Social Media For Universities and Colleges--Beyond Recruiting

Posted on February 1, 2012 by Jason C. Gavejian

In connection with its coverage of national signing day, ESPN.com recently highlighted that social media is increasingly being utilized by coaches to contact, recruit and gather information about players. For players, it's a way to get recruited, control the message and interact with fans and other recruits at unprecedented levels.  And, like in the workplace, misuse of the media can have unfortunate consequences. A New Jersey high school prospect recently found this out when he was expelled from Don Bosco Preparatory after questionable posts were viewed on his Twitter account.  We have noticed similar trends and similar missteps in the employment context, where social media is often being utilized by companies and employees without first being well thought out. 

While the NCAA does provide some social media regulations, online interaction is far less regulated than more “old fashioned” forms of communication. According to Gregg Clifton, Co-chair of the Jackson Lewis’ Collegiate and Professional Sports Industry Group, “The days of face-to-face interaction between coach and recruit have been forever transformed. While the NCAA limits direct phone contact and texting by coaches to recruits, current NCAA regulatory freedom still permits coaches to use social media to contact, recruit, and gather information about players they are considering for their programs.” Similarly, both state and federal employment law struggle to keep up with the ever expanding social media realm.  This was most recently highlighted by the NLRB General Counsel’s report on social media. Consequently, even for employers that do have social media policies, they often do not address key issues such as the company’s presence on-line, regulatory requirements that apply in their industry, and how managers and supervisors should and should not be using the medium. In fact, as shown by many of the NLRB’s rulings discussed in the recent report, many policies contain overbroad proscriptions that violate a variety of laws.  

To keep up with social media, some schools are hiring individuals to monitor the social media of prospective student-athletes and to make sure that improper interaction is not occurring, as well as to ensure confidential information, such as under FERPA, is not being disclosed.  Employers too are seeking to hire individuals to not only assist in utilizing social media for marketing, but also individuals who can monitor how social media is and should be utilized in employment decisions.  This is particularly true for statutes and regulations which one may not necessary link with social media.  For example, employers often don’t realize that they may improperly acquire genetic information in violation of the GINA by “friending” or “following” employees or applicants. 

Of course, schools also are employers…so, while universities and colleges need to institute effective policies and procedures to address their use of social media in recruiting, they also must address social media usage in the employment context.  

Tags: , , , , , , , , , , , , , , , , , , , , ,

Record Retention and Notice Requirements Go Into Effect for New Jersey Employers

Posted on November 15, 2011 by Joseph Lazzarotti

Record keeping requirements in New Jersey add to the complexities multistate employers face trying to develop strong and practical record retention programs. Garden State employers must conspicuously post and distribute to employees a notice and maintain certain records according to a law, N.J.S.A. 34:1A-1.11 et seq., that went into effect on July 13, 2010.

To assist employers, the New Jersey Department of Labor and Workforce Development (“NJDOL”) published a notice entitled, “Employer Obligation to Maintain and Report Records,” that employers can post and distribute. According to the law, employers must 

  1. post this notice immediately in the workplace;
  2. provide each employee hired prior to November 7, 2011, a written copy of the notice no later than December 7, 2011; and
  3. provide employees hired after November 7, 2011, a written copy of the notice at the time of hire. 

Click here for more information concerning the posting and other requirements of the law.

Tags: , , ,

Ban On Employer Demands For Worker, Applicant Website Passwords--Maryland

Posted on May 26, 2011 by Jason C. Gavejian

The Maryland Senate recently referred Senate Bill 971 which prohibits Maryland employers from demanding that workers and job applicants turn over their passwords to specific websites or web-based accounts. 

Under the bill, employers would be prohibited from refusing to hire applicants and disciplining, terminating, or taking other adverse employment action against employees who refuse to provide their passwords. The bill also bans employers’ threats of such action.  

The bill was introduced in response to employers’ asking applicants and employees for their passwords as part of background checks to see the content posted by the individuals on social networking sites (e.g., Facebook ). S.B. 971 would, however, permit employers to require workers to disclose their passwords only to the employers’ internal computer systems.  

This proposed Maryland law, and case law from New Jersey, should alert employers that utilizing social media in their hiring, discipline, or termination decisions is under scrutiny.

