LinkedIn Email

The Social Media Manager/Guru/Wizard/Ninja/Diva

Posted on October 19, 2011 by Jason C. Gavejian

Have you hired a social media manager?  A social media guru/wizard/ninja/diva?  Each of these job "titles" are increasingly being used by companies to attract individuals who specialize in marketing a company's brand and/or services in social media.  A recent article in the Chicago Tribune and Los Angeles Times highlights just how prevalent these job titles are becoming corporate America.  

As companies struggle to keep up with the rapidly evolving world of social media, they are turning to hiring to hiring social media managers to handle their social media presence.  However, companies should be leery of the “jump first, look second” approach.  In fact, several key questions should be asked when delving into the realm of social media and hiring a new, typically younger employee with responsibility for a company’s social media existence and, therefore, its brand

Qualifications:

  • What qualifications are you looking for?  Often companies seek a younger employee who is "tech-savy."  Traditional employment issues notwithstanding (i.e. age discrimination when an "older" employee is not hired/considered for a position), companies must also consider what their social media mission/focus will be.  For example, to the extent a company utilizes social media as a marketing tool, will you want your social media manager to have a background in marketing?  Similarly, to the extent you wish to utilize social media to handle client/customer complaints, will you want your social media manager to have a background in customer relations? Will you hire an external candidate who is perhaps unfamiliar with your company and its mission, or will you hire an internal candidate?

Responsibilities:

  • What products/services will the social media manager be responsible for discussing/marketing?
  • Will the social media manager have total freedom to explore and execute social media opportunities? 
  • What policies will the social media manager be responsible for implementing?  Will the social media manager have responsibility for implementing the company's social media policy to employees and managers as well?

Training/Protocols

  • What training will be provided to your social media manager?  For example, will the social media manager be trained on what information he/she should or should not consider when examining posts by customers and/or employees? 
  • What policies will govern your social media manager’s employment?  Will the social media manager be permitted to “friend” employees/subordinates on social media or establish policies for employees to follow? 
  • What safety protocols will be in place?  For example, if your company has a Facebook page, will you social media manager be responsible for maintaining the password and access to same?  How will the company transition its social media presence if and when the social media manager separates from employment? 

While the above list is by no means exhaustive, it demonstrates some of the additional considerations that must be examined when a company wishes to expand into social media.   Companies are often unaware of the need to consider these questions prior to implementing a social media policy or hiring a social media manager.  However, examining these points will help ensure your company’s social media experience flows more smoothly. 

Tags: , , , , , , , , , , , , , , , , , , ,
Like Tweet LinkedIn Email

NLRB Acting General Counsel Issues Opinion On Social Media and the NLRA

Posted on August 18, 2011 by Joseph Lazzarotti

In a 23-page report, the Acting General Counsel for the National Labor Relations Board summarizes the Board's positions on social media and labor relations. This report is an interesting read and provides insight into one aspect of drafting social media policies - whether the policy will violate an employee's right to take part in protected concerted activity.

The report notes that:

Recent developments in the Office of the General Counsel have presented emerging issues concerning the protected and/or concerted nature of employees’ Facebook and Twitter postings, the coercive impact of a union’s Facebook and YouTube postings, and the lawfulness of employers’ social media policies and rules. This report discusses these cases, as well as a recent case involving an employer’s policy restricting employee contacts with the media. All of these cases were decided upon a request for advice from a Regional Director.

Social media clearly is an important issue for the Board and this memorandum likely is not its last word on the rules that will shape employer policy concerning the use of this media. The following discussion summarizes the memorandum and its effects on social media policy.

See related articles concerning NLRB activity concerning social media.

What is protected concerted activity?

In general, the Board’s test for concerted activity is whether activity is “engaged in with or on the authority of other employees, and not solely by and on behalf of the employee himself.” Concerted activity also includes “circumstances where individual employees seek to initiate or to induce or to prepare for group action” and where individual employees bring “truly group complaints” to management’s attention. Thus, in one of the cases discussed in the NLRB memo, an employee's posts about his "individual gripe" concerning a manager, where other employees only expressed "emotional support" for the employee, was not concerted activity.

When is concerted activity protected?

An employee's concerted activity will be protected where, for example, the employee's statements implicate the employee's working conditions, regardless of how those statements are communicated. Another example of protected activity under Section 7 of the NLRA occurs when the employee protests supervisory actions. However, these protections can be lost where the employee's outbursts about a supervisor are too "opprobrious" to maintain protection under Section 7. Uses of curse words or expletives are unlikely to reach this level. The protection also could be lost where the communication is reckless or maliciously untrue.