Tags: , , , , , , , , , , , , , , ,

Wondering What To Do With Your "Electronic Waste"?

Posted on April 3, 2011 by Joseph Lazzarotti

In New York, the Electronic Equipment Recycling and Reuse Act (pdf) (Environmental Conservation Law, Article 27, Title 26), creates electronics recycling programs effective April 1, 2011. The new law requires free and convenient recycling of electronic waste be provided to most "consumers" (see definition below) in the state, including households, many small businesses and many not-for-profit corporations. The State's Department of Environmental Conservation has set up a detailed website providing information about this new law. As discussed below, other states are taking similar steps to deal with this new form of waste. 

New York's e-Waste Law

The new law affects consumers, retailers, and manufacturers of "covered electronic equipment" (CEE), as well as certain waste recycling, consolidation, collection and management facilities. One of the notable requirements under the new law is that beginning April 1, 2011, manufacturers of CEE are required to take back from consumers a wide range of electronic waste.

Who is a "consumer" and what equipment is covered under the law?

A "consumer" is an individual, business, corporation, limited partnership, not-for-profit corporation, the state, a public corporation, public school, school district, private or parochial school or board of cooperative educational services or governmental entity located in New York State, except when involved in a wholesale transaction between a distributor and retailer.

"Covered electronic equipment" includes:

  • Computers
  • Televisions
  • Cathode Ray Tubes
  • Small Scale Servers
  • Computer Peripherals (Computer peripherals also include any cable, cord, or wiring permanently affixed to or incorporated into such product.)
    • Monitors
    • Electronic Keyboards
    • Electronic Mice or Similar Pointing Devices
    • Facsimile Machines, document scanners, and printers (only those intended for use with a computer and weighing less than 100 lbs.)
  • Small Electronic Equipment (Small electronic equipment also include any cable, cord, or wiring permanently affixed to or incorporated into such product.)
    • VCRs
    • Digital Video Recorders
    • Portable Digital Music Players
    • DVD Players
    • Digital Converter Boxes
    • Cable or Satellite Receivers
    • Electronic or Video Game Consoles

"Covered electronic equipment" does not include such things as cameras, portable or stationary radios, household appliances, monitoring and control instrument or system, telephones of any type; portable digital assistant or similar device, calculator, global positioning system (GPS) receiver or similar navigation device, a server other than a small-scale server, a cash register or retail self checkout system, stand-alone storage product intended for use in industrial, and other equipment.

What is the cost?

For the basic services required under the new law, which include acceptance of CEE, for-profit businesses with fewer than 50 full-time employees and not-for-profit organizations with fewer than 75 full-time employees may not be charged for the collection, handling, recycling, or reuse of CEE. Larger organizations may be charged for these services. (Full-time employment is not defined under the law.) Note, however, the new law generally does not affect contracts consumers had with manufactures entered into prior to January 1, 2011.

In addition, any consumer may be charged for "premium services." "Premium services" are any services above and beyond the reasonably convenient acceptance methods defined in the new law. These include equipment and data security services, refurbishment for reuse by the consumer, and other custom services as may be determined by the Department of Environmental Conservation such as at-home collection (other than mail back programs), data wiping, specialized packing and preparation for collection, etc.

Does the law require e-waste to be recycled?

Not yet. However, beginning January 1, 2012, businesses, municipalities, and subdivisions of the state, including their waste collection company or service, will no longer be able to collect electronic waste for disposal, or dispose of any electronic waste in a landfill or waste-to-energy facility. A similar rule goes into effect for individuals and households on January 1, 2015.

Will recycling be performed in a secure manner?

No. The Department of Environmental Conservation's website warns:

Consumers should erase all personal and confidential data on their electronic equipment before sending it for recycling or reuse. Reformatting your hard drive or deleting files does not destroy your data. The resources listed on the right side of this page under "Offsite links," provide guidance on data wiping, etc., however, there might be other data security service resources and options available. Please note, the Department is not responsible for the contents of any offsite webpages referenced. These links are provided as a public service only (see disclaimer on the Electronic Equipment Recycling and Reuse Act main page).