What social media policy provisions should be avoided?

The contours of what constitutes protected concerted activity require further examination and analysis of the facts at issue, along with prudent advice from expert labor counsel. The NLRB memo, however, provides helpful guidance concerning some popular policy provisions that if not adequately defined or limited could run afoul of Section 7 rights.

Problem Provisions

  • prohibiting employees from posting, without authorization, pictures of themselves in any media which depict the company, including its logos, trademarks, uniforms, and so on, as well as revealing personal information including through photographs of coworkers, clients and others.
  • prohibiting employees from making disparaging remarks when discussing the company, management, co workers, or competitors.
  • prohibiting the use of inappropriate, generally offensive language, as well as rude or discourteous behavior to a client or coworker.
  • communications that reveal confidential or proprietary information or any person or entity or that amount to "inappropriate discussions" about the company or management may result in discipline.
  • prohibiting posts that would embarrass, harass or defame the employer or its employees, or harm their reputation or goodwill.
  • prohibiting posts that would put the employee's job in jeopardy.

The memo discusses the application of Section 7 protections to each of these policies. It recites the basic test to determine whether the policy will violate Section 7, which is two-fold.

First, a rule is unlawful if it explicitly restricts Section 7 activities. [Second, i]f the rule does not explicitly restrict protected activities, it is unlawful only upon a showing that: (1) employees would reasonably construe the language to prohibit Section 7 activity; (2) the rule was promulgated in response to union activity; or (3) the rule has been applied to restrict the exercise of Section 7 rights.

However, based on the discussion in the memo, just about all of the "problem provisions" could remain in some form if the prohibitions were adequately defined and/or the policy made clear that the prohibition did not extend to Section 7 activity. This could be accomplished through careful drafting and the addition of examples.

For example, prohibiting communications that reveal confidential or proprietary information generally could be read to apply to employer wage or compensation schemes which involve working conditions. Likewise, a policy that prohibits employees from posting photographs on Facebook with company logos standing along can be read to prohibit photographs of employees holding picket signs, a protected activity. In each case, the policy should be drafted to address the concern of the employer while carving out from the prohibited activity that which is protected under Section 7.
 
Tags: , , , , , , ,
Like Tweet LinkedIn Email

Ban On Employer Demands For Worker, Applicant Website Passwords--Maryland

Posted on May 26, 2011 by Jason C. Gavejian

The Maryland Senate recently referred Senate Bill 971 which prohibits Maryland employers from demanding that workers and job applicants turn over their passwords to specific websites or web-based accounts. 

Under the bill, employers would be prohibited from refusing to hire applicants and disciplining, terminating, or taking other adverse employment action against employees who refuse to provide their passwords. The bill also bans employers’ threats of such action.  

The bill was introduced in response to employers’ asking applicants and employees for their passwords as part of background checks to see the content posted by the individuals on social networking sites (e.g., Facebook ). S.B. 971 would, however, permit employers to require workers to disclose their passwords only to the employers’ internal computer systems.  

This proposed Maryland law, and case law from New Jersey, should alert employers that utilizing social media in their hiring, discipline, or termination decisions is under scrutiny.

Tags: , , , , , , , , , , , , , , ,
Like Tweet LinkedIn Email

Resigtered Nurse Fired for Facebook Posting While Treating Patients

Posted on May 18, 2011 by Joseph Lazzarotti

A registered nurse terminated from employment for posting on Facebook while dispensing medication to a patient could not collect unemployment benefits in Pennsylvania. Chapman v. Unemployment Comp. Bd. of Review. This case is another example why it is critical to have clear, written electronic communication and social media policies in place that are reasonable and enforced consistently. Without the policy in place, this employer surely would have had a more difficult time defending the unemployment claim.

In this case:

  • the employer's policies provided that (i) it may immediately discharge an employee who engages in conduct that could cause a life threatening situation and (ii) cell phone usage is prohibited while on duty;
  • the employee was aware of these policies and had previoulsy been warned about them;
  • while on duty and dispensing medicine to patients, the employee used her personal cell phone to post comments on her Facebook page about an unpleasant and embarrasing incident experienced by a coworker;
  • the nursing director heard other nurses speaking about the Facebook posts in the hall and asked one of the nurses to show them to her; and
  • the employer terminated the nurse who made the posts on grounds that her conduct could cause a life threatening situation to patients.  

Reversing an earlier decision that would have allowed the employee to receive unemployment because her actions did not constitute "willful misconduct," Pennsylvania's Unemployment Compensation Board of Review noted that the nurse "was aware of the employer's policy prohibiting the use of cell phones while on duty, yet she violated that policy despite having been previously warned for doing so.” The Pennsylvania Commonwealth Court agreed.

Tags: , , , ,
Like Tweet LinkedIn Email

"Tagged" Facebook Photos Admissible as Evidence

Posted on March 29, 2011 by Jason C. Gavejian

Trying to keep up with the fast-moving world of social media, the Kentucky Court of Appeals has ruled that “tagged” or captioned photographs posted on Facebook may be admitted as evidence. The ruling in the case has implications for employers.  In LaLonde v. LaLonde, the appellant-wife objected to the trial court’s admitting into evidence photographs taken from Facebook that identified her by “tagging.”  The photographs appeared to show her consuming alcohol in contradiction to the advice of her mental health providers—a key issue in the custody dispute.     

The wife argued the photographs should not be admitted because Facebook allows anyone to post pictures and then “tag” or identify people in the pictures and she never gave permission for the photographs to be published in this manner on.  Rejecting this argument, the appellate court held, “There is nothing in the law that requires permission when someone takes a picture and posts it on a Facebook page.  There is nothing that requires her permission when she was ‘tagged’ or identified as a person in those pictures.”  The Court acknowledged that modern digital photography techniques may allow for alteration of the photograph, but pointed out that the wife never suggested such techniques were used, instead acknowledging the pictures were accurate.

The potential implications of this holding are numerous.  As we have previously discussed, employers may be able to use social media (which arguably includes tagged pictures) to fight emotional distress damages.  Similarly, as we described here, Facebook content has been utilized by employers in disciplinary decisions.   Our Social Media White Paper provides a helpful discussion of this and other issues employers should think about when it comes to social media.

Tags: , , , , , , , , , , , , , ,
Like Tweet LinkedIn ">Email

Another Facebook Post, Another Fired Employee

Posted on August 20, 2010 by Joseph Lazzarotti

ABC news reported yesterday about an employee fired for statements made on a social networking site – this time Facebook. The employee, Massachusetts high school teacher June Talvitie-Siple, was fired by her school district for statements she made about the community, her students and their parents. The 54-year-old teacher mistakenly thought her statements were being communicated only to her circle of friends on the popular site, not to the entire world. As others have found before her, such a misconception can be costly.

What did Talvitie-Siple say on Facebook? In one post, she referred to the students as “germ-bags,” on account of the multiple times she caught illnesses from them. She also described the community and the parents as “arrogant” and “snobby.”

Whether these are the kinds of posts that warrant termination of employment is beyond the scope of this discussion.

The ABC report shows that the negative consequences of unflattering social media communications are on the rise (even though employees have yet to realize it). Companies need to think through their policies concerning these kinds of electronic communications, made both at and outside of work, particularly regarding the appropriate levels of discipline. A helpful discussion of this and other issues employers should be thinking when it comes to social media can be found here.
 

Tags: , ,
Like Tweet LinkedIn Email

Employees Claiming Emotional Distress Must Produce Social Network (Facebook and MySpace) Information In Discovery

Posted on June 15, 2010 by Jason C. Gavejian

All information from plaintiffs’ social networking profiles and postings that relate to their general emotions, feelings, and mental states must be produced in discovery when they allege severe emotional trauma and harassment against their employer, a federal court in Indiana has ruled. (EEOC v. Simply Storage Management LLC, S.D. Ind., No. 1:09-cv-1223, discovery order 5/11/10).

Social networking sites (SNS) such as Facebook and MySpace are fast becoming a hot topic in litigation as they may contain a wealth of potentially relevant information. In Simply Storage, the Equal Employment Opportunity Commission brought suit on behalf of plaintiffs and other similarly situated employees who claimed their employers were liable for a supervisor’s alleged sexual harassment. The EEOC requested a discovery conference because counsel for the parties disagreed as to whether the two named plaintiffs must produce the Internet social networking site profiles, including postings, pictures, blogs, messages, personal information, lists of “friends,” and of causes joined that the user has placed or created online.