This means that consumers need to take appropriate steps to safeguard data before submitting their CEE to be recycled under this program. Under New York's new law, the manual for electronic products that contain internal memory capabilities, such as a hard drive which could retain personal or other confidential information, must describe for consumers how they can destroy such data before surrendering the products for recycling or reuse.

Activity in Other States

As reported in the BNA Privacy and Security Law report, a pending law in New Jersey (A. 2975) "would require businesses and government agencies to destroy personal data stored on a digital copy machine before disposing of it." The State's Attorney General would be able to seek penalties of up to $10,000 for the first offense and up to $20,000 for subsequent violations. Similar laws are being considered in NevadaFlorida, Connecticut and Oregon.  

Tags: , , , , , , , , , , ,

New Jersey Supreme Court Rules on Personal E-mail Privacy: Stengart v. Loving Care

Posted on March 30, 2010 by Jason C. Gavejian

Co-author: Joseph J. Lazzarotti

The New Jersey’s highest Court has concluded that an employee, Marina Stengart, could reasonably expect that e-mail communication with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them. The Court went on to say that her employer’s counsel had violated the rules of professional conduct by reading her e-mails. The Supreme Court decided Stengart v. Loving Care on March 30, 2010 upholding the June 2009 decision of the state Appellate Division. 

This case makes two important points for employers: 

1) The Court stated that even a more clearly written and unambiguous policy regarding employer monitoring of emails would not be enforceable. That is, a clear policy stating that the employer could retrieve and read an employee’s attorney-client communication, accessed through a personal, password-protected e-mail account using the company’s computer system will not overcome an employee’s expectation of privacy and the privilege would remain. 

2) The Court's opinion seems to suggest that employers cannot discipline employees for simply spending some time at work receiving personal, confidential legal advice from a private lawyer, although the Court noted that an employee who “spends long stretches of the workday” doing so may be disciplined. 

Loving Care's employee handbook’s “Electronic Communication” policy governed employees’ use of company computers. The policy stated, among other things, “internet use and communication … are considered part of the company’s business” and “such communication are not to be considered private or personal to any individual employee.” However, the policy also provided, “[o]ccasional personal use is permitted.”

The Court found the Policy does not give express notice to employees that messages exchanged on a personal, password-protected, web-based e-mail account are subject to monitoring if company equipment is used. Although the Policy states that the company may review matters on “the company’s media systems and services,” those terms are not defined. The prohibition of certain uses of “the e-mail system” appears to refer to a company e-mail account, not personal accounts. Similarly, the Policy does not warn that the contents of personal, web-based e-mails are stored on a hard drive and can be forensically retrieved and read. The Court also found the Policy creates ambiguity by declaring that e-mails “are not to be considered private or personal,” while also permitting “occasional personal use” of e-mail.

The Court determined that an employee’s reasonable expectation of privacy in a particular work setting must be addressed on a case-by-case basis, but stated that by using a personal e-mail account and not saving the password, Stengart had a subjectively reasonable expectation of privacy in the e-mails exchanged with her attorney on her personal, password-protected, web-based e-mail account, which was accessed on a company laptop. This subjective expectation of privacy was objectively reasonable in light of the ambiguous language of the Policy and the attorney-client nature of the communication.

This decision, and others highlighted previously in this blog, present numerous issues for employers.  While it may not be enforceable in New Jersey, we recommend, in light of the reasoning in this decision, that employers consider modifying their existing electronic communication policies to include:

  • Clear notice that personal, web-based emails accessed using company networks and stored on company networks or company computers can be monitored and reviewed by the company (of course, care should be taken here to avoid concerns under the Electronic Communications Privacy Act and the Stored Communications Act);
  • Definitions of the specific technologies and devices to which the policies apply;
  • Warnings that web-based, personal e-mail can be stored on the hard-drive of a computer and forensically accessed;
  • No ambiguities about personal use. 

See our sample electronic communication policy outline for more information. However, even with such a policy in place, employers and their lawyers must be aware of the potential liability they face for improperly accessing information on the employers' systems which may later be deemed “private” or subject to a privilege.