The EEOC objected to production of all SNS content (and to similar deposition questioning). It argued the requests were overbroad, not relevant, unduly burdensome (because they improperly infringe on claimants’ privacy), and would harass and embarrass the claimants. Simply Storage countered that discovery of these matters was proper because certain EEOC discovery responses placed the emotional health of particular claimants at issue, beyond that typically encountered in “garden variety emotional distress claims.”

The court weighed ordering complete discovery of the plaintiffs' Facebook and MySpace account information against limiting discovery to content specifically related to the alleged injury.  It found neither alternative satisfactory. According to the court, limiting discovery to posts that specifically referenced the mental issues and harassment alleged by the plaintiffs would be too narrow, while admitting the full profiles would include likely irrelevant—and potentially inflammatory—content. The court held, “It is reasonable to expect severe emotional or mental injury to manifest itself in some SNS content, and an examination of that content might reveal whether onset occurred, when, and the degree of distress. Further, information that evidences other stressors that could have produced the alleged emotional distress is also relevant.”

The court therefore defined the relevant scope of discovery as including “any profiles, postings, or messages (including status updates, wall comments, causes joined, groups joined, activity streams, blog entries) … that reveal, refer, or relate to any emotion, feeling, or mental state, as well as communications that reveal, refer, or relate to events that could reasonably be expected to produce a significant emotion, feeling, or mental state.”

The court rejected the EEOC’s assertion that broad discovery of this kind would violate the plaintiffs' right to privacy and held that, while potentially relevant content may be embarrassing to the plaintiffs, “this is the inevitable result of alleging these sorts of injuries.” In addressing the argument that the profiles were “private” and password protected, the court held that these protections were insufficient to circumvent discovery. “[A] person's expectation and intent that her communications be maintained as private is not a legitimate basis for shielding those communications from discovery.”

This case illustrates the importance of expanding the traditional thinking behind discoverable information to cover social media. Employers, upon advice of counsel, should consider requesting information of this nature. 

Tags: , , , , , , , , , , ,
Like Tweet LinkedIn Email

Whitepaper On Social Media Use By Employees

Posted on March 5, 2010 by Joseph Lazzarotti

Whether it be Facebook, MySpace, LinkedIn, Twitter, YouTube or the company blog, employee presence in social media is way, way up, creating risks for employers that are proving difficult to manage without careful planning and appropriate policies.

These risks can take many forms - FTC endorsement issues, inadvertent sharing of confidential company or personal information, harassment claims, blog posts harmful to the company's reputation - to name a few.  The damage can be done whether the employee is posting at home or during working hours.

This white paper (pdf), which takes into account some of our prior posts, is intended to help employers get a better handle on these issues, particulalry in three area: (1) employees’ misuse of social media; (2) monitoring and regulating employees’ social media use; and (3) basing hiring decisions on information obtained from social media.

Tags: , , , , , ,
Like Tweet LinkedIn Email

"Friending" Employees - The Risks of Employer Participation In Online Social Networking

Posted on November 22, 2009 by Joseph Lazzarotti

More companies are becoming a part of the social networking community – setting up Facebook pages, “friending” their employees and customers, and so on. Businesses use these sites for a variety of purposes including marketing; client, employee and government relations; and community involvement. With lawmaking bodies and courts just beginning to struggle with the range of issues these new media create, companies should exercise caution and monitor the legal, technical, and other developments that may affect their involvement.

Companies already a part of (or thinking of joining) the social networking community should consider the effects on employee relations. In theory, the risks inherent in interactions between/among the company and/or its employees in a social networking environment are similar to risks the company faces in more traditional workplace settings such as the office or company-sponsored events. Online media, however, create some interesting questions:

  • Are all of your employees aware of the company site so as not to feel left out?
  • Do employees feel as if they must participate on the site – such as accepting other employees as “friends,” or agreeing with company posts? Do they need to be compensated for participation?
  • Does a supervisor accepting some employees as friends and not others raise discrimination risks and morale concerns?
  • Are employees free to dissent from company positions on its site? How far can employees go? Disciplining or terminating an individual’s employment with the company for activity on the company’s site or some other online social media can be risky on a number of grounds – such as under whistleblower laws (e.g., Sarbanes-Oxley and state/local laws), the National Labor Relations Act, and anti-discrimination and anti-retaliation laws.
  • Does active company management of the site constitute monitoring of employee communications?
  • How does the company handle the information about employees (and their dependents, friends and others) it may have access to as part of the employees’ participation in the network?