Tags: , , , , , , , , , , , , ,

Employers Don't Put Your Heads In the Sand, You May Be Required to Monitor, Investigate and Report Employees Accessing Child Pornography

Posted on December 11, 2009 by Jason C. Gavejian

The New Jersey Appellate Division (Doe v. XYC Corporation) and the Court of Appeals of Wisconsin (Maypark v. Securitas Serv. USA Inc. & Sigler v. Kobinsky) have both examined an employer’s duty to monitor employees conduct while at work, and have reached drastically different results. Additionally, at least seven states—Arkansas, Illinois, Missouri, North Carolina, Oklahoma, South Carolina, and South Dakota—have enacted laws requiring computer technicians or Internet service providers to report child pornography if they encounter it in the scope of their work. 

New Jersey. In Doe v. XYC, the company’s IT department noticed an employee was accessing pornographic web pages while at work. Despite numerous complaints and suspicious usage by the employee, management took no formal action except to instruct the employee to stop visiting inappropriate web pages. Following the employee’s marriage to the Plaintiff, the employee took nude and semi-nude pictures of Plaintiff’s 10-year-old daughter and uploaded the photos to child porn web pages using his work computer. The employee was arrested and charged, and the Plaintiff sued the company, alleging that it knew or should have known of the employee’s conduct and had a duty to report it. The state Appellate Division reversed the trial court’s decision that no duty existed. It held that XYC Corporation knew or should have known the employee was accessing child pornography at work, and further had a duty to investigate and report it. Thus, in New Jersey, where an employer has the right and ability to monitor Internet usage and the employee has no expectation of privacy, employers have a duty to investigate and report the access of child pornography if they know or should have known an employee was doing so. For a detailed analysis of Doe, click here

Wisconsin. In Maypark v. Securitas, the plaintiff sued an employer for allowing a former employee, a security guard, to post photographs of the plaintiff’s employees on an adult website.   An earlier Wisconsin case, Sigler v. Kobinsky, held that a company could not be held liable for alleged negligent supervision leading to an employee's use of a company computer to harass plaintiffs where there is no probability of harm. Specifically, a company had no duty to monitor because it was not reasonably foreseeable that providing employees with unsupervised Internet access would probably result in harm.   Relying on Sigler, the Court in Maypark overturned a $1.4 million negligence verdict against the security company, finding the guard’s action were not foreseeable.

Given the unsettled law on this issue, employers should consider several important factors when it comes to monitoring of employees. The Society for Human Resource Management published an article (*registration required) analyzing this issue. The article provides a number of suggestions, including that of our own Nadine Abrahams, a Jackson Lewis Partner in our Chicago office, who suggests the first step should be setting up a procedure for the immediate reporting of child pornography that has been discovered and the designation of a company representative who should be notified.   Additional steps include:

  • Institution of clear, effective and thorough computer usage and monitoring polices, which also address employee expectation of privacy;
  • Training of employees conducting any monitoring;
  • Prompt investigation of computer usage and allegations of unlawful conduct; and
  • Consultation with legal counsel regarding the duty to report to authorities. 

 

Tags: , , , , , , , , , , , , , , , , , ,

Social Network Monitors Beware

Posted on October 30, 2009 by Jason C. Gavejian

A New Jersey restaurant has been hit with a jury verdict in favor of two waiters who were fired after the restaurant’s managers accessed a private social networking site where the waiters were criticizing management.

As the social networking (e.g., MySpace and Facebook) “craze” continues to expand, employers must be more mindful of privacy concerns relating to content made available in these media by applicants and employees. Hiring and other job decisions often seem based on information obtained from employees’ or applicants’ social interactions on the Internet, at least to some degree. Generally, employment decisions are more supportable where there is a social networking policy that has been communicated to employees. 

In Brian Pietrylo, et al. v. Hillstone Restaurant Group d/b/a Houston’s, a federal court in New Jersey rejected the employer’s attempt to throw out the jury verdict that managers at a Houston's restaurant intentionally and without authorization accessed a private, invitation-only chat group on MySpace in violation of the federal Stored Communications Act (SCA). The SCA prohibits unauthorized access of stored communications such as e-mail and Internet accounts. The Court also upheld the jury’s award of compensatory and punitive damages against Hillstone. 

This case reminds employers to consider carefully any decision to monitor employees’ use of social networking sites.  Mistakes may be costly.

Tags: , , , , , ,