For sure, there are many areas about which companies need to think through as they consider their direct participation in the social networking community – the services of the social network provider, promoting the company’s presence in the community, consumer protection, copyright protections, and so on. Even the list above only begins to scratch the surface of the range of employment law issues that arise when an employer participates in this media.

Tags: , , , ,
Like Tweet LinkedIn ">Email

'Tis The Season...For Data Breach

Posted on November 19, 2009 by Jason C. Gavejian

As the holidays approach, more of us will be utilizing work time, and likely work resources, to handle our holiday shopping. Some of us may even post our shopping successes or gift ideas on Facebook or email coupons to friends. Doing so not only results in a loss of employee productivity, but also creates significant risk that personal data will be breached, or employers’ software or hardware compromised. 

A recent survey conducted on behalf of the Information Systems Audit and Control Association (“ISACA”) found that over half of employees surveyed planned to shop online from a work computer this holiday season, spending nearly two full working days (14.4 hours) doing so. With convenience and boredom listed as the biggest motivators, one in 10 planned to spend at least 30 hours shopping online at work. 

The survey also found that those who shop online are more likely to engage in other high-risk behaviors, such as banking online, clicking on links from social networking sites like Facebook, and clicking e-mail links redirecting them to shopping sites. Employees engage in these high-risk behaviors with nearly universal disregard for the safety of the employer’s IT infrastructure. This is highlighted  by the fact that one in 10 Americans who use a mobile work device, such as a Blackberry or iPhone, plan to use it for holiday shopping, notwithstanding the lack of security measures on those devices.

Robert Stroud, international VP of ISACA and VP of IT service management and governance for the service management business unit at CA Inc., in connection with the survey above was quoted as saying,

[I]t’s unrealistic to think that companies can completely stop the use of work computers for online shopping…[W]hat companies can and should do is educate employees about the risks…and remind them of their company’s security policy. This is especially important this year, when the convenience of shopping online may be very appealing to employees whose workloads have doubled or tripled because of downsizing.

The Wall Street Journal recently published an article highlighting employers’ efforts to monitor employees’ usage of company time and resources for personal e-mail exchanges, and suggesting a trend that courts seem to be more protective of employee privacy rights than in years past. The WSJ article raised a number of concerns for employers, including that of our own Jane McFetridge, a Jackson Lewis partner in our Chicago office

Employers are right to expect their employees when they are paid for their time at work are actually working.

What ever a company's policies are concerning managing or monitoring employee communications, now is as good a time as any to revisit those policies and remind employees of their existence. With the use of technology increasing and the position of the courts appearing to shift toward employees, it is becoming more difficult for employers to manage the employee use of their electronic systems. Having and communicating a clear and comprehensive electronic communications policy is critical.

 

Steps an employer can take include having acceptable-use policies, reviewing those policies with employees to educate them about the risks, and familiarizing themselves with state laws governing the monitoring of employee computer usage.  

Tags: , , , , , ,
Like Tweet LinkedIn Email

Social Network Monitors Beware

Posted on October 30, 2009 by Jason C. Gavejian

A New Jersey restaurant has been hit with a jury verdict in favor of two waiters who were fired after the restaurant’s managers accessed a private social networking site where the waiters were criticizing management.

As the social networking (e.g., MySpace and Facebook) “craze” continues to expand, employers must be more mindful of privacy concerns relating to content made available in these media by applicants and employees. Hiring and other job decisions often seem based on information obtained from employees’ or applicants’ social interactions on the Internet, at least to some degree. Generally, employment decisions are more supportable where there is a social networking policy that has been communicated to employees. 

In Brian Pietrylo, et al. v. Hillstone Restaurant Group d/b/a Houston’s, a federal court in New Jersey rejected the employer’s attempt to throw out the jury verdict that managers at a Houston's restaurant intentionally and without authorization accessed a private, invitation-only chat group on MySpace in violation of the federal Stored Communications Act (SCA). The SCA prohibits unauthorized access of stored communications such as e-mail and Internet accounts. The Court also upheld the jury’s award of compensatory and punitive damages against Hillstone. 

This case reminds employers to consider carefully any decision to monitor employees’ use of social networking sites.  Mistakes may be costly.

Tags: , , , , , ,
Like Tweet LinkedIn Email